Allow to send securejoin

2026-05-13 17:34:38 +00:00 · 2023-10-16 20:38:28 +00:00
15 changed files with 147 additions and 397 deletions
--- a/README.md
+++ b/README.md
@@ -1,40 +1,61 @@
 # Chat Mail server configuration
-This repository setups a ready-to-go chatmail instance
+This package deploys Postfix and Dovecot servers, including OpenDKIM for DKIM signing.
-comprised of a minimal setup of the battle-tested 
+
-[postfix smtp server](https://www.postfix.org) and [dovecot imap server](https://www.dovecot.org).
+Postfix uses Dovecot for authentication as described in <https://www.postfix.org/SASL_README.html#server_dovecot>
 ## Getting started 
-1. prepare your local system:
+prepare:
-    scripts/init.sh 
+    pip install -e chatmail-infra
 2. set environment variable to the chatmail domain you want to setup:
    export CHATMAIL_DOMAIN=c1.testrun.org   # replace with your host
 3. run the deploy of the chat mail instance: 
    scripts/deploy.sh 
-## Running tests and benchmarks (offline and online) 
+then run with pyinfra command line tool: 
-1. Set `CHATMAIL_SSH` so that `ssh root@$CHATMAIL_SSH` allows 
+    CHATMAIL_DOMAIN=c1.testrun.org pyinfra --ssh-user root c1.testrun.org deploy.py
   to login to the chatmail instance server. 
 2. To run local and online tests: 
-    scripts/test.sh 
+## Structure (wip)
 ```
-3. To run benchmarks against your chatmail instance: 
+# package doveauth tool and deploy chatmail server to a envvar-specified ssh-reachable host 
 deploy.py 
-    scripts/bench.sh 
+# chatmail pyinfra deploy package 
 chatmail-pyinfra 
    pyproject.toml
    chatmail/__init__ ...
-## Running tests (offline and online) 
+# doveauth tool used by dovecot's auth mechanism on the host system 
 doveauth
    README.md
    pyproject.toml
    doveauth.py
    test_doveauth.py
 # lmtp server to block (outgoing) unencrypted messages 
 filtermail 
    README.md
    pyproject.toml
    .... 
 # online tests (after deploy)
 online-tests  # runnable via pytest 
 # scripts for setup/development/deployment 
 scripts/
    init.sh  # create venv/other perequires
    deploy.sh  # run pyinfra based deploy of everything
    test.sh # run all local and online tests 
    bench.sh # run performance benchmark tests
 ```
 ## Dovecot/Postfix configuration
 ### Ports
@@ -44,16 +65,4 @@ Dovecot listens on ports 143(imap) and 993 (imaps).
 ## DNS
-For DKIM you must add a DNS entry as found in /etc/opendkim/selector.txt on your chatmail instance.
+For DKIM you must add a DNS entry as in /etc/opendkim/selector.txt (where selector is the opendkim_selector configured in the chatmail inventory).
 The above `scripts/deploy.sh` prints out the DKIM selector and DNS entry you
 need to setup with your DNS provider. 
 ## Emergency Commands
 If you need to stop account creation,
 e.g. because some script is wildly creating accounts,
 just run `touch /tmp/nocreate`.
 You can remove the file
 as soon as the attacker was banned
 by different means.
--- a/chatmaild/pyproject.toml
+++ b/chatmaild/pyproject.toml
@@ -10,6 +10,7 @@ dependencies = [
 ]
 [project.scripts]
 doveauth = "chatmaild.doveauth:main"
 doveauth-dictproxy = "chatmaild.dictproxy:main"
 filtermail = "chatmaild.filtermail:main"
--- a/chatmaild/src/chatmaild/dictproxy.py
+++ b/chatmaild/src/chatmaild/dictproxy.py
@@ -1,4 +1,3 @@
 import logging
 import os
 import sys
 import json
@@ -12,8 +11,6 @@ import subprocess
 from .database import Database
 NOCREATE_FILE = "/etc/chatmail-nocreate"
 def encrypt_password(password: str):
    password = password.encode("ascii")
@@ -30,9 +27,6 @@ def encrypt_password(password: str):
 def create_user(db, user, password):
    if os.path.exists(NOCREATE_FILE):
        logging.warning(f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation.")
        return
    with db.write_transaction() as conn:
        conn.create_user(user, password)
    return dict(home=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password)
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -0,0 +1,65 @@
 #!/usr/bin/env python3
 import base64
 import sys
 from .database import Database
 def get_user_data(db, user):
    with db.read_connection() as conn:
        result = conn.get_user(user)
    if result:
        result["uid"] = "vmail"
        result["gid"] = "vmail"
    return result
 def create_user(db, user, password):
    with db.write_transaction() as conn:
        conn.create_user(user, password)
    return dict(home=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password)
 def verify_user(db, user, password):
    userdata = get_user_data(db, user)
    if userdata:
        if userdata.get("password") == password:
            userdata["status"] = "ok"
        else:
            userdata["status"] = "fail"
    else:
        userdata = create_user(db, user, password)
        userdata["status"] = "ok"
    return userdata
 def lookup_user(db, user):
    userdata = get_user_data(db, user)
    if userdata:
        userdata["status"] = "ok"
    else:
        userdata["status"] = "fail"
    return userdata
 def dump_result(res):
    for key, value in res.items():
        print(f"{key}={value}")
 def main():
    db = Database("/home/vmail/passdb.sqlite")
    if sys.argv[1] == "hexauth":
        login = base64.b16decode(sys.argv[2]).decode()
        password = base64.b16decode(sys.argv[3]).decode()
        res = verify_user(db, login, password)
        dump_result(res)
    elif sys.argv[1] == "hexlookup":
        login = base64.b16decode(sys.argv[2]).decode()
        res = lookup_user(db, login)
        dump_result(res)
 if __name__ == "__main__":
    main()
--- a/chatmaild/src/chatmaild/test_doveauth.py
+++ b/chatmaild/src/chatmaild/test_doveauth.py
@@ -1,9 +1,7 @@
 import os
 import pytest
-import chatmaild.dictproxy
+from .dictproxy import get_user_data
-from .dictproxy import get_user_data, lookup_passdb
+from .doveauth import verify_user
 from .database import Database, DBError
@@ -15,31 +13,16 @@ def db(tmpdir):
 def test_basic(db):
-    chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
+    verify_user(db, "link2xt@c1.testrun.org", "asdf")
    if os.path.exists(chatmaild.dictproxy.NOCREATE_FILE):
        os.remove(chatmaild.dictproxy.NOCREATE_FILE)
    lookup_passdb(db, "link2xt@c1.testrun.org", "asdf")
    data = get_user_data(db, "link2xt@c1.testrun.org")
    assert data
-def test_dont_overwrite_password_on_wrong_login(db):
+def test_verify_or_create(db):
-    """Test that logging in with a different password doesn't create a new user"""
+    res = verify_user(db, "newuser1@something.org", "kajdlkajsldk12l3kj1983")
-    res = lookup_passdb(db, "newuser1@something.org", "kajdlkajsldk12l3kj1983")
+    assert res["status"] == "ok"
-    assert res["password"]
+    res = verify_user(db, "newuser1@something.org", "kajdlqweqwe")
-    res2 = lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
+    assert res["status"] == "fail"
    # this function always returns a password hash, which is actually compared by dovecot.
    assert res["password"] == res2["password"]
 def test_nocreate_file(db):
    chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
    with open(chatmaild.dictproxy.NOCREATE_FILE, "w+") as f:
        f.write("")
    assert os.path.exists(chatmaild.dictproxy.NOCREATE_FILE)
    lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
    assert not get_user_data(db, "newuser1@something.org")
    os.remove(chatmaild.dictproxy.NOCREATE_FILE)
 def test_db_version(db):
--- a/deploy-chatmail/src/deploy_chatmail/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/init.py
@@ -110,7 +110,7 @@ def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
    return need_restart
-def _configure_postfix(domain: str, debug: bool = False) -> bool:
+def _configure_postfix(domain: str) -> bool:
    """Configures Postfix SMTP server."""
    need_restart = False
@@ -124,20 +124,21 @@ def _configure_postfix(domain: str, debug: bool = False) -> bool:
    )
    need_restart |= main_config.changed
-    master_config = files.template(
+    master_config = files.put(
-        src=importlib.resources.files(__package__).joinpath("postfix/master.cf.j2"),
+        src=importlib.resources.files(__package__)
        .joinpath("postfix/master.cf")
        .open("rb"),
        dest="/etc/postfix/master.cf",
        user="root",
        group="root",
        mode="644",
        debug=debug,
    )
    need_restart |= master_config.changed
    return need_restart
-def _configure_dovecot(mail_server: str, debug: bool = False) -> bool:
+def _configure_dovecot(mail_server: str) -> bool:
    """Configures Dovecot IMAP server."""
    need_restart = False
@@ -148,7 +149,6 @@ def _configure_dovecot(mail_server: str, debug: bool = False) -> bool:
        group="root",
        mode="644",
        config={"hostname": mail_server},
        debug=debug,
    )
    need_restart |= main_config.changed
    auth_config = files.put(
@@ -215,9 +215,8 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
    )
    _install_chatmaild()
-    debug = False
+    dovecot_need_restart = _configure_dovecot(mail_server)
-    dovecot_need_restart = _configure_dovecot(mail_server, debug=debug)
+    postfix_need_restart = _configure_postfix(mail_domain)
    postfix_need_restart = _configure_postfix(mail_domain, debug=debug)
    opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
    systemd.service(
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
@@ -50,8 +50,8 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
    systemd.service(
        name="Setup acmetool-redirector service",
        service="acmetool-redirector.service",
-        running=False,
+        running=True,
-        enabled=False,
+        enabled=True,
        restarted=service_file.changed,
    )
--- a/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
@@ -4,23 +4,13 @@ protocols = imap lmtp
 auth_mechanisms = plain
 {% if debug == true %}
 auth_verbose = yes
 auth_debug = yes
 auth_debug_passwords = yes
 auth_verbose_passwords = plain
 auth_cache_size = 100M
 mail_debug = yes
 {% endif %}
 mail_plugins = quota
-
+mail_debug = yes
 # these are the capabilities Delta Chat cares about actually 
 # so let's keep the network overhead per login small
 # https://github.com/deltachat/deltachat-core-rust/blob/master/src/imap/capabilities.rs
 imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE
 # Authentication for system users.
 passdb {
--- a/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
@@ -9,11 +9,7 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 {% if debug == true %}
 smtp      inet  n       -       y       -       -       smtpd -v 
 {% else %}
 smtp      inet  n       -       y       -       -       smtpd 
 {% endif %}
 #smtp      inet  n       -       y       -       1       postscreen
 #smtpd     pass  -       -       y       -       -       smtpd
 #dnsblog   unix  -       -       y       -       0       dnsblog
@@ -70,6 +66,8 @@ showq     unix  n       -       y       -       -       showq
 error     unix  -       -       y       -       -       error
 retry     unix  -       -       y       -       -       error
 discard   unix  -       -       y       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       y       -       -       lmtp
 anvil     unix  -       -       y       -       1       anvil
 scache    unix  -       -       y       -       1       scache
--- a/deploy-chatmail/src/deploy_chatmail/deploy.py
+++ b/deploy-chatmail/src/deploy_chatmail/deploy.py
--- a/online-tests/test_0_login.py
+++ b/online-tests/test_0_login.py
@@ -1,5 +1,3 @@
 import smtplib
 import pytest
@@ -36,296 +34,3 @@ def test_login_same_password(imap_or_smtp, gencreds):
    imap_or_smtp.login(user1, password1)
    imap_or_smtp.connect()
    imap_or_smtp.login(user2, password1)
@pytest.mark.parametrize(
    ("authenticated", "existing_from", "outside_to", "log_msg"),
    [
        (False, False, False, "Sending message with forged FROM of chatmail user to chatmail user"),
        (False, True, False, "Sending message with forged FROM of outside user to chatmail user"),
        (False, False, True, "Sending message with forged FROM of chatmail user to outside user"),
        (False, True, True, "Sending message with forged FROM of outside user to outside user"),
        (True, False, False, "Sending authenticated message with forged FROM of chatmail user to chatmail user"),
        (True, True, False, "Sending authenticated message with forged FROM of outside user to chatmail user"),
        (True, False, True, "Sending authenticated message with forged FROM of chatmail user to outside user"),
        (True, True, True, "Sending authenticated message with forged FROM of outside user to outside user"),
    ]
 )
 def test_send_with_forged_from(smtp, gencreds, lp, authenticated, existing_from, outside_to, log_msg):
    """Test that users can't impersonate each other."""
    if outside_to:
        to_addr = "recipient@example.org"
    else:
        to_addr, password = gencreds()
        smtp.connect()
        smtp.login(to_addr, password)
        smtp.conn.close()
    if existing_from:
        from_addr, password = gencreds()
        smtp.connect()
        smtp.login(from_addr, password)
        smtp.conn.close()
    else:
        from_addr = f"9d8znohcoimafiilvsjfovaniufsmdj@{smtp.host}"
    smtp.connect()
    if authenticated:
        attacker_addr, password = gencreds()
        smtp.login(attacker_addr, password)
    mail = "\r\n".join([
        "Subject: ...",
        f"From: <{from_addr}>",
        f"To: <{to_addr}>",
        "Date: Sun, 15 Oct 2023 16:43:21 +0000",
        "Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>",
        "In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
        "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
        "\t<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
        "Chat-Version: 1.0",
        f"Autocrypt: addr={from_addr}; prefer-encrypt=mutual;",
        "\tkeydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH",
        "\trNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID",
        "\tFgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW",
        "\tXQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK",
        "\tKwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ",
        "\tJlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP",
        "\tIXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO",
        "MIME-Version: 1.0",
        'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";',
        '\tboundary="YFrteb74qSXmggbOxZL9dRnhymywAi"',
        "",
        "",
        "--YFrteb74qSXmggbOxZL9dRnhymywAi",
        "Content-Description: PGP/MIME version identification",
        "Content-Type: application/pgp-encrypted",
        "",
        "Version: 1",
        "",
        "",
        "--YFrteb74qSXmggbOxZL9dRnhymywAi",
        "Content-Description: OpenPGP encrypted message",
        'Content-Disposition: inline; filename="encrypted.asc";',
        'Content-Type: application/octet-stream; name="encrypted.asc"',
        "",
        "-----BEGIN PGP MESSAGE-----",
        "",
        "wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg",
        "O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae",
        "8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI",
        "JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no",
        "lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz",
        "ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM",
        "YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA",
        "kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI",
        "+lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg",
        "RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo",
        "tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7",
        "rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp",
        "H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI",
        "fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9",
        "61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN",
        "XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3",
        "w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb",
        "NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs",
        "baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW",
        "A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8",
        "uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI",
        "E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn",
        "lkOWnEbCD+XTnbDd",
        "=agR5",
        "-----END PGP MESSAGE-----",
        "",
        "",
        "--YFrteb74qSXmggbOxZL9dRnhymywAi--",
        "",
        "",
    ]).encode()
    if not authenticated:
        smtperror = smtplib.SMTPRecipientsRefused
    else:
        smtperror = smtplib.SMTPException
    lp.sec(log_msg)
    with pytest.raises(smtperror):
        smtp.conn.sendmail(from_addr, to_addr, mail)
 def test_no_internal_rate_limit(smtp, gencreds):
    """Test that there is no rate limit between accounts on the same chatmail server."""
    to_addr, password = gencreds()
    smtp.connect()
    smtp.login(to_addr, password)
    user, password = gencreds()
    smtp.connect()
    smtp.login(user, password)
    mail = "\r\n".join(
        [
            "Subject: ...",
            f"From: <{user}>",
            f"To: <{to_addr}>",
            "Date: Sun, 15 Oct 2023 16:43:21 +0000",
            "Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>",
            "In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
            "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
            "\t<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
            "Chat-Version: 1.0",
            f"Autocrypt: addr={user}; prefer-encrypt=mutual;",
            "\tkeydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH",
            "\trNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID",
            "\tFgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW",
            "\tXQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK",
            "\tKwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ",
            "\tJlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP",
            "\tIXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO",
            "MIME-Version: 1.0",
            'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";',
            '\tboundary="YFrteb74qSXmggbOxZL9dRnhymywAi"',
            "",
            "",
            "--YFrteb74qSXmggbOxZL9dRnhymywAi",
            "Content-Description: PGP/MIME version identification",
            "Content-Type: application/pgp-encrypted",
            "",
            "Version: 1",
            "",
            "",
            "--YFrteb74qSXmggbOxZL9dRnhymywAi",
            "Content-Description: OpenPGP encrypted message",
            'Content-Disposition: inline; filename="encrypted.asc";',
            'Content-Type: application/octet-stream; name="encrypted.asc"',
            "",
            "-----BEGIN PGP MESSAGE-----",
            "",
            "wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg",
            "O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae",
            "8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI",
            "JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no",
            "lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz",
            "ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM",
            "YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA",
            "kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI",
            "+lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg",
            "RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo",
            "tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7",
            "rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp",
            "H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI",
            "fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9",
            "61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN",
            "XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3",
            "w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb",
            "NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs",
            "baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW",
            "A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8",
            "uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI",
            "E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn",
            "lkOWnEbCD+XTnbDd",
            "=agR5",
            "-----END PGP MESSAGE-----",
            "",
            "",
            "--YFrteb74qSXmggbOxZL9dRnhymywAi--",
            "",
            "",
        ]
    ).encode()
    for i in range(100):
        print("Sending mail", str(i))
        smtp.conn.sendmail(user, to_addr, mail)
@pytest.mark.xfail(reason="No rate limit at the moment")
 def test_exceed_rate_limit(smtp, gencreds):
    """Test that the outbound rate limit is exceeded if we send a lot of messages at once."""
    user, password = gencreds()
    smtp.connect()
    smtp.login(user, password)
    to_addr = "foobar@example.org"
    mail = "\r\n".join(
        [
            "Subject: ...",
            f"From: <{user}>",
            f"To: <{to_addr}>",
            "Date: Sun, 15 Oct 2023 16:43:21 +0000",
            "Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>",
            "In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
            "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
            "\t<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
            "Chat-Version: 1.0",
            f"Autocrypt: addr={user}; prefer-encrypt=mutual;",
            "\tkeydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH",
            "\trNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID",
            "\tFgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW",
            "\tXQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK",
            "\tKwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ",
            "\tJlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP",
            "\tIXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO",
            "MIME-Version: 1.0",
            'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";',
            '\tboundary="YFrteb74qSXmggbOxZL9dRnhymywAi"',
            "",
            "",
            "--YFrteb74qSXmggbOxZL9dRnhymywAi",
            "Content-Description: PGP/MIME version identification",
            "Content-Type: application/pgp-encrypted",
            "",
            "Version: 1",
            "",
            "",
            "--YFrteb74qSXmggbOxZL9dRnhymywAi",
            "Content-Description: OpenPGP encrypted message",
            'Content-Disposition: inline; filename="encrypted.asc";',
            'Content-Type: application/octet-stream; name="encrypted.asc"',
            "",
            "-----BEGIN PGP MESSAGE-----",
            "",
            "wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg",
            "O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae",
            "8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI",
            "JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no",
            "lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz",
            "ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM",
            "YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA",
            "kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI",
            "+lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg",
            "RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo",
            "tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7",
            "rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp",
            "H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI",
            "fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9",
            "61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN",
            "XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3",
            "w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb",
            "NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs",
            "baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW",
            "A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8",
            "uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI",
            "E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn",
            "lkOWnEbCD+XTnbDd",
            "=agR5",
            "-----END PGP MESSAGE-----",
            "",
            "",
            "--YFrteb74qSXmggbOxZL9dRnhymywAi--",
            "",
            "",
        ]
    ).encode()
    for i in range(100):
        print("Sending mail", str(i))
        try:
            smtp.conn.sendmail(user, to_addr, mail)
        except smtplib.SMTPSenderRefused as e:
            if i == 0:
                pytest.fail(f"rate limit was exceeded too early with msg {i} - maybe wait a minute before testing?")
            if i < 41:
                pytest.fail(f"rate limit was exceeded too early with msg {i}")
            assert e.smtp_code == 450
            assert b'4.7.1 Error: too much mail from' in e.smtp_error
            return
    pytest.fail("Rate limit was not exceeded")
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -2,9 +2,8 @@
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
 export CHATMAIL_DOMAIN
-chatmaild/venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
+venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
-deploy-chatmail/venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
+deploy-chatmail/venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" deploy.py
    deploy-chatmail/src/deploy_chatmail/deploy.py
 rm -r dist/
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -6,9 +6,12 @@ deploy-chatmail/venv/bin/pip install -e deploy-chatmail
 deploy-chatmail/venv/bin/pip install -e chatmaild
 python3 -m venv chatmaild/venv
-sudo apt install -y dovecot-core && sudo systemctl disable --now dovecot
+chatmaild/venv/bin/pip install pytest
 chatmaild/venv/bin/pip install --upgrade pytest build 'setuptools>=68'
 chatmaild/venv/bin/pip install -e chatmaild
 python3 -m venv online-tests/venv
 online-tests/venv/bin/pip install pytest pytest-timeout pdbpp deltachat pytest-benchmark
 python3 -m venv venv
 venv/bin/pip install build
 venv/bin/pip install 'setuptools>=68'
--- a/scripts/remote-deploy.sh
+++ b/scripts/remote-deploy.sh
@@ -2,7 +2,7 @@
 set -e
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
-: ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
+: ${CHATMAIL_SSH_HOST:=$CHATMAIL_DOMAIN}
-rsync -avz . "root@$CHATMAIL_SSH:/root/chatmail" --exclude='/.git' --filter="dir-merge,- .gitignore"
+rsync -avz . "root@$CHATMAIL_SSH_HOST:/root/chatmail" --exclude='/.git' --filter="dir-merge,- .gitignore"
-ssh "root@$CHATMAIL_SSH" "cd /root/chatmail; apt install -y python3-venv; python3 -m venv venv; venv/bin/pip install pyinfra build; venv/bin/python3 -m build -n --sdist chatmaild --outdir dist; venv/bin/pip install -e ./deploy-chatmail -e ./chatmaild; export CHATMAIL_DOMAIN=$CHATMAIL_DOMAIN; venv/bin/pyinfra @local deploy.py"
+ssh "root@$CHATMAIL_SSH_HOST" "cd /root/chatmail; apt install -y python3-venv; python3 -m venv venv; venv/bin/pip install pyinfra build; venv/bin/python3 -m build -n --sdist chatmaild --outdir dist; venv/bin/pip install -e ./deploy-chatmail -e ./chatmaild; export CHATMAIL_DOMAIN=$CHATMAIL_DOMAIN; venv/bin/pyinfra @local deploy.py"
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -1,3 +1,7 @@
 #!/bin/bash
-chatmaild/venv/bin/pytest chatmaild/ $@
+set -e
-online-tests/venv/bin/pytest online-tests/ -vrx --durations=5 $@
+pushd chatmaild/src/chatmaild
 ../../venv/bin/pytest
 popd
 online-tests/venv/bin/pytest online-tests/ -vrx --durations=5