Dovecot: setup METADATA

There is no dictionary to set additional attributes,
but admin email can already be retrieved:

? GETMETADATA "" (/shared/admin)
* METADATA "" (/shared/admin {27}
mailto:root@c20.testrun.org)
? OK Getmetadata completed (0.001 + 0.000 secs).

.github/workflows/test-and-deploy.yaml

@@ -5,7 +5,6 @@ on:
     branches:
       - main
       - staging-ci
-      - generate-dkim-selector
 
 jobs:
   deploy:

chatmaild/src/chatmaild/config.py

@@ -1,5 +1,4 @@
 import iniconfig
-from datetime import datetime
 
 
 def read_config(inipath):
@@ -25,7 +24,6 @@ class Config:
         self.privacy_mail = params.get("privacy_mail")
         self.privacy_pdo = params.get("privacy_pdo")
         self.privacy_supervisor = params.get("privacy_supervisor")
-        self.dkim_selector = params.get("dkim_selector")
 
     def _getbytefile(self):
         return open(self._inipath, "rb")
@@ -35,16 +33,8 @@ def write_initial_config(inipath, mail_domain):
     from importlib.resources import files
 
     inidir = files(__package__).joinpath("ini")
-    selector = "dkim"
-    if mail_domain == "staging.testrun.org":
-        selector = datetime.now().strftime("%Y%m%d%H%M")
     content = (
-        inidir.joinpath("chatmail.ini.f")
+        inidir.joinpath("chatmail.ini.f").read_text().format(mail_domain=mail_domain)
-        .read_text()
-        .format(
-            mail_domain=mail_domain,
-            dkim_selector=selector,
-        )
     )
     if mail_domain.endswith(".testrun.org"):
         override_inipath = inidir.joinpath("override-testrun.ini")

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -33,9 +33,7 @@ password_min_length = 9
 passthrough_senders =
 
 # list of e-mail recipients for which to accept outbound un-encrypted mails
-passthrough_recipients = xstore@testrun.org groupsbot@hispanilandia.net
+passthrough_recipients =
-
-dkim_selector = {dkim_selector}
 
 #
 # Deployment Details

chatmaild/src/chatmaild/ini/override-testrun.ini

@@ -1,7 +1,7 @@
 
 [privacy]
 
-passthrough_recipients = privacy@testrun.org xstore@testrun.org groupsbot@hispanilandia.net
+passthrough_recipients = privacy@testrun.org
 
 privacy_postal =
     Merlinux GmbH, Represented by the managing director H. Krekel,

chatmaild/src/chatmaild/tests/test_config.py

@@ -28,5 +28,5 @@ def test_read_config_testrun(make_config):
     assert config.username_min_length == 9
     assert config.username_max_length == 9
     assert config.password_min_length == 9
-    assert "privacy@testrun.org" in config.passthrough_recipients
+    assert config.passthrough_recipients == ["privacy@testrun.org"]
     assert config.passthrough_senders == []

cmdeploy/src/cmdeploy/__init__.py

@@ -495,7 +495,7 @@ def deploy_chatmail(config_path: Path) -> None:
     nginx_need_restart = _configure_nginx(mail_domain)
 
     remove_opendkim()
-    rspamd_need_restart = _configure_rspamd(config.dkim_selector, mail_domain)
+    rspamd_need_restart = _configure_rspamd("dkim", mail_domain)
 
     systemd.service(
         name="Start and enable rspamd",

cmdeploy/src/cmdeploy/dns.py

@@ -51,7 +51,6 @@ def show_dns(args, out) -> int:
     """Check existing DNS records, optionally write them to zone file, return exit code 0 or 1."""
     template = importlib.resources.files(__package__).joinpath("chatmail.zone.f")
     mail_domain = args.config.mail_domain
-    selector = args.config.dkim_selector
     ssh = f"ssh root@{mail_domain}"
     dns = DNS(out, mail_domain)
 
@@ -62,8 +61,8 @@ def show_dns(args, out) -> int:
                 continue
             line = line.replace("\t", " ")
             lines.append(line)
-        lines[0] = f"{selector}._domainkey.{mail_domain}. IN TXT " + lines[0].strip(
+        lines[0] = f"dkim._domainkey.{mail_domain}. IN TXT " + lines[0].strip(
-            f"{selector}._domainkey IN TXT "
+            "dkim._domainkey IN TXT "
         )
         return "\n".join(lines)
 
@@ -74,9 +73,7 @@ def show_dns(args, out) -> int:
         print("Please run `cmdeploy run` first.")
         return 1
     dkim_entry = read_dkim_entries(
-        out.shell_output(
+        out.shell_output(f"{ssh} -- cat /var/lib/rspamd/dkim/{mail_domain}.dkim.zone")
-            f"{ssh} -- cat /var/lib/rspamd/dkim/{mail_domain}.{selector}.zone"
-        )
     )
 
     ipv6 = dns.get_ipv6()

cmdeploy/src/cmdeploy/nginx/nginx.conf.j2

@@ -58,19 +58,8 @@ http {
 		}
 
 		# Old URL for compatibility with e.g. printed QR codes.
-		#
-		# Copy-paste instead of redirect to /new
-		# because Delta Chat core does not follow redirects.
-		#
-		# Redirects are only for browsers.
 		location /cgi-bin/newemail.py {
-			if ($request_method = GET) {
+			return 301 /new;
-				return 301 dcaccount:https://{{ config.domain_name }}/new;
-			}
-
-			fastcgi_pass unix:/run/fcgiwrap.socket;
-			include /etc/nginx/fastcgi_params;
-			fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/newemail.py;
 		}
 	}
 

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -48,3 +48,5 @@ virtual_mailbox_domains = {{ config.mail_domain }}
 
 smtpd_milters = inet:127.0.0.1:11332
 non_smtpd_milters = $smtpd_milters
+
+header_checks = regexp:/etc/postfix/submission_header_cleanup

cmdeploy/src/cmdeploy/postfix/master.cf.j2

@@ -14,6 +14,10 @@ smtp      inet  n       -       y       -       -       smtpd -v
 {% else %}
 smtp      inet  n       -       y       -       -       smtpd 
 {% endif %}
+#smtp      inet  n       -       y       -       1       postscreen
+#smtpd     pass  -       -       y       -       -       smtpd
+#dnsblog   unix  -       -       y       -       0       dnsblog
+#tlsproxy  unix  -       -       y       -       0       tlsproxy
 submission inet n       -       y       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
@@ -30,7 +34,6 @@ submission inet n       -       y       -       -       smtpd
   -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_client_connection_count_limit=1000
   -o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port }}
-  -o cleanup_service_name=authclean
 smtps     inet  n       -       y       -       -       smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes
@@ -47,7 +50,6 @@ smtps     inet  n       -       y       -       -       smtpd
   -o smtpd_client_connection_count_limit=1000
   -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port }}
-  -o cleanup_service_name=authclean
 #628       inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
@@ -78,13 +80,3 @@ filter    unix -        n       n       -       -       lmtp
 # Local SMTP server for reinjecting filered mail.
 localhost:{{ config.postfix_reinject_port }} inet  n       -       n       -       10      smtpd
   -o syslog_name=postfix/reinject
-  -o cleanup_service_name=authclean
-
-# Cleanup `Received` headers for authenticated mail
-# to avoid leaking client IP.
-#
-# We do not do this for received mails
-# as this will break DKIM signatures
-# if `Received` header is signed.
-authclean unix  n       -       -       -       0       cleanup
-  -o header_checks=regexp:/etc/postfix/submission_header_cleanup

cmdeploy/src/cmdeploy/rspamd/dkim_signing.conf.j2

@@ -1,9 +1,9 @@
-selector = "{{ config.dkim_selector }}"
+selector = {{ config.dkim_selector }}
 use_esld = false  # don't cut c1.testrun.org down to testrun.org
 domain = {
     {{ config.mail_domain }} {
         selectors [
-            selector = "{{ config.dkim_selector }}"
+            selector = {{ config.dkim_selector }}
             path = {{ config.dkim_key_path }}
         ]
     }

scripts/initenv.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-python3 -m venv --upgrade-deps venv
+python3 -m venv venv
 
 venv/bin/pip install -e chatmaild 
 venv/bin/pip install -e cmdeploy