www: add markdown language switcher

.github/workflows/test-and-deploy-ipv4only.yaml

@@ -77,7 +77,7 @@ jobs:
           cmdeploy init staging-ipv4.testrun.org
           sed -i 's#disable_ipv6 = False#disable_ipv6 = True#' chatmail.ini
 
-      - run: cmdeploy run --verbose --skip-dns-check
+      - run: cmdeploy run
 
       - name: set DNS entries
         run: |

.github/workflows/test-and-deploy.yaml

@@ -75,7 +75,7 @@ jobs:
 
       - run: cmdeploy init staging2.testrun.org
 
-      - run: cmdeploy run --verbose --skip-dns-check
+      - run: cmdeploy run --verbose
 
       - name: set DNS entries
         run: |

ARCHITECTURE.md

@@ -19,6 +19,7 @@ graph LR;
     /var/lib/acme`")] --> nginx-internal;
     cron --- chatmail-metrics;
     cron --- acmetool;
+    cron --- expunge;
     chatmail-metrics --- website;
     acmetool --> certs[("`TLS certs
     /var/lib/acme`")];
@@ -34,8 +35,7 @@ graph LR;
     dovecot --- users;
     dovecot --- |metadata.socket|chatmail-metadata;
     doveauth --- users;
-    chatmail-expire-daily --- users;
-    chatmail-fsreport-daily --- users;
+    expunge --- users;
     chatmail-metadata --- iroh-relay;
     certs-nginx --> postfix;
     certs-nginx --> dovecot;

CHANGELOG.md

@@ -2,61 +2,25 @@
 
 ## untagged
 
-- filtermail: run CPU-intensive handle_DATA in a thread pool executor
-  ([#676](https://github.com/chatmail/relay/pull/676))
-
-- don't use the complicated logging module in filtermail to exclude a potential source of errors. 
-  ([#674](https://github.com/chatmail/relay/pull/674))
-
-- Specify nginx.conf to only handle `mail_domain`, www, and mta-sts domains
-  ([#636](https://github.com/chatmail/relay/pull/636))
-
-- Setup TURN server
-  ([#621](https://github.com/chatmail/relay/pull/621))
-
-- cmdeploy: make --ssh-host work with localhost
-  ([#659](https://github.com/chatmail/relay/pull/659))
-
 - Update iroh-relay to 0.35.0
   ([#650](https://github.com/chatmail/relay/pull/650))
 
-- filtermail: accept mails from Protonmail
-  ([#616](https://github.com/chatmail/relay/pull/655))
-
 - Ignore all RCPT TO: parameters
   ([#651](https://github.com/chatmail/relay/pull/651))
 
-- Increase opendkim DNS Timeout from 5 to 60 seconds
-  ([#672](https://github.com/chatmail/relay/pull/672))
-
-- Add config parameter for Let's Encrypt ACME email
-  ([#663](https://github.com/chatmail/relay/pull/663))
-
 - Use max username length in newemail.py, not min
   ([#648](https://github.com/chatmail/relay/pull/648))
 
-- Add startup for `fcgiwrap.service` because sometimes it did not start automatically.
-  ([#657](https://github.com/chatmail/relay/pull/657))
-
-- Add `cmdeploy init --force` command for recreating chatmail.ini
-  ([#656](https://github.com/chatmail/relay/pull/656))
-
 - Increase maxproc for reinjecting ports from 10 to 100
   ([#646](https://github.com/chatmail/relay/pull/646))
 
+- Add markdown tabs blocks for rendering multilingual pages.
+  Add russian language support to `index.md`, `privacy.md`, and `info.md`.
+  ([#658](https://github.com/chatmail/relay/pull/658))
+
 - Allow ports 143 and 993 to be used by `dovecot` process
   ([#639](https://github.com/chatmail/relay/pull/639))
 
-- Add `--skip-dns-check` argument to `cmdeploy run` command, which disables DNS record checking before installation.
-  ([#661](https://github.com/chatmail/relay/pull/661))
-
-- Rework expiry of message files and mailboxes in Python 
-  to only do a single iteration over sometimes millions of messages
-  instead of doing "find" commands that iterate 9 times over the messages. 
-  Provide an "fsreport" CLI for more fine grained analysis of message files. 
-  ([#637](https://github.com/chatmail/relay/pull/632))
-
-
 ## 1.7.0 2025-09-11
 
 - Make www upload path configurable

chatmaild/pyproject.toml

@@ -27,10 +27,8 @@ chatmail-metadata = "chatmaild.metadata:main"
 filtermail = "chatmaild.filtermail:main"
 echobot = "chatmaild.echo:main"
 chatmail-metrics = "chatmaild.metrics:main"
-chatmail-expire = "chatmaild.expire:main"
-chatmail-fsreport = "chatmaild.fsreport:main"
+delete_inactive_users = "chatmaild.delete_inactive_users:main"
 lastlogin = "chatmaild.lastlogin:main"
-turnserver = "chatmaild.turnserver:main"
 
 [project.entry-points.pytest11]
 "chatmaild.testplugin" = "chatmaild.tests.plugin"
@@ -72,6 +70,5 @@ commands =
 [testenv]
 deps = pytest 
        pdbpp 
-       pytest-localserver
 commands = pytest -v -rsXx {posargs}
 """

chatmaild/src/chatmaild/config.py

@@ -33,6 +33,10 @@ class Config:
         self.password_min_length = int(params["password_min_length"])
         self.passthrough_senders = params["passthrough_senders"].split()
         self.passthrough_recipients = params["passthrough_recipients"].split()
+        self.is_development_instance = (
+                params.get("is_development_instance", "true").lower() == "true"
+        )
+        self.languages = (params.get("languages", "EN").split())
         self.www_folder = params.get("www_folder", "")
         self.filtermail_smtp_port = int(params["filtermail_smtp_port"])
         self.filtermail_smtp_port_incoming = int(
@@ -44,7 +48,6 @@ class Config:
         )
         self.mtail_address = params.get("mtail_address")
         self.disable_ipv6 = params.get("disable_ipv6", "false").lower() == "true"
-        self.acme_email = params.get("acme_email", "")
         self.imap_rawlog = params.get("imap_rawlog", "false").lower() == "true"
         if "iroh_relay" not in params:
             self.iroh_relay = "https://" + params["mail_domain"]

chatmaild/src/chatmaild/delete_inactive_users.py

@@ -0,0 +1,31 @@
+"""
+Remove inactive users
+"""
+
+import os
+import shutil
+import sys
+import time
+
+from .config import read_config
+
+
+def delete_inactive_users(config):
+    cutoff_date = time.time() - config.delete_inactive_users_after * 86400
+    for addr in os.listdir(config.mailboxes_dir):
+        try:
+            user = config.get_user(addr)
+        except ValueError:
+            continue
+
+        read_timestamp = user.get_last_login_timestamp()
+        if read_timestamp and read_timestamp < cutoff_date:
+            path = config.mailboxes_dir.joinpath(addr)
+            assert path == user.maildir
+            shutil.rmtree(path, ignore_errors=True)
+
+
+def main():
+    (cfgpath,) = sys.argv[1:]
+    config = read_config(cfgpath)
+    delete_inactive_users(config)

chatmaild/src/chatmaild/expire.py

@@ -1,218 +0,0 @@
-"""
-Expire old messages and addresses.
-
-"""
-
-import os
-import shutil
-import sys
-import time
-from argparse import ArgumentParser
-from collections import namedtuple
-from datetime import datetime
-from stat import S_ISREG
-
-from chatmaild.config import read_config
-
-FileEntry = namedtuple("FileEntry", ("relpath", "mtime", "size"))
-
-
-def iter_mailboxes(basedir, maxnum):
-    if not os.path.exists(basedir):
-        print_info(f"no mailboxes found at: {basedir}")
-        return
-
-    for name in os_listdir_if_exists(basedir)[:maxnum]:
-        if "@" in name:
-            yield MailboxStat(basedir + "/" + name)
-
-
-def get_file_entry(path):
-    """return a FileEntry or None if the path does not exist or is not a regular file."""
-    try:
-        st = os.stat(path)
-    except FileNotFoundError:
-        return None
-    if not S_ISREG(st.st_mode):
-        return None
-    return FileEntry(path, st.st_mtime, st.st_size)
-
-
-def os_listdir_if_exists(path):
-    """return a list of names obtained from os.listdir or an empty list if the path does not exist."""
-    try:
-        return os.listdir(path)
-    except FileNotFoundError:
-        return []
-
-
-class MailboxStat:
-    last_login = None
-
-    def __init__(self, basedir):
-        self.basedir = str(basedir)
-        # all detected messages in cur/new/tmp folders
-        self.messages = []
-
-        # all detected files in mailbox top dir
-        self.extrafiles = []
-
-        # scan all relevant files (without recursion)
-        old_cwd = os.getcwd()
-        try:
-            os.chdir(self.basedir)
-        except FileNotFoundError:
-            return
-        for name in os_listdir_if_exists("."):
-            if name in ("cur", "new", "tmp"):
-                for msg_name in os_listdir_if_exists(name):
-                    entry = get_file_entry(f"{name}/{msg_name}")
-                    if entry is not None:
-                        self.messages.append(entry)
-
-            else:
-                entry = get_file_entry(name)
-                if entry is not None:
-                    self.extrafiles.append(entry)
-                    if name == "password":
-                        self.last_login = entry.mtime
-        self.extrafiles.sort(key=lambda x: -x.size)
-        os.chdir(old_cwd)
-
-
-def print_info(msg):
-    print(msg, file=sys.stderr)
-
-
-class Expiry:
-    def __init__(self, config, dry, now, verbose):
-        self.config = config
-        self.dry = dry
-        self.now = now
-        self.verbose = verbose
-        self.del_mboxes = 0
-        self.all_mboxes = 0
-        self.del_files = 0
-        self.all_files = 0
-        self.start = time.time()
-
-    def remove_mailbox(self, mboxdir):
-        if self.verbose:
-            print_info(f"removing {mboxdir}")
-        if not self.dry:
-            shutil.rmtree(mboxdir)
-        self.del_mboxes += 1
-
-    def remove_file(self, path, mtime=None):
-        if self.verbose:
-            if mtime is not None:
-                date = datetime.fromtimestamp(mtime).strftime("%b %d")
-                print_info(f"removing {date} {path}")
-            else:
-                print_info(f"removing {path}")
-        if not self.dry:
-            try:
-                os.unlink(path)
-            except FileNotFoundError:
-                print_info(f"file not found/vanished {path}")
-        self.del_files += 1
-
-    def process_mailbox_stat(self, mbox):
-        cutoff_without_login = (
-            self.now - int(self.config.delete_inactive_users_after) * 86400
-        )
-        cutoff_mails = self.now - int(self.config.delete_mails_after) * 86400
-        cutoff_large_mails = self.now - int(self.config.delete_large_after) * 86400
-
-        self.all_mboxes += 1
-        changed = False
-        if mbox.last_login and mbox.last_login < cutoff_without_login:
-            self.remove_mailbox(mbox.basedir)
-            return
-
-        # all to-be-removed files are relative to the mailbox basedir
-        try:
-            os.chdir(mbox.basedir)
-        except FileNotFoundError:
-            print_info(f"mailbox not found/vanished {mbox.basedir}")
-            return
-
-        mboxname = os.path.basename(mbox.basedir)
-        if self.verbose:
-            date = datetime.fromtimestamp(mbox.last_login) if mbox.last_login else None
-            if date:
-                print_info(f"checking mailbox {date.strftime('%b %d')} {mboxname}")
-            else:
-                print_info(f"checking mailbox (no last_login) {mboxname}")
-        self.all_files += len(mbox.messages)
-        for message in mbox.messages:
-            if message.mtime < cutoff_mails:
-                self.remove_file(message.relpath, mtime=message.mtime)
-            elif message.size > 200000 and message.mtime < cutoff_large_mails:
-                # we only remove noticed large files (not unnoticed ones in new/)
-                if message.relpath.startswith("cur/"):
-                    self.remove_file(message.relpath, mtime=message.mtime)
-            else:
-                continue
-            changed = True
-        if changed:
-            self.remove_file("maildirsize")
-
-    def get_summary(self):
-        return (
-            f"Removed {self.del_mboxes} out of {self.all_mboxes} mailboxes "
-            f"and {self.del_files} out of {self.all_files} files in existing mailboxes "
-            f"in {time.time() - self.start:2.2f} seconds"
-        )
-
-
-def main(args=None):
-    """Expire mailboxes and messages according to chatmail config"""
-    parser = ArgumentParser(description=main.__doc__)
-    ini = "/usr/local/lib/chatmaild/chatmail.ini"
-    parser.add_argument(
-        "chatmail_ini",
-        action="store",
-        nargs="?",
-        help=f"path pointing to chatmail.ini file, default: {ini}",
-        default=ini,
-    )
-    parser.add_argument(
-        "--days", action="store", help="assume date to be days older than now"
-    )
-
-    parser.add_argument(
-        "--maxnum",
-        default=None,
-        action="store",
-        help="maximum number of mailboxes to iterate on",
-    )
-    parser.add_argument(
-        "-v",
-        dest="verbose",
-        action="store_true",
-        help="print out removed files and mailboxes",
-    )
-
-    parser.add_argument(
-        "--remove",
-        dest="remove",
-        action="store_true",
-        help="actually remove all expired files and dirs",
-    )
-    args = parser.parse_args(args)
-
-    config = read_config(args.chatmail_ini)
-    now = datetime.utcnow().timestamp()
-    if args.days:
-        now = now - 86400 * int(args.days)
-
-    maxnum = int(args.maxnum) if args.maxnum else None
-    exp = Expiry(config, dry=not args.remove, now=now, verbose=args.verbose)
-    for mailbox in iter_mailboxes(str(config.mailboxes_dir), maxnum=maxnum):
-        exp.process_mailbox_stat(mailbox)
-    print(exp.get_summary())
-
-
-if __name__ == "__main__":
-    main(sys.argv[1:])

chatmaild/src/chatmaild/filtermail.py

@@ -2,6 +2,7 @@
 import asyncio
 import base64
 import binascii
+import logging
 import sys
 import time
 from email import policy
@@ -82,14 +83,8 @@ def check_openpgp_payload(payload: bytes):
     return False
 
 
-def check_armored_payload(payload: str, outgoing: bool):
-    """Check the armored PGP message for invalid content.
-
-    :param payload: the armored PGP message
-    :param outgoing: whether the message is outgoing or incoming
-    :return: whether the message is a valid PGP message
-    """
-    prefix = "-----BEGIN PGP MESSAGE-----\r\n"
+def check_armored_payload(payload: str):
+    prefix = "-----BEGIN PGP MESSAGE-----\r\n\r\n"
     if not payload.startswith(prefix):
         return False
     payload = payload.removeprefix(prefix)
@@ -101,16 +96,6 @@ def check_armored_payload(payload: str, outgoing: bool):
         return False
     payload = payload.removesuffix(suffix)
 
-    version_comment = "Version: "
-    if payload.startswith(version_comment):
-        if outgoing:  # Disallow comments in outgoing messages
-            return False
-        # Remove comments from incoming messages
-        payload = payload.partition("\r\n")[2]
-
-    while payload.startswith("\r\n"):
-        payload = payload.removeprefix("\r\n")
-
     # Remove CRC24.
     payload = payload.rpartition("=")[0]
 
@@ -146,7 +131,7 @@ def is_securejoin(message):
     return True
 
 
-def check_encrypted(message, outgoing=True):
+def check_encrypted(message):
     """Check that the message is an OpenPGP-encrypted message.
 
     MIME structure of the message must correspond to <https://www.rfc-editor.org/rfc/rfc3156>.
@@ -173,7 +158,7 @@ def check_encrypted(message, outgoing=True):
             if part.get_content_type() != "application/octet-stream":
                 return False
 
-            if not check_armored_payload(part.get_payload(), outgoing=outgoing):
+            if not check_armored_payload(part.get_payload()):
                 return False
         else:
             return False
@@ -227,7 +212,7 @@ class OutgoingBeforeQueueHandler:
         self.send_rate_limiter = SendRateLimiter()
 
     async def handle_MAIL(self, server, session, envelope, address, mail_options):
-        log_info(f"handle_MAIL from {address}")
+        logging.info(f"handle_MAIL from {address}")
         envelope.mail_from = address
         max_sent = self.config.max_user_send_per_minute
         if not self.send_rate_limiter.is_sending_allowed(address, max_sent):
@@ -240,15 +225,11 @@ class OutgoingBeforeQueueHandler:
         return "250 OK"
 
     async def handle_DATA(self, server, session, envelope):
-        loop = asyncio.get_running_loop()
-        return await loop.run_in_executor(None, self.sync_handle_DATA, envelope)
-
-    def sync_handle_DATA(self, envelope):
-        log_info("handle_DATA before-queue")
+        logging.info("handle_DATA before-queue")
         error = self.check_DATA(envelope)
         if error:
             return error
-        log_info("re-injecting the mail that passed checks")
+        logging.info("re-injecting the mail that passed checks")
         client = SMTPClient("localhost", self.config.postfix_reinject_port)
         client.sendmail(
             envelope.mail_from, envelope.rcpt_tos, envelope.original_content
@@ -257,10 +238,10 @@ class OutgoingBeforeQueueHandler:
 
     def check_DATA(self, envelope):
         """the central filtering function for e-mails."""
-        log_info(f"Processing DATA message from {envelope.mail_from}")
+        logging.info(f"Processing DATA message from {envelope.mail_from}")
 
         message = BytesParser(policy=policy.default).parsebytes(envelope.content)
-        mail_encrypted = check_encrypted(message, outgoing=True)
+        mail_encrypted = check_encrypted(message)
 
         _, from_addr = parseaddr(message.get("from").strip())
 
@@ -297,15 +278,11 @@ class IncomingBeforeQueueHandler:
         self.config = config
 
     async def handle_DATA(self, server, session, envelope):
-        loop = asyncio.get_running_loop()
-        return await loop.run_in_executor(None, self.sync_handle_DATA, envelope)
-
-    def sync_handle_DATA(self, envelope):
-        log_info("handle_DATA before-queue")
+        logging.info("handle_DATA before-queue")
         error = self.check_DATA(envelope)
         if error:
             return error
-        log_info("re-injecting the mail that passed checks")
+        logging.info("re-injecting the mail that passed checks")
 
         # the smtp daemon on reinject_port_incoming gives it to dkim milter
         # which looks at source address to determine whether to verify or sign
@@ -321,10 +298,10 @@ class IncomingBeforeQueueHandler:
 
     def check_DATA(self, envelope):
         """the central filtering function for e-mails."""
-        log_info(f"Processing DATA message from {envelope.mail_from}")
+        logging.info(f"Processing DATA message from {envelope.mail_from}")
 
         message = BytesParser(policy=policy.default).parsebytes(envelope.content)
-        mail_encrypted = check_encrypted(message, outgoing=False)
+        mail_encrypted = check_encrypted(message)
 
         if mail_encrypted or is_securejoin(message):
             print("Incoming: Filtering encrypted mail.", file=sys.stderr)
@@ -363,19 +340,16 @@ class SendRateLimiter:
         return False
 
 
-def log_info(msg):
-    print(msg, file=sys.stderr)
-
-
 def main():
     args = sys.argv[1:]
     assert len(args) == 2
     config = read_config(args[0])
     mode = args[1]
+    logging.basicConfig(level=logging.WARN)
     loop = asyncio.new_event_loop()
     asyncio.set_event_loop(loop)
     assert mode in ["incoming", "outgoing"]
     task = asyncmain_beforequeue(config, mode)
     loop.create_task(task)
-    log_info("entering serving loop")
+    logging.info("entering serving loop")
     loop.run_forever()

chatmaild/src/chatmaild/fsreport.py

@@ -1,168 +0,0 @@
-"""
-command line tool to analyze mailbox message storage
-
-example invocation:
-
-    python -m chatmaild.fsreport /path/to/chatmail.ini
-
-to show storage summaries for all "cur" folders
-
-    python -m chatmaild.fsreport /path/to/chatmail.ini --mdir cur
-
-to show storage summaries only for first 1000 mailboxes
-
-    python -m chatmaild.fsreport /path/to/chatmail.ini --maxnum 1000
-
-"""
-
-import os
-from argparse import ArgumentParser
-from datetime import datetime
-
-from chatmaild.config import read_config
-from chatmaild.expire import iter_mailboxes
-
-DAYSECONDS = 24 * 60 * 60
-MONTHSECONDS = DAYSECONDS * 30
-
-
-def HSize(size: int):
-    """Format a size integer as a Human-readable string Kilobyte, Megabyte or Gigabyte"""
-    if size < 10000:
-        return f"{size / 1000:5.2f}K"
-    if size < 1000 * 1000:
-        return f"{size / 1000:5.0f}K"
-    if size < 1000 * 1000 * 1000:
-        return f"{int(size / 1000000):5.0f}M"
-    return f"{size / 1000000000:5.2f}G"
-
-
-class Report:
-    def __init__(self, now, min_login_age, mdir):
-        self.size_extra = 0
-        self.size_messages = 0
-        self.now = now
-        self.min_login_age = min_login_age
-        self.mdir = mdir
-
-        self.num_ci_logins = self.num_all_logins = 0
-        self.login_buckets = {x: 0 for x in (1, 10, 30, 40, 80, 100, 150)}
-
-        self.message_buckets = {x: 0 for x in (0, 160000, 500000, 2000000)}
-
-    def process_mailbox_stat(self, mailbox):
-        # categorize login times
-        last_login = mailbox.last_login
-        if last_login:
-            self.num_all_logins += 1
-            if os.path.basename(mailbox.basedir)[:3] == "ci-":
-                self.num_ci_logins += 1
-            else:
-                for days in self.login_buckets:
-                    if last_login >= self.now - days * DAYSECONDS:
-                        self.login_buckets[days] += 1
-
-        cutoff_login_date = self.now - self.min_login_age * DAYSECONDS
-        if last_login and last_login <= cutoff_login_date:
-            # categorize message sizes
-            for size in self.message_buckets:
-                for msg in mailbox.messages:
-                    if msg.size >= size:
-                        if self.mdir and not msg.relpath.startswith(self.mdir):
-                            continue
-                        self.message_buckets[size] += msg.size
-
-        self.size_messages += sum(entry.size for entry in mailbox.messages)
-        self.size_extra += sum(entry.size for entry in mailbox.extrafiles)
-
-    def dump_summary(self):
-        all_messages = self.size_messages
-        print()
-        print("## Mailbox storage use analysis")
-        print(f"Mailbox data total size: {HSize(self.size_extra + all_messages)}")
-        print(f"Messages total size    : {HSize(all_messages)}")
-        try:
-            percent = self.size_extra / (self.size_extra + all_messages) * 100
-        except ZeroDivisionError:
-            percent = 100
-        print(f"Extra files : {HSize(self.size_extra)} ({percent:.2f}%)")
-
-        print()
-        if self.min_login_age:
-            print(f"### Message storage for {self.min_login_age} days old logins")
-
-        pref = f"[{self.mdir}] " if self.mdir else ""
-        for minsize, sumsize in self.message_buckets.items():
-            percent = (sumsize / all_messages * 100) if all_messages else 0
-            print(
-                f"{pref}larger than {HSize(minsize)}: {HSize(sumsize)} ({percent:.2f}%)"
-            )
-
-        user_logins = self.num_all_logins - self.num_ci_logins
-
-        def p(num):
-            return f"({num / user_logins * 100:2.2f}%)" if user_logins else "100%"
-
-        print()
-        print(f"## Login stats, from date reference {datetime.fromtimestamp(self.now)}")
-        print(f"all:     {HSize(self.num_all_logins)}")
-        print(f"non-ci:  {HSize(user_logins)}")
-        print(f"ci:      {HSize(self.num_ci_logins)}")
-        for days, active in self.login_buckets.items():
-            print(f"last {days:3} days: {HSize(active)} {p(active)}")
-
-
-def main(args=None):
-    """Report about filesystem storage usage of all mailboxes and messages"""
-    parser = ArgumentParser(description=main.__doc__)
-    ini = "/usr/local/lib/chatmaild/chatmail.ini"
-    parser.add_argument(
-        "chatmail_ini",
-        action="store",
-        nargs="?",
-        help=f"path pointing to chatmail.ini file, default: {ini}",
-        default=ini,
-    )
-    parser.add_argument(
-        "--days",
-        default=0,
-        action="store",
-        help="assume date to be days older than now",
-    )
-    parser.add_argument(
-        "--min-login-age",
-        default=0,
-        dest="min_login_age",
-        action="store",
-        help="only sum up message size if last login is at least min-login-age days old",
-    )
-    parser.add_argument(
-        "--mdir",
-        action="store",
-        help="only consider 'cur' or 'new' or 'tmp' messages for summary",
-    )
-
-    parser.add_argument(
-        "--maxnum",
-        default=None,
-        action="store",
-        help="maximum number of mailboxes to iterate on",
-    )
-
-    args = parser.parse_args(args)
-
-    config = read_config(args.chatmail_ini)
-
-    now = datetime.utcnow().timestamp()
-    if args.days:
-        now = now - 86400 * int(args.days)
-
-    maxnum = int(args.maxnum) if args.maxnum else None
-    rep = Report(now=now, min_login_age=int(args.min_login_age), mdir=args.mdir)
-    for mbox in iter_mailboxes(str(config.mailboxes_dir), maxnum=maxnum):
-        rep.process_mailbox_stat(mbox)
-    rep.dump_summary()
-
-
-if __name__ == "__main__":
-    main()

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -45,13 +45,16 @@ passthrough_senders =
 # (space-separated, item may start with "@" to whitelist whole recipient domains)
 passthrough_recipients = xstore@testrun.org echo@{mail_domain}
 
-# path to www directory - documented here: https://github.com/chatmail/relay/#custom-web-pages
-#www_folder = www
-
 #
 # Deployment Details
 #
 
+# A space-separated list of languages to be displayed on the site.
+# Now available languages: EN RU
+# You can also use the keyword "ALL"
+# NOTE: The order of languages affects their order on the page
+languages = EN
+
 # SMTP outgoing filtermail and reinjection 
 filtermail_smtp_port = 10080
 postfix_reinject_port = 10025
@@ -63,9 +66,6 @@ postfix_reinject_port_incoming = 10026
 # if set to "True" IPv6 is disabled
 disable_ipv6 = False
 
-# Your email adress, which will be used in acmetool to manage Let's Encrypt SSL certificates
-acme_email = 
-
 # Defaults to https://iroh.{{mail_domain}} and running `iroh-relay` on the chatmail
 # service.
 # If you set it to anything else, the service will be disabled

chatmaild/src/chatmaild/metadata.py

@@ -7,7 +7,6 @@ from .config import read_config
 from .dictproxy import DictProxy
 from .filedict import FileDict
 from .notifier import Notifier
-from .turnserver import turn_credentials
 
 
 def _is_valid_token_timestamp(timestamp, now):
@@ -76,12 +75,11 @@ class Metadata:
 
 
 class MetadataDictProxy(DictProxy):
-    def __init__(self, notifier, metadata, iroh_relay=None, turn_hostname=None):
+    def __init__(self, notifier, metadata, iroh_relay=None):
         super().__init__()
         self.notifier = notifier
         self.metadata = metadata
         self.iroh_relay = iroh_relay
-        self.turn_hostname = turn_hostname
 
     def handle_lookup(self, parts):
         # Lpriv/43f5f508a7ea0366dff30200c15250e3/devicetoken\tlkj123poi@c2.testrun.org
@@ -100,11 +98,6 @@ class MetadataDictProxy(DictProxy):
             ):
                 # Handle `GETMETADATA "" /shared/vendor/deltachat/irohrelay`
                 return f"O{self.iroh_relay}\n"
-            elif keyname == "vendor/vendor.dovecot/pvt/server/vendor/deltachat/turn":
-                res = turn_credentials()
-                port = 3478
-                return f"O{self.turn_hostname}:{port}:{res}\n"
-
         logging.warning(f"lookup ignored: {parts!r}")
         return "N\n"
 
@@ -128,7 +121,6 @@ def main():
 
     config = read_config(config_path)
     iroh_relay = config.iroh_relay
-    mail_domain = config.mail_domain
 
     vmail_dir = config.mailboxes_dir
     if not vmail_dir.exists():
@@ -142,10 +134,7 @@ def main():
     notifier.start_notification_threads(metadata.remove_token_from_addr)
 
     dictproxy = MetadataDictProxy(
-        notifier=notifier,
-        metadata=metadata,
-        iroh_relay=iroh_relay,
-        turn_hostname=mail_domain,
+        notifier=notifier, metadata=metadata, iroh_relay=iroh_relay
     )
 
     dictproxy.serve_forever_from_socket(socket)

chatmaild/src/chatmaild/tests/test_delete_inactive_users.py

@@ -1,7 +1,7 @@
 import time
 
+from chatmaild.delete_inactive_users import delete_inactive_users
 from chatmaild.doveauth import AuthDictProxy
-from chatmaild.expire import main as main_expire
 
 
 def test_login_timestamps(example_config):
@@ -45,12 +45,7 @@ def test_delete_inactive_users(example_config):
     for addr in to_remove:
         assert example_config.get_user(addr).maildir.exists()
 
-    main_expire(
-        args=[
-            "--remove",
-            str(example_config._inipath),
-        ]
-    )
+    delete_inactive_users(example_config)
 
     for p in example_config.mailboxes_dir.iterdir():
         assert not p.name.startswith("old")

chatmaild/src/chatmaild/tests/test_expire.py

@@ -1,150 +0,0 @@
-import os
-import random
-from datetime import datetime
-from fnmatch import fnmatch
-from pathlib import Path
-
-import pytest
-
-from chatmaild.expire import (
-    FileEntry,
-    MailboxStat,
-    get_file_entry,
-    iter_mailboxes,
-    os_listdir_if_exists,
-)
-from chatmaild.expire import main as expiry_main
-from chatmaild.fsreport import main as report_main
-
-
-def fill_mbox(basedir):
-    basedir1 = basedir.joinpath("mailbox1@example.org")
-    basedir1.mkdir()
-    password = basedir1.joinpath("password")
-    password.write_text("xxx")
-    basedir1.joinpath("maildirsize").write_text("xxx")
-
-    garbagedir = basedir1.joinpath("garbagedir")
-    garbagedir.mkdir()
-
-    create_new_messages(basedir1, ["cur/msg1"], size=500)
-    create_new_messages(basedir1, ["new/msg2"], size=600)
-    return basedir1
-
-
-def create_new_messages(basedir, relpaths, size=1000, days=0):
-    now = datetime.utcnow().timestamp()
-
-    for relpath in relpaths:
-        msg_path = Path(basedir).joinpath(relpath)
-        msg_path.parent.mkdir(parents=True, exist_ok=True)
-        msg_path.write_text("x" * size)
-        # accessed now, modified N days ago
-        os.utime(msg_path, (now, now - days * 86400))
-
-
-@pytest.fixture
-def mbox1(example_config):
-    basedir1 = fill_mbox(example_config.mailboxes_dir)
-    return MailboxStat(basedir1)
-
-
-def test_filentry_ordering(tmp_path):
-    l = [FileEntry(f"x{i}", size=i + 10, mtime=1000 - i) for i in range(10)]
-    sorted = list(l)
-    random.shuffle(l)
-    l.sort(key=lambda x: x.size)
-    assert l == sorted
-
-
-def test_no_mailbxoes(tmp_path, capsys):
-    assert [] == list(iter_mailboxes(str(tmp_path.joinpath("notexists")), maxnum=10))
-    out, err = capsys.readouterr()
-    assert "no mailboxes" in err
-
-
-def test_stats_mailbox(mbox1):
-    password = Path(mbox1.basedir).joinpath("password")
-    assert mbox1.last_login == password.stat().st_mtime
-    assert len(mbox1.messages) == 2
-
-    msgs = list(sorted(mbox1.messages, key=lambda x: x.size))
-    assert len(msgs) == 2
-    assert msgs[0].size == 500  # cur
-    assert msgs[1].size == 600  # new
-
-    create_new_messages(mbox1.basedir, ["large-extra"], size=1000)
-    create_new_messages(mbox1.basedir, ["index-something"], size=3)
-    mbox2 = MailboxStat(mbox1.basedir)
-    assert len(mbox2.extrafiles) == 4
-    assert mbox2.extrafiles[0].size == 1000
-
-    # cope well with mailbox dirs that have no password (for whatever reason)
-    Path(mbox1.basedir).joinpath("password").unlink()
-    mbox3 = MailboxStat(mbox1.basedir)
-    assert mbox3.last_login is None
-
-
-def test_report_no_mailboxes(example_config):
-    args = (str(example_config._inipath),)
-    report_main(args)
-
-
-def test_report(mbox1, example_config):
-    args = (str(example_config._inipath),)
-    report_main(args)
-    args = list(args) + "--days 1".split()
-    report_main(args)
-    args = list(args) + "--min-login-age 1".split()
-    report_main(args)
-    args = list(args) + "--mdir cur".split()
-    report_main(args)
-
-
-def test_expiry_cli_basic(example_config, mbox1):
-    args = (str(example_config._inipath),)
-    expiry_main(args)
-
-
-def test_expiry_cli_old_files(capsys, example_config, mbox1):
-    relpaths_old = ["cur/msg_old1", "cur/msg_old1"]
-    cutoff_days = int(example_config.delete_mails_after) + 1
-    create_new_messages(mbox1.basedir, relpaths_old, size=1000, days=cutoff_days)
-
-    relpaths_large = ["cur/msg_old_large1", "new/msg_old_large2"]
-    cutoff_days = int(example_config.delete_large_after) + 1
-    create_new_messages(
-        mbox1.basedir, relpaths_large, size=1000 * 300, days=cutoff_days
-    )
-
-    create_new_messages(mbox1.basedir, ["cur/shouldstay"], size=1000 * 300, days=1)
-
-    args = str(example_config._inipath), "--remove", "-v"
-    expiry_main(args)
-    out, err = capsys.readouterr()
-
-    allpaths = relpaths_old + relpaths_large + ["maildirsize"]
-    for path in allpaths:
-        for line in err.split("\n"):
-            if fnmatch(line, f"removing*{path}"):
-                break
-        else:
-            if path != "new/msg_old_large2":
-                pytest.fail(f"failed to remove {path}\n{err}")
-
-    assert "shouldstay" not in err
-
-
-def test_get_file_entry(tmp_path):
-    assert get_file_entry(str(tmp_path.joinpath("123123"))) is None
-    p = tmp_path.joinpath("x")
-    p.write_text("hello")
-    entry = get_file_entry(str(p))
-    assert entry.size == 5
-    assert entry.mtime
-
-
-def test_os_listdir_if_exists(tmp_path):
-    tmp_path.joinpath("x").write_text("hello")
-    assert len(os_listdir_if_exists(str(tmp_path))) == 1
-    assert len(os_listdir_if_exists(str(tmp_path.joinpath("123123")))) == 0

chatmaild/src/chatmaild/tests/test_filtermail.py

@@ -241,9 +241,8 @@ def test_cleartext_passthrough_senders(gencreds, handler, maildata):
 
 
 def test_check_armored_payload():
-    prefix = "-----BEGIN PGP MESSAGE-----\r\n"
-    comment = "Version: ProtonMail\r\n"
-    payload = """\r
+    payload = """-----BEGIN PGP MESSAGE-----\r
+\r
 wU4DSqFx0d1yqAoSAQdAYkX/ZN/Az4B0k7X47zKyWrXxlDEdS3WOy0Yf2+GJTFgg\r
 Zk5ql0mLG8Ze+ZifCS0XMO4otlemSyJ0K1ZPdFMGzUDBTgNqzkFabxXoXRIBB0AM\r
 755wlX41X6Ay3KhnwBq7yEqSykVH6F3x11iHPKraLCAGZoaS8bKKNy/zg5slda1X\r
@@ -279,25 +278,16 @@ UN4fiB0KR9JyG2ayUdNJVkXZSZLnHyRgiaadlpUo16LVvw==\r
 \r
 """
 
-    commented_payload = prefix + comment + payload
-    assert check_armored_payload(commented_payload, outgoing=False) == True
-    assert check_armored_payload(commented_payload, outgoing=True) == False
-
-    payload = prefix + payload
-    assert check_armored_payload(payload, outgoing=False) == True
-    assert check_armored_payload(payload, outgoing=True) == True
+    assert check_armored_payload(payload) == True
 
     payload = payload.removesuffix("\r\n")
-    assert check_armored_payload(payload, outgoing=False) == True
-    assert check_armored_payload(payload, outgoing=True) == True
+    assert check_armored_payload(payload) == True
 
     payload = payload.removesuffix("\r\n")
-    assert check_armored_payload(payload, outgoing=False) == True
-    assert check_armored_payload(payload, outgoing=True) == True
+    assert check_armored_payload(payload) == True
 
     payload = payload.removesuffix("\r\n")
-    assert check_armored_payload(payload, outgoing=False) == True
-    assert check_armored_payload(payload, outgoing=True) == True
+    assert check_armored_payload(payload) == True
 
     payload = """-----BEGIN PGP MESSAGE-----\r
 \r
@@ -305,8 +295,7 @@ HELLOWORLD
 -----END PGP MESSAGE-----\r
 \r
 """
-    assert check_armored_payload(payload, outgoing=False) == False
-    assert check_armored_payload(payload, outgoing=True) == False
+    assert check_armored_payload(payload) == False
 
     payload = """-----BEGIN PGP MESSAGE-----\r
 \r
@@ -314,8 +303,7 @@ HELLOWORLD
 -----END PGP MESSAGE-----\r
 \r
 """
-    assert check_armored_payload(payload, outgoing=False) == False
-    assert check_armored_payload(payload, outgoing=True) == False
+    assert check_armored_payload(payload) == False
 
     # Test payload using partial body length
     # as generated by GopenPGP.
@@ -357,5 +345,4 @@ myLbG7cJB787QjplEyVe2P/JBO6xYvbkJLf9Q+HaviTO25rugRSrYsoKMDfO8VlQ\r
 =6iHb\r
 -----END PGP MESSAGE-----\r
 """
-    assert check_armored_payload(payload, outgoing=False) == True
-    assert check_armored_payload(payload, outgoing=True) == True
+    assert check_armored_payload(payload) == True

chatmaild/src/chatmaild/tests/test_filtermail_blackbox.py

@@ -1,78 +0,0 @@
-import smtplib
-import subprocess
-import sys
-
-import pytest
-
-
-@pytest.fixture
-def smtpserver():
-    from pytest_localserver import smtp
-
-    server = smtp.Server("127.0.0.1")
-    server.start()
-    yield server
-    server.stop()
-
-
-@pytest.fixture
-def make_popen(request):
-    def popen(cmdargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE, **kw):
-        p = subprocess.Popen(
-            cmdargs,
-            stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE,
-        )
-
-        def fin():
-            p.terminate()
-            out, err = p.communicate()
-            print(out.decode("ascii"))
-            print(err.decode("ascii"), file=sys.stderr)
-
-        request.addfinalizer(fin)
-        return p
-
-    return popen
-
-
-@pytest.mark.parametrize("filtermail_mode", ["outgoing", "incoming"])
-def test_one_mail(
-    make_config, make_popen, smtpserver, maildata, filtermail_mode, monkeypatch
-):
-    monkeypatch.setenv("PYTHONUNBUFFERED", "1")
-    smtp_inject_port = 20025
-    if filtermail_mode == "outgoing":
-        settings = dict(
-            postfix_reinject_port=smtpserver.port,
-            filtermail_smtp_port=smtp_inject_port,
-        )
-    else:
-        settings = dict(
-            postfix_reinject_port_incoming=smtpserver.port,
-            filtermail_smtp_port_incoming=smtp_inject_port,
-        )
-
-    config = make_config("example.org", settings=settings)
-    path = str(config._inipath)
-
-    popen = make_popen(["filtermail", path, filtermail_mode])
-    line = popen.stderr.readline().strip()
-    if b"loop" not in line:
-        print(line.decode("ascii"), file=sys.stderr)
-        pytest.fail("starting filtermail failed")
-
-    addr = f"user1@{config.mail_domain}"
-    config.get_user(addr).set_password("l1k2j3l1k2j3l")
-
-    # send encrypted mail
-    data = str(maildata("encrypted.eml", from_addr=addr, to_addr=addr))
-    client = smtplib.SMTP("localhost", smtp_inject_port)
-    client.sendmail(addr, [addr], data)
-    assert len(smtpserver.outbox) == 1
-
-    # send un-encrypted mail that errors
-    data = str(maildata("fake-encrypted.eml", from_addr=addr, to_addr=addr))
-    with pytest.raises(smtplib.SMTPDataError) as e:
-        client.sendmail(addr, [addr], data)
-    assert e.value.smtp_code == 523

chatmaild/src/chatmaild/turnserver.py

@@ -1,9 +0,0 @@
-#!/usr/bin/env python3
-import socket
-
-
-def turn_credentials() -> str:
-    with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as client_socket:
-        client_socket.connect("/run/chatmail-turn/turn.socket")
-        with client_socket.makefile("rb") as file:
-            return file.readline().decode("utf-8")

cmdeploy/pyproject.toml

@@ -20,6 +20,7 @@ dependencies = [
   "pytest-xdist", 
   "execnet",
   "imap_tools",
+  "pymdown-extensions",
 ]
 
 [project.scripts]

cmdeploy/src/cmdeploy/__init__.py

@@ -128,11 +128,6 @@ def _install_remote_venv_with_chatmaild(config) -> None:
         "echobot",
         "chatmail-metadata",
         "lastlogin",
-        "turnserver",
-        "chatmail-expire",
-        "chatmail-expire.timer",
-        "chatmail-fsreport",
-        "chatmail-fsreport.timer",
     ):
         execpath = fn if fn != "filtermail-incoming" else "filtermail"
         params = dict(
@@ -141,34 +136,27 @@ def _install_remote_venv_with_chatmaild(config) -> None:
             remote_venv_dir=remote_venv_dir,
             mail_domain=config.mail_domain,
         )
-
-        basename = fn if "." in fn else f"{fn}.service"
-
-        source_path = importlib.resources.files(__package__).joinpath("service", f"{basename}.f")
+        source_path = importlib.resources.files(__package__).joinpath(
+            "service", f"{fn}.service.f"
+        )
         content = source_path.read_text().format(**params).encode()
 
         files.put(
-            name=f"Upload {basename}",
+            name=f"Upload {fn}.service",
             src=io.BytesIO(content),
-            dest=f"/etc/systemd/system/{basename}",
+            dest=f"/etc/systemd/system/{fn}.service",
             **root_owned,
         )
-        if fn == "chatmail-expire" or fn == "chatmail-fsreport":
-            # don't auto-start but let the corresponding timer trigger execution
-            enabled = False
-        else:
-            enabled = True
         systemd.service(
-            name=f"Setup {basename}",
-            service=basename,
-            running=enabled,
-            enabled=enabled,
-            restarted=enabled,
+            name=f"Setup {fn} service",
+            service=f"{fn}.service",
+            running=True,
+            enabled=True,
+            restarted=True,
             daemon_reload=True,
         )
 
 
-
 def _configure_opendkim(domain: str, dkim_selector: str = "dkim") -> bool:
     """Configures OpenDKIM"""
     need_restart = False
@@ -398,11 +386,13 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
     )
     need_restart |= lua_push_notification_script.changed
 
-    # remove historic expunge script
-    # which is now implemented through a systemd chatmail-expire service/timer
-    files.file(
-        path="/etc/cron.d/expunge",
-        present=False,
+    files.template(
+        src=importlib.resources.files(__package__).joinpath("dovecot/expunge.cron.j2"),
+        dest="/etc/cron.d/expunge",
+        user="root",
+        group="root",
+        mode="644",
+        config=config,
     )
 
     # as per https://doc.dovecot.org/configuration_manual/os/
@@ -507,56 +497,6 @@ def check_config(config):
     return config
 
 
-def deploy_turn_server(config):
-    (url, sha256sum) = {
-        "x86_64": (
-            "https://github.com/chatmail/chatmail-turn/releases/download/v0.3/chatmail-turn-x86_64-linux",
-            "841e527c15fdc2940b0469e206188ea8f0af48533be12ecb8098520f813d41e4",
-        ),
-        "aarch64": (
-            "https://github.com/chatmail/chatmail-turn/releases/download/v0.3/chatmail-turn-aarch64-linux",
-            "a5fc2d06d937b56a34e098d2cd72a82d3e89967518d159bf246dc69b65e81b42",
-        ),
-    }[host.get_fact(facts.server.Arch)]
-
-    need_restart = False
-
-    existing_sha256sum = host.get_fact(Sha256File, "/usr/local/bin/chatmail-turn")
-    if existing_sha256sum != sha256sum:
-        server.shell(
-            name="Download chatmail-turn",
-            commands=[
-                f"(curl -L {url} >/usr/local/bin/chatmail-turn.new && (echo '{sha256sum} /usr/local/bin/chatmail-turn.new' | sha256sum -c) && mv /usr/local/bin/chatmail-turn.new /usr/local/bin/chatmail-turn)",
-                "chmod 755 /usr/local/bin/chatmail-turn",
-            ],
-        )
-        need_restart = True
-
-    source_path = importlib.resources.files(__package__).joinpath(
-        "service", "turnserver.service.f"
-    )
-    content = source_path.read_text().format(mail_domain=config.mail_domain).encode()
-
-    systemd_unit = files.put(
-        name="Upload turnserver.service",
-        src=io.BytesIO(content),
-        dest="/etc/systemd/system/turnserver.service",
-        user="root",
-        group="root",
-        mode="644",
-    )
-    need_restart |= systemd_unit.changed
-
-    systemd.service(
-        name="Setup turnserver service",
-        service="turnserver.service",
-        running=True,
-        enabled=True,
-        restarted=need_restart,
-        daemon_reload=systemd_unit.changed,
-    )
-
-
 def deploy_mtail(config):
     # Uninstall mtail package, we are going to install a static binary.
     apt.packages(name="Uninstall mtail", packages=["mtail"], present=False)
@@ -733,8 +673,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         packages=["rsync"],
     )
 
-    deploy_turn_server(config)
-
     # Run local DNS resolver `unbound`.
     # `resolvconf` takes care of setting up /etc/resolv.conf
     # to use 127.0.0.1 as the resolver.
@@ -789,7 +727,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     # Deploy acmetool to have TLS certificates.
     tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"]
     deploy_acmetool(
-        email=config.acme_email,
         domains=tls_domains,
     )
 
@@ -828,7 +765,7 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         if build_dir:
             www_path = build_webpages(src_dir, build_dir, config)
         # if it is not a hugo page, upload it as is
-        files.rsync(f"{www_path}/", "/var/www/html", flags=["-avz", "--chown=www-data"])
+        files.rsync(f"{www_path}/", "/var/www/html", flags=["-avz"])
 
     _install_remote_venv_with_chatmaild(config)
     debug = False
@@ -876,13 +813,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         restarted=nginx_need_restart,
     )
 
-    systemd.service(
-        name="Start and enable fcgiwrap",
-        service="fcgiwrap.service",
-        running=True,
-        enabled=True,
-    )
-
     systemd.service(
         name="Restart echobot if postfix and dovecot were just started",
         service="echobot.service",

cmdeploy/src/cmdeploy/cmdeploy.py

@@ -19,7 +19,7 @@ from packaging import version
 from termcolor import colored
 
 from . import dns, remote
-from .sshexec import SSHExec, LocalExec
+from .sshexec import SSHExec
 
 #
 # cmdeploy sub commands and options
@@ -32,30 +32,17 @@ def init_cmd_options(parser):
         action="store",
         help="fully qualified DNS domain name for your chatmail instance",
     )
-    parser.add_argument(
-        "--force",
-        dest="recreate_ini",
-        action="store_true",
-        help="force reacreate ini file",
-    )
 
 
 def init_cmd(args, out):
     """Initialize chatmail config file."""
     mail_domain = args.chatmail_domain
-    inipath = args.inipath
     if args.inipath.exists():
-        if not args.recreate_ini:
-            print(f"[WARNING] Path exists, not modifying: {inipath}")
-            return 1
-        else:
-            print(
-                f"[WARNING] Force argument was provided, deleting config file: {inipath}"
-            )
-            inipath.unlink()
-
-    write_initial_config(inipath, mail_domain, overrides={})
-    out.green(f"created config file for {mail_domain} in {inipath}")
+        print(f"Path exists, not modifying: {args.inipath}")
+        return 1
+    else:
+        write_initial_config(args.inipath, mail_domain, overrides={})
+        out.green(f"created config file for {mail_domain} in {args.inipath}")
 
 
 def run_cmd_options(parser):
@@ -72,24 +59,20 @@ def run_cmd_options(parser):
         help="install/upgrade the server, but disable postfix & dovecot for now",
     )
     parser.add_argument(
-        "--skip-dns-check",
-        dest="dns_check_disabled",
-        action="store_true",
-        help="disable checks nslookup for dns",
+        "--ssh-host",
+        dest="ssh_host",
+        help="specify an SSH host to deploy to; uses mail_domain from chatmail.ini by default",
     )
-    add_ssh_host_option(parser)
 
 
 def run_cmd(args, out):
     """Deploy chatmail services on the remote server."""
 
-    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
-    sshexec = get_sshexec(ssh_host)
+    sshexec = args.get_sshexec()
     require_iroh = args.config.enable_iroh_relay
-    if not args.dns_check_disabled:
-        remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
-        if not dns.check_initial_remote_data(remote_data, print=out.red):
-            return 1
+    remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
+    if not dns.check_initial_remote_data(remote_data, print=out.red):
+        return 1
 
     env = os.environ.copy()
     env["CHATMAIL_INI"] = args.inipath
@@ -97,11 +80,8 @@ def run_cmd(args, out):
     env["CHATMAIL_REQUIRE_IROH"] = "True" if require_iroh else ""
     deploy_path = importlib.resources.files(__package__).joinpath("deploy.py").resolve()
     pyinf = "pyinfra --dry" if args.dry_run else "pyinfra"
-
+    ssh_host = args.config.mail_domain if not args.ssh_host else args.ssh_host
     cmd = f"{pyinf} --ssh-user root {ssh_host} {deploy_path} -y"
-    if ssh_host in ["localhost", "@docker"]:
-        cmd = f"{pyinf} @local {deploy_path} -y"
-
     if version.parse(pyinfra.__version__) < version.parse("3"):
         out.red("Please re-run scripts/initenv.sh to update pyinfra to version 3.")
         return 1
@@ -109,15 +89,14 @@ def run_cmd(args, out):
     try:
         retcode = out.check_call(cmd, env=env)
         if retcode == 0:
-            if not args.disable_mail:
-                print("\nYou can try out the relay by talking to this echo bot: ")
-                sshexec = SSHExec(args.config.mail_domain, verbose=args.verbose)
-                print(
-                    sshexec(
-                        call=remote.rshell.shell,
-                        kwargs=dict(command="cat /var/lib/echobot/invite-link.txt"),
-                    )
+            print("\nYou can try out the relay by talking to this echo bot: ")
+            sshexec = SSHExec(args.config.mail_domain, verbose=args.verbose)
+            print(
+                sshexec(
+                    call=remote.rshell.shell,
+                    kwargs=dict(command="cat /var/lib/echobot/invite-link.txt"),
                 )
+            )
             out.green("Deploy completed, call `cmdeploy dns` next.")
         elif not remote_data["acme_account_url"]:
             out.red("Deploy completed but letsencrypt not configured")
@@ -139,13 +118,11 @@ def dns_cmd_options(parser):
         default=None,
         help="write out a zonefile",
     )
-    add_ssh_host_option(parser)
 
 
 def dns_cmd(args, out):
     """Check DNS entries and optionally generate dns zone file."""
-    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
-    sshexec = get_sshexec(ssh_host, verbose=args.verbose)
+    sshexec = args.get_sshexec()
     remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
     if not remote_data:
         return 1
@@ -299,15 +276,6 @@ class Out:
         return proc.returncode
 
 
-def add_ssh_host_option(parser):
-    parser.add_argument(
-        "--ssh-host",
-        dest="ssh_host",
-        help="Run commands on 'localhost', via '@docker', or on a specific SSH host "
-             "instead of chatmail.ini's mail_domain.",
-    )
-
-
 def add_config_option(parser):
     parser.add_argument(
         "--config",
@@ -363,16 +331,6 @@ def get_parser():
     return parser
 
 
-def get_sshexec(ssh_host: str, verbose=True):
-    if ssh_host in ["localhost", "@local"]:
-        return LocalExec(verbose, docker=False)
-    elif ssh_host == "@docker":
-        return LocalExec(verbose, docker=True)
-    if verbose:
-        print(f"[ssh] login to {ssh_host}")
-    return SSHExec(ssh_host, verbose=verbose)
-
-
 def main(args=None):
     """Provide main entry point for 'cmdeploy' CLI invocation."""
     parser = get_parser()
@@ -380,6 +338,12 @@ def main(args=None):
     if not hasattr(args, "func"):
         return parser.parse_args(["-h"])
 
+    def get_sshexec():
+        print(f"[ssh] login to {args.config.mail_domain}")
+        return SSHExec(args.config.mail_domain, verbose=args.verbose)
+
+    args.get_sshexec = get_sshexec
+
     out = Out()
     kwargs = {}
     if args.func.__name__ not in ("init_cmd", "fmt_cmd"):

cmdeploy/src/cmdeploy/dns.py

@@ -45,7 +45,8 @@ def check_full_zone(sshexec, remote_data, out, zonefile) -> int:
     and return (exitcode, remote_data) tuple."""
 
     required_diff, recommended_diff = sshexec.logged(
-        remote.rdns.check_zonefile, kwargs=dict(zonefile=zonefile, verbose=False),
+        remote.rdns.check_zonefile,
+        kwargs=dict(zonefile=zonefile, mail_domain=remote_data["mail_domain"]),
     )
 
     returncode = 0

cmdeploy/src/cmdeploy/dovecot/expunge.cron.j2

@@ -0,0 +1,14 @@
+# delete already seen big mails after 7 days, in the INBOX
+2 0 * * * vmail find {{ config.mailboxes_dir }} -path '*/cur/*' -mtime +{{ config.delete_large_after }} -size +200k -type f -delete
+# delete all mails after {{ config.delete_mails_after }} days, in the Inbox
+2 0 * * * vmail find {{ config.mailboxes_dir }} -path '*/cur/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+# or in any IMAP subfolder
+2 0 * * * vmail find {{ config.mailboxes_dir }} -path '*/.*/cur/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+# even if they are unseen
+2 0 * * * vmail find {{ config.mailboxes_dir }} -path '*/new/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+2 0 * * * vmail find {{ config.mailboxes_dir }} -path '*/.*/new/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+# or only temporary (but then they shouldn't be around after {{ config.delete_mails_after }} days anyway).
+2 0 * * * vmail find {{ config.mailboxes_dir }} -path '*/tmp/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+2 0 * * * vmail find {{ config.mailboxes_dir }} -path '*/.*/tmp/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+3 0 * * * vmail find {{ config.mailboxes_dir }} -name 'maildirsize' -type f -delete
+4 0 * * * vmail /usr/local/lib/chatmaild/venv/bin/delete_inactive_users /usr/local/lib/chatmaild/chatmail.ini 

cmdeploy/src/cmdeploy/iroh-relay.toml

@@ -1,11 +1,5 @@
 enable_relay = true
 http_bind_addr = "[::]:3340"
-
-# Disable built-in STUN server in iroh-relay 0.35
-# as we deploy our own TURN server instead.
-# STUN server is going to be removed in iroh-relay 1.0
-# and this line can be removed after upgrade.
-enable_stun = false
-
+enable_stun = true
 enable_metrics = false
 metrics_bind_addr = "127.0.0.1:9092"

cmdeploy/src/cmdeploy/nginx/nginx.conf.j2

@@ -66,7 +66,7 @@ http {
 
 		index index.html index.htm;
 
-		server_name {{ config.domain_name }} www.{{ config.domain_name }} mta-sts.{{ config.domain_name }};
+		server_name _;
 
 		access_log syslog:server=unix:/dev/log,facility=local7;
 

cmdeploy/src/cmdeploy/opendkim/opendkim.conf

@@ -13,7 +13,6 @@ OversignHeaders		From
 On-BadSignature         reject
 On-KeyNotFound          reject
 On-NoSignature          reject
-DNSTimeout          60
 
 # Signing domain, selector, and key (required). For example, perform signing
 # for domain "example.com" with selector "2020" (2020._domainkey.example.com),

cmdeploy/src/cmdeploy/remote/rdns.py

@@ -12,23 +12,23 @@ All functions of this module
 
 import re
 
-from .rshell import CalledProcessError, shell, log_progress
+from .rshell import CalledProcessError, shell
 
 
-def perform_initial_checks(mail_domain, pre_command=""):
+def perform_initial_checks(mail_domain):
     """Collecting initial DNS settings."""
     assert mail_domain
-    if not shell("dig", fail_ok=True, print=log_progress):
-        shell("apt-get update && apt-get install -y dnsutils", print=log_progress)
+    if not shell("dig", fail_ok=True):
+        shell("apt-get update && apt-get install -y dnsutils")
     A = query_dns("A", mail_domain)
     AAAA = query_dns("AAAA", mail_domain)
     MTA_STS = query_dns("CNAME", f"mta-sts.{mail_domain}")
     WWW = query_dns("CNAME", f"www.{mail_domain}")
 
     res = dict(mail_domain=mail_domain, A=A, AAAA=AAAA, MTA_STS=MTA_STS, WWW=WWW)
-    res["acme_account_url"] = shell(pre_command + "acmetool account-url", fail_ok=True, print=log_progress)
+    res["acme_account_url"] = shell("acmetool account-url", fail_ok=True)
     res["dkim_entry"], res["web_dkim_entry"] = get_dkim_entry(
-        mail_domain, pre_command, dkim_selector="opendkim"
+        mail_domain, dkim_selector="opendkim"
     )
 
     if not MTA_STS or not WWW or (not A and not AAAA):
@@ -40,12 +40,11 @@ def perform_initial_checks(mail_domain, pre_command=""):
     return res
 
 
-def get_dkim_entry(mail_domain, pre_command, dkim_selector):
+def get_dkim_entry(mail_domain, dkim_selector):
     try:
         dkim_pubkey = shell(
-            f"{pre_command}openssl rsa -in /etc/dkimkeys/{dkim_selector}.private "
-            "-pubout 2>/dev/null | awk '/-/{next}{printf(\"%s\",$0)}'",
-            print=log_progress
+            f"openssl rsa -in /etc/dkimkeys/{dkim_selector}.private "
+            "-pubout 2>/dev/null | awk '/-/{next}{printf(\"%s\",$0)}'"
         )
     except CalledProcessError:
         return
@@ -62,7 +61,7 @@ def query_dns(typ, domain):
     # Get autoritative nameserver from the SOA record.
     soa_answers = [
         x.split()
-        for x in shell(f"dig -r -q {domain} -t SOA +noall +authority +answer", print=log_progress).split(
+        for x in shell(f"dig -r -q {domain} -t SOA +noall +authority +answer").split(
             "\n"
         )
     ]
@@ -72,13 +71,13 @@ def query_dns(typ, domain):
     ns = soa[0][4]
 
     # Query authoritative nameserver directly to bypass DNS cache.
-    res = shell(f"dig @{ns} -r -q {domain} -t {typ} +short", print=log_progress)
+    res = shell(f"dig @{ns} -r -q {domain} -t {typ} +short")
     if res:
         return res.split("\n")[0]
     return ""
 
 
-def check_zonefile(zonefile, verbose=True):
+def check_zonefile(zonefile, mail_domain):
     """Check expected zone file entries."""
     required = True
     required_diff = []
@@ -90,7 +89,7 @@ def check_zonefile(zonefile, verbose=True):
             continue
         if not zf_line.strip() or zf_line.startswith(";"):
             continue
-        print(f"dns-checking {zf_line!r}") if verbose else log_progress("")
+        print(f"dns-checking {zf_line!r}")
         zf_domain, zf_typ, zf_value = zf_line.split(maxsplit=2)
         zf_domain = zf_domain.rstrip(".")
         zf_value = zf_value.strip()

cmdeploy/src/cmdeploy/remote/rshell.py

@@ -1,14 +1,7 @@
-import sys
-
 from subprocess import DEVNULL, CalledProcessError, check_output
 
 
-def log_progress(data):
-    sys.stderr.write(".")
-    sys.stderr.flush()
-
-
-def shell(command, fail_ok=False, print=print):
+def shell(command, fail_ok=False):
     print(f"$ {command}")
     args = dict(shell=True)
     if fail_ok:

cmdeploy/src/cmdeploy/service/chatmail-expire.service.f

@@ -1,9 +0,0 @@
-[Unit]
-Description=chatmail mail storage expiration job
-After=network.target
-
-[Service]
-Type=oneshot
-User=vmail
-ExecStart=/usr/local/lib/chatmaild/venv/bin/chatmail-expire /usr/local/lib/chatmaild/chatmail.ini -v --remove
-

cmdeploy/src/cmdeploy/service/chatmail-expire.timer.f

@@ -1,8 +0,0 @@
-[Unit]
-Description=Run Daily chatmail-expire job
-
-[Timer]
-OnCalendar=*-*-* 00:02:00
-
-[Install]
-WantedBy=timers.target

cmdeploy/src/cmdeploy/service/chatmail-fsreport.service.f

@@ -1,9 +0,0 @@
-[Unit]
-Description=chatmail file system storage reporting job 
-After=network.target
-
-[Service]
-Type=oneshot
-User=vmail
-ExecStart=/usr/local/lib/chatmaild/venv/bin/chatmail-fsreport /usr/local/lib/chatmaild/chatmail.ini 
-

cmdeploy/src/cmdeploy/service/chatmail-fsreport.timer.f

@@ -1,9 +0,0 @@
-[Unit]
-Description=Run Daily Chatmail fsreport Job
-
-[Timer]
-OnCalendar=*-*-* 08:02:00
-Persistent=true
-
-[Install]
-WantedBy=timers.target

cmdeploy/src/cmdeploy/service/turnserver.service.f

@@ -1,16 +0,0 @@
-[Unit]
-Description=A wrapper for the TURN server
-After=network.target
-
-[Service]
-Type=simple
-Restart=always
-ExecStart=/usr/local/bin/chatmail-turn --realm {mail_domain} --socket /run/chatmail-turn/turn.socket
-
-# Create /run/chatmail-turn
-RuntimeDirectory=chatmail-turn
-User=vmail
-Group=vmail
-
-[Install]
-WantedBy=multi-user.target

cmdeploy/src/cmdeploy/sshexec.py

@@ -42,7 +42,6 @@ def bootstrap_remote(gateway, remote=remote):
 
 def print_stderr(item="", end="\n"):
     print(item, file=sys.stderr, end=end)
-    sys.stderr.flush()
 
 
 class SSHExec:
@@ -71,6 +70,10 @@ class SSHExec:
                 raise self.FuncError(data)
 
     def logged(self, call, kwargs):
+        def log_progress(data):
+            sys.stderr.write(".")
+            sys.stderr.flush()
+
         title = call.__doc__
         if not title:
             title = call.__name__
@@ -79,22 +82,6 @@ class SSHExec:
             return self(call, kwargs, log_callback=print_stderr)
         else:
             print_stderr(title, end="")
-            res = self(call, kwargs, log_callback=remote.rshell.log_progress)
+            res = self(call, kwargs, log_callback=log_progress)
             print_stderr()
             return res
-
-
-class LocalExec:
-    def __init__(self, verbose=False, docker=False):
-        self.verbose = verbose
-        self.docker = docker
-
-    def logged(self, call, kwargs: dict):
-        where = "locally"
-        if self.docker:
-            if call == remote.rdns.perform_initial_checks:
-                kwargs['pre_command'] = "docker exec chatmail "
-                where = "in docker"
-        if self.verbose:
-            print(f"Running {where}: {call.__name__}(**{kwargs})")
-        return call(**kwargs)

cmdeploy/src/cmdeploy/tests/online/test_1_basic.py

@@ -2,7 +2,6 @@ import datetime
 import smtplib
 import socket
 import subprocess
-import time
 
 import pytest
 
@@ -32,8 +31,7 @@ class TestSSHExecutor:
         )
         out, err = capsys.readouterr()
         assert err.startswith("Collecting")
-        # XXX could not figure out how capturing can be made to work properly
-        #assert err.endswith("....\n")
+        assert err.endswith("....\n")
         assert err.count("\n") == 1
 
         sshexec.verbose = True
@@ -42,8 +40,7 @@ class TestSSHExecutor:
         )
         out, err = capsys.readouterr()
         lines = err.split("\n")
-        # XXX could not figure out how capturing can be made to work properly
-        #assert len(lines) > 4
+        assert len(lines) > 4
         assert remote.rdns.perform_initial_checks.__doc__ in lines[0]
 
     def test_exception(self, sshexec, capsys):
@@ -72,7 +69,7 @@ def test_timezone_env(remote):
     for line in remote.iter_output("env"):
         print(line)
         if line == "tz=:/etc/localtime":
-            return
+            return True
     pytest.fail("TZ is not set")
 
 
@@ -149,16 +146,6 @@ def test_reject_missing_dkim(cmsetup, maildata, from_addr):
             s.sendmail(from_addr=from_addr, to_addrs=recipient.addr, msg=msg)
 
 
-def try_n_times(n, f):
-    for _ in range(n - 1):
-        try:
-            return f()
-        except Exception:
-            time.sleep(1)
-
-    return f()
-
-
 def test_rewrite_subject(cmsetup, maildata):
     """Test that subject gets replaced with [...]."""
     user1, user2 = cmsetup.gen_users(2)
@@ -171,8 +158,7 @@ def test_rewrite_subject(cmsetup, maildata):
     ).as_string()
     user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user2.addr], msg=sent_msg)
 
-    # The message may need some time to get delivered by postfix.
-    messages = try_n_times(5, user2.imap.fetch_all_messages)
+    messages = user2.imap.fetch_all_messages()
     assert len(messages) == 1
     rcvd_msg = messages[0]
     assert "Subject: [...]" not in sent_msg
@@ -223,14 +209,8 @@ def test_expunged(remote, chatmail_config):
 
 
 def test_deployed_state(remote):
-    try:
-        git_hash = subprocess.check_output(["git", "rev-parse", "HEAD"]).decode()
-    except Exception:
-        git_hash = "unknown\n"
-    try:
-        git_diff = subprocess.check_output(["git", "diff"]).decode()
-    except Exception:
-        git_diff = ""
+    git_hash = subprocess.check_output(["git", "rev-parse", "HEAD"]).decode()
+    git_diff = subprocess.check_output(["git", "diff"]).decode()
     git_status = [git_hash.strip()]
     for line in git_diff.splitlines():
         git_status.append(line.strip().lower())

cmdeploy/src/cmdeploy/tests/test_cmdeploy.py

@@ -26,15 +26,10 @@ class TestCmdline:
     def test_init_not_overwrite(self, capsys):
         assert main(["init", "chat.example.org"]) == 0
         capsys.readouterr()
-
         assert main(["init", "chat.example.org"]) == 1
         out, err = capsys.readouterr()
         assert "path exists" in out.lower()
 
-        assert main(["init", "chat.example.org", "--force"]) == 0
-        out, err = capsys.readouterr()
-        assert "deleting config file" in out.lower()
-
 
 def test_www_folder(example_config, tmp_path):
     reporoot = importlib.resources.files(__package__).joinpath("../../../../").resolve()

cmdeploy/src/cmdeploy/tests/test_dns.py

@@ -89,14 +89,18 @@ class TestZonefileChecks:
     def test_check_zonefile_all_ok(self, cm_data, mockdns_base):
         zonefile = cm_data.get("zftest.zone")
         parse_zonefile_into_dict(zonefile, mockdns_base)
-        required_diff, recommended_diff = remote.rdns.check_zonefile(zonefile)
+        required_diff, recommended_diff = remote.rdns.check_zonefile(
+            zonefile, "some.domain"
+        )
         assert not required_diff and not recommended_diff
 
     def test_check_zonefile_recommended_not_set(self, cm_data, mockdns_base):
         zonefile = cm_data.get("zftest.zone")
         zonefile_mocked = zonefile.split("; Recommended")[0]
         parse_zonefile_into_dict(zonefile_mocked, mockdns_base)
-        required_diff, recommended_diff = remote.rdns.check_zonefile(zonefile)
+        required_diff, recommended_diff = remote.rdns.check_zonefile(
+            zonefile, "some.domain"
+        )
         assert not required_diff
         assert len(recommended_diff) == 8
 

cmdeploy/src/cmdeploy/www.py

@@ -11,6 +11,13 @@ from jinja2 import Template
 
 from .genqr import gen_qr_png_data
 
+LANGUAGE_NAMES = {
+    "EN": " 🇬🇧 English",
+    "RU": " 🇷🇺 Русский",
+    # "UA": "Українська",
+    # "FR": "Français",
+    # "DE": "Deutsch",
+}
 
 def snapshot_dir_stats(somedir):
     d = {}
@@ -22,12 +29,59 @@ def snapshot_dir_stats(somedir):
     return d
 
 
-def prepare_template(source):
-    assert source.exists(), source
-    render_vars = {}
-    render_vars["pagename"] = "home" if source.stem == "index" else source.stem
-    render_vars["markdown_html"] = markdown.markdown(source.read_text())
-    page_layout = source.with_name("page-layout.html").read_text()
+def prepare_template(source, locales_dir, languages=["EN"]):
+    assert source.exists(), f"Template {source} not found."
+    assert locales_dir.exists(), f"Locales directory {locales_dir} not found."
+    base_name = source.stem
+    render_vars = {
+        "pagename": "home" if base_name == "index" else base_name
+    }
+
+    selected_langs = (
+        sorted([d.name.upper() for d in locales_dir.iterdir() if d.is_dir()])
+        if "ALL" in [l.upper() for l in languages]
+        else [l.upper() for l in languages]
+    )
+
+    markdown_blocks = []
+
+    tabs_enabled = False
+    if len(selected_langs) > 1:
+        tabs_enabled = True
+
+    for lang_code in selected_langs:
+        lang_folder = locales_dir / lang_code
+        lang_file = lang_folder / f"{base_name}.md"
+        lang_name = LANGUAGE_NAMES.get(lang_code, lang_code)
+
+        if lang_file.exists():
+            content = lang_file.read_text().strip()
+        else:
+            print(f"[WARNING]: Missing file {lang_file}. Inserting fallback message.")
+            content = "Content for this language is not available, please contact your server administrator."
+
+        if tabs_enabled:
+            markdown_blocks.append(f"/// tab | {lang_name}\n{content}\n///")
+            continue
+
+        markdown_blocks.append(content)
+
+    if not markdown_blocks:
+        print("[WARNING] No valid language content found. Skipping file.")
+        return None, None
+
+    original_markdown = source.read_text()
+    combined_markdown = original_markdown.replace("%content placeholder%", "\n\n".join(markdown_blocks))
+
+    render_vars["markdown_html"] = markdown.markdown(
+        combined_markdown,
+        extensions=["pymdownx.blocks.tab"]
+    )
+
+    page_layout_path = source.with_name("page-layout.html")
+    assert page_layout_path.exists(), f"Missing template: {page_layout_path}"
+    page_layout = page_layout_path.read_text()
+
     return render_vars, page_layout
 
 
@@ -80,6 +134,7 @@ def int_to_english(number):
 
 def _build_webpages(src_dir, build_dir, config):
     mail_domain = config.mail_domain
+    languages = config.languages
     assert src_dir.exists(), src_dir
     if not build_dir.exists():
         build_dir.mkdir()
@@ -87,18 +142,19 @@ def _build_webpages(src_dir, build_dir, config):
     qr_path = build_dir.joinpath(f"qr-chatmail-invite-{mail_domain}.png")
     qr_path.write_bytes(gen_qr_png_data(mail_domain).read())
 
+    locales_dir = src_dir / "locales"
+
     for path in src_dir.iterdir():
         if path.suffix == ".md":
-            render_vars, content = prepare_template(path)
-            render_vars["username_min_length"] = int_to_english(
-                config.username_min_length
-            )
-            render_vars["username_max_length"] = int_to_english(
-                config.username_max_length
-            )
-            render_vars["password_min_length"] = int_to_english(
-                config.password_min_length
-            )
+            render_vars, content = prepare_template(path, locales_dir, languages)
+
+            if render_vars is None:
+                continue
+
+            render_vars["username_min_length"] = int_to_english(config.username_min_length)
+            render_vars["username_max_length"] = int_to_english(config.username_max_length)
+            render_vars["password_min_length"] = int_to_english(config.password_min_length)
+
             target = build_dir.joinpath(path.stem + ".html")
 
             # recursive jinja2 rendering
@@ -110,9 +166,11 @@ def _build_webpages(src_dir, build_dir, config):
 
             with target.open("w") as f:
                 f.write(content)
-        elif path.name != "page-layout.html":
+
+        elif path.name != "page-layout.html" and path.name != "locales":
             target = build_dir.joinpath(path.name)
             target.write_bytes(path.read_bytes())
+
     return build_dir
 
 

www/src/index.md

@@ -1,29 +1,8 @@
 
 <img class="banner" src="collage-top.png"/>
 
-## Dear [Delta Chat](https://get.delta.chat) users and newcomers ... 
+%content placeholder%
 
-{% if config.mail_domain != "nine.testrun.org" %}
-Welcome to instant, interoperable and [privacy-preserving](privacy.html) messaging :) 
-{% else %}
-Welcome to the default onboarding server ({{ config.mail_domain }}) 
-for Delta Chat users.  For details how it avoids storing personal information
-please see our [privacy policy](privacy.html). 
-{% endif %}
-
-<a class="cta-button" href="DCACCOUNT:https://{{ config.mail_domain }}/new">Get a {{config.mail_domain}} chat profile</a>
-
-If you are viewing this page on a different device
-without a Delta Chat app,
-you can also **scan this QR code** with Delta Chat:
-
-<a href="DCACCOUNT:https://{{ config.mail_domain }}/new">
-    <img width=300 style="float: none;" src="qr-chatmail-invite-{{config.mail_domain}}.png" /></a>
-
-🐣 **Choose** your Avatar and Name
-
-💬 **Start** chatting with any Delta Chat contacts using [QR invite codes](https://delta.chat/en/help#howtoe2ee)
-
-{% if config.mail_domain != "nine.testrun.org" %}
+{% if config.is_development_instance == True %}
 <div class="experimental">Note: this is only a temporary development chatmail service</div>
 {% endif %}

www/src/info.md

@@ -1,43 +1,3 @@
+<img class="banner" src="collage-info.png"/>
 
-## More information 
-
-{{ config.mail_domain }} provides a low-maintenance, resource efficient and 
-interoperable e-mail service for everyone. What's behind a `chatmail` is 
-effectively a normal e-mail address just like any other but optimized 
-for the usage in chats, especially DeltaChat.
-
-
-### Rate and storage limits 
-
-- Un-encrypted messages are blocked to recipients outside
-  {{config.mail_domain}} but setting up contact via [QR invite codes](https://delta.chat/en/help#howtoe2ee) 
-  allows your messages to pass freely to any outside recipients.
-
-- You may send up to {{ config.max_user_send_per_minute }} messages per minute.
-
-- You can store up to [{{ config.max_mailbox_size }} messages on the server](https://delta.chat/en/help#what-happens-if-i-turn-on-delete-old-messages-from-server).
-
-- Messages are unconditionally removed latest {{ config.delete_mails_after }} days after arriving on the server.
-  Earlier, if storage may exceed otherwise.
-
-
-### <a name="account-deletion"></a> Account deletion 
-
-If you remove a {{ config.mail_domain }} profile from within the Delta Chat app, 
-then the according account on the server, along with all associated data,
-is automatically deleted {{ config.delete_inactive_users_after }} days afterwards. 
-
-If you use multiple devices 
-then you need to remove the according chat profile from each device
-in order for all account data to be removed on the server side. 
-
-If you have any further questions or requests regarding account deletion
-please send a message from your account to {{ config.privacy_mail }}. 
-
-
-### Who are the operators? Which software is running? 
-
-This chatmail provider is run by a small voluntary group of devs and sysadmins,
-who [publically develop chatmail provider setups](https://github.com/deltachat/chatmail).
-Chatmail setups aim to be very low-maintenance, resource efficient and 
-interoperable with any other standards-compliant e-mail service. 
+%content placeholder%

www/src/main.css

@@ -84,3 +84,57 @@ code {
     color: white !important;
     font-weight: bold;
 }
+
+.tabbed-set {
+  position: relative;
+  display: flex;
+  flex-wrap: wrap;
+  margin: 1em 0;
+  border-radius: 0.1rem;
+}
+
+.tabbed-set > input {
+  display: none;
+}
+
+.tabbed-set label {
+  width: auto;
+  padding: 0.9375em 1.25em 0.78125em;
+  font-weight: 700;
+  font-size: 0.84em;
+  white-space: nowrap;
+  border-bottom: 0.15rem solid transparent;
+  border-top-left-radius: 0.1rem;
+  border-top-right-radius: 0.1rem;
+  cursor: pointer;
+  transition: background-color 250ms, color 250ms;
+}
+
+.tabbed-set .tabbed-content {
+  width: 100%;
+  display: none;
+  box-shadow: 0 -.05rem #ddd;
+}
+
+.tabbed-set input {
+  position: absolute;
+  opacity: 0;
+}
+
+.tabbed-set input:checked:nth-child(n+1) + label {
+  color: red;
+  border-color: red;
+}
+
+@media screen {
+  .tabbed-set input:nth-child(n+1):checked + label + .tabbed-content {
+    order: 99;
+    display: block;
+  }
+}
+
+@media print {
+  .tabbed-content {
+    display: contents;
+  }
+}

www/src/privacy.md

@@ -1,271 +1,3 @@
+<img class="banner" src="collage-privacy.png"/>
 
-# Privacy Policy for {{ config.mail_domain }} 
-
-{% if config.mail_domain == "nine.testrun.org" %}
-Welcome to `{{config.mail_domain}}`, the default chatmail onboarding server for Delta Chat users. 
-It is operated on the side by a small sysops team
-on a voluntary basis.
-See [other chatmail servers](https://delta.chat/en/chatmail) for alternative server operators. 
-{% endif %}
-
-
-## Summary: No personal data asked or collected 
-
-This chatmail server neither asks for nor retains personal information. 
-Chatmail servers exist to reliably transmit (store and deliver) end-to-end encrypted messages
-between user's devices running the Delta Chat messenger app. 
-Technically, you may think of a Chatmail server as 
-an end-to-end encrypted "messaging router" at Internet-scale. 
-
-A chatmail server is very unlike classic e-mail servers (for example Google Mail servers)
-that ask for personal data and permanently store messages. 
-A chatmail server behaves more like the Signal messaging server 
-but does not know about phone numbers and securely and automatically interoperates 
-with other chatmail and classic e-mail servers. 
-
-Unlike classic e-mail servers, this chatmail server 
-
-- unconditionally removes messages after {{ config.delete_mails_after }} days,
-
-- prohibits sending out un-encrypted messages,
-
-- does not store Internet addresses ("IP addresses"), 
-
-- does not process IP addresses in relation to email addresses.
-
-Due to the resulting lack of personal data processing
-this chatmail server may not require a privacy policy.
-
-Nevertheless, we provide legal details below to make life easier
-for data protection specialists and lawyers scrutinizing chatmail operations.
-
-
-
-## 1. Name and contact information 
-
-Responsible for the processing of your personal data is:
-```
-{{ config.privacy_postal }}
-```
-
-E-mail: {{ config.privacy_mail }}
-
-We have appointed a data protection officer:
-
-```
-{{ config.privacy_pdo }}
-```
-
-## 2. Processing when using chat e-mail services
-
-We provide services optimized for the use from [Delta Chat](https://delta.chat) apps
-and process only the data necessary
-for the setup and technical execution of message delivery.
-The purpose of the processing is that users can
-read, write, manage, delete, send, and receive chat messages.
-For this purpose,
-we operate server-side software
-that enables us to send and receive messages.
-
-We process the following data and details:
-
-- Outgoing and incoming messages (SMTP) are stored for transit
-  on behalf of their users until the message can be delivered.
-
-- E-Mail-Messages are stored for the recipient and made accessible via IMAP protocols,
-  until explicitly deleted by the user or until a fixed time period is exceeded,
-  (*usually 4-8 weeks*).
-
-- IMAP and SMTP protocols are password protected with unique credentials for each account.
-
-- Users can retrieve or delete all stored messages
-  without intervention from the operators using standard IMAP client tools.
-
-- Users can connect to a "realtime relay service"
-  to establish Peer-to-Peer connection between user devices,
-  allowing them to send and retrieve ephemeral messages
-  which are never stored on the chatmail server, also not in encrypted form.
-
-
-### 2.1 Account setup
-
-Creating an account happens in one of two ways on our mail servers: 
-
-- with a QR invitation token 
-  which is scanned using the Delta Chat app
-  and then the account is created.
-
-- by letting Delta Chat otherwise create an account 
-  and register it with a {{ config.mail_domain }} mail server. 
-
-In either case, we process the newly created email address.
-No phone numbers,
-other email addresses,
-or other identifiable data
-is currently required.
-The legal basis for the processing is
-Art. 6 (1) lit. b GDPR,
-as you have a usage contract with us
-by using our services.
-
-### 2.2 Processing of E-Mail-Messages
-
-In addition,
-we will process data
-to keep the server infrastructure operational
-for purposes of e-mail dispatch
-and abuse prevention.
-
-- Therefore,
-  it is necessary to process the content and/or metadata
-  (e.g., headers of the email as well as smtp chatter)
-  of E-Mail-Messages in transit. 
-
-- We will keep logs of messages in transit for a limited time.
-  These logs are used to debug delivery problems and software bugs.
-
-In addition,
-we process data to protect the systems from excessive use.
-Therefore, limits are enforced:
-
-- rate limits
-
-- storage limits
-
-- message size limits
-
-- any other limit necessary for the whole server to function in a healthy way
-  and to prevent abuse.
-
-The processing and use of the above permissions
-are performed to provide the service.
-The data processing is necessary for the use of our services,
-therefore the legal basis of the processing is
-Art. 6 (1) lit. b GDPR,
-as you have a usage contract with us
-by using our services.
-The legal basis for the data processing
-for the purposes of security and abuse prevention is
-Art. 6 (1) lit. f GDPR.
-Our legitimate interest results
-from the aforementioned purposes.
-We will not use the collected data
-for the purpose of drawing conclusions
-about your person.
-
-
-## 3. Processing when using our Website
-
-When you visit our website,
-the browser used on your end device
-automatically sends information to the server of our website.
-This information is temporarily stored in a so-called log file.
-The following information is collected and stored
-until it is automatically deleted
-(*usually 7 days*):
-
-- used type of browser,
-
-- used operating system, 
-
-- access date and time as well as
-
-- country of origin and IP address, 
-
-- the requested file name or HTTP resource,
-
-- the amount of data transferred,
-
-- the access status (file transferred, file not found, etc.) and
-
-- the page from which the file was requested.
-
-This website is hosted by an external service provider (hoster).
-The personal data collected on this website is stored
-on the hoster's servers.
-Our hoster will process your data
-only to the extent necessary to fulfill its obligations
-to perform under our instructions.
-In order to ensure data protection-compliant processing,
-we have concluded a data processing agreement with our hoster.
-
-The aforementioned data is processed by us for the following purposes:  
-
-- Ensuring a reliable connection setup of the website,
-
-- ensuring a convenient use of our website,
-
-- checking and ensuring system security and stability, and
-
-- for other administrative purposes.
-
-The legal basis for the data processing is
-Art. 6 (1) lit. f GDPR.
-Our legitimate interest results
-from the aforementioned purposes of data collection.
-We will not use the collected data
-for the purpose of drawing conclusions about your person.
-
-## 4. Transfer of Data
-
-We do not retain any personal data but e-mail messages waiting to be delivered 
-may contain personal data.
-Any such residual personal data will not be transferred to third parties
-for purposes other than those listed below:
-
-a) you have given your express consent
-in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,  
-
-b) the disclosure is necessary for the assertion, exercise or defence of legal claims
-pursuant to Art. 6 (1) sentence 1 lit. f GDPR
-and there is no reason to assume that you have
-an overriding interest worthy of protection
-in the non-disclosure of your data,  
-
-c) in the event that there is a legal obligation to disclose your data
-pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
-as well as  
-
-d) this is legally permissible and necessary
-in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR
-for the processing of contractual relationships with you,  
-
-e) this is carried out by a service provider
-acting on our behalf and on our exclusive instructions,
-whom we have carefully selected (Art. 28 (1) GDPR)
-and with whom we have concluded a corresponding contract on commissioned processing (Art. 28 (3) GDPR),
-which obliges our contractor,
-among other things,
-to implement appropriate security measures
-and grants us comprehensive control powers.
-
-## 5. Rights of the data subject
-
-The rights arise from Articles 12 to 23 GDPR.
-Since no personal data is stored on our servers,
-even in encrypted form,
-there is no need to provide information
-on these or possible objections.
-A deletion can be made
-directly in the Delta Chat email messenger.
-
-If you have any questions or complaints, 
-please feel free to contact us by email:  
-{{ config.privacy_mail }}
-
-As a rule, you can contact the supervisory authority of your usual place of residence
-or workplace
-or our registered office for this purpose.
-The supervisory authority responsible for our place of business
-is the `{{ config.privacy_supervisor }}`.
-
-
-## 6. Validity of this privacy policy 
-
-This data protection declaration is valid
-as of *October 2024*.
-Due to the further development of our service and offers
-or due to changed legal or official requirements,
-it may become necessary to revise this data protection declaration from time to time.
-
-
+%content placeholder%