mirror of
https://github.com/chatmail/relay.git
synced 2026-05-10 16:04:37 +00:00
Compare commits
1 Commits
fix_metric
...
nsd
| Author | SHA1 | Date | |
|---|---|---|---|
|
ee739e4956 |
4
.github/CODE_OF_CONDUCT.md
vendored
4
.github/CODE_OF_CONDUCT.md
vendored
@@ -1,4 +0,0 @@
|
||||
|
||||
Please refer to
|
||||
[Delta Chat community standards and practices](https://delta.chat/en/community-standards)
|
||||
which also apply for all chatmail developments.
|
||||
33
.github/workflows/ci.yaml
vendored
33
.github/workflows/ci.yaml
vendored
@@ -6,35 +6,26 @@ on:
|
||||
|
||||
jobs:
|
||||
tox:
|
||||
name: isolated chatmaild tests
|
||||
name: chatmail tests
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: run chatmaild tests
|
||||
working-directory: chatmaild
|
||||
run: pipx run tox
|
||||
- name: run deploy-chatmail offline tests
|
||||
working-directory: deploy-chatmail
|
||||
run: pipx run tox
|
||||
- name: run deploy-chatmail offline tests
|
||||
working-directory: deploy-chatmail
|
||||
run: pipx run tox
|
||||
|
||||
scripts:
|
||||
name: deploy-chatmail tests
|
||||
name: chatmail script invocations
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: initenv
|
||||
run: scripts/initenv.sh
|
||||
|
||||
- name: append venv/bin to PATH
|
||||
run: echo venv/bin >>$GITHUB_PATH
|
||||
|
||||
- name: run formatting checks
|
||||
run: cmdeploy fmt -v
|
||||
|
||||
- name: run deploy-chatmail offline tests
|
||||
run: pytest --pyargs cmdeploy
|
||||
|
||||
- name: initialize with chatmail domain
|
||||
run: cmdeploy init chat.example.org
|
||||
|
||||
# all other cmdeploy commands require a staging server
|
||||
# see https://github.com/deltachat/chatmail/issues/100
|
||||
- name: run init.sh
|
||||
run: ./scripts/init.sh
|
||||
- name: run test.sh
|
||||
run: ./scripts/test.sh
|
||||
|
||||
3
.gitignore
vendored
3
.gitignore
vendored
@@ -3,9 +3,6 @@ __pycache__/
|
||||
*.py[cod]
|
||||
*$py.class
|
||||
*.swp
|
||||
*qr-*.png
|
||||
chatmail.ini
|
||||
|
||||
|
||||
# C extensions
|
||||
*.so
|
||||
|
||||
21
LICENSE
21
LICENSE
@@ -1,21 +0,0 @@
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2023, chatmail and delta chat teams
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
the Software without restriction, including without limitation the rights to
|
||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||
of the Software, and to permit persons to whom the Software is furnished to do
|
||||
so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
166
README.md
166
README.md
@@ -1,158 +1,62 @@
|
||||
# Chat Mail server configuration
|
||||
|
||||
<img width="800px" src="www/src/collage-top.png"/>
|
||||
|
||||
# Chatmail services optimized for Delta Chat apps
|
||||
|
||||
This repository helps to setup a ready-to-use chatmail server
|
||||
This repository setups a ready-to-go chatmail instance
|
||||
comprised of a minimal setup of the battle-tested
|
||||
[postfix smtp](https://www.postfix.org) and [dovecot imap](https://www.dovecot.org) services.
|
||||
[postfix smtp server](https://www.postfix.org) and [dovecot imap server](https://www.dovecot.org).
|
||||
|
||||
The setup is designed and optimized for providing chatmail accounts
|
||||
for use by [Delta Chat apps](https://delta.chat).
|
||||
## Getting started
|
||||
|
||||
Chatmail accounts are automatically created by a first login,
|
||||
after which the initially specified password is required for using them.
|
||||
1. prepare your local system:
|
||||
|
||||
## Deploying your own chatmail server
|
||||
scripts/init.sh
|
||||
|
||||
We subsequently use `CHATMAIL_DOMAIN` as a placeholder for your fully qualified
|
||||
DNS domain name (FQDN), for example `chat.example.org`.
|
||||
2. setup a domain with `A` and `AAAA` records for your chatmail server
|
||||
|
||||
1. Install the `cmdeploy` command in a virtualenv
|
||||
3. set environment variable to the chatmail domain you want to setup:
|
||||
|
||||
```
|
||||
git clone https://github.com/deltachat/chatmail
|
||||
cd chatmail
|
||||
scripts/initenv.sh
|
||||
```
|
||||
|
||||
2. Create chatmail configuration file `chatmail.ini`:
|
||||
export CHATMAIL_DOMAIN=c1.testrun.org # replace with your host
|
||||
|
||||
```
|
||||
scripts/cmdeploy init CHATMAIL_DOMAIN
|
||||
```
|
||||
4. run the deploy of the chat mail instance:
|
||||
|
||||
3. Setup first DNS records for your `CHATMAIL_DOMAIN`,
|
||||
according to the hints provided by `cmdeploy init`.
|
||||
Verify that SSH root login works:
|
||||
scripts/deploy.sh
|
||||
|
||||
```
|
||||
ssh root@CHATMAIL_DOMAIN
|
||||
```
|
||||
5. run `scripts/generate-dns-zone.sh` and create the generated DNS records at your DNS provider
|
||||
|
||||
4. Deploy to the remote chatmail server:
|
||||
## Running tests and benchmarks (offline and online)
|
||||
|
||||
```
|
||||
scripts/cmdeploy run
|
||||
```
|
||||
1. Set `CHATMAIL_SSH` so that `ssh root@$CHATMAIL_SSH` allows
|
||||
to login to the chatmail instance server.
|
||||
|
||||
5. To output a DNS zone file from which you can transfer DNS records
|
||||
to your DNS provider:
|
||||
2. To run local and online tests:
|
||||
|
||||
```
|
||||
scripts/cmdeploy dns
|
||||
```
|
||||
scripts/test.sh
|
||||
|
||||
### Other helpful commands:
|
||||
3. To run benchmarks against your chatmail instance:
|
||||
|
||||
To check the status of your remotely running chatmail service:
|
||||
scripts/bench.sh
|
||||
|
||||
## Running tests (offline and online)
|
||||
|
||||
```
|
||||
scripts/cmdeploy status
|
||||
```
|
||||
|
||||
To test whether your chatmail service is working correctly:
|
||||
|
||||
```
|
||||
scripts/cmdeploy test
|
||||
```
|
||||
|
||||
To measure the performance of your chatmail service:
|
||||
|
||||
```
|
||||
scripts/cmdeploy bench
|
||||
```
|
||||
|
||||
## Overview of this repository
|
||||
|
||||
This repository drives the development of "chatmail instances",
|
||||
comprised of minimal setups of
|
||||
|
||||
- [postfix smtp server](https://www.postfix.org)
|
||||
- [dovecot imap server](https://www.dovecot.org)
|
||||
|
||||
as well as custom services that are integrated with these two:
|
||||
|
||||
- `chatmaild/src/chatmaild/doveauth.py` implements
|
||||
create-on-login account creation semantics and is used
|
||||
by Dovecot during login authentication and by Postfix
|
||||
which in turn uses [Dovecot SASL](https://doc.dovecot.org/configuration_manual/authentication/dict/#complete-example-for-authenticating-via-a-unix-socket)
|
||||
to authenticate users
|
||||
to send mails for them.
|
||||
|
||||
- `chatmaild/src/chatmaild/filtermail.py` prevents
|
||||
unencrypted e-mail from leaving the chatmail instance
|
||||
and is integrated into postfix's outbound mail pipelines.
|
||||
|
||||
There is also the `cmdeploy/src/cmdeploy/cmdeploy.py` command line tool
|
||||
which helps with setting up and managing the chatmail service.
|
||||
`cmdeploy run` uses [pyinfra-based scripting](https://pyinfra.com/)
|
||||
in `cmdeploy/src/cmdeploy/__init__.py`
|
||||
to automatically install all chatmail components on a server.
|
||||
|
||||
|
||||
### Home page and getting started for users
|
||||
|
||||
`cmdeploy run` also creates default static Web pages and deploys them
|
||||
to an nginx web server under `https://CHATMAIL_DOMAIN`.
|
||||
|
||||
- a default `index.html` along with a QR code that users can click to
|
||||
create accounts on your chatmail provider,
|
||||
|
||||
- a default `info.html` that is linked from the home page,
|
||||
|
||||
- a default `policy.html` that is linked from the home page.
|
||||
|
||||
All `.html` files are generated
|
||||
by the according markdown `.md` file in the `www/src` directory.
|
||||
|
||||
|
||||
### Refining the web pages
|
||||
|
||||
|
||||
```
|
||||
scripts/cmdeploy webdev
|
||||
```
|
||||
|
||||
This starts a local live development cycle for chatmail Web pages:
|
||||
|
||||
- uses the `www/src/page-layout.html` file for producing static
|
||||
HTML pages from `www/src/*.md` files
|
||||
|
||||
- continously builds the web presence reading files from `www/src` directory
|
||||
and generating html files and copying assets to the `www/build` directory.
|
||||
|
||||
- Starts a browser window automatically where you can "refresh" as needed.
|
||||
|
||||
|
||||
## Emergency Commands to disable automatic account creation
|
||||
|
||||
If you need to stop account creation,
|
||||
e.g. because some script is wildly creating accounts,
|
||||
login to the server with ssh and run:
|
||||
|
||||
```
|
||||
touch /etc/chatmail-nocreate
|
||||
```
|
||||
|
||||
While this file is present, account creation will be blocked.
|
||||
## Dovecot/Postfix configuration
|
||||
|
||||
### Ports
|
||||
|
||||
Postfix listens on ports 25 (smtp) and 587 (submission) and 465 (submissions).
|
||||
Dovecot listens on ports 143(imap) and 993 (imaps).
|
||||
|
||||
Delta Chat apps will, however, discover all ports and configurations
|
||||
automatically by reading the `autoconfig.xml` file from the chatmail service.
|
||||
## DNS
|
||||
|
||||
For DKIM you must add a DNS entry as found in /etc/opendkim/selector.txt on your chatmail instance.
|
||||
The above `scripts/deploy.sh` prints out the DKIM selector and DNS entry you
|
||||
need to setup with your DNS provider.
|
||||
|
||||
## Emergency Commands
|
||||
|
||||
If you need to stop account creation,
|
||||
e.g. because some script is wildly creating accounts,
|
||||
just run `touch /tmp/nocreate`.
|
||||
You can remove the file
|
||||
as soon as the attacker was banned
|
||||
by different means.
|
||||
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
include src/chatmaild/*.f
|
||||
include src/chatmaild/ini/*.ini.f
|
||||
include src/chatmaild/ini/*.ini
|
||||
include src/chatmaild/tests/mail-data/*
|
||||
@@ -1,37 +1,20 @@
|
||||
[build-system]
|
||||
requires = ["setuptools>=61"]
|
||||
requires = ["setuptools>=45"]
|
||||
build-backend = "setuptools.build_meta"
|
||||
|
||||
[project]
|
||||
name = "chatmaild"
|
||||
version = "0.2"
|
||||
version = "0.1"
|
||||
dependencies = [
|
||||
"aiosmtpd",
|
||||
"iniconfig",
|
||||
"deltachat-rpc-server",
|
||||
"deltachat-rpc-client",
|
||||
"aiosmtpd"
|
||||
]
|
||||
|
||||
[tool.setuptools]
|
||||
include-package-data = true
|
||||
|
||||
[tool.setuptools.packages.find]
|
||||
where = ['src']
|
||||
|
||||
[project.scripts]
|
||||
doveauth = "chatmaild.doveauth:main"
|
||||
doveauth-dictproxy = "chatmaild.dictproxy:main"
|
||||
filtermail = "chatmaild.filtermail:main"
|
||||
echobot = "chatmaild.echo:main"
|
||||
chatmail-metrics = "chatmaild.metrics:main"
|
||||
|
||||
[project.entry-points.pytest11]
|
||||
"chatmaild.testplugin" = "chatmaild.tests.plugin"
|
||||
|
||||
[tool.pytest.ini_options]
|
||||
addopts = "-v -ra --strict-markers"
|
||||
log_format = "%(asctime)s %(levelname)s %(message)s"
|
||||
log_date_format = "%Y-%m-%d %H:%M:%S"
|
||||
log_level = "INFO"
|
||||
|
||||
[tool.tox]
|
||||
legacy_tox_ini = """
|
||||
@@ -50,7 +33,8 @@ commands =
|
||||
ruff src/
|
||||
|
||||
[testenv]
|
||||
passenv = CHATMAIL_DOMAIN
|
||||
deps = pytest
|
||||
pdbpp
|
||||
commands = pytest -v -rsXx {posargs}
|
||||
commands = pytest -v -rsXx {posargs: ../tests/chatmaild}
|
||||
"""
|
||||
|
||||
@@ -1,59 +0,0 @@
|
||||
import iniconfig
|
||||
|
||||
|
||||
def read_config(inipath):
|
||||
cfg = iniconfig.IniConfig(inipath)
|
||||
return Config(inipath, params=cfg.sections["params"])
|
||||
|
||||
|
||||
class Config:
|
||||
def __init__(self, inipath, params):
|
||||
self._inipath = inipath
|
||||
self.mail_domain = params["mail_domain"]
|
||||
self.max_user_send_per_minute = int(params["max_user_send_per_minute"])
|
||||
self.max_mailbox_size = params["max_mailbox_size"]
|
||||
self.delete_mails_after = params["delete_mails_after"]
|
||||
self.username_min_length = int(params["username_min_length"])
|
||||
self.username_max_length = int(params["username_max_length"])
|
||||
self.password_min_length = int(params["password_min_length"])
|
||||
self.passthrough_senders = params["passthrough_senders"].split()
|
||||
self.passthrough_recipients = params["passthrough_recipients"].split()
|
||||
self.filtermail_smtp_port = int(params["filtermail_smtp_port"])
|
||||
self.postfix_reinject_port = int(params["postfix_reinject_port"])
|
||||
self.privacy_postal = params.get("privacy_postal")
|
||||
self.privacy_mail = params.get("privacy_mail")
|
||||
self.privacy_pdo = params.get("privacy_pdo")
|
||||
self.privacy_supervisor = params.get("privacy_supervisor")
|
||||
|
||||
def _getbytefile(self):
|
||||
return open(self._inipath, "rb")
|
||||
|
||||
|
||||
def write_initial_config(inipath, mail_domain):
|
||||
from importlib.resources import files
|
||||
|
||||
inidir = files(__package__).joinpath("ini")
|
||||
content = (
|
||||
inidir.joinpath("chatmail.ini.f").read_text().format(mail_domain=mail_domain)
|
||||
)
|
||||
if mail_domain.endswith(".testrun.org"):
|
||||
override_inipath = inidir.joinpath("override-testrun.ini")
|
||||
privacy = iniconfig.IniConfig(override_inipath)["privacy"]
|
||||
lines = []
|
||||
for line in content.split("\n"):
|
||||
for key, value in privacy.items():
|
||||
value_lines = value.strip().split("\n")
|
||||
if not line.startswith(f"{key} =") or not value_lines:
|
||||
continue
|
||||
if len(value_lines) == 1:
|
||||
lines.append(f"{key} = {value}")
|
||||
else:
|
||||
lines.append(f"{key} =")
|
||||
for vl in value_lines:
|
||||
lines.append(f" {vl}")
|
||||
break
|
||||
else:
|
||||
lines.append(line)
|
||||
content = "\n".join(lines)
|
||||
|
||||
inipath.write_text(content)
|
||||
@@ -33,6 +33,13 @@ class Connection:
|
||||
def cursor(self):
|
||||
return self._sqlconn.cursor()
|
||||
|
||||
def create_user(self, addr: str, password: str):
|
||||
"""Create a row in the users table."""
|
||||
self.execute("PRAGMA foreign_keys=on")
|
||||
q = """INSERT INTO users (addr, password, last_login)
|
||||
VALUES (?, ?, ?)"""
|
||||
self.execute(q, (addr, password, int(time.time())))
|
||||
|
||||
def get_user(self, addr: str) -> {}:
|
||||
"""Get a row from the users table."""
|
||||
q = "SELECT addr, password, last_login from users WHERE addr = ?"
|
||||
|
||||
119
chatmaild/src/chatmaild/dictproxy.py
Normal file
119
chatmaild/src/chatmaild/dictproxy.py
Normal file
@@ -0,0 +1,119 @@
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
import json
|
||||
import crypt
|
||||
from socketserver import (
|
||||
UnixStreamServer,
|
||||
StreamRequestHandler,
|
||||
ThreadingMixIn,
|
||||
)
|
||||
import pwd
|
||||
|
||||
from .database import Database
|
||||
|
||||
NOCREATE_FILE = "/etc/chatmail-nocreate"
|
||||
|
||||
|
||||
def encrypt_password(password: str):
|
||||
# https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
|
||||
passhash = crypt.crypt(password, crypt.METHOD_SHA512)
|
||||
return "{SHA512-CRYPT}" + passhash
|
||||
|
||||
|
||||
def create_user(db, user, password):
|
||||
if os.path.exists(NOCREATE_FILE):
|
||||
logging.warning(
|
||||
f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation."
|
||||
)
|
||||
return
|
||||
with db.write_transaction() as conn:
|
||||
conn.create_user(user, password)
|
||||
return dict(home=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password)
|
||||
|
||||
|
||||
def get_user_data(db, user):
|
||||
with db.read_connection() as conn:
|
||||
result = conn.get_user(user)
|
||||
if result:
|
||||
result["uid"] = "vmail"
|
||||
result["gid"] = "vmail"
|
||||
return result
|
||||
|
||||
|
||||
def lookup_userdb(db, user):
|
||||
return get_user_data(db, user)
|
||||
|
||||
|
||||
def lookup_passdb(db, user, password):
|
||||
userdata = get_user_data(db, user)
|
||||
if not userdata:
|
||||
return create_user(db, user, encrypt_password(password))
|
||||
userdata["password"] = userdata["password"].strip()
|
||||
return userdata
|
||||
|
||||
|
||||
def handle_dovecot_request(msg, db, mail_domain):
|
||||
print(f"received msg: {msg!r}", file=sys.stderr)
|
||||
short_command = msg[0]
|
||||
if short_command == "L": # LOOKUP
|
||||
parts = msg[1:].split("\t")
|
||||
keyname, user = parts[:2]
|
||||
namespace, type, *args = keyname.split("/")
|
||||
reply_command = "F"
|
||||
res = ""
|
||||
if namespace == "shared":
|
||||
if type == "userdb":
|
||||
if user.endswith(f"@{mail_domain}"):
|
||||
res = lookup_userdb(db, user)
|
||||
if res:
|
||||
reply_command = "O"
|
||||
else:
|
||||
reply_command = "N"
|
||||
elif type == "passdb":
|
||||
if user.endswith(f"@{mail_domain}"):
|
||||
res = lookup_passdb(db, user, password=args[0])
|
||||
if res:
|
||||
reply_command = "O"
|
||||
else:
|
||||
reply_command = "N"
|
||||
print(f"res: {res!r}", file=sys.stderr)
|
||||
json_res = json.dumps(res) if res else ""
|
||||
return f"{reply_command}{json_res}\n"
|
||||
return None
|
||||
|
||||
|
||||
class ThreadedUnixStreamServer(ThreadingMixIn, UnixStreamServer):
|
||||
pass
|
||||
|
||||
|
||||
def main():
|
||||
socket = sys.argv[1]
|
||||
passwd_entry = pwd.getpwnam(sys.argv[2])
|
||||
db = Database(sys.argv[3])
|
||||
with open("/etc/mailname", "r") as fp:
|
||||
mail_domain = fp.read().strip()
|
||||
|
||||
class Handler(StreamRequestHandler):
|
||||
def handle(self):
|
||||
while True:
|
||||
msg = self.rfile.readline().strip().decode()
|
||||
if not msg:
|
||||
break
|
||||
res = handle_dovecot_request(msg, db, mail_domain)
|
||||
if res:
|
||||
print(f"sending result: {res!r}", file=sys.stderr)
|
||||
self.wfile.write(res.encode("ascii"))
|
||||
self.wfile.flush()
|
||||
|
||||
try:
|
||||
os.unlink(socket)
|
||||
except FileNotFoundError:
|
||||
pass
|
||||
|
||||
with ThreadedUnixStreamServer(socket, Handler) as server:
|
||||
os.chown(socket, uid=passwd_entry.pw_uid, gid=passwd_entry.pw_gid)
|
||||
try:
|
||||
server.serve_forever()
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
10
chatmaild/src/chatmaild/doveauth-dictproxy.service
Normal file
10
chatmaild/src/chatmaild/doveauth-dictproxy.service
Normal file
@@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=Dict authentication proxy for dovecot
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/bin/doveauth-dictproxy /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,166 +0,0 @@
|
||||
import logging
|
||||
import os
|
||||
import time
|
||||
import sys
|
||||
import json
|
||||
import crypt
|
||||
from socketserver import (
|
||||
UnixStreamServer,
|
||||
StreamRequestHandler,
|
||||
ThreadingMixIn,
|
||||
)
|
||||
import pwd
|
||||
|
||||
from .database import Database
|
||||
from .config import read_config, Config
|
||||
|
||||
NOCREATE_FILE = "/etc/chatmail-nocreate"
|
||||
|
||||
|
||||
def encrypt_password(password: str):
|
||||
# https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
|
||||
passhash = crypt.crypt(password, crypt.METHOD_SHA512)
|
||||
return "{SHA512-CRYPT}" + passhash
|
||||
|
||||
|
||||
def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
|
||||
"""Return True if user and password are admissable."""
|
||||
if os.path.exists(NOCREATE_FILE):
|
||||
logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
|
||||
return False
|
||||
|
||||
if len(cleartext_password) < config.password_min_length:
|
||||
logging.warning(
|
||||
"Password needs to be at least %s characters long",
|
||||
config.password_min_length,
|
||||
)
|
||||
return False
|
||||
|
||||
parts = user.split("@")
|
||||
if len(parts) != 2:
|
||||
logging.warning(f"user {user!r} is not a proper e-mail address")
|
||||
return False
|
||||
localpart, domain = parts
|
||||
|
||||
if (
|
||||
len(localpart) > config.username_max_length
|
||||
or len(localpart) < config.username_min_length
|
||||
):
|
||||
if localpart != "echo":
|
||||
logging.warning(
|
||||
"localpart %s has to be between %s and %s chars long",
|
||||
localpart,
|
||||
config.username_min_length,
|
||||
config.username_max_length,
|
||||
)
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
|
||||
def get_user_data(db, user):
|
||||
with db.read_connection() as conn:
|
||||
result = conn.get_user(user)
|
||||
if result:
|
||||
result["uid"] = "vmail"
|
||||
result["gid"] = "vmail"
|
||||
return result
|
||||
|
||||
|
||||
def lookup_userdb(db, user):
|
||||
return get_user_data(db, user)
|
||||
|
||||
|
||||
def lookup_passdb(db, config: Config, user, cleartext_password):
|
||||
with db.write_transaction() as conn:
|
||||
userdata = conn.get_user(user)
|
||||
if userdata:
|
||||
# Update last login time.
|
||||
conn.execute(
|
||||
"UPDATE users SET last_login=? WHERE addr=?", (int(time.time()), user)
|
||||
)
|
||||
|
||||
userdata["uid"] = "vmail"
|
||||
userdata["gid"] = "vmail"
|
||||
return userdata
|
||||
if not is_allowed_to_create(config, user, cleartext_password):
|
||||
return
|
||||
|
||||
encrypted_password = encrypt_password(cleartext_password)
|
||||
q = """INSERT INTO users (addr, password, last_login)
|
||||
VALUES (?, ?, ?)"""
|
||||
conn.execute(q, (user, encrypted_password, int(time.time())))
|
||||
return dict(
|
||||
home=f"/home/vmail/{user}",
|
||||
uid="vmail",
|
||||
gid="vmail",
|
||||
password=encrypted_password,
|
||||
)
|
||||
|
||||
|
||||
def handle_dovecot_request(msg, db, config: Config):
|
||||
short_command = msg[0]
|
||||
if short_command == "L": # LOOKUP
|
||||
parts = msg[1:].split("\t")
|
||||
keyname, user = parts[:2]
|
||||
namespace, type, *args = keyname.split("/")
|
||||
reply_command = "F"
|
||||
res = ""
|
||||
if namespace == "shared":
|
||||
if type == "userdb":
|
||||
if user.endswith(f"@{config.mail_domain}"):
|
||||
res = lookup_userdb(db, user)
|
||||
if res:
|
||||
reply_command = "O"
|
||||
else:
|
||||
reply_command = "N"
|
||||
elif type == "passdb":
|
||||
if user.endswith(f"@{config.mail_domain}"):
|
||||
res = lookup_passdb(db, config, user, cleartext_password=args[0])
|
||||
if res:
|
||||
reply_command = "O"
|
||||
else:
|
||||
reply_command = "N"
|
||||
json_res = json.dumps(res) if res else ""
|
||||
return f"{reply_command}{json_res}\n"
|
||||
return None
|
||||
|
||||
|
||||
class ThreadedUnixStreamServer(ThreadingMixIn, UnixStreamServer):
|
||||
request_queue_size = 100
|
||||
|
||||
|
||||
def main():
|
||||
socket = sys.argv[1]
|
||||
passwd_entry = pwd.getpwnam(sys.argv[2])
|
||||
db = Database(sys.argv[3])
|
||||
config = read_config(sys.argv[4])
|
||||
|
||||
class Handler(StreamRequestHandler):
|
||||
def handle(self):
|
||||
try:
|
||||
while True:
|
||||
msg = self.rfile.readline().strip().decode()
|
||||
if not msg:
|
||||
break
|
||||
res = handle_dovecot_request(msg, db, config)
|
||||
if res:
|
||||
self.wfile.write(res.encode("ascii"))
|
||||
self.wfile.flush()
|
||||
else:
|
||||
logging.warn("request had no answer: %r", msg)
|
||||
except Exception:
|
||||
logging.exception("Exception in the handler")
|
||||
raise
|
||||
|
||||
try:
|
||||
os.unlink(socket)
|
||||
except FileNotFoundError:
|
||||
pass
|
||||
|
||||
with ThreadedUnixStreamServer(socket, Handler) as server:
|
||||
os.chown(socket, uid=passwd_entry.pw_uid, gid=passwd_entry.pw_gid)
|
||||
try:
|
||||
server.serve_forever()
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
@@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=Chatmail dict authentication proxy for dovecot
|
||||
|
||||
[Service]
|
||||
ExecStart={execpath} /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite {config_path}
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,88 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Advanced echo bot example.
|
||||
|
||||
it will echo back any message that has non-empty text and also supports the /help command.
|
||||
"""
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
from threading import Thread
|
||||
|
||||
from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events
|
||||
|
||||
from chatmaild.newemail import create_newemail_dict
|
||||
from chatmaild.config import read_config
|
||||
|
||||
hooks = events.HookCollection()
|
||||
|
||||
|
||||
@hooks.on(events.RawEvent)
|
||||
def log_event(event):
|
||||
if event.kind == EventType.INFO:
|
||||
logging.info(event.msg)
|
||||
elif event.kind == EventType.WARNING:
|
||||
logging.warning(event.msg)
|
||||
|
||||
|
||||
@hooks.on(events.RawEvent(EventType.ERROR))
|
||||
def log_error(event):
|
||||
logging.error(event.msg)
|
||||
|
||||
|
||||
@hooks.on(events.MemberListChanged)
|
||||
def on_memberlist_changed(event):
|
||||
logging.info(
|
||||
"member %s was %s", event.member, "added" if event.member_added else "removed"
|
||||
)
|
||||
|
||||
|
||||
@hooks.on(events.GroupImageChanged)
|
||||
def on_group_image_changed(event):
|
||||
logging.info("group image %s", "deleted" if event.image_deleted else "changed")
|
||||
|
||||
|
||||
@hooks.on(events.GroupNameChanged)
|
||||
def on_group_name_changed(event):
|
||||
logging.info("group name changed, old name: %s", event.old_name)
|
||||
|
||||
|
||||
@hooks.on(events.NewMessage(func=lambda e: not e.command))
|
||||
def echo(event):
|
||||
snapshot = event.message_snapshot
|
||||
if snapshot.text or snapshot.file:
|
||||
snapshot.chat.send_message(text=snapshot.text, file=snapshot.file)
|
||||
|
||||
|
||||
@hooks.on(events.NewMessage(command="/help"))
|
||||
def help_command(event):
|
||||
snapshot = event.message_snapshot
|
||||
snapshot.chat.send_text("Send me any message and I will echo it back")
|
||||
|
||||
|
||||
def main():
|
||||
path = os.environ.get("PATH")
|
||||
venv_path = sys.argv[0].strip("echobot")
|
||||
os.environ["PATH"] = path + ":" + venv_path
|
||||
with Rpc() as rpc:
|
||||
deltachat = DeltaChat(rpc)
|
||||
system_info = deltachat.get_system_info()
|
||||
logging.info("Running deltachat core %s", system_info.deltachat_core_version)
|
||||
|
||||
accounts = deltachat.get_all_accounts()
|
||||
account = accounts[0] if accounts else deltachat.add_account()
|
||||
|
||||
bot = Bot(account, hooks)
|
||||
if not bot.is_configured():
|
||||
config = read_config(sys.argv[1])
|
||||
password = create_newemail_dict(config).get("password")
|
||||
email = "echo@" + config.mail_domain
|
||||
configure_thread = Thread(
|
||||
target=bot.configure, kwargs={"email": email, "password": password}
|
||||
)
|
||||
configure_thread.start()
|
||||
bot.run_forever()
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
logging.basicConfig(level=logging.INFO)
|
||||
main()
|
||||
@@ -1,11 +0,0 @@
|
||||
[Unit]
|
||||
Description=Chatmail echo bot for testing it works
|
||||
|
||||
[Service]
|
||||
ExecStart={execpath} {config_path}
|
||||
Environment="PATH={remote_venv_dir}:$PATH"
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -7,11 +7,10 @@ from email.parser import BytesParser
|
||||
from email import policy
|
||||
from email.utils import parseaddr
|
||||
|
||||
from aiosmtpd.smtp import SMTP
|
||||
from aiosmtpd.controller import Controller
|
||||
from smtplib import SMTP as SMTPClient
|
||||
|
||||
from .config import read_config
|
||||
|
||||
|
||||
def check_encrypted(message):
|
||||
"""Check that the message is an OpenPGP-encrypted message."""
|
||||
@@ -63,21 +62,19 @@ def check_mdn(message, envelope):
|
||||
return True
|
||||
|
||||
|
||||
async def asyncmain_beforequeue(config):
|
||||
port = config.filtermail_smtp_port
|
||||
Controller(BeforeQueueHandler(config), hostname="127.0.0.1", port=port).start()
|
||||
class SMTPController(Controller):
|
||||
def factory(self):
|
||||
return SMTP(self.handler, **self.SMTP_kwargs)
|
||||
|
||||
|
||||
class BeforeQueueHandler:
|
||||
def __init__(self, config):
|
||||
self.config = config
|
||||
def __init__(self):
|
||||
self.send_rate_limiter = SendRateLimiter()
|
||||
|
||||
async def handle_MAIL(self, server, session, envelope, address, mail_options):
|
||||
logging.info(f"handle_MAIL from {address}")
|
||||
envelope.mail_from = address
|
||||
max_sent = self.config.max_user_send_per_minute
|
||||
if not self.send_rate_limiter.is_sending_allowed(address, max_sent):
|
||||
if not self.send_rate_limiter.is_sending_allowed(address):
|
||||
return f"450 4.7.1: Too much mail from {address}"
|
||||
|
||||
parts = envelope.mail_from.split("@")
|
||||
@@ -88,64 +85,62 @@ class BeforeQueueHandler:
|
||||
|
||||
async def handle_DATA(self, server, session, envelope):
|
||||
logging.info("handle_DATA before-queue")
|
||||
error = self.check_DATA(envelope)
|
||||
error = check_DATA(envelope)
|
||||
if error:
|
||||
return error
|
||||
logging.info("re-injecting the mail that passed checks")
|
||||
client = SMTPClient("localhost", self.config.postfix_reinject_port)
|
||||
client = SMTPClient("localhost", "10025")
|
||||
client.sendmail(envelope.mail_from, envelope.rcpt_tos, envelope.content)
|
||||
return "250 OK"
|
||||
|
||||
def check_DATA(self, envelope):
|
||||
"""the central filtering function for e-mails."""
|
||||
logging.info(f"Processing DATA message from {envelope.mail_from}")
|
||||
|
||||
message = BytesParser(policy=policy.default).parsebytes(envelope.content)
|
||||
mail_encrypted = check_encrypted(message)
|
||||
async def asyncmain_beforequeue(port):
|
||||
Controller(BeforeQueueHandler(), hostname="127.0.0.1", port=port).start()
|
||||
|
||||
_, from_addr = parseaddr(message.get("from").strip())
|
||||
logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from!r}")
|
||||
if envelope.mail_from.lower() != from_addr.lower():
|
||||
return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"
|
||||
|
||||
if not mail_encrypted and check_mdn(message, envelope):
|
||||
return
|
||||
def check_DATA(envelope):
|
||||
"""the central filtering function for e-mails."""
|
||||
logging.info(f"Processing DATA message from {envelope.mail_from}")
|
||||
|
||||
if envelope.mail_from in self.config.passthrough_senders:
|
||||
return
|
||||
message = BytesParser(policy=policy.default).parsebytes(envelope.content)
|
||||
mail_encrypted = check_encrypted(message)
|
||||
|
||||
passthrough_recipients = self.config.passthrough_recipients
|
||||
envelope_from_domain = from_addr.split("@").pop()
|
||||
for recipient in envelope.rcpt_tos:
|
||||
if envelope.mail_from == recipient:
|
||||
# Always allow sending emails to self.
|
||||
continue
|
||||
if recipient in passthrough_recipients:
|
||||
continue
|
||||
res = recipient.split("@")
|
||||
if len(res) != 2:
|
||||
return f"500 Invalid address <{recipient}>"
|
||||
_recipient_addr, recipient_domain = res
|
||||
_, from_addr = parseaddr(message.get("from").strip())
|
||||
logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from!r}")
|
||||
if envelope.mail_from.lower() != from_addr.lower():
|
||||
return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"
|
||||
|
||||
is_outgoing = recipient_domain != envelope_from_domain
|
||||
if is_outgoing and not mail_encrypted:
|
||||
is_securejoin = message.get("secure-join") in [
|
||||
"vc-request",
|
||||
"vg-request",
|
||||
]
|
||||
if not is_securejoin:
|
||||
return f"500 Invalid unencrypted mail to <{recipient}>"
|
||||
if not mail_encrypted and check_mdn(message, envelope):
|
||||
return
|
||||
|
||||
envelope_from_domain = from_addr.split("@").pop()
|
||||
for recipient in envelope.rcpt_tos:
|
||||
if envelope.mail_from == recipient:
|
||||
# Always allow sending emails to self.
|
||||
continue
|
||||
res = recipient.split("@")
|
||||
if len(res) != 2:
|
||||
return f"500 Invalid address <{recipient}>"
|
||||
_recipient_addr, recipient_domain = res
|
||||
|
||||
is_outgoing = recipient_domain != envelope_from_domain
|
||||
if is_outgoing and not mail_encrypted:
|
||||
is_securejoin = message.get("secure-join") in ["vc-request", "vg-request"]
|
||||
if not is_securejoin:
|
||||
return f"500 Invalid unencrypted mail to <{recipient}>"
|
||||
|
||||
|
||||
class SendRateLimiter:
|
||||
MAX_USER_SEND_PER_MINUTE = 80
|
||||
|
||||
def __init__(self):
|
||||
self.addr2timestamps = {}
|
||||
|
||||
def is_sending_allowed(self, mail_from, max_send_per_minute):
|
||||
def is_sending_allowed(self, mail_from):
|
||||
last = self.addr2timestamps.setdefault(mail_from, [])
|
||||
now = time.time()
|
||||
last[:] = [ts for ts in last if ts >= (now - 60)]
|
||||
if len(last) <= max_send_per_minute:
|
||||
if len(last) <= self.MAX_USER_SEND_PER_MINUTE:
|
||||
last.append(now)
|
||||
return True
|
||||
return False
|
||||
@@ -154,10 +149,9 @@ class SendRateLimiter:
|
||||
def main():
|
||||
args = sys.argv[1:]
|
||||
assert len(args) == 1
|
||||
config = read_config(args[0])
|
||||
logging.basicConfig(level=logging.WARN)
|
||||
logging.basicConfig(level=logging.INFO)
|
||||
loop = asyncio.new_event_loop()
|
||||
asyncio.set_event_loop(loop)
|
||||
task = asyncmain_beforequeue(config)
|
||||
task = asyncmain_beforequeue(port=int(args[0]))
|
||||
loop.create_task(task)
|
||||
loop.run_forever()
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
Description=Chatmail Postfix BeforeQeue filter
|
||||
|
||||
[Service]
|
||||
ExecStart={execpath} {config_path}
|
||||
ExecStart=/usr/local/bin/filtermail 10080
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
[params]
|
||||
|
||||
# mail domain (MUST be set to fully qualified chat mail domain)
|
||||
mail_domain = {mail_domain}
|
||||
|
||||
#
|
||||
# If you only do private test deploys, you don't need to modify any settings below
|
||||
#
|
||||
|
||||
#
|
||||
# Account Restrictions
|
||||
#
|
||||
|
||||
# how many mails a user can send out per minute
|
||||
max_user_send_per_minute = 60
|
||||
|
||||
# maximum mailbox size of a chatmail account
|
||||
max_mailbox_size = 100M
|
||||
|
||||
# days after which mails are unconditionally deleted
|
||||
delete_mails_after = 40
|
||||
|
||||
# minimum length a username must have
|
||||
username_min_length = 9
|
||||
|
||||
# maximum length a username can have
|
||||
username_max_length = 9
|
||||
|
||||
# minimum length a password must have
|
||||
password_min_length = 9
|
||||
|
||||
# list of chatmail accounts which can send outbound un-encrypted mail
|
||||
passthrough_senders =
|
||||
|
||||
# list of e-mail recipients for which to accept outbound un-encrypted mails
|
||||
passthrough_recipients =
|
||||
|
||||
#
|
||||
# Deployment Details
|
||||
#
|
||||
|
||||
# where the filtermail SMTP service listens
|
||||
filtermail_smtp_port = 10080
|
||||
|
||||
# postfix accepts on the localhost reinject SMTP port
|
||||
postfix_reinject_port = 10025
|
||||
|
||||
#
|
||||
# Privacy Policy
|
||||
#
|
||||
|
||||
# postal address of privacy contact
|
||||
privacy_postal =
|
||||
|
||||
# email address of privacy contact
|
||||
privacy_mail =
|
||||
|
||||
# postal address of the privacy data officer
|
||||
privacy_pdo =
|
||||
|
||||
# postal address of the privacy supervisor
|
||||
privacy_supervisor =
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
|
||||
[privacy]
|
||||
|
||||
passthrough_recipients = privacy@testrun.org
|
||||
|
||||
privacy_postal =
|
||||
Merlinux GmbH, Represented by the managing director H. Krekel,
|
||||
Reichgrafen Str. 20, 79102 Freiburg, Germany
|
||||
|
||||
privacy_mail = privacy@testrun.org
|
||||
privacy_pdo =
|
||||
Prof. Dr. Fabian Schmieder, lexICT UG (limited), Ostfeldstr. 49, 30559 Hannover.
|
||||
You can contact him at *delta-privacy@merlinux.eu* (Keyword: DPO)
|
||||
privacy_supervisor =
|
||||
State Commissioner for Data Protection and Freedom of Information of
|
||||
Baden-Württemberg in 70173 Stuttgart, Germany.
|
||||
@@ -1,25 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
from pathlib import Path
|
||||
import time
|
||||
import sys
|
||||
|
||||
|
||||
def main(vmail_dir=None):
|
||||
if vmail_dir is None:
|
||||
vmail_dir = sys.argv[1]
|
||||
|
||||
accounts = 0
|
||||
ci_accounts = 0
|
||||
|
||||
for path in Path(vmail_dir).iterdir():
|
||||
accounts += 1
|
||||
if path.name[:3] in ("ci-", "ac_"):
|
||||
ci_accounts += 1
|
||||
|
||||
timestamp = int(time.time() * 1000)
|
||||
print(f"accounts {accounts} {timestamp}")
|
||||
print(f"ci_accounts {ci_accounts} {timestamp}")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@@ -1,36 +0,0 @@
|
||||
#!/usr/local/lib/chatmaild/venv/bin/python3
|
||||
|
||||
""" CGI script for creating new accounts. """
|
||||
|
||||
import json
|
||||
import random
|
||||
import secrets
|
||||
import string
|
||||
|
||||
from chatmaild.config import read_config, Config
|
||||
|
||||
CONFIG_PATH = "/usr/local/lib/chatmaild/chatmail.ini"
|
||||
ALPHANUMERIC = string.ascii_lowercase + string.digits
|
||||
ALPHANUMERIC_PUNCT = string.ascii_letters + string.digits + string.punctuation
|
||||
|
||||
|
||||
def create_newemail_dict(config: Config):
|
||||
user = "".join(random.choices(ALPHANUMERIC, k=config.username_min_length))
|
||||
password = "".join(
|
||||
secrets.choice(ALPHANUMERIC_PUNCT)
|
||||
for _ in range(config.password_min_length + 3)
|
||||
)
|
||||
return dict(email=f"{user}@{config.mail_domain}", password=f"{password}")
|
||||
|
||||
|
||||
def print_new_account():
|
||||
config = read_config(CONFIG_PATH)
|
||||
creds = create_newemail_dict(config)
|
||||
|
||||
print("Content-Type: application/json")
|
||||
print("")
|
||||
print(json.dumps(creds))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
print_new_account()
|
||||
@@ -1,68 +0,0 @@
|
||||
import random
|
||||
import importlib.resources
|
||||
import itertools
|
||||
from email.parser import BytesParser
|
||||
from email import policy
|
||||
import pytest
|
||||
|
||||
from chatmaild.database import Database
|
||||
from chatmaild.config import read_config, write_initial_config
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def make_config(tmp_path):
|
||||
inipath = tmp_path.joinpath("chatmail.ini")
|
||||
|
||||
def make_conf(mail_domain):
|
||||
write_initial_config(inipath, mail_domain=mail_domain)
|
||||
return read_config(inipath)
|
||||
|
||||
return make_conf
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def example_config(make_config):
|
||||
return make_config("chat.example.org")
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def maildomain(example_config):
|
||||
return example_config.mail_domain
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def gencreds(maildomain):
|
||||
count = itertools.count()
|
||||
next(count)
|
||||
|
||||
def gen(domain=None):
|
||||
domain = domain if domain else maildomain
|
||||
while 1:
|
||||
num = next(count)
|
||||
alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
|
||||
user = "".join(random.choices(alphanumeric, k=10))
|
||||
user = f"ac{num}_{user}"[:9]
|
||||
password = "".join(random.choices(alphanumeric, k=12))
|
||||
yield f"{user}@{domain}", f"{password}"
|
||||
|
||||
return lambda domain=None: next(gen(domain))
|
||||
|
||||
|
||||
@pytest.fixture()
|
||||
def db(tmpdir):
|
||||
db_path = tmpdir / "passdb.sqlite"
|
||||
print("database path:", db_path)
|
||||
return Database(db_path)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def maildata(request):
|
||||
datadir = importlib.resources.files(__package__).joinpath("mail-data")
|
||||
assert datadir.exists(), datadir
|
||||
|
||||
def maildata(name, from_addr, to_addr):
|
||||
data = datadir.joinpath(name).read_text()
|
||||
text = data.format(from_addr=from_addr, to_addr=to_addr)
|
||||
return BytesParser(policy=policy.default).parsebytes(text.encode())
|
||||
|
||||
return maildata
|
||||
@@ -1,32 +0,0 @@
|
||||
from chatmaild.config import read_config
|
||||
|
||||
|
||||
def test_read_config_basic(example_config):
|
||||
assert example_config.mail_domain == "chat.example.org"
|
||||
assert not example_config.privacy_supervisor and not example_config.privacy_mail
|
||||
assert not example_config.privacy_pdo and not example_config.privacy_postal
|
||||
|
||||
inipath = example_config._inipath
|
||||
inipath.write_text(inipath.read_text().replace("60", "37"))
|
||||
example_config = read_config(inipath)
|
||||
assert example_config.max_user_send_per_minute == 37
|
||||
assert example_config.mail_domain == "chat.example.org"
|
||||
|
||||
|
||||
def test_read_config_testrun(make_config):
|
||||
config = make_config("something.testrun.org")
|
||||
assert config.mail_domain == "something.testrun.org"
|
||||
assert len(config.privacy_postal.split("\n")) > 1
|
||||
assert len(config.privacy_supervisor.split("\n")) > 1
|
||||
assert len(config.privacy_pdo.split("\n")) > 1
|
||||
assert config.privacy_mail == "privacy@testrun.org"
|
||||
assert config.filtermail_smtp_port == 10080
|
||||
assert config.postfix_reinject_port == 10025
|
||||
assert config.max_user_send_per_minute == 60
|
||||
assert config.max_mailbox_size == "100M"
|
||||
assert config.delete_mails_after == "40"
|
||||
assert config.username_min_length == 9
|
||||
assert config.username_max_length == 9
|
||||
assert config.password_min_length == 9
|
||||
assert config.passthrough_recipients == ["privacy@testrun.org"]
|
||||
assert config.passthrough_senders == []
|
||||
@@ -1,95 +0,0 @@
|
||||
import json
|
||||
import pytest
|
||||
import threading
|
||||
import queue
|
||||
import traceback
|
||||
|
||||
import chatmaild.doveauth
|
||||
from chatmaild.doveauth import get_user_data, lookup_passdb, handle_dovecot_request
|
||||
from chatmaild.database import DBError
|
||||
|
||||
|
||||
def test_basic(db, example_config):
|
||||
lookup_passdb(db, example_config, "asdf12345@chat.example.org", "q9mr3faue")
|
||||
data = get_user_data(db, "asdf12345@chat.example.org")
|
||||
assert data
|
||||
data2 = lookup_passdb(
|
||||
db, example_config, "asdf12345@chat.example.org", "q9mr3jewvadsfaue"
|
||||
)
|
||||
assert data == data2
|
||||
|
||||
|
||||
def test_dont_overwrite_password_on_wrong_login(db, example_config):
|
||||
"""Test that logging in with a different password doesn't create a new user"""
|
||||
res = lookup_passdb(
|
||||
db, example_config, "newuser12@chat.example.org", "kajdlkajsldk12l3kj1983"
|
||||
)
|
||||
assert res["password"]
|
||||
res2 = lookup_passdb(db, example_config, "newuser12@chat.example.org", "kajdslqwe")
|
||||
# this function always returns a password hash, which is actually compared by dovecot.
|
||||
assert res["password"] == res2["password"]
|
||||
|
||||
|
||||
def test_nocreate_file(db, monkeypatch, tmpdir, example_config):
|
||||
p = tmpdir.join("nocreate")
|
||||
p.write("")
|
||||
monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
|
||||
lookup_passdb(
|
||||
db, example_config, "newuser12@chat.example.org", "zequ0Aimuchoodaechik"
|
||||
)
|
||||
assert not get_user_data(db, "newuser12@chat.example.org")
|
||||
|
||||
|
||||
def test_db_version(db):
|
||||
assert db.get_schema_version() == 1
|
||||
|
||||
|
||||
def test_too_high_db_version(db):
|
||||
with db.write_transaction() as conn:
|
||||
conn.execute("PRAGMA user_version=%s;" % (999,))
|
||||
with pytest.raises(DBError):
|
||||
db.ensure_tables()
|
||||
|
||||
|
||||
def test_handle_dovecot_request(db, example_config):
|
||||
msg = (
|
||||
"Lshared/passdb/laksjdlaksjdlaksjdlk12j3l1k2j3123/"
|
||||
"some42123@chat.example.org\tsome42123@chat.example.org"
|
||||
)
|
||||
res = handle_dovecot_request(msg, db, example_config)
|
||||
assert res
|
||||
assert res[0] == "O" and res.endswith("\n")
|
||||
userdata = json.loads(res[1:].strip())
|
||||
assert userdata["home"] == "/home/vmail/some42123@chat.example.org"
|
||||
assert userdata["uid"] == userdata["gid"] == "vmail"
|
||||
assert userdata["password"].startswith("{SHA512-CRYPT}")
|
||||
|
||||
|
||||
def test_50_concurrent_lookups_different_accounts(db, gencreds, example_config):
|
||||
num_threads = 50
|
||||
req_per_thread = 5
|
||||
results = queue.Queue()
|
||||
|
||||
def lookup(db):
|
||||
for i in range(req_per_thread):
|
||||
addr, password = gencreds()
|
||||
try:
|
||||
lookup_passdb(db, example_config, addr, password)
|
||||
except Exception:
|
||||
results.put(traceback.format_exc())
|
||||
else:
|
||||
results.put(None)
|
||||
|
||||
threads = []
|
||||
for i in range(num_threads):
|
||||
thread = threading.Thread(target=lookup, args=(db,), daemon=True)
|
||||
threads.append(thread)
|
||||
|
||||
print(f"created {num_threads} threads, starting them and waiting for results")
|
||||
for thread in threads:
|
||||
thread.start()
|
||||
|
||||
for i in range(num_threads * req_per_thread):
|
||||
res = results.get()
|
||||
if res is not None:
|
||||
pytest.fail(f"concurrent lookup failed\n{res}")
|
||||
@@ -1,145 +0,0 @@
|
||||
from chatmaild.filtermail import (
|
||||
check_encrypted,
|
||||
BeforeQueueHandler,
|
||||
SendRateLimiter,
|
||||
check_mdn,
|
||||
)
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def maildomain():
|
||||
# let's not depend on a real chatmail instance for the offline tests below
|
||||
return "chatmail.example.org"
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def handler(make_config, maildomain):
|
||||
config = make_config(maildomain)
|
||||
return BeforeQueueHandler(config)
|
||||
|
||||
|
||||
def test_reject_forged_from(maildata, gencreds, handler):
|
||||
class env:
|
||||
mail_from = gencreds()[0]
|
||||
rcpt_tos = [gencreds()[0]]
|
||||
|
||||
# test that the filter lets good mail through
|
||||
to_addr = gencreds()[0]
|
||||
env.content = maildata(
|
||||
"plain.eml", from_addr=env.mail_from, to_addr=to_addr
|
||||
).as_bytes()
|
||||
|
||||
assert not handler.check_DATA(envelope=env)
|
||||
|
||||
# test that the filter rejects forged mail
|
||||
env.content = maildata(
|
||||
"plain.eml", from_addr="forged@c3.testrun.org", to_addr=to_addr
|
||||
).as_bytes()
|
||||
error = handler.check_DATA(envelope=env)
|
||||
assert "500" in error
|
||||
|
||||
|
||||
def test_filtermail_no_encryption_detection(maildata):
|
||||
msg = maildata(
|
||||
"plain.eml", from_addr="some@example.org", to_addr="other@example.org"
|
||||
)
|
||||
assert not check_encrypted(msg)
|
||||
|
||||
# https://xkcd.com/1181/
|
||||
msg = maildata(
|
||||
"fake-encrypted.eml", from_addr="some@example.org", to_addr="other@example.org"
|
||||
)
|
||||
assert not check_encrypted(msg)
|
||||
|
||||
|
||||
def test_filtermail_encryption_detection(maildata):
|
||||
msg = maildata("encrypted.eml", from_addr="1@example.org", to_addr="2@example.org")
|
||||
assert check_encrypted(msg)
|
||||
|
||||
# if the subject is not "..." it is not considered ac-encrypted
|
||||
msg.replace_header("Subject", "Click this link")
|
||||
assert not check_encrypted(msg)
|
||||
|
||||
|
||||
def test_filtermail_is_mdn(maildata, gencreds, handler):
|
||||
from_addr = gencreds()[0]
|
||||
to_addr = gencreds()[0] + ".other"
|
||||
msg = maildata("mdn.eml", from_addr, to_addr)
|
||||
|
||||
class env:
|
||||
mail_from = from_addr
|
||||
rcpt_tos = [to_addr]
|
||||
content = msg.as_bytes()
|
||||
|
||||
assert check_mdn(msg, env)
|
||||
print(msg.as_string())
|
||||
|
||||
assert not handler.check_DATA(env)
|
||||
|
||||
|
||||
def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
|
||||
from_addr = gencreds()[0]
|
||||
to_addr = gencreds()[0] + ".other"
|
||||
thirdaddr = gencreds()[0]
|
||||
msg = maildata("mdn.eml", from_addr, to_addr)
|
||||
|
||||
class env:
|
||||
mail_from = from_addr
|
||||
rcpt_tos = [to_addr, thirdaddr]
|
||||
content = msg.as_bytes()
|
||||
|
||||
assert not check_mdn(msg, env)
|
||||
|
||||
|
||||
def test_send_rate_limiter():
|
||||
limiter = SendRateLimiter()
|
||||
for i in range(100):
|
||||
if limiter.is_sending_allowed("some@example.org", 10):
|
||||
if i <= 10:
|
||||
continue
|
||||
pytest.fail("limiter didn't work")
|
||||
else:
|
||||
assert i == 11
|
||||
break
|
||||
|
||||
|
||||
def test_excempt_privacy(maildata, gencreds, handler):
|
||||
from_addr = gencreds()[0]
|
||||
to_addr = "privacy@testrun.org"
|
||||
handler.config.passthrough_recipients = [to_addr]
|
||||
false_to = "privacy@something.org"
|
||||
|
||||
msg = maildata("plain.eml", from_addr, to_addr)
|
||||
|
||||
class env:
|
||||
mail_from = from_addr
|
||||
rcpt_tos = [to_addr]
|
||||
content = msg.as_bytes()
|
||||
|
||||
# assert that None/no error is returned
|
||||
assert not handler.check_DATA(envelope=env)
|
||||
|
||||
class env2:
|
||||
mail_from = from_addr
|
||||
rcpt_tos = [to_addr, false_to]
|
||||
content = msg.as_bytes()
|
||||
|
||||
assert "500" in handler.check_DATA(envelope=env2)
|
||||
|
||||
|
||||
def test_passthrough_senders(gencreds, handler, maildata):
|
||||
acc1 = gencreds()[0]
|
||||
to_addr = "recipient@something.org"
|
||||
handler.config.passthrough_senders = [acc1]
|
||||
|
||||
msg = maildata("plain.eml", acc1, to_addr)
|
||||
|
||||
class env:
|
||||
mail_from = acc1
|
||||
rcpt_tos = to_addr
|
||||
content = msg.as_bytes()
|
||||
|
||||
# assert that None/no error is returned
|
||||
assert not handler.check_DATA(envelope=env)
|
||||
@@ -1,16 +0,0 @@
|
||||
from chatmaild.metrics import main
|
||||
|
||||
|
||||
def test_main(tmp_path, capsys):
|
||||
for x in ("ci-asllkj", "ac_12l3kj", "qweqwe", "ci-l1k2j31l2k3"):
|
||||
tmp_path.joinpath(x).mkdir()
|
||||
main(tmp_path)
|
||||
out, _ = capsys.readouterr()
|
||||
d = {}
|
||||
for line in out.split("\n"):
|
||||
if line.strip():
|
||||
name, num, _ = line.split()
|
||||
d[name] = int(num)
|
||||
|
||||
assert d["accounts"] == 4
|
||||
assert d["ci_accounts"] == 3
|
||||
@@ -1,27 +0,0 @@
|
||||
import json
|
||||
|
||||
import chatmaild
|
||||
from chatmaild.newemail import create_newemail_dict, print_new_account
|
||||
|
||||
|
||||
def test_create_newemail_dict(example_config):
|
||||
ac1 = create_newemail_dict(example_config)
|
||||
assert "@" in ac1["email"]
|
||||
assert len(ac1["password"]) >= 10
|
||||
|
||||
ac2 = create_newemail_dict(example_config)
|
||||
|
||||
assert ac1["email"] != ac2["email"]
|
||||
assert ac1["password"] != ac2["password"]
|
||||
|
||||
|
||||
def test_print_new_account(capsys, monkeypatch, maildomain, tmpdir, example_config):
|
||||
monkeypatch.setattr(chatmaild.newemail, "CONFIG_PATH", str(example_config._inipath))
|
||||
print_new_account()
|
||||
out, err = capsys.readouterr()
|
||||
lines = out.split("\n")
|
||||
assert lines[0] == "Content-Type: application/json"
|
||||
assert not lines[1]
|
||||
dic = json.loads(lines[2])
|
||||
assert dic["email"].endswith(f"@{example_config.mail_domain}")
|
||||
assert len(dic["password"]) >= 10
|
||||
@@ -1,32 +0,0 @@
|
||||
[build-system]
|
||||
requires = ["setuptools>=68"]
|
||||
build-backend = "setuptools.build_meta"
|
||||
|
||||
[project]
|
||||
name = "cmdeploy"
|
||||
version = "0.2"
|
||||
dependencies = [
|
||||
"pyinfra",
|
||||
"pillow",
|
||||
"qrcode",
|
||||
"markdown",
|
||||
"pytest",
|
||||
"setuptools>=68",
|
||||
"termcolor",
|
||||
"build",
|
||||
"tox",
|
||||
"ruff",
|
||||
"black",
|
||||
"pytest",
|
||||
"pytest-xdist",
|
||||
]
|
||||
|
||||
[project.scripts]
|
||||
cmdeploy = "cmdeploy.cmdeploy:main"
|
||||
|
||||
[project.entry-points.pytest11]
|
||||
"chatmaild.testplugin" = "chatmaild.tests.plugin"
|
||||
"cmdeploy.testplugin" = "cmdeploy.tests.plugin"
|
||||
|
||||
[tool.pytest.ini_options]
|
||||
addopts = "-v -ra --strict-markers"
|
||||
@@ -1,519 +0,0 @@
|
||||
"""
|
||||
Chat Mail pyinfra deploy.
|
||||
"""
|
||||
import sys
|
||||
import importlib.resources
|
||||
import subprocess
|
||||
import shutil
|
||||
import io
|
||||
from pathlib import Path
|
||||
|
||||
from pyinfra import host
|
||||
from pyinfra.operations import apt, files, server, systemd, pip
|
||||
from pyinfra.facts.files import File
|
||||
from pyinfra.facts.systemd import SystemdEnabled
|
||||
from .acmetool import deploy_acmetool
|
||||
|
||||
from chatmaild.config import read_config, Config
|
||||
|
||||
|
||||
def _build_chatmaild(dist_dir) -> None:
|
||||
dist_dir = Path(dist_dir).resolve()
|
||||
if dist_dir.exists():
|
||||
shutil.rmtree(dist_dir)
|
||||
dist_dir.mkdir()
|
||||
subprocess.check_output(
|
||||
[sys.executable, "-m", "build", "-n"]
|
||||
+ ["--sdist", "chatmaild", "--outdir", str(dist_dir)]
|
||||
)
|
||||
entries = list(dist_dir.iterdir())
|
||||
assert len(entries) == 1
|
||||
return entries[0]
|
||||
|
||||
|
||||
def remove_legacy_artifacts():
|
||||
# disable legacy doveauth-dictproxy.service
|
||||
if host.get_fact(SystemdEnabled).get("doveauth-dictproxy.service"):
|
||||
systemd.service(
|
||||
name="Disable legacy doveauth-dictproxy.service",
|
||||
service="doveauth-dictproxy.service",
|
||||
running=False,
|
||||
enabled=False,
|
||||
)
|
||||
|
||||
|
||||
def _install_remote_venv_with_chatmaild(config) -> None:
|
||||
remove_legacy_artifacts()
|
||||
dist_file = _build_chatmaild(dist_dir=Path("chatmaild/dist"))
|
||||
remote_base_dir = "/usr/local/lib/chatmaild"
|
||||
remote_dist_file = f"{remote_base_dir}/dist/{dist_file.name}"
|
||||
remote_venv_dir = f"{remote_base_dir}/venv"
|
||||
remote_chatmail_inipath = f"{remote_base_dir}/chatmail.ini"
|
||||
root_owned = dict(user="root", group="root", mode="644")
|
||||
|
||||
apt.packages(
|
||||
name="apt install python3-virtualenv",
|
||||
packages=["python3-virtualenv"],
|
||||
)
|
||||
|
||||
files.put(
|
||||
name="Upload chatmaild source package",
|
||||
src=dist_file.open("rb"),
|
||||
dest=remote_dist_file,
|
||||
create_remote_dir=True,
|
||||
**root_owned,
|
||||
)
|
||||
|
||||
files.put(
|
||||
name=f"Upload {remote_chatmail_inipath}",
|
||||
src=config._getbytefile(),
|
||||
dest=remote_chatmail_inipath,
|
||||
**root_owned,
|
||||
)
|
||||
|
||||
pip.virtualenv(
|
||||
name=f"chatmaild virtualenv {remote_venv_dir}",
|
||||
path=remote_venv_dir,
|
||||
always_copy=True,
|
||||
)
|
||||
|
||||
server.shell(
|
||||
name=f"forced pip-install {dist_file.name}",
|
||||
commands=[
|
||||
f"{remote_venv_dir}/bin/pip install --force-reinstall {remote_dist_file}"
|
||||
],
|
||||
)
|
||||
|
||||
files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("metrics.cron.j2"),
|
||||
dest="/etc/cron.d/chatmail-metrics",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={
|
||||
"mail_domain": config.mail_domain,
|
||||
"execpath": f"{remote_venv_dir}/bin/chatmail-metrics",
|
||||
},
|
||||
)
|
||||
|
||||
# install systemd units
|
||||
for fn in (
|
||||
"doveauth",
|
||||
"filtermail",
|
||||
"echobot",
|
||||
):
|
||||
params = dict(
|
||||
execpath=f"{remote_venv_dir}/bin/{fn}",
|
||||
config_path=remote_chatmail_inipath,
|
||||
remote_venv_dir=remote_venv_dir,
|
||||
)
|
||||
source_path = importlib.resources.files("chatmaild").joinpath(f"{fn}.service.f")
|
||||
content = source_path.read_text().format(**params).encode()
|
||||
|
||||
files.put(
|
||||
name=f"Upload {fn}.service",
|
||||
src=io.BytesIO(content),
|
||||
dest=f"/etc/systemd/system/{fn}.service",
|
||||
**root_owned,
|
||||
)
|
||||
systemd.service(
|
||||
name=f"Setup {fn} service",
|
||||
service=f"{fn}.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=True,
|
||||
daemon_reload=True,
|
||||
)
|
||||
|
||||
|
||||
def _configure_opendkim(domain: str, dkim_selector: str = "dkim") -> bool:
|
||||
"""Configures OpenDKIM"""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("opendkim/opendkim.conf"),
|
||||
dest="/etc/opendkim.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain, "opendkim_selector": dkim_selector},
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
|
||||
files.directory(
|
||||
name="Add opendkim directory to /etc",
|
||||
path="/etc/opendkim",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="750",
|
||||
present=True,
|
||||
)
|
||||
|
||||
keytable = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("opendkim/KeyTable"),
|
||||
dest="/etc/dkimkeys/KeyTable",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="644",
|
||||
config={"domain_name": domain, "opendkim_selector": dkim_selector},
|
||||
)
|
||||
need_restart |= keytable.changed
|
||||
|
||||
signing_table = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("opendkim/SigningTable"),
|
||||
dest="/etc/dkimkeys/SigningTable",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="644",
|
||||
config={"domain_name": domain, "opendkim_selector": dkim_selector},
|
||||
)
|
||||
need_restart |= signing_table.changed
|
||||
|
||||
files.directory(
|
||||
name="Add opendkim socket directory to /var/spool/postfix",
|
||||
path="/var/spool/postfix/opendkim",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="750",
|
||||
present=True,
|
||||
)
|
||||
|
||||
if not host.get_fact(File, f"/etc/dkimkeys/{dkim_selector}.private"):
|
||||
server.shell(
|
||||
name="Generate OpenDKIM domain keys",
|
||||
commands=[
|
||||
f"opendkim-genkey -D /etc/dkimkeys -d {domain} -s {dkim_selector}"
|
||||
],
|
||||
_sudo=True,
|
||||
_sudo_user="opendkim",
|
||||
)
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def _install_mta_sts_daemon() -> bool:
|
||||
need_restart = False
|
||||
|
||||
config = files.put(
|
||||
name="upload postfix-mta-sts-resolver config",
|
||||
src=importlib.resources.files(__package__).joinpath(
|
||||
"postfix/mta-sts-daemon.yml"
|
||||
),
|
||||
dest="/etc/mta-sts-daemon.yml",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
need_restart |= config.changed
|
||||
|
||||
server.shell(
|
||||
name="install postfix-mta-sts-resolver with pip",
|
||||
commands=[
|
||||
"python3 -m virtualenv /usr/local/lib/postfix-mta-sts-resolver",
|
||||
"/usr/local/lib/postfix-mta-sts-resolver/bin/pip install postfix-mta-sts-resolver",
|
||||
],
|
||||
)
|
||||
|
||||
systemd_unit = files.put(
|
||||
name="upload mta-sts-daemon systemd unit",
|
||||
src=importlib.resources.files(__package__).joinpath(
|
||||
"postfix/mta-sts-daemon.service"
|
||||
),
|
||||
dest="/etc/systemd/system/mta-sts-daemon.service",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
need_restart |= systemd_unit.changed
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def _configure_postfix(config: Config, debug: bool = False) -> bool:
|
||||
"""Configures Postfix SMTP server."""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("postfix/main.cf.j2"),
|
||||
dest="/etc/postfix/main.cf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config=config,
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
|
||||
master_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("postfix/master.cf.j2"),
|
||||
dest="/etc/postfix/master.cf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
debug=debug,
|
||||
config=config,
|
||||
)
|
||||
need_restart |= master_config.changed
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def _configure_dovecot(config: Config, debug: bool = False) -> bool:
|
||||
"""Configures Dovecot IMAP server."""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("dovecot/dovecot.conf.j2"),
|
||||
dest="/etc/dovecot/dovecot.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config=config,
|
||||
debug=debug,
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
auth_config = files.put(
|
||||
src=importlib.resources.files(__package__).joinpath("dovecot/auth.conf"),
|
||||
dest="/etc/dovecot/auth.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
need_restart |= auth_config.changed
|
||||
|
||||
files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("dovecot/expunge.cron.j2"),
|
||||
dest="/etc/cron.d/expunge",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config=config,
|
||||
)
|
||||
|
||||
# as per https://doc.dovecot.org/configuration_manual/os/
|
||||
# it is recommended to set the following inotify limits
|
||||
for name in ("max_user_instances", "max_user_watches"):
|
||||
key = f"fs.inotify.{name}"
|
||||
server.sysctl(
|
||||
name=f"Change {key}",
|
||||
key=key,
|
||||
value=65535,
|
||||
persist=True,
|
||||
)
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def _configure_nginx(domain: str, debug: bool = False) -> bool:
|
||||
"""Configures nginx HTTP server."""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("nginx/nginx.conf.j2"),
|
||||
dest="/etc/nginx/nginx.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain},
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
|
||||
autoconfig = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("nginx/autoconfig.xml.j2"),
|
||||
dest="/var/www/html/.well-known/autoconfig/mail/config-v1.1.xml",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain},
|
||||
)
|
||||
need_restart |= autoconfig.changed
|
||||
|
||||
mta_sts_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("nginx/mta-sts.txt.j2"),
|
||||
dest="/var/www/html/.well-known/mta-sts.txt",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain},
|
||||
)
|
||||
need_restart |= mta_sts_config.changed
|
||||
|
||||
# install CGI newemail script
|
||||
#
|
||||
cgi_dir = "/usr/lib/cgi-bin"
|
||||
files.directory(
|
||||
name=f"Ensure {cgi_dir} exists",
|
||||
path=cgi_dir,
|
||||
user="root",
|
||||
group="root",
|
||||
)
|
||||
|
||||
files.put(
|
||||
name="Upload cgi newemail.py script",
|
||||
src=importlib.resources.files("chatmaild").joinpath("newemail.py").open("rb"),
|
||||
dest=f"{cgi_dir}/newemail.py",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="755",
|
||||
)
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def check_config(config):
|
||||
mail_domain = config.mail_domain
|
||||
if mail_domain != "testrun.org" and not mail_domain.endswith(".testrun.org"):
|
||||
blocked_words = "merlinux schmieder testrun.org".split()
|
||||
for value in config.__dict__.values():
|
||||
if any(x in str(value) for x in blocked_words):
|
||||
raise ValueError(
|
||||
f"please set your own privacy contacts/addresses in {config._inipath}"
|
||||
)
|
||||
return config
|
||||
|
||||
|
||||
def deploy_chatmail(config_path: Path) -> None:
|
||||
"""Deploy a chat-mail instance.
|
||||
|
||||
:param config_path: path to chatmail.ini
|
||||
"""
|
||||
config = read_config(config_path)
|
||||
check_config(config)
|
||||
mail_domain = config.mail_domain
|
||||
|
||||
from .www import build_webpages
|
||||
|
||||
apt.update(name="apt update", cache_time=24 * 3600)
|
||||
server.group(name="Create vmail group", group="vmail", system=True)
|
||||
server.user(name="Create vmail user", user="vmail", group="vmail", system=True)
|
||||
|
||||
server.group(name="Create opendkim group", group="opendkim", system=True)
|
||||
server.user(
|
||||
name="Add postfix user to opendkim group for socket access",
|
||||
user="postfix",
|
||||
groups=["opendkim"],
|
||||
system=True,
|
||||
)
|
||||
|
||||
# Run local DNS resolver `unbound`.
|
||||
# `resolvconf` takes care of setting up /etc/resolv.conf
|
||||
# to use 127.0.0.1 as the resolver.
|
||||
apt.packages(
|
||||
name="Install unbound",
|
||||
packages="unbound",
|
||||
)
|
||||
systemd.service(
|
||||
name="Start and enable unbound",
|
||||
service="unbound.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
)
|
||||
|
||||
# Deploy acmetool to have TLS certificates.
|
||||
deploy_acmetool(nginx_hook=True, domains=[mail_domain, f"mta-sts.{mail_domain}"])
|
||||
|
||||
apt.packages(
|
||||
name="Install Postfix",
|
||||
packages="postfix",
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="Install Dovecot",
|
||||
packages=["dovecot-imapd", "dovecot-lmtpd"],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="Install OpenDKIM",
|
||||
packages=[
|
||||
"opendkim",
|
||||
"opendkim-tools",
|
||||
],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="Install nginx",
|
||||
packages=["nginx"],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="Install fcgiwrap",
|
||||
packages=["fcgiwrap"],
|
||||
)
|
||||
|
||||
www_path = importlib.resources.files(__package__).joinpath("../../../www").resolve()
|
||||
|
||||
build_dir = www_path.joinpath("build")
|
||||
src_dir = www_path.joinpath("src")
|
||||
build_webpages(src_dir, build_dir, config)
|
||||
files.rsync(f"{build_dir}/", "/var/www/html", flags=["-avz"])
|
||||
|
||||
_install_remote_venv_with_chatmaild(config)
|
||||
debug = False
|
||||
dovecot_need_restart = _configure_dovecot(config, debug=debug)
|
||||
postfix_need_restart = _configure_postfix(config, debug=debug)
|
||||
opendkim_need_restart = _configure_opendkim(mail_domain)
|
||||
mta_sts_need_restart = _install_mta_sts_daemon()
|
||||
nginx_need_restart = _configure_nginx(mail_domain)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable OpenDKIM",
|
||||
service="opendkim.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=opendkim_need_restart,
|
||||
)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable MTA-STS daemon",
|
||||
service="mta-sts-daemon.service",
|
||||
daemon_reload=True,
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=mta_sts_need_restart,
|
||||
)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable Postfix",
|
||||
service="postfix.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=postfix_need_restart,
|
||||
)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable Dovecot",
|
||||
service="dovecot.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=dovecot_need_restart,
|
||||
)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable nginx",
|
||||
service="nginx.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=nginx_need_restart,
|
||||
)
|
||||
|
||||
# This file is used by auth proxy.
|
||||
# https://wiki.debian.org/EtcMailName
|
||||
server.shell(
|
||||
name="Setup /etc/mailname",
|
||||
commands=[f"echo {mail_domain} >/etc/mailname; chmod 644 /etc/mailname"],
|
||||
)
|
||||
|
||||
journald_conf = files.put(
|
||||
name="Configure journald",
|
||||
src=importlib.resources.files(__package__).joinpath("journald.conf"),
|
||||
dest="/etc/systemd/journald.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
systemd.service(
|
||||
name="Start and enable journald",
|
||||
service="systemd-journald.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=journald_conf,
|
||||
)
|
||||
@@ -1,12 +0,0 @@
|
||||
{chatmail_domain}. MX 10 {chatmail_domain}.
|
||||
_submission._tcp.{chatmail_domain}. SRV 0 1 587 {chatmail_domain}.
|
||||
_submissions._tcp.{chatmail_domain}. SRV 0 1 465 {chatmail_domain}.
|
||||
_imap._tcp.{chatmail_domain}. SRV 0 1 143 {chatmail_domain}.
|
||||
_imaps._tcp.{chatmail_domain}. SRV 0 1 993 {chatmail_domain}.
|
||||
{chatmail_domain}. IN CAA 128 issue "letsencrypt.org;accounturi={acme_account_url}"
|
||||
{chatmail_domain}. TXT "v=spf1 a:{chatmail_domain} -all"
|
||||
_dmarc.{chatmail_domain}. TXT "v=DMARC1;p=reject;rua=mailto:{email};ruf=mailto:{email};fo=1;adkim=r;aspf=r"
|
||||
_mta-sts.{chatmail_domain}. IN TXT "v=STSv1; id={sts_id}"
|
||||
mta-sts.{chatmail_domain}. IN CNAME {chatmail_domain}.
|
||||
_smtp._tls.{chatmail_domain}. IN TXT "v=TLSRPTv1;rua=mailto:{email}"
|
||||
{dkim_entry}
|
||||
@@ -1,316 +0,0 @@
|
||||
"""
|
||||
Provides the `cmdeploy` entry point function,
|
||||
along with command line option and subcommand parsing.
|
||||
"""
|
||||
import argparse
|
||||
import datetime
|
||||
import shutil
|
||||
import subprocess
|
||||
import importlib.resources
|
||||
import importlib.util
|
||||
import os
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
|
||||
from termcolor import colored
|
||||
from chatmaild.config import read_config, write_initial_config
|
||||
|
||||
|
||||
#
|
||||
# cmdeploy sub commands and options
|
||||
#
|
||||
|
||||
|
||||
def init_cmd_options(parser):
|
||||
parser.add_argument(
|
||||
"chatmail_domain",
|
||||
action="store",
|
||||
help="fully qualified DNS domain name for your chatmail instance",
|
||||
)
|
||||
|
||||
|
||||
def init_cmd(args, out):
|
||||
"""Initialize chatmail config file."""
|
||||
if args.inipath.exists():
|
||||
out.red(f"Path exists, not modifying: {args.inipath}")
|
||||
raise SystemExit(1)
|
||||
write_initial_config(args.inipath, args.chatmail_domain)
|
||||
out.green(f"created config file for {args.chatmail_domain} in {args.inipath}")
|
||||
|
||||
|
||||
def run_cmd_options(parser):
|
||||
parser.add_argument(
|
||||
"--dry-run",
|
||||
dest="dry_run",
|
||||
action="store_true",
|
||||
help="don't actually modify the server",
|
||||
)
|
||||
|
||||
|
||||
def run_cmd(args, out):
|
||||
"""Deploy chatmail services on the remote server."""
|
||||
|
||||
env = os.environ.copy()
|
||||
env["CHATMAIL_INI"] = args.inipath
|
||||
deploy_path = importlib.resources.files(__package__).joinpath("deploy.py").resolve()
|
||||
pyinf = "pyinfra --dry" if args.dry_run else "pyinfra"
|
||||
cmd = f"{pyinf} --ssh-user root {args.config.mail_domain} {deploy_path}"
|
||||
out.check_call(cmd, env=env)
|
||||
|
||||
|
||||
def dns_cmd(args, out):
|
||||
"""Generate dns zone file."""
|
||||
template = importlib.resources.files(__package__).joinpath("chatmail.zone.f")
|
||||
ssh = f"ssh root@{args.config.mail_domain}"
|
||||
|
||||
def read_dkim_entries(entry):
|
||||
lines = []
|
||||
for line in entry.split("\n"):
|
||||
if line.startswith(";") or not line.strip():
|
||||
continue
|
||||
line = line.replace("\t", " ")
|
||||
lines.append(line)
|
||||
return "\n".join(lines)
|
||||
|
||||
acme_account_url = out.shell_output(f"{ssh} -- acmetool account-url")
|
||||
dkim_entry = read_dkim_entries(out.shell_output(f"{ssh} -- opendkim-genzone -F"))
|
||||
|
||||
out(
|
||||
f"[writing {args.config.mail_domain} zone data (using space as separator) to stdout output]",
|
||||
green=True,
|
||||
)
|
||||
print(
|
||||
template.read_text()
|
||||
.format(
|
||||
acme_account_url=acme_account_url,
|
||||
email=f"root@{args.config.mail_domain}",
|
||||
sts_id=datetime.datetime.now().strftime("%Y%m%d%H%M"),
|
||||
chatmail_domain=args.config.mail_domain,
|
||||
dkim_entry=dkim_entry,
|
||||
)
|
||||
.strip()
|
||||
)
|
||||
|
||||
|
||||
def status_cmd(args, out):
|
||||
"""Display status for online chatmail instance."""
|
||||
|
||||
ssh = f"ssh root@{args.config.mail_domain}"
|
||||
|
||||
out.green(f"chatmail domain: {args.config.mail_domain}")
|
||||
if args.config.privacy_mail:
|
||||
out.green("privacy settings: present")
|
||||
else:
|
||||
out.red("no privacy settings")
|
||||
|
||||
s1 = "systemctl --type=service --state=running"
|
||||
for line in out.shell_output(f"{ssh} -- {s1}").split("\n"):
|
||||
if line.startswith(" "):
|
||||
print(line)
|
||||
|
||||
|
||||
def test_cmd_options(parser):
|
||||
parser.add_argument(
|
||||
"--slow",
|
||||
dest="slow",
|
||||
action="store_true",
|
||||
help="also run slow tests",
|
||||
)
|
||||
|
||||
|
||||
def test_cmd(args, out):
|
||||
"""Run local and online tests for chatmail deployment.
|
||||
|
||||
This will automatically pip-install 'deltachat' if it's not available.
|
||||
"""
|
||||
|
||||
x = importlib.util.find_spec("deltachat")
|
||||
if x is None:
|
||||
out.check_call(f"{sys.executable} -m pip install deltachat")
|
||||
|
||||
pytest_path = shutil.which("pytest")
|
||||
pytest_args = [
|
||||
pytest_path,
|
||||
"cmdeploy/src/",
|
||||
"-n4",
|
||||
"-rs",
|
||||
"-x",
|
||||
"-vrx",
|
||||
"--durations=5",
|
||||
]
|
||||
if args.slow:
|
||||
pytest_args.append("--slow")
|
||||
ret = out.run_ret(pytest_args)
|
||||
return ret
|
||||
|
||||
|
||||
def fmt_cmd_options(parser):
|
||||
parser.add_argument(
|
||||
"--verbose",
|
||||
"-v",
|
||||
dest="verbose",
|
||||
action="store_true",
|
||||
help="provide information on invocations",
|
||||
)
|
||||
|
||||
parser.add_argument(
|
||||
"--check",
|
||||
"-c",
|
||||
action="store_true",
|
||||
help="only check but don't fix problems",
|
||||
)
|
||||
|
||||
|
||||
def fmt_cmd(args, out):
|
||||
"""Run formattting fixes (ruff and black) on all chatmail source code."""
|
||||
|
||||
sources = [str(importlib.resources.files(x)) for x in ("chatmaild", "cmdeploy")]
|
||||
black_args = [shutil.which("black")]
|
||||
ruff_args = [shutil.which("ruff")]
|
||||
|
||||
if args.check:
|
||||
black_args.append("--check")
|
||||
else:
|
||||
ruff_args.append("--fix")
|
||||
|
||||
if not args.verbose:
|
||||
black_args.append("-q")
|
||||
ruff_args.append("-q")
|
||||
|
||||
black_args.extend(sources)
|
||||
ruff_args.extend(sources)
|
||||
|
||||
out.check_call(" ".join(black_args), quiet=not args.verbose)
|
||||
out.check_call(" ".join(ruff_args), quiet=not args.verbose)
|
||||
return 0
|
||||
|
||||
|
||||
def bench_cmd(args, out):
|
||||
"""Run benchmarks against an online chatmail instance."""
|
||||
args = ["pytest", "--pyargs", "cmdeploy.tests.online.benchmark", "-vrx"]
|
||||
cmdstring = " ".join(args)
|
||||
out.green(f"[$ {cmdstring}]")
|
||||
subprocess.check_call(args)
|
||||
|
||||
|
||||
def webdev_cmd(args, out):
|
||||
"""Run local web development loop for static web pages."""
|
||||
from .www import main
|
||||
|
||||
main()
|
||||
|
||||
|
||||
#
|
||||
# Parsing command line options and starting commands
|
||||
#
|
||||
|
||||
|
||||
class Out:
|
||||
"""Convenience output printer providing coloring."""
|
||||
|
||||
def red(self, msg, file=sys.stderr):
|
||||
print(colored(msg, "red"), file=file)
|
||||
|
||||
def green(self, msg, file=sys.stderr):
|
||||
print(colored(msg, "green"), file=file)
|
||||
|
||||
def __call__(self, msg, red=False, green=False, file=sys.stdout):
|
||||
color = "red" if red else ("green" if green else None)
|
||||
print(colored(msg, color), file=file)
|
||||
|
||||
def shell_output(self, arg):
|
||||
self(f"[$ {arg}]", file=sys.stderr)
|
||||
return subprocess.check_output(arg, shell=True).decode()
|
||||
|
||||
def check_call(self, arg, env=None, quiet=False):
|
||||
if not quiet:
|
||||
self(f"[$ {arg}]", file=sys.stderr)
|
||||
return subprocess.check_call(arg, shell=True, env=env)
|
||||
|
||||
def run_ret(self, args, env=None, quiet=False):
|
||||
if not quiet:
|
||||
cmdstring = " ".join(args)
|
||||
self(f"[$ {cmdstring}]", file=sys.stderr)
|
||||
proc = subprocess.run(args, env=env)
|
||||
return proc.returncode
|
||||
|
||||
|
||||
def add_config_option(parser):
|
||||
parser.add_argument(
|
||||
"--config",
|
||||
dest="inipath",
|
||||
action="store",
|
||||
default=Path("chatmail.ini"),
|
||||
type=Path,
|
||||
help="path to the chatmail.ini file",
|
||||
)
|
||||
|
||||
|
||||
def add_subcommand(subparsers, func):
|
||||
name = func.__name__
|
||||
assert name.endswith("_cmd")
|
||||
name = name[:-4]
|
||||
doc = func.__doc__.strip()
|
||||
help = doc.split("\n")[0].strip(".")
|
||||
p = subparsers.add_parser(name, description=doc, help=help)
|
||||
p.set_defaults(func=func)
|
||||
add_config_option(p)
|
||||
return p
|
||||
|
||||
|
||||
description = """
|
||||
Setup your chatmail server configuration and
|
||||
deploy it via SSH to your remote location.
|
||||
"""
|
||||
|
||||
|
||||
def get_parser():
|
||||
"""Return an ArgumentParser for the 'cmdeploy' CLI"""
|
||||
|
||||
parser = argparse.ArgumentParser(description=description.strip())
|
||||
subparsers = parser.add_subparsers(title="subcommands")
|
||||
|
||||
# find all subcommands in the module namespace
|
||||
glob = globals()
|
||||
for name, func in glob.items():
|
||||
if name.endswith("_cmd"):
|
||||
subparser = add_subcommand(subparsers, func)
|
||||
addopts = glob.get(name + "_options")
|
||||
if addopts is not None:
|
||||
addopts(subparser)
|
||||
|
||||
return parser
|
||||
|
||||
|
||||
def main(args=None):
|
||||
"""Provide main entry point for 'xdcget' CLI invocation."""
|
||||
parser = get_parser()
|
||||
args = parser.parse_args(args=args)
|
||||
if not hasattr(args, "func"):
|
||||
return parser.parse_args(["-h"])
|
||||
out = Out()
|
||||
kwargs = {}
|
||||
if args.func.__name__ not in ("init_cmd", "fmt_cmd"):
|
||||
if not args.inipath.exists():
|
||||
out.red(f"expecting {args.inipath} to exist, run init first?")
|
||||
raise SystemExit(1)
|
||||
try:
|
||||
args.config = read_config(args.inipath)
|
||||
except Exception as ex:
|
||||
out.red(ex)
|
||||
raise SystemExit(1)
|
||||
|
||||
try:
|
||||
res = args.func(args, out, **kwargs)
|
||||
if res is None:
|
||||
res = 0
|
||||
return res
|
||||
|
||||
except KeyboardInterrupt:
|
||||
out.red("KeyboardInterrupt")
|
||||
sys.exit(130)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 13 KiB |
Binary file not shown.
@@ -1,17 +0,0 @@
|
||||
import os
|
||||
import importlib.resources
|
||||
import pyinfra
|
||||
from cmdeploy import deploy_chatmail
|
||||
|
||||
|
||||
def main():
|
||||
config_path = os.getenv(
|
||||
"CHATMAIL_INI",
|
||||
importlib.resources.files("cmdeploy").joinpath("../../../chatmail.ini"),
|
||||
)
|
||||
|
||||
deploy_chatmail(config_path)
|
||||
|
||||
|
||||
if pyinfra.is_cli:
|
||||
main()
|
||||
@@ -1,10 +0,0 @@
|
||||
# delete all mails after {{ config.delete_mails_after }} days, in the Inbox
|
||||
2 0 * * * dovecot find /home/vmail/mail/{{ config.mail_domain }}/*/cur -mtime +{{ config.delete_mails_after }} -type f -delete
|
||||
# or in any IMAP subfolder
|
||||
2 0 * * * dovecot find /home/vmail/mail/{{ config.mail_domain }}/*/.*/cur -mtime +{{ config.delete_mails_after }} -type f -delete
|
||||
# even if they are unseen
|
||||
2 0 * * * dovecot find /home/vmail/mail/{{ config.mail_domain }}/*/new -mtime +{{ config.delete_mails_after }} -type f -delete
|
||||
2 0 * * * dovecot find /home/vmail/mail/{{ config.mail_domain }}/*/.*/new -mtime +{{ config.delete_mails_after }} -type f -delete
|
||||
# or only temporary (but then they shouldn't be around after {{ config.delete_mails_after }} days anyway).
|
||||
2 0 * * * dovecot find /home/vmail/mail/{{ config.mail_domain }}/*/tmp -mtime +{{ config.delete_mails_after }} -type f -delete
|
||||
2 0 * * * dovecot find /home/vmail/mail/{{ config.mail_domain }}/*/.*/tmp -mtime +{{ config.delete_mails_after }} -type f -delete
|
||||
@@ -1,87 +0,0 @@
|
||||
import importlib
|
||||
import qrcode
|
||||
import os
|
||||
from PIL import ImageFont, ImageDraw, Image
|
||||
import io
|
||||
|
||||
|
||||
def gen_qr_png_data(maildomain):
|
||||
url = f"DCACCOUNT:https://{maildomain}/cgi-bin/newemail.py"
|
||||
image = gen_qr(maildomain, url)
|
||||
temp = io.BytesIO()
|
||||
image.save(temp, format="png")
|
||||
temp.seek(0)
|
||||
return temp
|
||||
|
||||
|
||||
def gen_qr(maildomain, url):
|
||||
# taken and modified from
|
||||
# https://github.com/deltachat/mailadm/blob/master/src/mailadm/gen_qr.py
|
||||
|
||||
# info = f"{maildomain} invite code"
|
||||
info = ""
|
||||
|
||||
# load QR code
|
||||
qr = qrcode.QRCode(
|
||||
version=1,
|
||||
error_correction=qrcode.constants.ERROR_CORRECT_H,
|
||||
box_size=1,
|
||||
border=1,
|
||||
)
|
||||
qr.add_data(url)
|
||||
qr.make(fit=True)
|
||||
qr_img = qr.make_image(fill_color="black", back_color="white")
|
||||
|
||||
# paint all elements
|
||||
ttf_path = str(
|
||||
importlib.resources.files(__package__).joinpath("data/opensans-regular.ttf")
|
||||
)
|
||||
logo_red_path = str(
|
||||
importlib.resources.files(__package__).joinpath("data/delta-chat-bw.png")
|
||||
)
|
||||
|
||||
assert os.path.exists(ttf_path), ttf_path
|
||||
font_size = 16
|
||||
font = ImageFont.truetype(font=ttf_path, size=font_size)
|
||||
|
||||
num_lines = ((info).count("\n") + 1) if info else 0
|
||||
|
||||
size = width = 384
|
||||
qr_padding = 6
|
||||
text_height = font_size * num_lines
|
||||
height = size + text_height
|
||||
|
||||
image = Image.new("RGBA", (width, height), "white")
|
||||
qr_final_size = width - (qr_padding * 2)
|
||||
|
||||
if num_lines:
|
||||
draw = ImageDraw.Draw(image)
|
||||
|
||||
# draw text
|
||||
if hasattr(font, "getsize"):
|
||||
info_pos = (width - font.getsize(info.strip())[0]) // 2
|
||||
else:
|
||||
info_pos = (width - font.getbbox(info.strip())[3]) // 2
|
||||
|
||||
draw.multiline_text(
|
||||
(info_pos, size - qr_padding // 2),
|
||||
info,
|
||||
font=font,
|
||||
fill="black",
|
||||
align="right",
|
||||
)
|
||||
|
||||
# paste QR code
|
||||
image.paste(
|
||||
qr_img.resize((qr_final_size, qr_final_size), resample=Image.NEAREST),
|
||||
(qr_padding, qr_padding),
|
||||
)
|
||||
|
||||
# background delta logo
|
||||
logo2_img = Image.open(logo_red_path)
|
||||
logo2_width = int(size / 6)
|
||||
logo2 = logo2_img.resize((logo2_width, logo2_width), resample=Image.NEAREST)
|
||||
pos = int((size / 2) - (logo2_width / 2))
|
||||
image.paste(logo2, (pos, pos), mask=logo2)
|
||||
|
||||
return image
|
||||
@@ -1 +0,0 @@
|
||||
*/5 * * * * root {{ config.execpath }} /home/vmail/mail/{{ config.mail_domain }} >/var/www/html/metrics
|
||||
@@ -1,4 +0,0 @@
|
||||
version: STSv1
|
||||
mode: enforce
|
||||
mx: {{ config.domain_name }}
|
||||
max_age: 2419200
|
||||
@@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=Postfix MTA-STS resolver daemon
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/lib/postfix-mta-sts-resolver/bin/mta-sts-daemon
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,13 +0,0 @@
|
||||
host: 127.0.0.1
|
||||
port: 8461
|
||||
reuse_port: true
|
||||
shutdown_timeout: 20
|
||||
cache:
|
||||
type: internal
|
||||
options:
|
||||
cache_size: 10000
|
||||
proactive_policy_fetching:
|
||||
enabled: true
|
||||
default_zone:
|
||||
strict_testing: false
|
||||
timeout: 4
|
||||
@@ -1,16 +0,0 @@
|
||||
import requests
|
||||
|
||||
from cmdeploy.genqr import gen_qr_png_data
|
||||
|
||||
|
||||
def test_gen_qr_png_data(maildomain):
|
||||
data = gen_qr_png_data(maildomain)
|
||||
assert data
|
||||
|
||||
|
||||
def test_fastcgi_working(maildomain, chatmail_config):
|
||||
url = f"https://{maildomain}/cgi-bin/newemail.py"
|
||||
print(url)
|
||||
res = requests.post(url)
|
||||
assert maildomain in res.json().get("email")
|
||||
assert len(res.json().get("password")) > chatmail_config.password_min_length
|
||||
@@ -1,33 +0,0 @@
|
||||
import os
|
||||
|
||||
import pytest
|
||||
from cmdeploy.cmdeploy import get_parser, main
|
||||
from chatmaild.config import read_config
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def _chdir(tmp_path):
|
||||
old = os.getcwd()
|
||||
os.chdir(tmp_path)
|
||||
yield
|
||||
os.chdir(old)
|
||||
|
||||
|
||||
class TestCmdline:
|
||||
def test_parser(self, capsys):
|
||||
parser = get_parser()
|
||||
parser.parse_args([])
|
||||
init = parser.parse_args(["init", "chat.example.org"])
|
||||
run = parser.parse_args(["run"])
|
||||
assert init and run
|
||||
|
||||
def test_init(self, tmp_path):
|
||||
main(["init", "chat.example.org"])
|
||||
inipath = tmp_path.joinpath("chatmail.ini")
|
||||
config = read_config(inipath)
|
||||
assert config.mail_domain == "chat.example.org"
|
||||
|
||||
def test_init_not_overwrite(self):
|
||||
main(["init", "chat.example.org"])
|
||||
with pytest.raises(SystemExit):
|
||||
main(["init", "chat.example.org"])
|
||||
@@ -1,13 +0,0 @@
|
||||
import importlib.resources
|
||||
|
||||
from cmdeploy.www import build_webpages
|
||||
|
||||
|
||||
def test_build_webpages(tmp_path, make_config):
|
||||
pkgroot = importlib.resources.files("cmdeploy")
|
||||
src_dir = pkgroot.joinpath("../../../www/src").resolve()
|
||||
assert src_dir.exists(), src_dir
|
||||
config = make_config("chat.example.org")
|
||||
build_dir = tmp_path.joinpath("build")
|
||||
build_webpages(src_dir, build_dir, config)
|
||||
assert len([x for x in build_dir.iterdir() if x.suffix == ".html"]) >= 3
|
||||
@@ -1,143 +0,0 @@
|
||||
import importlib.resources
|
||||
import webbrowser
|
||||
import hashlib
|
||||
import time
|
||||
import traceback
|
||||
|
||||
import markdown
|
||||
from jinja2 import Template
|
||||
from .genqr import gen_qr_png_data
|
||||
from chatmaild.config import read_config
|
||||
|
||||
|
||||
def snapshot_dir_stats(somedir):
|
||||
d = {}
|
||||
for path in somedir.iterdir():
|
||||
if path.is_file() and path.name[0] != "." and path.suffix != ".swp":
|
||||
mtime = path.stat().st_mtime
|
||||
hash = hashlib.md5(path.read_bytes()).hexdigest()
|
||||
d[path] = (mtime, hash)
|
||||
return d
|
||||
|
||||
|
||||
def prepare_template(source):
|
||||
assert source.exists(), source
|
||||
render_vars = {}
|
||||
render_vars["pagename"] = "home" if source.stem == "index" else source.stem
|
||||
render_vars["markdown_html"] = markdown.markdown(source.read_text())
|
||||
page_layout = source.with_name("page-layout.html").read_text()
|
||||
return render_vars, page_layout
|
||||
|
||||
|
||||
def build_webpages(src_dir, build_dir, config):
|
||||
try:
|
||||
_build_webpages(src_dir, build_dir, config)
|
||||
except Exception:
|
||||
print(traceback.format_exc())
|
||||
|
||||
|
||||
def int_to_english(number):
|
||||
if number >= 0 and number <= 12:
|
||||
a = [
|
||||
"zero",
|
||||
"one",
|
||||
"two",
|
||||
"three",
|
||||
"four",
|
||||
"five",
|
||||
"six",
|
||||
"seven",
|
||||
"eight",
|
||||
"nine",
|
||||
"ten",
|
||||
"eleven",
|
||||
"twelve",
|
||||
]
|
||||
return a[number]
|
||||
elif number <= 50:
|
||||
return str(number)
|
||||
if number > 50:
|
||||
return "more"
|
||||
|
||||
|
||||
def _build_webpages(src_dir, build_dir, config):
|
||||
mail_domain = config.mail_domain
|
||||
assert src_dir.exists(), src_dir
|
||||
if not build_dir.exists():
|
||||
build_dir.mkdir()
|
||||
|
||||
qr_path = build_dir.joinpath(f"qr-chatmail-invite-{mail_domain}.png")
|
||||
qr_path.write_bytes(gen_qr_png_data(mail_domain).read())
|
||||
|
||||
for path in src_dir.iterdir():
|
||||
if path.suffix == ".md":
|
||||
render_vars, content = prepare_template(path)
|
||||
render_vars["username_min_length"] = int_to_english(
|
||||
config.username_min_length
|
||||
)
|
||||
render_vars["username_max_length"] = int_to_english(
|
||||
config.username_max_length
|
||||
)
|
||||
render_vars["password_min_length"] = int_to_english(
|
||||
config.password_min_length
|
||||
)
|
||||
target = build_dir.joinpath(path.stem + ".html")
|
||||
|
||||
# recursive jinja2 rendering
|
||||
while 1:
|
||||
new = Template(content).render(config=config, **render_vars)
|
||||
if new == content:
|
||||
break
|
||||
content = new
|
||||
|
||||
with target.open("w") as f:
|
||||
f.write(content)
|
||||
elif path.name != "page-layout.html":
|
||||
target = build_dir.joinpath(path.name)
|
||||
target.write_bytes(path.read_bytes())
|
||||
return build_dir
|
||||
|
||||
|
||||
def main():
|
||||
path = importlib.resources.files(__package__)
|
||||
reporoot = path.joinpath("../../../").resolve()
|
||||
inipath = reporoot.joinpath("chatmail.ini")
|
||||
config = read_config(inipath)
|
||||
config.webdev = True
|
||||
assert config.mail_domain
|
||||
www_path = reporoot.joinpath("www")
|
||||
src_path = www_path.joinpath("src")
|
||||
stats = None
|
||||
build_dir = www_path.joinpath("build")
|
||||
src_dir = www_path.joinpath("src")
|
||||
index_path = build_dir.joinpath("index.html")
|
||||
|
||||
# start web page generation, open a browser and wait for changes
|
||||
build_webpages(src_dir, build_dir, config)
|
||||
webbrowser.open(str(index_path))
|
||||
stats = snapshot_dir_stats(src_path)
|
||||
print(f"\nOpened URL: file://{index_path.resolve()}\n")
|
||||
print(f"watching {src_path} directory for changes")
|
||||
|
||||
changenum = 0
|
||||
for count in range(0, 1000000):
|
||||
newstats = snapshot_dir_stats(src_path)
|
||||
if newstats == stats and count % 60 != 0:
|
||||
count += 1
|
||||
time.sleep(1.0)
|
||||
continue
|
||||
|
||||
for key in newstats:
|
||||
if stats[key] != newstats[key]:
|
||||
print(f"*** CHANGED: {key}")
|
||||
changenum += 1
|
||||
|
||||
stats = newstats
|
||||
build_webpages(src_dir, build_dir, config)
|
||||
print(f"[{changenum}] regenerated web pages at: {index_path}")
|
||||
print(f"URL: file://{index_path.resolve()}\n\n")
|
||||
count = 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
30
deploy-chatmail/pyproject.toml
Normal file
30
deploy-chatmail/pyproject.toml
Normal file
@@ -0,0 +1,30 @@
|
||||
[build-system]
|
||||
requires = ["setuptools>=45"]
|
||||
build-backend = "setuptools.build_meta"
|
||||
|
||||
[project]
|
||||
name = "deploy-chatmail"
|
||||
version = "0.1"
|
||||
dependencies = [
|
||||
"pyinfra",
|
||||
]
|
||||
|
||||
[tool.pytest.ini_options]
|
||||
addopts = "-v -ra --strict-markers"
|
||||
|
||||
[tool.tox]
|
||||
legacy_tox_ini = """
|
||||
[tox]
|
||||
isolated_build = true
|
||||
envlist = lint
|
||||
|
||||
[testenv:lint]
|
||||
skipdist = True
|
||||
skip_install = True
|
||||
deps =
|
||||
ruff
|
||||
black
|
||||
commands =
|
||||
black --quiet --check --diff src/
|
||||
ruff src/
|
||||
"""
|
||||
322
deploy-chatmail/src/deploy_chatmail/__init__.py
Normal file
322
deploy-chatmail/src/deploy_chatmail/__init__.py
Normal file
@@ -0,0 +1,322 @@
|
||||
"""
|
||||
Chat Mail pyinfra deploy.
|
||||
"""
|
||||
import importlib.resources
|
||||
from pathlib import Path
|
||||
|
||||
from pyinfra import host
|
||||
from pyinfra.operations import apt, files, server, systemd
|
||||
from pyinfra.facts.files import File
|
||||
from .acmetool import deploy_acmetool
|
||||
|
||||
|
||||
def _install_chatmaild() -> None:
|
||||
chatmaild_filename = "chatmaild-0.1.tar.gz"
|
||||
chatmaild_path = importlib.resources.files(__package__).joinpath(
|
||||
f"../../../dist/{chatmaild_filename}"
|
||||
)
|
||||
remote_path = f"/tmp/{chatmaild_filename}"
|
||||
if Path(str(chatmaild_path)).exists():
|
||||
files.put(
|
||||
name="Upload chatmaild source package",
|
||||
src=chatmaild_path.open("rb"),
|
||||
dest=remote_path,
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="apt install python3-aiosmtpd",
|
||||
packages=["python3-aiosmtpd", "python3-pip"],
|
||||
)
|
||||
|
||||
# --no-deps because aiosmtplib is installed with `apt`.
|
||||
server.shell(
|
||||
name="install chatmaild with pip",
|
||||
commands=[f"pip install --break-system-packages {remote_path}"],
|
||||
)
|
||||
|
||||
for fn in (
|
||||
"doveauth-dictproxy",
|
||||
"filtermail",
|
||||
):
|
||||
files.put(
|
||||
name=f"Upload {fn}.service",
|
||||
src=importlib.resources.files("chatmaild")
|
||||
.joinpath(f"{fn}.service")
|
||||
.open("rb"),
|
||||
dest=f"/etc/systemd/system/{fn}.service",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
systemd.service(
|
||||
name=f"Setup {fn} service",
|
||||
service=f"{fn}.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=True,
|
||||
daemon_reload=True,
|
||||
)
|
||||
|
||||
|
||||
def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
|
||||
"""Configures OpenDKIM"""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("opendkim/opendkim.conf"),
|
||||
dest="/etc/opendkim.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain, "opendkim_selector": dkim_selector},
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
|
||||
files.directory(
|
||||
name="Add opendkim directory to /etc",
|
||||
path="/etc/opendkim",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="750",
|
||||
present=True,
|
||||
)
|
||||
|
||||
keytable = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("opendkim/KeyTable"),
|
||||
dest="/etc/dkimkeys/KeyTable",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="644",
|
||||
config={"domain_name": domain, "opendkim_selector": dkim_selector},
|
||||
)
|
||||
need_restart |= keytable.changed
|
||||
|
||||
signing_table = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("opendkim/SigningTable"),
|
||||
dest="/etc/dkimkeys/SigningTable",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="644",
|
||||
config={"domain_name": domain, "opendkim_selector": dkim_selector},
|
||||
)
|
||||
need_restart |= signing_table.changed
|
||||
|
||||
files.directory(
|
||||
name="Add opendkim socket directory to /var/spool/postfix",
|
||||
path="/var/spool/postfix/opendkim",
|
||||
user="opendkim",
|
||||
group="opendkim",
|
||||
mode="750",
|
||||
present=True,
|
||||
)
|
||||
|
||||
if not host.get_fact(File, f"/etc/dkimkeys/{dkim_selector}.private"):
|
||||
server.shell(
|
||||
name="Generate OpenDKIM domain keys",
|
||||
commands=[
|
||||
f"opendkim-genkey -D /etc/dkimkeys -d {domain} -s {dkim_selector}"
|
||||
],
|
||||
_sudo=True,
|
||||
_sudo_user="opendkim",
|
||||
)
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def _configure_postfix(domain: str, debug: bool = False) -> bool:
|
||||
"""Configures Postfix SMTP server."""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("postfix/main.cf.j2"),
|
||||
dest="/etc/postfix/main.cf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain},
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
|
||||
master_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("postfix/master.cf.j2"),
|
||||
dest="/etc/postfix/master.cf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
debug=debug,
|
||||
)
|
||||
need_restart |= master_config.changed
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def _configure_dovecot(mail_server: str, debug: bool = False) -> bool:
|
||||
"""Configures Dovecot IMAP server."""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("dovecot/dovecot.conf.j2"),
|
||||
dest="/etc/dovecot/dovecot.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"hostname": mail_server},
|
||||
debug=debug,
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
auth_config = files.put(
|
||||
src=importlib.resources.files(__package__).joinpath("dovecot/auth.conf"),
|
||||
dest="/etc/dovecot/auth.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
need_restart |= auth_config.changed
|
||||
|
||||
files.put(
|
||||
src=importlib.resources.files(__package__)
|
||||
.joinpath("dovecot/expunge.cron")
|
||||
.open("rb"),
|
||||
dest="/etc/cron.d/expunge",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def _configure_nginx(domain: str, debug: bool = False) -> bool:
|
||||
"""Configures nginx HTTP server."""
|
||||
need_restart = False
|
||||
|
||||
main_config = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("nginx.conf.j2"),
|
||||
dest="/etc/nginx/nginx.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain},
|
||||
)
|
||||
need_restart |= main_config.changed
|
||||
|
||||
autoconfig = files.template(
|
||||
src=importlib.resources.files(__package__).joinpath("autoconfig.xml.j2"),
|
||||
dest="/var/www/html/.well-known/autoconfig/mail/config-v1.1.xml",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
config={"domain_name": domain},
|
||||
)
|
||||
need_restart |= autoconfig.changed
|
||||
|
||||
return need_restart
|
||||
|
||||
|
||||
def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> None:
|
||||
"""Deploy a chat-mail instance.
|
||||
|
||||
:param mail_domain: domain part of your future email addresses
|
||||
:param mail_server: the DNS name under which your mail server is reachable
|
||||
:param dkim_selector:
|
||||
"""
|
||||
|
||||
apt.update(name="apt update", cache_time=24 * 3600)
|
||||
server.group(name="Create vmail group", group="vmail", system=True)
|
||||
server.user(name="Create vmail user", user="vmail", group="vmail", system=True)
|
||||
|
||||
server.group(name="Create opendkim group", group="opendkim", system=True)
|
||||
server.user(
|
||||
name="Add postfix user to opendkim group for socket access",
|
||||
user="postfix",
|
||||
groups=["opendkim"],
|
||||
system=True,
|
||||
)
|
||||
|
||||
# Deploy acmetool to have TLS certificates.
|
||||
deploy_acmetool(nginx_hook=True, domains=[mail_server])
|
||||
|
||||
apt.packages(
|
||||
name="Install Postfix",
|
||||
packages="postfix",
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="Install Dovecot",
|
||||
packages=["dovecot-imapd", "dovecot-lmtpd"],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="Install OpenDKIM",
|
||||
packages=[
|
||||
"opendkim",
|
||||
"opendkim-tools",
|
||||
],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="Install nginx",
|
||||
packages=["nginx"],
|
||||
)
|
||||
|
||||
_install_chatmaild()
|
||||
debug = False
|
||||
dovecot_need_restart = _configure_dovecot(mail_server, debug=debug)
|
||||
postfix_need_restart = _configure_postfix(mail_domain, debug=debug)
|
||||
opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
|
||||
nginx_need_restart = _configure_nginx(mail_domain)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable OpenDKIM",
|
||||
service="opendkim.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=opendkim_need_restart,
|
||||
)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable Postfix",
|
||||
service="postfix.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=postfix_need_restart,
|
||||
)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable Dovecot",
|
||||
service="dovecot.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=dovecot_need_restart,
|
||||
)
|
||||
|
||||
systemd.service(
|
||||
name="Start and enable nginx",
|
||||
service="nginx.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=nginx_need_restart,
|
||||
)
|
||||
|
||||
# This file is used by auth proxy.
|
||||
# https://wiki.debian.org/EtcMailName
|
||||
server.shell(
|
||||
name="Setup /etc/mailname",
|
||||
commands=[f"echo {mail_domain} >/etc/mailname; chmod 644 /etc/mailname"],
|
||||
)
|
||||
|
||||
journald_conf = files.put(
|
||||
name="Configure journald",
|
||||
src=importlib.resources.files(__package__).joinpath("journald.conf"),
|
||||
dest="/etc/systemd/journald.conf",
|
||||
user="root",
|
||||
group="root",
|
||||
mode="644",
|
||||
)
|
||||
systemd.service(
|
||||
name="Start and enable journald",
|
||||
service="systemd-journald.service",
|
||||
running=True,
|
||||
enabled=True,
|
||||
restarted=journald_conf,
|
||||
)
|
||||
@@ -46,7 +46,8 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
|
||||
mode="644",
|
||||
)
|
||||
|
||||
server.shell(
|
||||
name=f"Request certificate for: { ', '.join(domains) }",
|
||||
commands=[f"acmetool want { ' '.join(domains)}"],
|
||||
)
|
||||
for domain in domains:
|
||||
server.shell(
|
||||
name=f"Request certificate for {domain}",
|
||||
commands=[f"acmetool want {domain}"],
|
||||
)
|
||||
19
deploy-chatmail/src/deploy_chatmail/deploy.py
Normal file
19
deploy-chatmail/src/deploy_chatmail/deploy.py
Normal file
@@ -0,0 +1,19 @@
|
||||
import os
|
||||
import pyinfra
|
||||
from deploy_chatmail import deploy_chatmail
|
||||
|
||||
|
||||
def main():
|
||||
mail_domain = os.getenv("CHATMAIL_DOMAIN")
|
||||
mail_server = os.getenv("CHATMAIL_SERVER", mail_domain)
|
||||
dkim_selector = os.getenv("CHATMAIL_DKIM_SELECTOR", "dkim")
|
||||
|
||||
assert mail_domain
|
||||
assert mail_server
|
||||
assert dkim_selector
|
||||
|
||||
deploy_chatmail(mail_domain, mail_server, dkim_selector)
|
||||
|
||||
|
||||
if pyinfra.is_cli:
|
||||
main()
|
||||
@@ -19,7 +19,7 @@ mail_plugins = quota
|
||||
# these are the capabilities Delta Chat cares about actually
|
||||
# so let's keep the network overhead per login small
|
||||
# https://github.com/deltachat/deltachat-core-rust/blob/master/src/imap/capabilities.rs
|
||||
imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE NOTIFY
|
||||
imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE
|
||||
|
||||
|
||||
# Authentication for system users.
|
||||
@@ -86,7 +86,7 @@ plugin {
|
||||
plugin {
|
||||
# for now we define static quota-rules for all users
|
||||
quota = maildir:User quota
|
||||
quota_rule = *:storage={{ config.max_mailbox_size }}
|
||||
quota_rule = *:storage=100M
|
||||
quota_max_mail_size=30M
|
||||
quota_grace = 0
|
||||
# quota_over_flag_value = TRUE
|
||||
@@ -118,27 +118,9 @@ service auth-worker {
|
||||
user = vmail
|
||||
}
|
||||
|
||||
service imap-login {
|
||||
# High-security mode.
|
||||
# Each process serves a single connection and exits afterwards.
|
||||
# This is the default, but we set it explicitly to be sure.
|
||||
# See <https://doc.dovecot.org/admin_manual/login_processes/#high-security-mode> for details.
|
||||
service_count = 1
|
||||
|
||||
# Inrease the number of simultaneous connections.
|
||||
#
|
||||
# As of Dovecot 2.3.19.1 the default is 100 processes.
|
||||
# Combined with `service_count = 1` it means only 100 connections
|
||||
# can be handled simultaneously.
|
||||
process_limit = 10000
|
||||
|
||||
# Avoid startup latency for new connections.
|
||||
process_min_avail = 10
|
||||
}
|
||||
|
||||
ssl = required
|
||||
ssl_cert = </var/lib/acme/live/{{ config.mail_domain }}/fullchain
|
||||
ssl_key = </var/lib/acme/live/{{ config.mail_domain }}/privkey
|
||||
ssl_cert = </var/lib/acme/live/{{ config.hostname }}/fullchain
|
||||
ssl_key = </var/lib/acme/live/{{ config.hostname }}/privkey
|
||||
ssl_dh = </usr/share/dovecot/dh.pem
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_prefer_server_ciphers = yes
|
||||
4
deploy-chatmail/src/deploy_chatmail/dovecot/expunge.cron
Normal file
4
deploy-chatmail/src/deploy_chatmail/dovecot/expunge.cron
Normal file
@@ -0,0 +1,4 @@
|
||||
2 0 * * * dovecot doveadm expunge -A SEEN BEFORE 40d INBOX
|
||||
2 0 * * * dovecot doveadm expunge -A SEEN BEFORE 40d Deltachat
|
||||
2 0 * * * dovecot doveadm expunge -A SEEN BEFORE 40d Trash
|
||||
2 30 * * * dovecot doveadm purge -A
|
||||
@@ -26,6 +26,8 @@ http {
|
||||
gzip on;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
|
||||
@@ -40,20 +42,6 @@ http {
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /metrics {
|
||||
default_type text/plain;
|
||||
}
|
||||
|
||||
# add cgi-bin support
|
||||
include /usr/share/doc/fcgiwrap/examples/nginx.conf;
|
||||
}
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ Domain {{ config.domain_name }}
|
||||
Selector {{ config.opendkim_selector }}
|
||||
KeyFile /etc/dkimkeys/{{ config.opendkim_selector }}.private
|
||||
KeyTable /etc/dkimkeys/KeyTable
|
||||
SigningTable refile:/etc/dkimkeys/SigningTable
|
||||
SigningTable /etc/dkimkeys/SigningTable
|
||||
|
||||
# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
|
||||
# using a local socket with MTAs that access the socket as a non-privileged
|
||||
@@ -1,4 +1,4 @@
|
||||
myorigin = {{ config.mail_domain }}
|
||||
myorigin = {{ config.domain_name }}
|
||||
|
||||
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
||||
biff = no
|
||||
@@ -16,17 +16,16 @@ readme_directory = no
|
||||
compatibility_level = 2
|
||||
|
||||
# TLS parameters
|
||||
smtpd_tls_cert_file=/var/lib/acme/live/{{ config.mail_domain }}/fullchain
|
||||
smtpd_tls_key_file=/var/lib/acme/live/{{ config.mail_domain }}/privkey
|
||||
smtpd_tls_cert_file=/var/lib/acme/live/{{ config.domain_name }}/fullchain
|
||||
smtpd_tls_key_file=/var/lib/acme/live/{{ config.domain_name }}/privkey
|
||||
smtpd_tls_security_level=may
|
||||
|
||||
smtp_tls_CApath=/etc/ssl/certs
|
||||
smtp_tls_security_level=may
|
||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix
|
||||
|
||||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
||||
myhostname = {{ config.mail_domain }}
|
||||
myhostname = {{ config.domain_name }}
|
||||
alias_maps = hash:/etc/aliases
|
||||
alias_database = hash:/etc/aliases
|
||||
|
||||
@@ -45,7 +44,7 @@ inet_interfaces = all
|
||||
inet_protocols = all
|
||||
|
||||
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
||||
virtual_mailbox_domains = {{ config.mail_domain }}
|
||||
virtual_mailbox_domains = {{ config.domain_name }}
|
||||
|
||||
smtpd_milters = unix:opendkim/opendkim.sock
|
||||
non_smtpd_milters = $smtpd_milters
|
||||
@@ -32,8 +32,7 @@ submission inet n - y - - smtpd
|
||||
-o smtpd_recipient_restrictions=
|
||||
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
||||
-o milter_macro_daemon_name=ORIGINATING
|
||||
-o smtpd_client_connection_count_limit=1000
|
||||
-o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port }}
|
||||
-o smtpd_proxy_filter=127.0.0.1:10080
|
||||
smtps inet n - y - - smtpd
|
||||
-o syslog_name=postfix/smtps
|
||||
-o smtpd_tls_wrappermode=yes
|
||||
@@ -47,9 +46,8 @@ smtps inet n - y - - smtpd
|
||||
-o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||
-o smtpd_recipient_restrictions=
|
||||
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
||||
-o smtpd_client_connection_count_limit=1000
|
||||
-o milter_macro_daemon_name=ORIGINATING
|
||||
-o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port }}
|
||||
-o smtpd_proxy_filter=127.0.0.1:10080
|
||||
#628 inet n - y - - qmqpd
|
||||
pickup unix n - y 60 1 pickup
|
||||
cleanup unix n - y - 0 cleanup
|
||||
@@ -78,5 +76,5 @@ scache unix - - y - 1 scache
|
||||
postlog unix-dgram n - n - 1 postlogd
|
||||
filter unix - n n - - lmtp
|
||||
# Local SMTP server for reinjecting filered mail.
|
||||
localhost:{{ config.postfix_reinject_port }} inet n - n - 10 smtpd
|
||||
localhost:10025 inet n - n - 10 smtpd
|
||||
-o syslog_name=postfix/reinject
|
||||
65
plan.txt
Normal file
65
plan.txt
Normal file
@@ -0,0 +1,65 @@
|
||||
# Chat-mail server development (up until Oct 18th)
|
||||
|
||||
## Dovecot goals/steps
|
||||
|
||||
- automatic expiry of messages older than M days
|
||||
- also expunge unread messages
|
||||
|
||||
- limit: configure max-connections per account
|
||||
|
||||
|
||||
## nami: send out rate limit / rspamd
|
||||
|
||||
- basic outgoing send rate/limits (depending on "account-rating")
|
||||
use rspamd in a minimal way, check support dkim-signing
|
||||
(including an online test exceeding rate limit)
|
||||
|
||||
|
||||
## doveauth questions/futures
|
||||
|
||||
- bcrypt-password scheme is slow: require long passwords, use faster hashing
|
||||
|
||||
- define user-name and password policies, and implement them
|
||||
(be very restrictive at the beginning, we can relax later)
|
||||
|
||||
- password is part of the dictproxy-lookup key, is it safe to use auth-caching?
|
||||
|
||||
|
||||
## How to limit creation of accounts?
|
||||
|
||||
attack: a 3-line bash script to fill the chatmail db with millions of unused accouts
|
||||
|
||||
- make it computationally expensive (somehow try to except our tests from it)
|
||||
1st pass instant onboarding: create userid + cheap password -- if it fails then
|
||||
2nd pass instant onboarding: create userdid + comput. expensive password
|
||||
|
||||
- probably also do firewall: limit number of new tcp-connections per IP address per duration
|
||||
|
||||
|
||||
## Open/deferred questions
|
||||
|
||||
- automatic expiry of users that haven't logged in for N days
|
||||
Is it neccessary? If all messages are gone, does the existence of
|
||||
an e-mail address bother anybody?
|
||||
|
||||
|
||||
## web page for chat-mail servers?
|
||||
|
||||
- documentation for users, privacy policy etc.
|
||||
(probably also with provider-messages ...)
|
||||
|
||||
|
||||
## online tests (first with plain python/pytest)
|
||||
|
||||
- write tests for dovecot login (exists)
|
||||
- write tests for postfix logins (exists)
|
||||
- write A<>B send/receive tests (exists)
|
||||
|
||||
|
||||
## Delta Chat
|
||||
|
||||
1. qr code that defines access to a chatmail instance (like mailadm but without http etc.)
|
||||
|
||||
2. support for creating username/password and verifying login works
|
||||
|
||||
|
||||
4
scripts/bench.sh
Executable file
4
scripts/bench.sh
Executable file
@@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
online-tests/venv/bin/pytest online-tests/benchmark.py -vrx
|
||||
@@ -1,6 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Wrapper for cmdelpoy to run it in activated virtualenv.
|
||||
set -e
|
||||
. venv/bin/activate
|
||||
cmdeploy "$@"
|
||||
15
scripts/deploy.sh
Executable file
15
scripts/deploy.sh
Executable file
@@ -0,0 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
echo -----------------------------------------
|
||||
echo deploying to $CHATMAIL_DOMAIN
|
||||
echo -----------------------------------------
|
||||
|
||||
echo WARNING: in five seconds deploy to $CHATMAIL_DOMAIN starts
|
||||
sleep 5
|
||||
|
||||
venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
|
||||
|
||||
venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
|
||||
deploy-chatmail/src/deploy_chatmail/deploy.py
|
||||
|
||||
rm -r dist/
|
||||
20
scripts/generate-dns-zone.sh
Executable file
20
scripts/generate-dns-zone.sh
Executable file
@@ -0,0 +1,20 @@
|
||||
#!/bin/sh
|
||||
: ${CHATMAIL_DOMAIN:=c1.testrun.org}
|
||||
: ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
|
||||
|
||||
set -e
|
||||
SSH="ssh root@$CHATMAIL_SSH"
|
||||
EMAIL="root@$CHATMAIL_DOMAIN"
|
||||
ACME_ACCOUNT_URL="$($SSH -- acmetool account-url)"
|
||||
|
||||
cat <<EOF
|
||||
$CHATMAIL_DOMAIN. MX 10 $CHATMAIL_DOMAIN.
|
||||
$CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_DOMAIN -all"
|
||||
_dmarc.$CHATMAIL_DOMAIN. TXT "v=DMARC1;p=reject;rua=mailto:$EMAIL;ruf=mailto:$EMAIL;fo=1;adkim=r;aspf=r"
|
||||
_submission._tcp.$CHATMAIL_DOMAIN. SRV 0 1 587 $CHATMAIL_DOMAIN.
|
||||
_submissions._tcp.$CHATMAIL_DOMAIN. SRV 0 1 465 $CHATMAIL_DOMAIN.
|
||||
_imap._tcp.$CHATMAIL_DOMAIN. SRV 0 1 143 $CHATMAIL_DOMAIN.
|
||||
_imaps._tcp.$CHATMAIL_DOMAIN. SRV 0 1 993 $CHATMAIL_DOMAIN.
|
||||
$CHATMAIL_DOMAIN. IN CAA 0 issue "letsencrypt.org; accounturi=$ACME_ACCOUNT_URL"
|
||||
EOF
|
||||
$SSH opendkim-genzone -F | sed 's/^;.*$//;/^$/d'
|
||||
14
scripts/get_imap_capabilities.py
Normal file
14
scripts/get_imap_capabilities.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import os
|
||||
import time
|
||||
import imaplib
|
||||
|
||||
domain = os.environ.get("CHATMAIL_DOMAIN", "c3.testrun.org")
|
||||
|
||||
print("connecting")
|
||||
conn = imaplib.IMAP4_SSL(domain)
|
||||
print("logging in")
|
||||
conn.login(f"imapcapa", "pass")
|
||||
status, res = conn.capability()
|
||||
for capa in sorted(res[0].decode().split()):
|
||||
print(capa)
|
||||
|
||||
8
scripts/init.sh
Executable file
8
scripts/init.sh
Executable file
@@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
python3 -m venv venv
|
||||
pip=venv/bin/pip
|
||||
|
||||
$pip install pyinfra pytest build 'setuptools>=68' tox deltachat
|
||||
$pip install -e deploy-chatmail
|
||||
$pip install -e chatmaild
|
||||
@@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
python3 -m venv venv
|
||||
|
||||
venv/bin/pip install -e chatmaild
|
||||
venv/bin/pip install -e cmdeploy
|
||||
28
scripts/measure_tls_and_logins.py
Executable file
28
scripts/measure_tls_and_logins.py
Executable file
@@ -0,0 +1,28 @@
|
||||
#!/usr/bin/env python3
|
||||
import os
|
||||
import time
|
||||
import imaplib
|
||||
|
||||
domain = os.environ.get("CHATMAIL_DOMAIN", "c3.testrun.org")
|
||||
|
||||
NUM_CONNECTIONS=10
|
||||
|
||||
conns = []
|
||||
|
||||
start = time.time()
|
||||
for i in range(NUM_CONNECTIONS):
|
||||
print(f"opening connection {i} to {domain}")
|
||||
conn = imaplib.IMAP4_SSL(domain)
|
||||
conns.append(conn)
|
||||
|
||||
tlsdone = time.time()
|
||||
duration = tlsdone-start
|
||||
print(f"{duration}: TLS connections opening TLS connections")
|
||||
|
||||
for i, conn in enumerate(conns):
|
||||
print(f"logging into connection {i}")
|
||||
conn.login(f"measure{i}", "pass")
|
||||
|
||||
logindone = time.time()
|
||||
duration = logindone - tlsdone
|
||||
print(f"{duration}: LOGINS done")
|
||||
8
scripts/remote-deploy.sh
Executable file
8
scripts/remote-deploy.sh
Executable file
@@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
: ${CHATMAIL_DOMAIN:=c1.testrun.org}
|
||||
: ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
|
||||
|
||||
rsync -avz . "root@$CHATMAIL_SSH:/root/chatmail" --exclude='/.git' --filter="dir-merge,- .gitignore"
|
||||
ssh "root@$CHATMAIL_SSH" "cd /root/chatmail; apt install -y python3-venv; python3 -m venv venv; venv/bin/pip install pyinfra build; venv/bin/python3 -m build -n --sdist chatmaild --outdir dist; venv/bin/pip install -e ./deploy-chatmail -e ./chatmaild; export CHATMAIL_DOMAIN=$CHATMAIL_DOMAIN; venv/bin/pyinfra @local deploy.py"
|
||||
4
scripts/test.sh
Executable file
4
scripts/test.sh
Executable file
@@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
venv/bin/tox -c chatmaild
|
||||
venv/bin/tox -c deploy-chatmail
|
||||
venv/bin/pytest tests/online -vrx --durations=5 $@
|
||||
53
tests/chatmaild/test_dictproxy.py
Normal file
53
tests/chatmaild/test_dictproxy.py
Normal file
@@ -0,0 +1,53 @@
|
||||
import os
|
||||
|
||||
import pytest
|
||||
|
||||
import chatmaild.dictproxy
|
||||
from chatmaild.dictproxy import get_user_data, lookup_passdb
|
||||
from chatmaild.database import Database, DBError
|
||||
|
||||
|
||||
@pytest.fixture()
|
||||
def db(tmpdir):
|
||||
db_path = tmpdir / "passdb.sqlite"
|
||||
print("database path:", db_path)
|
||||
return Database(db_path)
|
||||
|
||||
|
||||
def test_basic(db):
|
||||
chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
|
||||
if os.path.exists(chatmaild.dictproxy.NOCREATE_FILE):
|
||||
os.remove(chatmaild.dictproxy.NOCREATE_FILE)
|
||||
lookup_passdb(db, "link2xt@c1.testrun.org", "asdf")
|
||||
data = get_user_data(db, "link2xt@c1.testrun.org")
|
||||
assert data
|
||||
|
||||
|
||||
def test_dont_overwrite_password_on_wrong_login(db):
|
||||
"""Test that logging in with a different password doesn't create a new user"""
|
||||
res = lookup_passdb(db, "newuser1@something.org", "kajdlkajsldk12l3kj1983")
|
||||
assert res["password"]
|
||||
res2 = lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
|
||||
# this function always returns a password hash, which is actually compared by dovecot.
|
||||
assert res["password"] == res2["password"]
|
||||
|
||||
|
||||
def test_nocreate_file(db):
|
||||
chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
|
||||
with open(chatmaild.dictproxy.NOCREATE_FILE, "w+") as f:
|
||||
f.write("")
|
||||
assert os.path.exists(chatmaild.dictproxy.NOCREATE_FILE)
|
||||
lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
|
||||
assert not get_user_data(db, "newuser1@something.org")
|
||||
os.remove(chatmaild.dictproxy.NOCREATE_FILE)
|
||||
|
||||
|
||||
def test_db_version(db):
|
||||
assert db.get_schema_version() == 1
|
||||
|
||||
|
||||
def test_too_high_db_version(db):
|
||||
with db.write_transaction() as conn:
|
||||
conn.execute("PRAGMA user_version=%s;" % (999,))
|
||||
with pytest.raises(DBError):
|
||||
db.ensure_tables()
|
||||
82
tests/chatmaild/test_filtermail.py
Normal file
82
tests/chatmaild/test_filtermail.py
Normal file
@@ -0,0 +1,82 @@
|
||||
from chatmaild.filtermail import check_encrypted, check_DATA, SendRateLimiter, check_mdn
|
||||
import pytest
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def maildomain():
|
||||
# let's not depend on a real chatmail instance for the offline tests below
|
||||
return "chatmail.example.org"
|
||||
|
||||
|
||||
def test_reject_forged_from(maildata, gencreds):
|
||||
class env:
|
||||
mail_from = gencreds()[0]
|
||||
rcpt_tos = [gencreds()[0]]
|
||||
|
||||
# test that the filter lets good mail through
|
||||
env.content = maildata("plain.eml", from_addr=env.mail_from).as_bytes()
|
||||
assert not check_DATA(envelope=env)
|
||||
|
||||
# test that the filter rejects forged mail
|
||||
env.content = maildata("plain.eml", from_addr="forged@c3.testrun.org").as_bytes()
|
||||
error = check_DATA(envelope=env)
|
||||
assert "500" in error
|
||||
|
||||
|
||||
def test_filtermail_no_encryption_detection(maildata):
|
||||
msg = maildata("plain.eml")
|
||||
assert not check_encrypted(msg)
|
||||
|
||||
# https://xkcd.com/1181/
|
||||
msg = maildata("fake-encrypted.eml")
|
||||
assert not check_encrypted(msg)
|
||||
|
||||
|
||||
def test_filtermail_encryption_detection(maildata):
|
||||
msg = maildata("encrypted.eml")
|
||||
assert check_encrypted(msg)
|
||||
|
||||
# if the subject is not "..." it is not considered ac-encrypted
|
||||
msg.replace_header("Subject", "Click this link")
|
||||
assert not check_encrypted(msg)
|
||||
|
||||
|
||||
def test_filtermail_is_mdn(maildata, gencreds):
|
||||
from_addr = gencreds()[0]
|
||||
to_addr = gencreds()[0] + ".other"
|
||||
msg = maildata("mdn.eml", from_addr, to_addr)
|
||||
|
||||
class env:
|
||||
mail_from = from_addr
|
||||
rcpt_tos = [to_addr]
|
||||
content = msg.as_bytes()
|
||||
|
||||
assert check_mdn(msg, env)
|
||||
print(msg.as_string())
|
||||
assert not check_DATA(env)
|
||||
|
||||
|
||||
def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
|
||||
from_addr = gencreds()[0]
|
||||
to_addr = gencreds()[0] + ".other"
|
||||
thirdaddr = gencreds()[0]
|
||||
msg = maildata("mdn.eml", from_addr, to_addr)
|
||||
|
||||
class env:
|
||||
mail_from = from_addr
|
||||
rcpt_tos = [to_addr, thirdaddr]
|
||||
content = msg.as_bytes()
|
||||
|
||||
assert not check_mdn(msg, env)
|
||||
|
||||
|
||||
def test_send_rate_limiter():
|
||||
limiter = SendRateLimiter()
|
||||
for i in range(100):
|
||||
if limiter.is_sending_allowed("some@example.org"):
|
||||
if i <= SendRateLimiter.MAX_USER_SEND_PER_MINUTE:
|
||||
continue
|
||||
pytest.fail("limiter didn't work")
|
||||
else:
|
||||
assert i == SendRateLimiter.MAX_USER_SEND_PER_MINUTE + 1
|
||||
break
|
||||
@@ -6,12 +6,12 @@ import subprocess
|
||||
import imaplib
|
||||
import smtplib
|
||||
import itertools
|
||||
from email.parser import BytesParser
|
||||
from email import policy
|
||||
from pathlib import Path
|
||||
from math import ceil
|
||||
import pytest
|
||||
|
||||
from chatmaild.database import Database
|
||||
from chatmaild.config import read_config
|
||||
|
||||
|
||||
conftestdir = Path(__file__).parent
|
||||
|
||||
@@ -37,22 +37,11 @@ def pytest_runtest_setup(item):
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def chatmail_config(pytestconfig):
|
||||
current = basedir = Path().resolve()
|
||||
while 1:
|
||||
path = current.joinpath("chatmail.ini").resolve()
|
||||
if path.exists():
|
||||
return read_config(path)
|
||||
if current == current.parent:
|
||||
break
|
||||
current = current.parent
|
||||
|
||||
pytest.skip(f"no chatmail.ini file found in {basedir} or parent dirs")
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def maildomain(chatmail_config):
|
||||
return chatmail_config.mail_domain
|
||||
def maildomain():
|
||||
domain = os.environ.get("CHATMAIL_DOMAIN")
|
||||
if not domain:
|
||||
pytest.skip("set CHATMAIL_DOMAIN to a ssh-reachable chatmail instance")
|
||||
return domain
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
@@ -82,7 +71,7 @@ def pytest_report_header():
|
||||
|
||||
@pytest.fixture
|
||||
def benchmark(request):
|
||||
def bench(func, num, name=None, reportfunc=None):
|
||||
def bench(func, num, name=None):
|
||||
if name is None:
|
||||
name = func.__name__
|
||||
durations = []
|
||||
@@ -91,7 +80,7 @@ def benchmark(request):
|
||||
func()
|
||||
durations.append(time.time() - now)
|
||||
durations.sort()
|
||||
request.config._benchresults[name] = (reportfunc, durations)
|
||||
request.config._benchresults[name] = durations
|
||||
|
||||
return bench
|
||||
|
||||
@@ -112,9 +101,7 @@ def pytest_terminal_summary(terminalreporter):
|
||||
headers = f"{'benchmark name': <30} " + fcol(float_names)
|
||||
tr.write_line(headers)
|
||||
tr.write_line("-" * len(headers))
|
||||
summary_lines = []
|
||||
|
||||
for name, (reportfunc, durations) in results.items():
|
||||
for name, durations in results.items():
|
||||
measures = [
|
||||
sorted(durations)[len(durations) // 2],
|
||||
min(durations),
|
||||
@@ -123,16 +110,6 @@ def pytest_terminal_summary(terminalreporter):
|
||||
line = f"{name: <30} "
|
||||
line += fcol(f"{float: 2.2f}" for float in measures)
|
||||
tr.write_line(line)
|
||||
vmedian, vmin, vmax = measures
|
||||
if reportfunc:
|
||||
for line in reportfunc(vmin=vmin, vmedian=vmedian, vmax=vmax):
|
||||
summary_lines.append(line)
|
||||
|
||||
if summary_lines:
|
||||
tr.write_line("")
|
||||
tr.section("benchmark summary measures")
|
||||
for line in summary_lines:
|
||||
tr.write_line(line)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
@@ -140,16 +117,6 @@ def imap(maildomain):
|
||||
return ImapConn(maildomain)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def make_imap_connection(maildomain):
|
||||
def make_imap_connection():
|
||||
conn = ImapConn(maildomain)
|
||||
conn.connect()
|
||||
return conn
|
||||
|
||||
return make_imap_connection
|
||||
|
||||
|
||||
class ImapConn:
|
||||
AuthError = imaplib.IMAP4.error
|
||||
logcmd = "journalctl -f -u dovecot"
|
||||
@@ -190,16 +157,6 @@ def smtp(maildomain):
|
||||
return SmtpConn(maildomain)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def make_smtp_connection(maildomain):
|
||||
def make_smtp_connection():
|
||||
conn = SmtpConn(maildomain)
|
||||
conn.connect()
|
||||
return conn
|
||||
|
||||
return make_smtp_connection
|
||||
|
||||
|
||||
class SmtpConn:
|
||||
AuthError = smtplib.SMTPAuthenticationError
|
||||
logcmd = "journalctl -f -t postfix/smtpd -t postfix/smtp -t postfix/lmtp"
|
||||
@@ -228,37 +185,23 @@ def imap_or_smtp(request):
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def gencreds(chatmail_config):
|
||||
def gencreds(maildomain):
|
||||
count = itertools.count()
|
||||
next(count)
|
||||
|
||||
def gen(domain=None):
|
||||
domain = domain if domain else chatmail_config.mail_domain
|
||||
domain = domain if domain else maildomain
|
||||
while 1:
|
||||
num = next(count)
|
||||
alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
|
||||
user = "".join(
|
||||
random.choices(alphanumeric, k=chatmail_config.username_max_length)
|
||||
)
|
||||
if domain == "nine.testrun.org":
|
||||
user = f"ac{num}_{user}"[:9]
|
||||
else:
|
||||
user = f"ac{num}_{user}"[: chatmail_config.username_max_length]
|
||||
password = "".join(
|
||||
random.choices(alphanumeric, k=chatmail_config.password_min_length)
|
||||
)
|
||||
user = "".join(random.choices(alphanumeric, k=10))
|
||||
user = f"ac{num}_{user}"
|
||||
password = "".join(random.choices(alphanumeric, k=10))
|
||||
yield f"{user}@{domain}", f"{password}"
|
||||
|
||||
return lambda domain=None: next(gen(domain))
|
||||
|
||||
|
||||
@pytest.fixture()
|
||||
def db(tmpdir):
|
||||
db_path = tmpdir / "passdb.sqlite"
|
||||
print("database path:", db_path)
|
||||
return Database(db_path)
|
||||
|
||||
|
||||
#
|
||||
# Delta Chat testplugin re-use
|
||||
# use the cmfactory fixture to get chatmail instance accounts
|
||||
@@ -295,13 +238,11 @@ class ChatmailTestProcess:
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def cmfactory(request, gencreds, tmpdir, maildomain):
|
||||
def cmfactory(request, gencreds, tmpdir, data, maildomain):
|
||||
# cloned from deltachat.testplugin.amfactory
|
||||
pytest.importorskip("deltachat")
|
||||
from deltachat.testplugin import ACFactory
|
||||
|
||||
data = request.getfixturevalue("data")
|
||||
|
||||
testproc = ChatmailTestProcess(request.config, maildomain, gencreds)
|
||||
am = ACFactory(request=request, tmpdir=tmpdir, testprocess=testproc, data=data)
|
||||
|
||||
@@ -331,7 +272,7 @@ class Remote:
|
||||
self.sshdomain = sshdomain
|
||||
|
||||
def iter_output(self, logcmd=""):
|
||||
getjournal = "journalctl -f" if not logcmd else logcmd
|
||||
getjournal = f"journalctl -f" if not logcmd else logcmd
|
||||
self.popen = subprocess.Popen(
|
||||
["ssh", f"root@{self.sshdomain}", getjournal],
|
||||
stdout=subprocess.PIPE,
|
||||
@@ -346,15 +287,19 @@ class Remote:
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def lp(request):
|
||||
class LP:
|
||||
def sec(self, msg):
|
||||
print(f"---- {msg} ----")
|
||||
def maildata(request, gencreds):
|
||||
datadir = conftestdir.joinpath("mail-data")
|
||||
|
||||
def indent(self, msg):
|
||||
print(f" {msg}")
|
||||
def maildata(name, from_addr=None, to_addr=None):
|
||||
if from_addr is None:
|
||||
from_addr = gencreds()[0]
|
||||
if to_addr is None:
|
||||
to_addr = gencreds()[0]
|
||||
data = datadir.joinpath(name).read_text()
|
||||
text = data.format(from_addr=from_addr, to_addr=to_addr)
|
||||
return BytesParser(policy=policy.default).parsebytes(text.encode())
|
||||
|
||||
return LP()
|
||||
return maildata
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
@@ -30,31 +30,31 @@ def test_login_smtp(benchmark, smtp, gencreds):
|
||||
|
||||
class TestDC:
|
||||
def test_autoconfigure(self, benchmark, cmfactory):
|
||||
def dc_autoconfig_and_idle_ready():
|
||||
def autoconfig_and_idle_ready():
|
||||
cmfactory.get_online_accounts(1)
|
||||
|
||||
benchmark(dc_autoconfig_and_idle_ready, 5)
|
||||
benchmark(autoconfig_and_idle_ready, 5)
|
||||
|
||||
def test_ping_pong(self, benchmark, cmfactory):
|
||||
ac1, ac2 = cmfactory.get_online_accounts(2)
|
||||
chat = cmfactory.get_accepted_chat(ac1, ac2)
|
||||
|
||||
def dc_ping_pong():
|
||||
def ping_pong():
|
||||
chat.send_text("ping")
|
||||
msg = ac2.wait_next_incoming_message()
|
||||
msg.chat.send_text("pong")
|
||||
ac1.wait_next_incoming_message()
|
||||
|
||||
benchmark(dc_ping_pong, 5)
|
||||
benchmark(ping_pong, 5)
|
||||
|
||||
def test_send_10_receive_10(self, benchmark, cmfactory, lp):
|
||||
ac1, ac2 = cmfactory.get_online_accounts(2)
|
||||
chat = cmfactory.get_accepted_chat(ac1, ac2)
|
||||
|
||||
def dc_send_10_receive_10():
|
||||
def send_10_receive_10():
|
||||
for i in range(10):
|
||||
chat.send_text(f"hello {i}")
|
||||
for i in range(10):
|
||||
ac2.wait_next_incoming_message()
|
||||
|
||||
benchmark(dc_send_10_receive_10, 5)
|
||||
benchmark(send_10_receive_10, 5)
|
||||
@@ -1,6 +1,5 @@
|
||||
import pytest
|
||||
import threading
|
||||
import queue
|
||||
import smtplib
|
||||
|
||||
|
||||
def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
|
||||
@@ -24,11 +23,6 @@ def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
|
||||
with pytest.raises(imap_or_smtp.AuthError):
|
||||
imap_or_smtp.login(user, password + "wrong")
|
||||
|
||||
lp.sec("creating users with a short password is not allowed")
|
||||
user, _password = gencreds()
|
||||
with pytest.raises(imap_or_smtp.AuthError):
|
||||
imap_or_smtp.login(user, "admin")
|
||||
|
||||
|
||||
def test_login_same_password(imap_or_smtp, gencreds):
|
||||
"""Test two different users logging in with the same password
|
||||
@@ -41,30 +35,3 @@ def test_login_same_password(imap_or_smtp, gencreds):
|
||||
imap_or_smtp.login(user1, password1)
|
||||
imap_or_smtp.connect()
|
||||
imap_or_smtp.login(user2, password1)
|
||||
|
||||
|
||||
def test_concurrent_logins_same_account(
|
||||
make_imap_connection, make_smtp_connection, gencreds
|
||||
):
|
||||
"""Test concurrent smtp and imap logins
|
||||
and check remote server succeeds on each connection.
|
||||
"""
|
||||
user1, password1 = gencreds()
|
||||
login_results = queue.Queue()
|
||||
|
||||
def login_smtp_imap(smtp, imap):
|
||||
try:
|
||||
imap.login(user1, password1)
|
||||
except Exception:
|
||||
login_results.put(False)
|
||||
else:
|
||||
login_results.put(True)
|
||||
|
||||
conns = [(make_smtp_connection(), make_imap_connection()) for i in range(10)]
|
||||
|
||||
for args in conns:
|
||||
thread = threading.Thread(target=login_smtp_imap, args=args, daemon=True)
|
||||
thread.start()
|
||||
|
||||
for _ in conns:
|
||||
assert login_results.get()
|
||||
@@ -20,7 +20,7 @@ def test_use_two_chatmailservers(cmfactory, maildomain2):
|
||||
|
||||
|
||||
@pytest.mark.parametrize("forgeaddr", ["internal", "someone@example.org"])
|
||||
def test_reject_forged_from(cmsetup, maildata, gencreds, lp, forgeaddr):
|
||||
def test_reject_forged_from(cmsetup, maildata, lp, forgeaddr):
|
||||
user1, user3 = cmsetup.gen_users(2)
|
||||
|
||||
lp.sec("send encrypted message with forged from")
|
||||
@@ -43,18 +43,18 @@ def test_reject_forged_from(cmsetup, maildata, gencreds, lp, forgeaddr):
|
||||
|
||||
|
||||
@pytest.mark.slow
|
||||
def test_exceed_rate_limit(cmsetup, gencreds, maildata, chatmail_config):
|
||||
def test_exceed_rate_limit(cmsetup, gencreds, maildata):
|
||||
"""Test that the per-account send-mail limit is exceeded."""
|
||||
user1, user2 = cmsetup.gen_users(2)
|
||||
mail = maildata(
|
||||
"encrypted.eml", from_addr=user1.addr, to_addr=user2.addr
|
||||
).as_string()
|
||||
for i in range(chatmail_config.max_user_send_per_minute + 5):
|
||||
for i in range(100):
|
||||
print("Sending mail", str(i))
|
||||
try:
|
||||
user1.smtp.sendmail(user1.addr, [user2.addr], mail)
|
||||
except smtplib.SMTPException as e:
|
||||
if i < chatmail_config.max_user_send_per_minute:
|
||||
if i < 80:
|
||||
pytest.fail(f"rate limit was exceeded too early with msg {i}")
|
||||
outcome = e.recipients[user2.addr]
|
||||
assert outcome[0] == 450
|
||||
@@ -1,5 +1,4 @@
|
||||
import time
|
||||
import re
|
||||
import random
|
||||
import pytest
|
||||
|
||||
@@ -21,24 +20,14 @@ class TestEndToEndDeltaChat:
|
||||
assert msg2.text == "message0"
|
||||
|
||||
@pytest.mark.slow
|
||||
def test_exceed_quota(self, cmfactory, lp, tmpdir, remote, chatmail_config):
|
||||
def test_exceed_quota(self, cmfactory, lp, tmpdir, remote):
|
||||
"""This is a very slow test as it needs to upload >100MB of mail data
|
||||
before quota is exceeded, and thus depends on the speed of the upload.
|
||||
"""
|
||||
ac1, ac2 = cmfactory.get_online_accounts(2)
|
||||
chat = cmfactory.get_accepted_chat(ac1, ac2)
|
||||
|
||||
def parse_size_limit(limit: str) -> int:
|
||||
"""Parse a size limit and return the number of bytes as integer.
|
||||
|
||||
Example input: 100M, 2.4T, 500 K
|
||||
"""
|
||||
units = {"B": 1, "K": 2**10, "M": 2**20, "G": 2**30, "T": 2**40}
|
||||
size = re.sub(r"([KMGT])", r" \1", limit.upper())
|
||||
number, unit = [string.strip() for string in size.split()]
|
||||
return int(float(number) * units[unit])
|
||||
|
||||
quota = parse_size_limit(chatmail_config.max_mailbox_size)
|
||||
quota = 1024 * 1024 * 100
|
||||
attachsize = 1 * 1024 * 1024
|
||||
num_to_send = quota // attachsize + 2
|
||||
lp.sec(f"ac1: send {num_to_send} large files to ac2")
|
||||
@@ -103,8 +92,8 @@ class TestEndToEndDeltaChat:
|
||||
lp.sec("setup encrypted comms between ac1 and ac2 on different instances")
|
||||
qr = ac1.get_setup_contact_qr()
|
||||
ch = ac2.qr_setup_contact(qr)
|
||||
assert ch.id >= 10
|
||||
ac1._evtracker.wait_securejoin_inviter_progress(1000)
|
||||
msg = ac2.wait_next_incoming_message()
|
||||
assert "verified" in msg.text
|
||||
|
||||
lp.sec("ac1 sends a message and ac2 marks it as seen")
|
||||
chat = ac1.create_chat(ac2)
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 50 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 67 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 60 KiB |
@@ -1,19 +0,0 @@
|
||||
|
||||
<img class="banner" src="collage-top.png"/>
|
||||
|
||||
## Dear [Delta Chat](https://get.delta.chat) users and newcomers,
|
||||
|
||||
Welcome to instant, interoperable and [privacy-preserving](privacy.html) messaging :)
|
||||
|
||||
👉 **Tap** or scan this QR code to get a random `@{{config.mail_domain}}` e-mail address
|
||||
|
||||
<a href="DCACCOUNT:https://{{ config.mail_domain }}/cgi-bin/newemail.py">
|
||||
<img width=300 style="float: none;" src="qr-chatmail-invite-{{config.mail_domain}}.png" /></a>
|
||||
|
||||
🐣 **Choose** your Avatar and Name
|
||||
|
||||
💬 **Start** chatting with any Delta Chat contacts using [QR invite codes](https://delta.chat/en/help#howtoe2ee)
|
||||
|
||||
{% if config.mail_domain != "nine.testrun.org" %}
|
||||
<div class="experimental">Note: this is only a temporary development chatmail service</div>
|
||||
{% endif %}
|
||||
@@ -1,55 +0,0 @@
|
||||
|
||||
<img class="banner" src="collage-info.png"/>
|
||||
|
||||
## More information
|
||||
|
||||
`nine.testrun.org` provides a low-maintenance, resource efficient and
|
||||
interoperable e-mail service for everyone. What's behind a `chatmail` is
|
||||
effectively a normal e-mail address just like any other but optimized
|
||||
for the usage in chats, especially DeltaChat.
|
||||
|
||||
### Choosing a chatmail address instead of using a random one
|
||||
|
||||
In the Delta Chat account setup
|
||||
you may tap `LOG INTO YOUR E-MAIL ACCOUNT`
|
||||
and fill the two fields like this:
|
||||
|
||||
- `Address`: invent a word with
|
||||
{% if username_min_length == username_max_length %}
|
||||
*exactly* {{ username_min_length }}
|
||||
{% else %}
|
||||
{{ username_min_length}}
|
||||
{% if username_max_length == "more" %}
|
||||
or more
|
||||
{% else %}
|
||||
to {{ username_max_length }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
characters
|
||||
and append `@{{config.mail_domain}}` to it.
|
||||
|
||||
- `Password`: invent at least {{ password_min_length }} characters.
|
||||
|
||||
If the e-mail address is not yet taken, you'll get that account.
|
||||
The first login sets your password.
|
||||
|
||||
|
||||
### Rate and storage limits
|
||||
|
||||
- Un-encrypted messages are blocked to recipients outside
|
||||
{{config.mail_domain}} but setting up contact via [QR invite codes](https://delta.chat/en/help#howtoe2ee)
|
||||
allows your messages to pass freely to any outside recipients.
|
||||
|
||||
- You may send up to {{ config.max_user_send_per_minute }} messages per minute.
|
||||
|
||||
- Messages are unconditionally removed {{ config.delete_mails_after }} days after arriving on the server.
|
||||
|
||||
- You can store up to [{{ config.max_mailbox_size }} messages on the server](https://delta.chat/en/help#what-happens-if-i-turn-on-delete-old-messages-from-server).
|
||||
|
||||
|
||||
### Who are the operators? Which software is running?
|
||||
|
||||
This chatmail provider is run by a small voluntary group of devs and sysadmins,
|
||||
who [publically develop chatmail provider setups](https://github.com/deltachat/chatmail).
|
||||
Chatmail setups aim to be very low-maintenance, resource efficient and
|
||||
interoperable with any other standards-compliant e-mail service.
|
||||
@@ -1,44 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<svg
|
||||
width="145"
|
||||
height="145"
|
||||
version="1.1"
|
||||
id="svg4"
|
||||
sodipodi:docname="At_sign.svg"
|
||||
inkscape:version="1.2.2 (b0a84865, 2022-12-01)"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:svg="http://www.w3.org/2000/svg">
|
||||
<defs
|
||||
id="defs8" />
|
||||
<sodipodi:namedview
|
||||
id="namedview6"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#000000"
|
||||
borderopacity="0.25"
|
||||
inkscape:showpageshadow="2"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pagecheckerboard="0"
|
||||
inkscape:deskcolor="#d1d1d1"
|
||||
showgrid="false"
|
||||
inkscape:zoom="3.0241379"
|
||||
inkscape:cx="67.622577"
|
||||
inkscape:cy="72.913341"
|
||||
inkscape:window-width="1390"
|
||||
inkscape:window-height="1027"
|
||||
inkscape:window-x="55"
|
||||
inkscape:window-y="25"
|
||||
inkscape:window-maximized="0"
|
||||
inkscape:current-layer="svg4" />
|
||||
<g
|
||||
aria-label="@"
|
||||
id="text2"
|
||||
style="font-size:144px;font-family:Arial">
|
||||
<path
|
||||
d="m 79.927878,94.422406 c -2.704286,3.120332 -5.741407,5.637394 -9.111364,7.551194 -3.328352,1.87221 -6.677506,2.80831 -10.047463,2.80831 -3.702792,0 -7.301573,-1.08172 -10.796342,-3.24515 -3.49477,-2.163426 -6.344671,-5.491779 -8.549704,-9.985058 -2.163429,-4.493275 -3.245144,-9.423397 -3.245144,-14.790365 0,-6.615099 1.684978,-13.230199 5.054935,-19.845299 3.411561,-6.656705 7.634407,-11.649233 12.66854,-14.977585 5.034133,-3.328352 9.92265,-4.992528 14.665552,-4.992528 3.619583,0 7.072748,0.956901 10.359496,2.870704 3.286748,1.872198 6.115847,4.742902 8.487297,8.612111 l 2.121825,-9.673023 h 11.170784 l -8.986557,41.87483 c -1.248129,5.824616 -1.872194,9.048957 -1.872194,9.673023 0,1.123319 0.416044,2.101022 1.248132,2.93311 0.873692,0.790484 1.913802,1.185726 3.120332,1.185726 2.20503,0 5.096537,-1.268934 8.674517,-3.806803 4.7429,-3.328352 8.4873,-7.780023 11.23319,-13.355013 2.78749,-5.616594 4.18124,-11.399606 4.18124,-17.349035 0,-6.947935 -1.78899,-13.438222 -5.36697,-19.47086 -3.53637,-6.032638 -8.84094,-10.858749 -15.913687,-14.478332 -7.03114,-3.619583 -14.811161,-5.429374 -23.340064,-5.429374 -9.73543,0 -18.638772,2.288242 -26.710026,6.864726 -8.029649,4.534879 -14.27031,11.06677 -18.721981,19.595673 -4.410066,8.487298 -6.615099,17.598662 -6.615099,27.334092 0,10.193078 2.205033,18.971607 6.615099,26.33559 2.290454,3.78888 -7.136335,18.96983 -3.810585,21.73443 3.138096,2.60861 18.971963,-7.14297 23.031819,-5.44631 8.404089,3.53637 17.702673,5.30456 27.895752,5.30456 10.90035,0 20.032515,-1.83059 27.396492,-5.49178 7.36399,-3.66119 12.87657,-8.11286 16.53776,-13.35501 l 9.29559,4 c -2.12183,4.36846 -3.76221,4.82013 -8.92116,9.35501 -5.15895,4.53488 -11.2956,8.11286 -18.40995,10.73393 -7.114346,2.66268 -15.684851,3.99402 -25.711512,3.99402 -9.236177,0 -17.76508,-1.18572 -25.586707,-3.55717 -7.780023,-2.37145 -29.296198,9.26152 -34.78798,4.47701 -5.49178,-4.7429 5.248856,-25.42482 2.461361,-31.62388 -3.49477,-7.863231 -5.242155,-16.350531 -5.242155,-25.461894 0,-10.151474 2.08022,-19.824498 6.240661,-29.019071 5.075736,-11.274793 12.273297,-19.907706 21.592683,-25.898739 9.360991,-5.991034 20.69819,-8.986551 34.011599,-8.986551 10.317891,0 19.574873,2.121824 27.77093,6.365473 8.23767,4.202045 14.72796,10.484309 19.47086,18.846794 4.03563,7.197561 6.05344,15.019189 6.05344,23.464883 0,12.065277 -4.24365,22.77841 -12.73094,32.1394 -7.572,8.404095 -15.85128,12.606135 -24.837827,12.606135 -2.870704,0 -5.200551,-0.43684 -6.98954,-1.31053 -1.747385,-0.8737 -3.037121,-2.12183 -3.869209,-3.744402 -0.540857,-1.040114 -0.936099,-2.829105 -1.185726,-5.366972 z M 49.723082,77.510217 c 0,5.699803 1.352143,10.130671 4.05643,13.292606 2.704286,3.161935 5.803814,4.742902 9.298583,4.742902 2.329847,0 4.784506,-0.686473 7.363979,-2.059418 2.579473,-1.41455 5.034133,-3.49477 7.363979,-6.240661 2.371451,-2.74589 4.306056,-6.219857 5.803815,-10.421902 1.497759,-4.243649 2.246638,-8.487298 2.246638,-12.730947 0,-5.658198 -1.41455,-10.047462 -4.243649,-13.167793 -2.787495,-3.12033 -6.199056,-4.680495 -10.234683,-4.680495 -2.662682,0 -5.179749,0.686473 -7.5512,2.059418 -2.329846,1.331341 -4.597286,3.494769 -6.802319,6.490286 -2.205033,2.995517 -3.97322,6.635903 -5.304561,10.921156 -1.331341,4.285253 -1.997012,8.216869 -1.997012,11.794848 z"
|
||||
id="path347"
|
||||
style="stroke-width:0.887561"
|
||||
sodipodi:nodetypes="ccsscscsscccccscsccsccsccscscssccscscccsccsccscscccssscccscscsss" />
|
||||
</g>
|
||||
</svg>
|
||||
|
Before Width: | Height: | Size: 4.5 KiB |
@@ -1,74 +0,0 @@
|
||||
|
||||
body {
|
||||
font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen', 'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue', 'Segoe UI Emoji', 'Apple Color Emoji', 'Noto Color Emoji', sans-serif;
|
||||
line-height: 1.4;
|
||||
font-size: 1.2em;
|
||||
max-width: 800px;
|
||||
margin: 20px auto;
|
||||
padding: 0 10px;
|
||||
color: #363636;
|
||||
background: #fff;
|
||||
}
|
||||
|
||||
h1 {
|
||||
font-size: 2.2em;
|
||||
margin-top: 0;
|
||||
}
|
||||
|
||||
h1, h2, h3, h4, h5, h6 {
|
||||
color: #000;
|
||||
margin-bottom: 12px;
|
||||
margin-top: 24px;
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
a {
|
||||
text-decoration: none;
|
||||
color: #0076d1;
|
||||
}
|
||||
|
||||
a:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
img, video {
|
||||
max-width: 100%;
|
||||
height: auto;
|
||||
}
|
||||
|
||||
code {
|
||||
background: #efefef;
|
||||
padding: 2.5px 5px;
|
||||
border-radius: 6px;
|
||||
}
|
||||
|
||||
#menu {
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
#menu li {
|
||||
display: inline-block;
|
||||
padding-right: 0.5em;
|
||||
}
|
||||
|
||||
#domain {
|
||||
margin-left: auto;
|
||||
}
|
||||
|
||||
#domain a {
|
||||
color: #888;
|
||||
}
|
||||
|
||||
.banner {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.experimental {
|
||||
margin: 3em 0;
|
||||
padding: 1em;
|
||||
border: 4px dashed red;
|
||||
color: red;
|
||||
font-weight: bold;
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
{% if config.webdev %}
|
||||
<meta http-equiv="refresh" content="3">
|
||||
{% endif %}
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
|
||||
<title>{{ config.mail_domain }} {{ pagename }}</title>
|
||||
<link rel="stylesheet" href="./main.css">
|
||||
<link rel="icon" href="/logo.svg">
|
||||
<link rel=”mask-icon” href=”/logo.svg” color=”#000000">
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<ul id="menu">
|
||||
<li><a href="index.html">home</a></li>
|
||||
<li><a href="info.html">info</a></li>
|
||||
<li><a href="privacy.html">privacy</a></li>
|
||||
<li><a href="https://github.com/deltachat/chatmail">public code ↗</a></li>
|
||||
<li id="domain"><a href="index.html">{{ config.mail_domain }}</a></li>
|
||||
</ul>
|
||||
|
||||
{{ markdown_html }}
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,240 +0,0 @@
|
||||
<img class="banner" src="collage-privacy.png"/>
|
||||
|
||||
# Privacy Policy for {{ config.mail_domain }}
|
||||
|
||||
We want to show you in a fair and transparent way
|
||||
what personal data is processed by us.
|
||||
We follow a strict privacy-by-design approach
|
||||
and try to avoid processing your data in the first place,
|
||||
but as you may know,
|
||||
the internet,
|
||||
and in particular sending e-mail messages,
|
||||
does not work without data.
|
||||
Still,
|
||||
it's only fair that you know at all times
|
||||
what personal data is processed
|
||||
when you use our service.
|
||||
|
||||
If you have any remaining questions about data protection, please contact us.
|
||||
|
||||
## 1. Name and contact information
|
||||
|
||||
Responsible for the processing of your personal data is:
|
||||
```
|
||||
{{ config.privacy_postal }}
|
||||
```
|
||||
|
||||
E-mail: {{ config.privacy_mail }}
|
||||
|
||||
We have appointed a data protection officer:
|
||||
|
||||
```
|
||||
{{ config.privacy_pdo }}
|
||||
```
|
||||
|
||||
## 2. Processing when using chat e-mail services
|
||||
|
||||
We provide e-mail services optimized for the use from [Delta Chat](https://delta.chat) apps
|
||||
and process only the data necessary
|
||||
for the setup and technical execution of the e-mail dispatch.
|
||||
The purpose of the processing is to
|
||||
read, write, manage, delete, send, and receive emails.
|
||||
For this purpose,
|
||||
we operate server-side software
|
||||
that enables us to send and receive e-mail messages.
|
||||
Allowing the use of the e-mail service,
|
||||
we process the following data and details:
|
||||
|
||||
- Outgoing and incoming messages (SMTP) are stored for transit
|
||||
on behalf of their users until the message can be delivered.
|
||||
|
||||
- E-Mail-Messages are stored for the recipient and made accessible via IMAP protocols,
|
||||
until explicitly deleted by the user or until a fixed time period is exceeded,
|
||||
(*usually 4-8 weeks*).
|
||||
|
||||
- IMAP and SMTP protocols are password protected with unique credentials for each account.
|
||||
|
||||
- Users can retrieve or delete all stored messages
|
||||
without intervention from the operators using standard IMAP client tools.
|
||||
|
||||
### 3.1 Account setup
|
||||
|
||||
Creating an account happens in one of two ways on our mail servers:
|
||||
|
||||
- with a QR invitation token
|
||||
which is scanned using the Delta Chat app
|
||||
and then the account is created.
|
||||
|
||||
- by letting Delta Chat otherwise create an account
|
||||
and register it with a {{ config.mail_domain }} mail server.
|
||||
|
||||
In either case, we process the newly created email address.
|
||||
No phone numbers,
|
||||
other email addresses,
|
||||
or other identifiable data
|
||||
is currently required.
|
||||
The legal basis for the processing is
|
||||
Art. 6 (1) lit. b GDPR,
|
||||
as you have a usage contract with us
|
||||
by using our services.
|
||||
|
||||
## 3.2 Processing of E-Mail-Messages
|
||||
|
||||
In addition,
|
||||
we will process data
|
||||
to keep the server infrastructure operational
|
||||
for purposes of e-mail dispatch
|
||||
and abuse prevention.
|
||||
|
||||
- Therefore,
|
||||
it is necessary to process the content and/or metadata
|
||||
(e.g., headers of the email as well as smtp chatter)
|
||||
of E-Mail-Messages in transit.
|
||||
|
||||
- We will keep logs of messages in transit for a limited time.
|
||||
These logs are used to debug delivery problems and software bugs.
|
||||
|
||||
In addition,
|
||||
we process data to protect the systems from excessive use.
|
||||
Therefore, limits are enforced:
|
||||
|
||||
- rate limits
|
||||
|
||||
- storage limits
|
||||
|
||||
- message size limits
|
||||
|
||||
- any other limit neccessary for the whole server to function in a healthy way
|
||||
and to prevent abuse.
|
||||
|
||||
The processing and use of the above permissions
|
||||
are performed to provide the service.
|
||||
The data processing is necessary for the use of our services,
|
||||
therefore the legal basis of the processing is
|
||||
Art. 6 (1) lit. b GDPR,
|
||||
as you have a usage contract with us
|
||||
by using our services.
|
||||
The legal basis for the data processing
|
||||
for the purposes of security and abuse prevention is
|
||||
Art. 6 (1) lit. f GDPR.
|
||||
Our legitimate interest results
|
||||
from the aforementioned purposes.
|
||||
We will not use the collected data
|
||||
for the purpose of drawing conclusions
|
||||
about your person.
|
||||
|
||||
|
||||
## 3. Processing when using our Website
|
||||
|
||||
When you visit our website,
|
||||
the browser used on your end device
|
||||
automatically sends information to the server of our website.
|
||||
This information is temporarily stored in a so-called log file.
|
||||
The following information is collected and stored
|
||||
until it is automatically deleted
|
||||
(*usually 7 days*):
|
||||
|
||||
- used type of browser,
|
||||
|
||||
- used operating system,
|
||||
|
||||
- access date and time as well as
|
||||
|
||||
- country of origin and IP address,
|
||||
|
||||
- the requested file name or HTTP resource,
|
||||
|
||||
- the amount of data transferred,
|
||||
|
||||
- the access status (file transferred, file not found, etc.) and
|
||||
|
||||
- the page from which the file was requested.
|
||||
|
||||
This website is hosted by an external service provider (hoster).
|
||||
The personal data collected on this website is stored
|
||||
on the hoster's servers.
|
||||
Our hoster will process your data
|
||||
only to the extent necessary to fulfill its obligations
|
||||
to perform under our instructions.
|
||||
In order to ensure data protection-compliant processing,
|
||||
we have concluded a data processing agreement with our hoster.
|
||||
|
||||
The aforementioned data is processed by us for the following purposes:
|
||||
|
||||
- Ensuring a reliable connection setup of the website,
|
||||
|
||||
- ensuring a convenient use of our website,
|
||||
|
||||
- checking and ensuring system security and stability, and
|
||||
|
||||
- for other administrative purposes.
|
||||
|
||||
The legal basis for the data processing is
|
||||
Art. 6 (1) lit. f GDPR.
|
||||
Our legitimate interest results
|
||||
from the aforementioned purposes of data collection.
|
||||
We will not use the collected data
|
||||
for the purpose of drawing conclusions about your person.
|
||||
|
||||
## 4. Transfer of Data
|
||||
|
||||
Your personal data
|
||||
will not be transferred to third parties
|
||||
for purposes other than those listed below:
|
||||
|
||||
a) you have given your express consent
|
||||
in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
|
||||
|
||||
b) the disclosure is necessary for the assertion, exercise or defence of legal claims
|
||||
pursuant to Art. 6 (1) sentence 1 lit. f GDPR
|
||||
and there is no reason to assume that you have
|
||||
an overriding interest worthy of protection
|
||||
in the non-disclosure of your data,
|
||||
|
||||
c) in the event that there is a legal obligation to disclose your data
|
||||
pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
|
||||
as well as
|
||||
|
||||
d) this is legally permissible and necessary
|
||||
in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR
|
||||
for the processing of contractual relationships with you,
|
||||
|
||||
e) this is carried out by a service provider
|
||||
acting on our behalf and on our exclusive instructions,
|
||||
whom we have carefully selected (Art. 28 (1) GDPR)
|
||||
and with whom we have concluded a corresponding contract on commissioned processing (Art. 28 (3) GDPR),
|
||||
which obliges our contractor,
|
||||
among other things,
|
||||
to implement appropriate security measures
|
||||
and grants us comprehensive control powers.
|
||||
|
||||
## 5. Rights of the data subject
|
||||
|
||||
The rights arise from Articles 12 to 23 GDPR.
|
||||
Since no personal data is stored on our servers,
|
||||
even in encrypted form,
|
||||
there is no need to provide information
|
||||
on these or possible objections.
|
||||
A deletion can be made
|
||||
directly in the Delta Chat email messenger.
|
||||
|
||||
If you have any questions or complaints,
|
||||
please feel free to contact us by email:
|
||||
{{ config.privacy_mail }}
|
||||
|
||||
As a rule, you can contact the supervisory authority of your usual place of residence
|
||||
or workplace
|
||||
or our registered office for this purpose.
|
||||
The supervisory authority responsible for our place of business
|
||||
is the `{{ config.privacy_supervisor }}`.
|
||||
|
||||
|
||||
## 6. Validity of this privacy policy
|
||||
|
||||
This data protection declaration is valid
|
||||
as of *December 2023*.
|
||||
Due to the further development of our service and offers
|
||||
or due to changed legal or official requirements,
|
||||
it may become necessary to revise this data protection declaration from time to time.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user