Document ports 80 and 443 and add more hyperlinks

README.md

@@ -157,6 +157,6 @@ While this file is present, account creation will be blocked.
 [acmetool](https://hlandau.github.io/acmetool/) listens on port 80 (http).
 
 Delta Chat apps will, however, discover all ports and configurations
-automatically by reading the [autoconfig XML file](https://www.ietf.org/archive/id/draft-bucksch-autoconfig-00.html) from the chatmail service.
+automatically by reading the [autoconfig XML file](https://web.archive.org/web/20210624004729/https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration) from the chatmail service.
 
 

chatmaild/src/chatmaild/doveauth.py

@@ -91,39 +91,13 @@ def lookup_passdb(db, config: Config, user, cleartext_password):
                VALUES (?, ?, ?)"""
         conn.execute(q, (user, encrypted_password, int(time.time())))
         return dict(
-            home=f"/home/vmail/mail/{config.mail_domain}/{user}",
+            home=f"/home/vmail/{user}",
             uid="vmail",
             gid="vmail",
             password=encrypted_password,
         )
 
 
-def split_and_unescape(s):
-    """Split strings using double quote as a separator and backslash as escape character
-    into parts."""
-
-    out = ""
-    i = 0
-    while i < len(s):
-        c = s[i]
-        if c == "\\":
-            # Skip escape character.
-            i += 1
-
-            # This will raise IndexError if there is no character
-            # after escape character. This is expected
-            # as this is an invalid input.
-            out += s[i]
-        elif c == '"':
-            # Separator
-            yield out
-            out = ""
-        else:
-            out += c
-        i += 1
-    yield out
-
-
 def handle_dovecot_request(msg, db, config: Config):
     short_command = msg[0]
     if short_command == "L":  # LOOKUP
@@ -133,9 +107,7 @@ def handle_dovecot_request(msg, db, config: Config):
         # do not attempt to read any other parts for compatibility.
         keyname = parts[0]
 
-        namespace, type, args = keyname.split("/", 2)
-        args = list(split_and_unescape(args))
-
+        namespace, type, *args = keyname.split("/")
         reply_command = "F"
         res = ""
         if namespace == "shared":

chatmaild/src/chatmaild/tests/test_doveauth.py

@@ -52,19 +52,15 @@ def test_too_high_db_version(db):
 
 
 def test_handle_dovecot_request(db, example_config):
-    # Test that password can contain ", ', \ and /
     msg = (
-        'Lshared/passdb/laksjdlaksjdlak\\\\sjdlk\\"12j\\\'3l1/k2j3123"'
+        "Lshared/passdb/laksjdlaksjdlaksjdlk12j3l1k2j3123/"
         "some42123@chat.example.org\tsome42123@chat.example.org"
     )
     res = handle_dovecot_request(msg, db, example_config)
     assert res
     assert res[0] == "O" and res.endswith("\n")
     userdata = json.loads(res[1:].strip())
-    assert (
-        userdata["home"]
-        == "/home/vmail/mail/chat.example.org/some42123@chat.example.org"
-    )
+    assert userdata["home"] == "/home/vmail/some42123@chat.example.org"
     assert userdata["uid"] == userdata["gid"] == "vmail"
     assert userdata["password"].startswith("{SHA512-CRYPT}")
 

cmdeploy/src/cmdeploy/__init__.py

@@ -254,15 +254,6 @@ def _configure_postfix(config: Config, debug: bool = False) -> bool:
     )
     need_restart |= master_config.changed
 
-    header_cleanup = files.put(
-        src=importlib.resources.files(__package__).joinpath("postfix/submission_header_cleanup"),
-        dest="/etc/postfix/submission_header_cleanup",
-        user="root",
-        group="root",
-        mode="644",
-    )
-    need_restart |= header_cleanup.changed
-
     return need_restart
 
 

cmdeploy/src/cmdeploy/acmetool/__init__.py

@@ -1,8 +1,6 @@
 import importlib.resources
 
 from pyinfra.operations import apt, files, systemd, server
-from pyinfra import host
-from pyinfra.facts.systemd import SystemdStatus
 
 
 def deploy_acmetool(nginx_hook=False, email="", domains=[]):
@@ -57,13 +55,6 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
         group="root",
         mode="644",
     )
-    if host.get_fact(SystemdStatus).get("nginx.service"):
-        systemd.service(
-            name="Stop nginx service to free port 80",
-            service="nginx",
-            running=False,
-        )
-
     systemd.service(
         name="Setup acmetool-redirector service",
         service="acmetool-redirector.service",

cmdeploy/src/cmdeploy/dns.py

@@ -37,15 +37,21 @@ class DNS:
 
     def get(self, typ: str, domain: str) -> str | None:
         """Get a DNS entry"""
-        dig_result = self.shell(f"dig -r -q {domain} -t {typ} +short")
-        line = dig_result.partition("\n")[0]
-        if line:
-            return line
+        dig_result = self.shell(f"dig {typ} {domain}")
+        line_num = 0
+        for line in dig_result.splitlines():
+            line_num += 1
+            if line.strip() == ";; ANSWER SECTION:":
+                return dig_result.splitlines()[line_num].split("\t")[-1]
 
-    def check_ptr_record(self, ip: str, mail_domain) -> bool:
+    def check_ptr_record(self, ip: str, mail_domain) -> str:
         """Check the PTR record for an IPv4 or IPv6 address."""
-        result = self.shell(f"dig -r -x {ip} +short").rstrip()
-        return result == f"{mail_domain}."
+        result = self.get("-x", ip)
+        if result:
+            if ip_address(ip).version == 6:
+                result = result.split()[-1]
+            if result[:-1] == mail_domain:
+                return result
 
 
 def show_dns(args, out):

cmdeploy/src/cmdeploy/dovecot/auth.conf

@@ -1,10 +1,5 @@
 uri = proxy:/run/dovecot/doveauth.socket:auth
 iterate_disable = yes
 default_pass_scheme = plain
-# %E escapes characters " (double quote), ' (single quote) and \ (backslash) with \ (backslash).
-# See <https://doc.dovecot.org/configuration_manual/config_file/config_variables/#modifiers>
-# for documentation.
-#
-# We escape user-provided input and use double quote as a separator.
-password_key = passdb/%Ew"%Eu
-user_key = userdb/%Eu
+password_key = passdb/%w/%u
+user_key = userdb/%u

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -11,8 +11,9 @@ append_dot_mydomain = no
 
 readme_directory = no
 
-# See http://www.postfix.org/COMPATIBILITY_README.html
-compatibility_level = 3.6
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
 
 # TLS parameters
 smtpd_tls_cert_file=/var/lib/acme/live/{{ config.mail_domain }}/fullchain
@@ -48,5 +49,3 @@ virtual_mailbox_domains = {{ config.mail_domain }}
 
 smtpd_milters = unix:opendkim/opendkim.sock
 non_smtpd_milters = $smtpd_milters
-
-header_checks = regexp:/etc/postfix/submission_header_cleanup

cmdeploy/src/cmdeploy/postfix/master.cf.j2

@@ -14,6 +14,10 @@ smtp      inet  n       -       y       -       -       smtpd -v
 {% else %}
 smtp      inet  n       -       y       -       -       smtpd 
 {% endif %}
+#smtp      inet  n       -       y       -       1       postscreen
+#smtpd     pass  -       -       y       -       -       smtpd
+#dnsblog   unix  -       -       y       -       0       dnsblog
+#tlsproxy  unix  -       -       y       -       0       tlsproxy
 submission inet n       -       y       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt

cmdeploy/src/cmdeploy/postfix/submission_header_cleanup

@@ -1,4 +0,0 @@
-/^Received:/            IGNORE
-/^X-Originating-IP:/    IGNORE
-/^X-Mailer:/            IGNORE
-/^User-Agent:/          IGNORE

cmdeploy/src/cmdeploy/tests/online/test_0_qr.py

@@ -14,12 +14,3 @@ def test_fastcgi_working(maildomain, chatmail_config):
     res = requests.post(url)
     assert maildomain in res.json().get("email")
     assert len(res.json().get("password")) > chatmail_config.password_min_length
-
-
-def test_newemail_configure(maildomain, rpc):
-    """Test configuring accounts by scanning a QR code works."""
-    url = f"DCACCOUNT:https://{maildomain}/cgi-bin/newemail.py"
-    for i in range(3):
-        account_id = rpc.add_account()
-        rpc.set_config_from_qr(account_id, url)
-        rpc.configure(account_id)

cmdeploy/src/cmdeploy/tests/online/test_2_deltachat.py

@@ -1,10 +1,7 @@
 import time
 import re
 import random
-
 import pytest
-import requests
-import ipaddress
 
 
 class TestEndToEndDeltaChat:
@@ -122,17 +119,3 @@ class TestEndToEndDeltaChat:
             for msg in msgs:
                 assert "error" not in m.get_message_info()
             time.sleep(1)
-
-
-def test_hide_senders_ip_address(cmfactory):
-    public_ip = requests.get("http://icanhazip.com").content.decode().strip()
-    assert ipaddress.ip_address(public_ip)
-
-    user1, user2 = cmfactory.get_online_accounts(2)
-    chat = cmfactory.get_accepted_chat(user1, user2)
-
-    chat.send_text("testing submission header cleanup")
-    user2.wait_next_incoming_message()
-    user2.direct_imap.select_folder("Inbox")
-    msg = user2.direct_imap.get_all_messages()[0]
-    assert public_ip not in msg.obj.as_string()

www/src/info.md

@@ -3,7 +3,7 @@
 
 ## More information 
 
-{{ config.mail_domain }} provides a low-maintenance, resource efficient and 
+`nine.testrun.org` provides a low-maintenance, resource efficient and 
 interoperable e-mail service for everyone. What's behind a `chatmail` is 
 effectively a normal e-mail address just like any other but optimized 
 for the usage in chats, especially DeltaChat.