apply nami's suggestions (chatmail SSH env var, running --slow in test.sh)

- refactor login tests to allow running them against both imap/smtp

deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2

@@ -9,6 +9,8 @@ auth_debug = yes
 auth_debug_passwords = yes
 auth_verbose_passwords = plain
 auth_cache_size = 100M
+mail_plugins = quota
+mail_debug = yes
 
 # Authentication for system users.
 passdb {
@@ -60,13 +62,28 @@ mail_privileged_group = vmail
 # Enable IMAP COMPRESS (RFC 4978).
 # <https://datatracker.ietf.org/doc/html/rfc4978.html>
 protocol imap {
-  mail_plugins = $mail_plugins imap_zlib
+  mail_plugins = $mail_plugins imap_zlib imap_quota
+}
+
+protocol lmtp {
+  mail_plugins = $mail_plugins quota
 }
 
 plugin {
   imap_compress_deflate_level = 6
 }
 
+plugin {
+  # for now we define static quota-rules for all users 
+  quota = maildir:User quota
+  quota_rule = *:storage=100M
+  quota_max_mail_size=30M
+  quota_grace = 0
+  # quota_over_flag_value = TRUE
+}
+
+
+
 service lmtp {
   user=vmail
 

deploy-chatmail/src/deploy_chatmail/postfix/main.cf.j2

@@ -37,6 +37,8 @@ mydestination =
 relayhost = 
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
+# maximum 30MB sized messages
+message_size_limit = 31457280
 recipient_delimiter = +
 inet_interfaces = all
 inet_protocols = all

deploy-chatmail/src/deploy_chatmail/postfix/master.cf

@@ -9,7 +9,7 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
-smtp      inet  n       -       y       -       -       smtpd
+smtp      inet  n       -       y       -       -       smtpd -v 
 #smtp      inet  n       -       y       -       1       postscreen
 #smtpd     pass  -       -       y       -       -       smtpd
 #dnsblog   unix  -       -       y       -       0       dnsblog
@@ -28,7 +28,7 @@ submission inet n       -       y       -       -       smtpd
   -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
-  -o content_filter=filter:unix:private/filtemail
+  -o content_filter=filter:unix:private/filtermail
 smtps     inet  n       -       y       -       -       smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes

online-tests/conftest.py

@@ -1,15 +1,47 @@
 import os
 import io
+import random
+import subprocess
 import imaplib
 import smtplib
 import itertools
 import pytest
-import time
+
+
+def pytest_addoption(parser):
+    parser.addoption(
+        "--slow", action="store_true", default=False, help="also run slow tests"
+    )
+
+
+def pytest_runtest_setup(item):
+    markers = list(item.iter_markers(name="slow"))
+    if markers:
+        if not item.config.getoption("--slow"):
+            pytest.skip("skipping slow test, use --slow to run")
 
 
 @pytest.fixture
 def maildomain():
-    return os.environ.get("CHATMAIL_DOMAIN", "c1.testrun.org")
+    domain = os.environ.get("CHATMAIL_DOMAIN")
+    if not domain:
+        pytest.skip("set CHATMAIL_DOMAIN to a ssh-reachable chatmail instance")
+    return domain
+
+
+@pytest.fixture
+def chatmail_ssh(maildomain):
+    domain = os.environ.get("CHATMAIL_SSH")
+    if not domain:
+        domain = maildomain
+    return domain
+
+
+def pytest_report_header():
+    domain = os.environ.get("CHATMAIL_DOMAIN")
+    if domain:
+        text = f"chatmail test instance: {domain}"
+        return ["-" * len(text), text, "-" * len(text)]
 
 
 @pytest.fixture
@@ -18,6 +50,8 @@ def imap(maildomain):
 
 
 class ImapConn:
+    AuthError = imaplib.IMAP4.error
+
     def __init__(self, host):
         self.host = host
 
@@ -36,6 +70,8 @@ def smtp(maildomain):
 
 
 class SmtpConn:
+    AuthError = smtplib.SMTPAuthenticationError
+
     def __init__(self, host):
         self.host = host
 
@@ -48,15 +84,24 @@ class SmtpConn:
         self.conn.login(user, password)
 
 
+@pytest.fixture(params=["imap", "smtp"])
+def imap_or_smtp(request):
+    return request.getfixturevalue(request.param)
+
+
 @pytest.fixture
 def gencreds(maildomain):
-    prefix = str(time.time())
     count = itertools.count()
+    next(count)
 
     def gen():
         while 1:
             num = next(count)
-            yield f"user{prefix}_{num}@{maildomain}", f"password{prefix}_{num}"
+            alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
+            user = "".join(random.choices(alphanumeric, k=10))
+            user = f"ac{num}_{user}"
+            password = "".join(random.choices(alphanumeric, k=10))
+            yield f"{user}@{maildomain}", f"{password}"
 
     return lambda: next(gen())
 
@@ -79,7 +124,13 @@ class ChatmailTestProcess:
     def get_liveconfig_producer(self):
         while 1:
             user, password = self.gencreds()
-            config = {"addr": user, "mail_pw": password}
+            config = {
+                "addr": user,
+                "mail_pw": password,
+            }
+            # speed up account configuration
+            config["mail_server"] = self.maildomain
+            config["send_server"] = self.maildomain
             yield config
 
     def cache_maybe_retrieve_configured_db_files(self, cache_addr, db_target_path):
@@ -99,8 +150,21 @@ def cmfactory(request, maildomain, gencreds, tmpdir, data):
     am = ACFactory(request=request, tmpdir=tmpdir, testprocess=testproc, data=data)
     yield am
     if hasattr(request.node, "rep_call") and request.node.rep_call.failed:
-        if testprocess.pytestconfig.getoption("--extra-info"):
+        if testproc.pytestconfig.getoption("--extra-info"):
             logfile = io.StringIO()
             am.dump_imap_summary(logfile=logfile)
             print(logfile.getvalue())
             # request.node.add_report_section("call", "imap-server-state", s)
+
+
+@pytest.fixture
+def dovelogreader(chatmail_ssh):
+    def remote_reader():
+        popen = subprocess.Popen(
+            ["ssh", f"root@{chatmail_ssh}", "journalctl -f -u dovecot"],
+            stdout=subprocess.PIPE,
+        )
+        while 1:
+            yield popen.stdout.readline()
+
+    return remote_reader

online-tests/pytest.ini

@@ -1,2 +1,3 @@
 [pytest]
-addopts = -vrsx
+addopts = -vrsx --strict-markers
+markers = slow: mark test as slow (requires --slow option to run)

online-tests/test_0_login.py

@@ -1,55 +1,36 @@
 import pytest
-import imaplib
-import smtplib
 
 
-class TestDovecot:
+def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
-    def test_login_ok(self, imap, gencreds):
+    """Test a) that an initial login creates a user automatically
-        user, password = gencreds()
+    and b) verify we can also login a second time with the same password
-        imap.connect()
+    and c) that using a different password fails the login."""
-        imap.login(user, password)
+    user, password = gencreds()
-        # verify it works on another connection
+    lp.sec(f"login first time with {user} {password}")
-        imap.connect()
+    imap_or_smtp.connect()
-        imap.login(user, password)
+    imap_or_smtp.login(user, password)
+    lp.indent("success")
 
-    def test_login_same_password(self, imap, gencreds):
+    lp.sec(f"reconnect and login second time {user} {password}")
-        """Test two different users logging in with the same password.
+    imap_or_smtp.connect()
+    imap_or_smtp.login(user, password)
+    imap_or_smtp.connect()
+    lp.sec("success")
 
-        This ensures that authentication process does not confuse the users
+    lp.sec("reconnect and verify wrong password fails {user} ")
-        by using only the password hash as a key.
+    imap_or_smtp.connect()
-        """
+    with pytest.raises(imap_or_smtp.AuthError):
-        user1, password1 = gencreds()
+        imap_or_smtp.login(user, password + "wrong")
-        user2, _password2 = gencreds()
-        imap.connect()
-        imap.login(user1, password1)
-        imap.connect()
-        imap.login(user2, password1)
-
-    def test_login_fail(self, imap, gencreds):
-        user, password = gencreds()
-        imap.connect()
-        imap.login(user, password)
-        imap.connect()
-        with pytest.raises(imaplib.IMAP4.error) as excinfo:
-            imap.login(user, password + "wrong")
-        assert "AUTHENTICATIONFAILED" in str(excinfo)
 
 
-class TestPostfix:
+def test_login_same_password(imap_or_smtp, gencreds):
-    def test_login_ok(self, smtp, gencreds):
+    """Test two different users logging in with the same password
-        user, password = gencreds()
+    to ensure that authentication process does not confuse the users
-        smtp.connect()
+    by using only the password hash as a key.
-        smtp.login(user, password)
+    """
-        # verify it works on another connection
+    user1, password1 = gencreds()
-        smtp.connect()
+    user2, _ = gencreds()
-        smtp.login(user, password)
+    imap_or_smtp.connect()
-
+    imap_or_smtp.login(user1, password1)
-    def test_login_fail(self, smtp, gencreds):
+    imap_or_smtp.connect()
-        user, password = gencreds()
+    imap_or_smtp.login(user2, password1)
-        smtp.connect()
-        smtp.login(user, password)
-        smtp.connect()
-        with pytest.raises(smtplib.SMTPAuthenticationError) as excinfo:
-            smtp.login(user, password + "wrong")
-        assert excinfo.value.smtp_code == 535
-        assert "authentication failed" in str(excinfo)

online-tests/test_1_deltachat.py

@@ -1,11 +1,70 @@
-class TestMailSending:
+import random
+import pytest
+
+
+class TestEndToEndDeltaChat:
+    "Tests that use Delta Chat accounts on the chat mail instance."
+
     def test_one_on_one(self, cmfactory, lp):
+        """Test that a DC account can send a message to a second DC account
+        on the same chat-mail instance."""
         ac1, ac2 = cmfactory.get_online_accounts(2)
         chat = cmfactory.get_accepted_chat(ac1, ac2)
 
         lp.sec("ac1: prepare and send text message to ac2")
-        msg1 = chat.send_text("message0")
+        chat.send_text("message0")
 
         lp.sec("wait for ac2 to receive message")
         msg2 = ac2._evtracker.wait_next_incoming_message()
         assert msg2.text == "message0"
+
+    @pytest.mark.slow
+    def test_exceed_quota(self, cmfactory, lp, tmpdir, dovelogreader):
+        """This is a very slow test as it needs to upload >100MB of mail data
+        before quota is exceeded, and thus depends on the speed of the upload.
+        """
+        ac1, ac2 = cmfactory.get_online_accounts(2)
+        chat = cmfactory.get_accepted_chat(ac1, ac2)
+
+        quota = 1024 * 1024 * 100
+        attachsize = 1 * 1024 * 1024
+        num_to_send = quota // attachsize + 2
+        lp.sec(f"ac1: send {num_to_send} large files to ac2")
+        lp.indent(f"per-user quota is assumed to be: {quota/(1024*1024)}MB")
+        alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
+        msgs = []
+        for i in range(num_to_send):
+            attachment = tmpdir / f"attachment{i}"
+            data = "".join(random.choice(alphanumeric) for i in range(1024))
+            with open(attachment, "w+") as f:
+                for j in range(attachsize // len(data)):
+                    f.write(data)
+
+            msg = chat.send_file(str(attachment))
+            msgs.append(msg)
+            lp.indent(f"Sent out msg {i}, size {attachsize/(1024*1024)}MB")
+
+        lp.sec("ac2: check messages are arriving until quota is reached")
+
+        addr = ac2.get_config("addr").lower()
+        saved_ok = 0
+        for line in dovelogreader():
+            line = line.decode().lower().strip()
+            if addr not in line:
+                # print(line)
+                continue
+            if "quota" in line:
+                if "quota exceeded" in line:
+                    if saved_ok < num_to_send // 2:
+                        pytest.fail(
+                            f"quota exceeded too early: after {saved_ok} messages already"
+                        )
+                    lp.indent("good, message sending failed because quota was exceeded")
+                    return
+            if "saved mail to inbox" in line:
+                saved_ok += 1
+                print(f"{saved_ok}: {line}")
+                if saved_ok >= num_to_send:
+                    break
+
+        pytest.fail("sending succeeded although messages should exceed quota")

plan.txt

@@ -2,13 +2,10 @@
 
 ## Dovecot goals/steps
 
-2. (holger) per-user storage quota (adaptive)
+- automatic expiry of messages older than M days
-   a) define a static 100MB per-user quota
-
-3. automatic expiry of messages older than M days
    - delete unconditionally messages older than 40 days
 
-4. limit: max-connections per account
+- limit: configure max-connections per account
 
 
 ## Filtermail

scripts/get_imap_capabilities.py

@@ -7,7 +7,7 @@ domain = os.environ.get("CHATMAIL_DOMAIN", "c3.testrun.org")
 print("connecting")
 conn = imaplib.IMAP4_SSL(domain)
 print("logging in")
-conn.login(f"measure{time.time()}", "pass")
+conn.login(f"imapcapa", "pass")
 status, res = conn.capability()
 for capa in sorted(res[0].decode().split()):
     print(capa)

scripts/test.sh

@@ -4,4 +4,4 @@ pushd chatmaild/src/chatmaild
 ../../venv/bin/pytest
 popd
 
-online-tests/venv/bin/pytest online-tests/ -vrx --durations=5
+online-tests/venv/bin/pytest online-tests/ -vrx --durations=5 --slow