www: point link to e2ee FAQ from staging to production

Co-authored-by: Hocuri <hocuri@gmx.de>

README.md

@@ -81,10 +81,11 @@ comprised of minimal setups of
 
 as well as two custom services that are integrated with these two: 
 
-- `chatmaild/src/chatmaild/dictproxy.py` implements 
+- `chatmaild/src/chatmaild/doveauth.py` implements
   create-on-login account creation semantics and is used
   by Dovecot during login authentication and by Postfix
-  which in turn uses Dovecot SASL to authenticate users
+  which in turn uses [Dovecot SASL](https://doc.dovecot.org/configuration_manual/authentication/dict/#complete-example-for-authenticating-via-a-unix-socket)
+  to authenticate users
   to send mails for them. 
 
 - `chatmaild/src/chatmaild/filtermail.py` prevents 

chatmaild/pyproject.toml

@@ -10,7 +10,7 @@ dependencies = [
 ]
 
 [project.scripts]
-doveauth-dictproxy = "chatmaild.dictproxy:main"
+doveauth = "chatmaild.doveauth:main"
 filtermail = "chatmaild.filtermail:main"
 
 [tool.pytest.ini_options]

chatmaild/src/chatmaild/doveauth.service

@@ -2,7 +2,7 @@
 Description=Dict authentication proxy for dovecot
 
 [Service]
-ExecStart=/usr/local/bin/doveauth-dictproxy /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite
+ExecStart=/usr/local/bin/doveauth /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite
 Restart=always
 RestartSec=30
 

deploy-chatmail/src/deploy_chatmail/__init__.py

@@ -7,6 +7,7 @@ from pathlib import Path
 from pyinfra import host
 from pyinfra.operations import apt, files, server, systemd
 from pyinfra.facts.files import File
+from pyinfra.facts.systemd import SystemdEnabled
 from .acmetool import deploy_acmetool
 
 
@@ -34,8 +35,17 @@ def _install_chatmaild() -> None:
             commands=[f"pip install --break-system-packages {remote_path}"],
         )
 
+        # disable legacy doveauth-dictproxy.service
+        if host.get_fact(SystemdEnabled).get("doveauth-dictproxy.service"):
+            systemd.service(
+                name="Disable legacy doveauth-dictproxy.service",
+                service="doveauth-dictproxy.service",
+                running=False,
+                enabled=False,
+            )
+
         for fn in (
-            "doveauth-dictproxy",
+            "doveauth",
             "filtermail",
         ):
             files.put(

scripts/generate-dns-zone.sh

@@ -15,6 +15,6 @@ _submission._tcp.$CHATMAIL_DOMAIN.  SRV 0 1 587 $CHATMAIL_DOMAIN.
 _submissions._tcp.$CHATMAIL_DOMAIN. SRV 0 1 465 $CHATMAIL_DOMAIN.
 _imap._tcp.$CHATMAIL_DOMAIN.        SRV 0 1 143 $CHATMAIL_DOMAIN.
 _imaps._tcp.$CHATMAIL_DOMAIN.       SRV 0 1 993 $CHATMAIL_DOMAIN.
-$CHATMAIL_DOMAIN. IN CAA 0 issue "letsencrypt.org; accounturi=$ACME_ACCOUNT_URL"
+$CHATMAIL_DOMAIN. IN CAA 128 issue "letsencrypt.org; accounturi=$ACME_ACCOUNT_URL"
 EOF
 $SSH opendkim-genzone -F | sed 's/^;.*$//;/^$/d'

tests/chatmaild/test_doveauth.py

@@ -5,8 +5,8 @@ import threading
 import queue
 import traceback
 
-import chatmaild.dictproxy
+import chatmaild.doveauth
-from chatmaild.dictproxy import get_user_data, lookup_passdb, handle_dovecot_request
+from chatmaild.doveauth import get_user_data, lookup_passdb, handle_dovecot_request
 from chatmaild.database import Database, DBError
 
 
@@ -30,7 +30,7 @@ def test_dont_overwrite_password_on_wrong_login(db):
 def test_nocreate_file(db, monkeypatch, tmpdir):
     p = tmpdir.join("nocreate")
     p.write("")
-    monkeypatch.setattr(chatmaild.dictproxy, "NOCREATE_FILE", str(p))
+    monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
     lookup_passdb(db, "newuser1@something.org", "zequ0Aimuchoodaechik")
     assert not get_user_data(db, "newuser1@something.org")
 

www/nine.testrun.org/index.html

@@ -27,6 +27,9 @@
             background-repeat: no-repeat;
             background-size: 100% 100%;
         }
+        a {
+            color: white;
+        }
         h1, h2, h3 {
             font-size: 16px;
             font-weight: bold;
@@ -37,24 +40,39 @@
     <div class="wrapper">
         <img class="section" src="collage-top.png" />
         <div class="section text">
-            <h1>welcome  to nine.testrun.org</h1>
+            <h1>Dear Delta Chat users,</h1>
             <p>
-                to get an account,
+                welcome to the first public "chat-mail instance",
-                invent a word with <i>exactly</i> nine characters
+                a small and lean e-mail server optimized for Delta Chat.
-                and append @nine.testrun.org to it.
-                eg. <b>hellofits@nine.testrun.org</b>
             </p>
-            <p>
+            <ul>
-                if the email address is not yet taken, you'll get that account.
+                <li>Tap "LOG INTO YOUR E-MAIL ACCOUNT". </li>
-                the first login sets your password.
+                <li>Address: invent a word with <i>exactly</i> nine characters
-                that's it.
+                and append @nine.testrun.org to it.</li>
+                <li>Password: invent at least 10 characters. The first login sets your password.</li>
+            </ul>
+                If the e-mail address is not yet taken, you'll get that account.
             </p>
         </div>
         <img class="section" src="collage-down.png" />
         <div class="section text">
             <h1>faq</h1>
-            <p><i>why are other email providers 1000 times more complicated?</i></p>
+            <h2>Can i chat with someone outside the chat-mail instance?</h2>
-            <p>because they want to for $reasons</p>
+            <p>Yes, if your messages are encrypted.
+            Use <a href="https://delta.chat/en/help#howtoe2ee">
+                guaranteed end-to-end encryption via QR code scans</a>
+            to setup contact with users outside of the chat-mail instance.</p>
+            <h2>What about current rate limits?</h2>
+            <ul>
+              <li>Sending limit: 60 messages per minute.</li>
+              <li>Message autoremoval: after 40 days.</li>
+            </ul>
+            <h2>Do you intend to keep this chat-mail instance up?</h2>
+            <p>Yes, nine.testrun.org is to run for longer, on a best-effort basis.</p>
+            <h2>Who is running this chat-mail instance?</h2>
+            <p>A small group of devs and sysadmins, reachable via root@.
+            <h2>Why are other email providers 1000 times more complicated?</h2>
+            <p>¯\_(ツ)_/¯</p>
         </div>
     </div>
 </body>