document some attributes in chatmail.ini

get passthrough_recipients list from config
various fixes
2026-05-11 16:34:39 +00:00 · 2023-12-09 01:20:17 +01:00 · 2023-12-09 01:07:37 +01:00 · 2023-12-09 00:22:58 +01:00 · 2023-12-08 21:56:15 +01:00
84 changed files with 628 additions and 1035 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -6,35 +6,26 @@ on:
 jobs:
  tox:
-    name: isolated chatmaild tests
+    name: chatmail tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: run chatmaild tests 
        working-directory: chatmaild
        run: pipx run tox
      - name: run deploy-chatmail offline tests 
        working-directory: deploy-chatmail
        run: pipx run tox
      - name: run deploy-chatmail offline tests 
        working-directory: deploy-chatmail
        run: pipx run tox
  scripts:
-    name: deploy-chatmail tests 
+    name: chatmail script invocations 
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-
+      - name: run init.sh 
-      - name: initenv 
+        run: ./scripts/init.sh 
-        run: scripts/initenv.sh
+      - name: run test.sh 
-
+        run: ./scripts/test.sh 
      - name: append venv/bin to PATH
        run: echo venv/bin >>$GITHUB_PATH
      - name: run formatting checks 
        run: cmdeploy fmt -v 
      - name: run deploy-chatmail offline tests 
        run: pytest --pyargs cmdeploy 
      - name: initialize with chatmail domain
        run: cmdeploy init chat.example.org  
      # all other cmdeploy commands require a staging server 
      # see https://github.com/deltachat/chatmail/issues/100
--- a/.gitignore
+++ b/.gitignore
@@ -3,8 +3,10 @@ __pycache__/
 *.py[cod]
 *$py.class
 *.swp
 www/privacy.html*
 www/index.html*
 www/info.html*
 *qr-*.png
 chatmail.ini
 # C extensions
--- a/README.md
+++ b/README.md
@@ -1,9 +1,9 @@
 <img width="800px" src="www/src/collage-top.png"/>
-# Chatmail services optimized for Delta Chat apps 
+# Chatmail instances optimized for Delta Chat apps 
-This repository helps to setup a ready-to-use chatmail server
+This repository helps to setup a ready-to-use chatmail instance
 comprised of a minimal setup of the battle-tested 
 [postfix smtp](https://www.postfix.org) and [dovecot imap](https://www.dovecot.org) services. 
@@ -13,85 +13,33 @@ for use by [Delta Chat apps](https://delta.chat).
 Chatmail accounts are automatically created by a first login, 
 after which the initially specified password is required for using them. 
-## Deploying your own chatmail server 
+## Getting Started deploying your own chatmail instance
-We subsequently use `CHATMAIL_DOMAIN` as a placeholder for your fully qualified 
+1. Prepare your local (presumably Linux) system:
 DNS domain name (FQDN), for example `chat.example.org`.
-1. Setup DNS `A` and `AAAA` records for your `CHATMAIL_DOMAIN`. 
+    scripts/init.sh 
   Verify that DNS is set and SSH root login works:
-   ```
+2. Setup a domain with `A` and `AAAA` records for your chatmail server.
        ssh root@CHATMAIL_DOMAIN 
   ```
-2. Install the `cmdeploy` command in a virtualenv
+3. Set environment variable to the chatmail domain you want to setup:
-   ```
+    export CHATMAIL_DOMAIN=c1.testrun.org   # replace with your host
    git clone https://github.com/deltachat/chatmail
    cd chatmail
    scripts/initenv.sh
   ```
 3. Create chatmail configuration file `chatmail.ini`:
-   ```
+4. Fill in privacy contact data into the `chatmail.ini` file
    scripts/cmdeploy init CHATMAIL_DOMAIN
   ```
-4. Deploy to the remote chatmail server:
+5. Deploy the chat mail instance to your chatmail server: 
-   ```
+    scripts/deploy.sh 
    scripts/cmdeploy run
   ```
-5. To output a DNS zone file from which you can transfer DNS records 
+   This script remotely sets up packages and configures the chatmail provider. 
   to your DNS provider:
-   ```
+6. Run `scripts/generate-dns-zone.sh` and 
-    scripts/cmdeploy dns
+   transfer the generated DNS records at your DNS provider
   ```
 6. To check status of your remotely running chatmail service: 
   ```
    scripts/cmdeploy status
   ```
 7. To test your chatmail service: 
   ```
    scripts/cmdeploy test
   ```
 8. To benchmark your chatmail service: 
   ```
    scripts/cmdeploy bench
   ```
 ### Refining the web pages 
 ``` 
    scripts/cmdeploy webdev 
 ```
 This starts a local live development cycle for chatmail Web pages: 
 - uses the `www/src/page-layout.html` file for producing static 
  HTML pages from `www/src/*.md` files
 - continously builds the web presence reading files from `www/src` directory
  and generating html files and copying assets to the `www/build` directory. 
 - Starts a browser window automatically where you can "refresh" as needed. 
 ### Home page and getting started for users 
-`cmdeploy run` sets up mail services,
+The `deploy.sh` script deploys 
 and also creates default static Web pages and deploys them: 
 - a default `index.html` along with a QR code that users can click to 
  create accounts on your chatmail provider,
@@ -100,10 +48,31 @@ and also creates default static Web pages and deploys them:
 - a default `policy.html` that is linked from the home page. 
-All `.html` files are generated 
+All files are generated by the according markdown `.md` file in the `www` directory.
 by the according markdown `.md` file in the `www/src` directory.
 ### Refining the web pages 
 The `scripts/webdev.sh` script supports live development of the chatmail web presence:
 ``` 
    scripts/init.sh  # to locally initialize python virtual environments etc. 
    scripts/webdev.sh
 ```
 - uses the `www/src/page-layout.html` file for producing html documents
  from `www/src/*.md` files. 
 - continously builds the web presence reading files from `www/src` directory
  and generating html files and copying assets to the `www/build` directory. 
 - Starts a browser window automatically where you can "refresh" as needed. 
 Note that this script is not needed for running `scripts/deploy.sh" 
 which deploys the whole chatmail setup remotely. 
 The code that generates the web pages is identical
 which means that `webdev.sh` gives a pretty good preview. 
 ### Ports
 Postfix listens on ports 25 (smtp) and 587 (submission) and 465 (submissions).
--- a/chatmail.ini
+++ b/chatmail.ini
@@ -0,0 +1,32 @@
 [params]
 # how many mails a user can send out per minute
 max_user_send_per_minute = 60
 # list of e-mail recipients for which to accept outbound un-encrypted mails
 passthrough_recipients = privacy@testrun.org xstore@testrun.org
 # where the filtermail SMTP service listens
 filtermail_smtp_port = 10080
 # to which port to re-inject messages after they passed filtermail
 postfix_reinject_port = 10025
 [privacy:testrun]
 # the settings in this section are only applied
 # if the instantiated mail domain shell-matches the 'domain' setting
 domain = *.testrun.org
 privacy_postal =
    Merlinux GmbH, Represented by the managing director H. Krekel,
    Reichgrafen Str. 20, 79102 Freiburg, Germany
 privacy_mail = delta-privacy@merlinux.eu
 privacy_pdo =
    Prof. Dr. Fabian Schmieder, lexICT UG (limited), Ostfeldstr. 49, 30559 Hannover.
    You can contact him at *delta-privacy@merlinux.eu* (Keyword: DPO)
 privacy_supervisor =
    State Commissioner for Data Protection and Freedom of Information of
    Baden-Württemberg in 70173 Stuttgart, Germany.
--- a/chatmaild/MANIFEST.in
+++ b/chatmaild/MANIFEST.in
@@ -1,4 +0,0 @@
 include src/chatmaild/*.f 
 include src/chatmaild/ini/*.ini.f
 include src/chatmaild/ini/*.ini
 include src/chatmaild/tests/mail-data/*
--- a/chatmaild/pyproject.toml
+++ b/chatmaild/pyproject.toml
@@ -1,5 +1,5 @@
 [build-system]
-requires = ["setuptools>=61"]
+requires = ["setuptools>=45"]
 build-backend = "setuptools.build_meta"
 [project]
@@ -10,19 +10,10 @@ dependencies = [
  "iniconfig",
 ]
 [tool.setuptools]
 include-package-data = true
 [tool.setuptools.packages.find]
 where = ['src']
 [project.scripts]
 doveauth = "chatmaild.doveauth:main"
 filtermail = "chatmaild.filtermail:main"
 [project.entry-points.pytest11]
 "chatmaild.testplugin" = "chatmaild.tests.plugin"
 [tool.pytest.ini_options]
 addopts = "-v -ra --strict-markers"
 log_format = "%(asctime)s %(levelname)s %(message)s"
@@ -46,7 +37,8 @@ commands =
  ruff src/
 [testenv]
 passenv = CHATMAIL_DOMAIN
 deps = pytest 
       pdbpp 
-commands = pytest -v -rsXx {posargs}
+commands = pytest -v -rsXx {posargs: ../tests/chatmaild}
 """
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -1,59 +1,41 @@
 from pathlib import Path
 from fnmatch import fnmatch
 import iniconfig
 system_mailname_path = Path("/etc/mailname")
-def read_config(inipath):
+
-    cfg = iniconfig.IniConfig(inipath)
+def read_config(inipath, mailname=None):
-    return Config(inipath, params=cfg.sections["params"])
+    if mailname is None:
        with open(system_mailname_path) as f:
            mailname = f.read().strip()
    ini = iniconfig.IniConfig(inipath)
    privacy = {}
    for section in ini:
        if section.name.startswith("privacy:"):
            domain = section["domain"]
            if fnmatch(mailname, domain):
                privacy = section
                break
    return Config(inipath, mailname, privacy, params=ini.sections["params"])
 class Config:
-    def __init__(self, inipath, params):
+    def __init__(self, inipath, mailname, privacy, params):
        self._inipath = inipath
-        self.mail_domain = params["mail_domain"]
+        self.mailname = mailname
        self.privacy_postal = privacy.get("privacy_postal")
        self.privacy_mail = privacy.get("privacy_mail")
        self.privacy_pdo = privacy.get("privacy_pdo")
        self.privacy_supervisor = privacy.get("privacy_supervisor")
        self.max_user_send_per_minute = int(params["max_user_send_per_minute"])
        self.max_mailbox_size = params["max_mailbox_size"]
        self.delete_mails_after = params["delete_mails_after"]
        self.username_min_length = int(params["username_min_length"])
        self.username_max_length = int(params["username_max_length"])
        self.password_min_length = int(params["password_min_length"])
        self.passthrough_senders = params["passthrough_senders"].split()
        self.passthrough_recipients = params["passthrough_recipients"].split()
        self.filtermail_smtp_port = int(params["filtermail_smtp_port"])
        self.postfix_reinject_port = int(params["postfix_reinject_port"])
-        self.privacy_postal = params.get("privacy_postal")
+        self.passthrough_recipients = params["passthrough_recipients"].split()
        self.privacy_mail = params.get("privacy_mail")
        self.privacy_pdo = params.get("privacy_pdo")
        self.privacy_supervisor = params.get("privacy_supervisor")
    def _getbytefile(self):
        return open(self._inipath, "rb")
 def write_initial_config(inipath, mail_domain):
    from importlib.resources import files
    inidir = files(__package__).joinpath("ini")
    content = (
        inidir.joinpath("chatmail.ini.f").read_text().format(mail_domain=mail_domain)
    )
    if mail_domain.endswith(".testrun.org"):
        override_inipath = inidir.joinpath("override-testrun.ini")
        privacy = iniconfig.IniConfig(override_inipath)["privacy"]
        lines = []
        for line in content.split("\n"):
            for key, value in privacy.items():
                value_lines = value.strip().split("\n")
                if not line.startswith(f"{key} =") or not value_lines:
                    continue
                if len(value_lines) == 1:
                    lines.append(f"{key} = {value}")
                else:
                    lines.append(f"{key} =")
                    for vl in value_lines:
                        lines.append(f"    {vl}")
                break
            else:
                lines.append(line)
        content = "\n".join(lines)
    inipath.write_text(content)
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -12,7 +12,6 @@ from socketserver import (
 import pwd
 from .database import Database
 from .config import read_config, Config
 NOCREATE_FILE = "/etc/chatmail-nocreate"
@@ -23,17 +22,14 @@ def encrypt_password(password: str):
    return "{SHA512-CRYPT}" + passhash
-def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
+def is_allowed_to_create(user, cleartext_password) -> bool:
    """Return True if user and password are admissable."""
    if os.path.exists(NOCREATE_FILE):
        logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
        return False
-    if len(cleartext_password) < config.password_min_length:
+    if len(cleartext_password) < 9:
-        logging.warning(
+        logging.warning("Password needs to be at least 9 characters long")
            "Password needs to be at least %s characters long",
            config.password_min_length,
        )
        return False
    parts = user.split("@")
@@ -42,17 +38,11 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
        return False
    localpart, domain = parts
-    if (
+    if domain == "nine.testrun.org":
-        len(localpart) > config.username_max_length
+        # nine.testrun.org policy, username has to be exactly nine chars
-        or len(localpart) < config.username_min_length
+        if len(localpart) != 9:
-    ):
+            logging.warning(f"localpart {localpart!r} has not exactly nine chars")
-        logging.warning(
+            return False
            "localpart %s has to be between %s and %s chars long",
            localpart,
            config.username_min_length,
            config.username_max_length,
        )
        return False
    return True
@@ -70,7 +60,7 @@ def lookup_userdb(db, user):
    return get_user_data(db, user)
-def lookup_passdb(db, config: Config, user, cleartext_password):
+def lookup_passdb(db, user, cleartext_password):
    with db.write_transaction() as conn:
        userdata = conn.get_user(user)
        if userdata:
@@ -82,7 +72,7 @@ def lookup_passdb(db, config: Config, user, cleartext_password):
            userdata["uid"] = "vmail"
            userdata["gid"] = "vmail"
            return userdata
-        if not is_allowed_to_create(config, user, cleartext_password):
+        if not is_allowed_to_create(user, cleartext_password):
            return
        encrypted_password = encrypt_password(cleartext_password)
@@ -97,7 +87,7 @@ def lookup_passdb(db, config: Config, user, cleartext_password):
        )
-def handle_dovecot_request(msg, db, config: Config):
+def handle_dovecot_request(msg, db, mail_domain):
    short_command = msg[0]
    if short_command == "L":  # LOOKUP
        parts = msg[1:].split("\t")
@@ -107,15 +97,15 @@ def handle_dovecot_request(msg, db, config: Config):
        res = ""
        if namespace == "shared":
            if type == "userdb":
-                if user.endswith(f"@{config.mail_domain}"):
+                if user.endswith(f"@{mail_domain}"):
                    res = lookup_userdb(db, user)
                if res:
                    reply_command = "O"
                else:
                    reply_command = "N"
            elif type == "passdb":
-                if user.endswith(f"@{config.mail_domain}"):
+                if user.endswith(f"@{mail_domain}"):
-                    res = lookup_passdb(db, config, user, cleartext_password=args[0])
+                    res = lookup_passdb(db, user, cleartext_password=args[0])
                if res:
                    reply_command = "O"
                else:
@@ -133,7 +123,8 @@ def main():
    socket = sys.argv[1]
    passwd_entry = pwd.getpwnam(sys.argv[2])
    db = Database(sys.argv[3])
-    config = read_config(sys.argv[4])
+    with open("/etc/mailname", "r") as fp:
        mail_domain = fp.read().strip()
    class Handler(StreamRequestHandler):
        def handle(self):
@@ -142,7 +133,7 @@ def main():
                    msg = self.rfile.readline().strip().decode()
                    if not msg:
                        break
-                    res = handle_dovecot_request(msg, db, config)
+                    res = handle_dovecot_request(msg, db, mail_domain)
                    if res:
                        self.wfile.write(res.encode("ascii"))
                        self.wfile.flush()
--- a/chatmaild/src/chatmaild/doveauth.service.f
+++ b/chatmaild/src/chatmaild/doveauth.service.f
@@ -1,8 +1,8 @@
 [Unit]
-Description=Chatmail dict authentication proxy for dovecot
+Description=Dict authentication proxy for dovecot
 [Service]
-ExecStart={execpath} /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite {config_path}
+ExecStart={execpath} /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite
 Restart=always
 RestartSec=30
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -7,6 +7,7 @@ from email.parser import BytesParser
 from email import policy
 from email.utils import parseaddr
 from aiosmtpd.smtp import SMTP
 from aiosmtpd.controller import Controller
 from smtplib import SMTP as SMTPClient
@@ -111,9 +112,6 @@ class BeforeQueueHandler:
        if not mail_encrypted and check_mdn(message, envelope):
            return
        if envelope.mail_from in self.config.passthrough_senders:
            return
        passthrough_recipients = self.config.passthrough_recipients
        envelope_from_domain = from_addr.split("@").pop()
        for recipient in envelope.rcpt_tos:
@@ -129,10 +127,7 @@ class BeforeQueueHandler:
            is_outgoing = recipient_domain != envelope_from_domain
            if is_outgoing and not mail_encrypted:
-                is_securejoin = message.get("secure-join") in [
+                is_securejoin = message.get("secure-join") in ["vc-request", "vg-request"]
                    "vc-request",
                    "vg-request",
                ]
                if not is_securejoin:
                    return f"500 Invalid unencrypted mail to <{recipient}>"
--- a/chatmaild/src/chatmaild/ini/chatmail.ini.f
+++ b/chatmaild/src/chatmaild/ini/chatmail.ini.f
@@ -1,63 +0,0 @@
 [params]
 # mail domain (MUST be set to fully qualified chat mail domain)
 mail_domain = {mail_domain}
 #
 # If you only do private test deploys, you don't need to modify any settings below
 #
 #
 # Account Restrictions
 #
 # how many mails a user can send out per minute
 max_user_send_per_minute = 60
 # maximum mailbox size of a chatmail account
 max_mailbox_size = 100M
 # time after which seen mails are deleted
 delete_mails_after = 40d
 # minimum length a username must have
 username_min_length = 9
 # maximum length a username can have
 username_max_length = 9
 # minimum length a password must have
 password_min_length = 9
 # list of chatmail accounts which can send outbound un-encrypted mail
 passthrough_senders =
 # list of e-mail recipients for which to accept outbound un-encrypted mails
 passthrough_recipients =
 #
 # Deployment Details
 #
 # where the filtermail SMTP service listens
 filtermail_smtp_port = 10080
 # postfix accepts on the localhost reinject SMTP port
 postfix_reinject_port = 10025
 #
 # Privacy Policy
 #
 # postal address of privacy contact
 privacy_postal =
 # email address of privacy contact
 privacy_mail =
 # postal address of the privacy data officer
 privacy_pdo =
 # postal address of the privacy supervisor
 privacy_supervisor =
--- a/chatmaild/src/chatmaild/ini/override-testrun.ini
+++ b/chatmaild/src/chatmaild/ini/override-testrun.ini
@@ -1,16 +0,0 @@
 [privacy]
 passthrough_recipients = privacy@testrun.org
 privacy_postal =
    Merlinux GmbH, Represented by the managing director H. Krekel,
    Reichgrafen Str. 20, 79102 Freiburg, Germany
 privacy_mail = privacy@testrun.org
 privacy_pdo =
    Prof. Dr. Fabian Schmieder, lexICT UG (limited), Ostfeldstr. 49, 30559 Hannover.
    You can contact him at *delta-privacy@merlinux.eu* (Keyword: DPO)
 privacy_supervisor =
    State Commissioner for Data Protection and Freedom of Information of
    Baden-Württemberg in 70173 Stuttgart, Germany.
--- a/chatmaild/src/chatmaild/newemail.py
+++ b/chatmaild/src/chatmaild/newemail.py
@@ -1,25 +1,23 @@
-#!/usr/local/lib/chatmaild/venv/bin/python3
+#!/usr/bin/python3
 """ CGI script for creating new accounts. """
 import json
 import random
-from chatmaild.config import read_config, Config
+mailname_path = "/etc/mailname"
 CONFIG_PATH = "/usr/local/lib/chatmaild/chatmail.ini"
-def create_newemail_dict(config: Config):
+def create_newemail_dict(domain):
    alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
-    user = "".join(random.choices(alphanumeric, k=config.username_min_length))
+    user = "".join(random.choices(alphanumeric, k=9))
-    password = "".join(random.choices(alphanumeric, k=config.password_min_length + 3))
+    password = "".join(random.choices(alphanumeric, k=12))
-    return dict(email=f"{user}@{config.mail_domain}", password=f"{password}")
+    return dict(email=f"{user}@{domain}", password=f"{password}")
 def print_new_account():
-    config = read_config(CONFIG_PATH)
+    domain = open(mailname_path).read().strip()
-    creds = create_newemail_dict(config)
+    creds = create_newemail_dict(domain=domain)
    print("Content-Type: application/json")
    print("")
--- a/chatmaild/src/chatmaild/tests/plugin.py
+++ b/chatmaild/src/chatmaild/tests/plugin.py
@@ -1,68 +0,0 @@
 import random
 import importlib.resources
 import itertools
 from email.parser import BytesParser
 from email import policy
 import pytest
 from chatmaild.database import Database
 from chatmaild.config import read_config, write_initial_config
@pytest.fixture
 def make_config(tmp_path):
    inipath = tmp_path.joinpath("chatmail.ini")
    def make_conf(mail_domain):
        write_initial_config(inipath, mail_domain=mail_domain)
        return read_config(inipath)
    return make_conf
@pytest.fixture
 def example_config(make_config):
    return make_config("chat.example.org")
@pytest.fixture
 def maildomain(example_config):
    return example_config.mail_domain
@pytest.fixture
 def gencreds(maildomain):
    count = itertools.count()
    next(count)
    def gen(domain=None):
        domain = domain if domain else maildomain
        while 1:
            num = next(count)
            alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
            user = "".join(random.choices(alphanumeric, k=10))
            user = f"ac{num}_{user}"[:9]
            password = "".join(random.choices(alphanumeric, k=12))
            yield f"{user}@{domain}", f"{password}"
    return lambda domain=None: next(gen(domain))
@pytest.fixture()
 def db(tmpdir):
    db_path = tmpdir / "passdb.sqlite"
    print("database path:", db_path)
    return Database(db_path)
@pytest.fixture
 def maildata(request):
    datadir = importlib.resources.files(__package__).joinpath("mail-data")
    assert datadir.exists(), datadir
    def maildata(name, from_addr, to_addr):
        data = datadir.joinpath(name).read_text()
        text = data.format(from_addr=from_addr, to_addr=to_addr)
        return BytesParser(policy=policy.default).parsebytes(text.encode())
    return maildata
--- a/chatmaild/src/chatmaild/tests/test_config.py
+++ b/chatmaild/src/chatmaild/tests/test_config.py
@@ -1,32 +0,0 @@
 from chatmaild.config import read_config
 def test_read_config_basic(example_config):
    assert example_config.mail_domain == "chat.example.org"
    assert not example_config.privacy_supervisor and not example_config.privacy_mail
    assert not example_config.privacy_pdo and not example_config.privacy_postal
    inipath = example_config._inipath
    inipath.write_text(inipath.read_text().replace("60", "37"))
    example_config = read_config(inipath)
    assert example_config.max_user_send_per_minute == 37
    assert example_config.mail_domain == "chat.example.org"
 def test_read_config_testrun(make_config):
    config = make_config("something.testrun.org")
    assert config.mail_domain == "something.testrun.org"
    assert len(config.privacy_postal.split("\n")) > 1
    assert len(config.privacy_supervisor.split("\n")) > 1
    assert len(config.privacy_pdo.split("\n")) > 1
    assert config.privacy_mail == "privacy@testrun.org"
    assert config.filtermail_smtp_port == 10080
    assert config.postfix_reinject_port == 10025
    assert config.max_user_send_per_minute == 60
    assert config.max_mailbox_size == "100M"
    assert config.delete_mails_after == "40d"
    assert config.username_min_length == 9
    assert config.username_max_length == 9
    assert config.password_min_length == 9
    assert config.passthrough_recipients == ["privacy@testrun.org"]
    assert config.passthrough_senders == []
--- a/cmdeploy/pyproject.toml
+++ b/cmdeploy/pyproject.toml
@@ -1,32 +0,0 @@
 [build-system]
 requires = ["setuptools>=68"]
 build-backend = "setuptools.build_meta"
 [project]
 name = "cmdeploy"
 version = "0.2"
 dependencies = [
  "pyinfra",
  "pillow",
  "qrcode",
  "markdown",
  "pytest",
  "setuptools>=68",
  "termcolor",
  "build",
  "tox",
  "ruff",
  "black",
  "pytest",
  "pytest-xdist", 
 ]
 [project.scripts]
 cmdeploy = "cmdeploy.cmdeploy:main"
 [project.entry-points.pytest11]
 "chatmaild.testplugin" = "chatmaild.tests.plugin"
 "cmdeploy.testplugin" = "cmdeploy.tests.plugin"
 [tool.pytest.ini_options]
 addopts = "-v -ra --strict-markers"
--- a/cmdeploy/src/cmdeploy/chatmail.zone.f
+++ b/cmdeploy/src/cmdeploy/chatmail.zone.f
@@ -1,12 +0,0 @@
 {chatmail_domain}.                   MX 10 {chatmail_domain}.
 _submission._tcp.{chatmail_domain}.  SRV 0 1 587 {chatmail_domain}.
 _submissions._tcp.{chatmail_domain}. SRV 0 1 465 {chatmail_domain}.
 _imap._tcp.{chatmail_domain}.        SRV 0 1 143 {chatmail_domain}.
 _imaps._tcp.{chatmail_domain}.       SRV 0 1 993 {chatmail_domain}.
 {chatmail_domain}.                IN CAA 128 issue "letsencrypt.org;accounturi={acme_account_url}"
 {chatmail_domain}.                   TXT "v=spf1 a:{chatmail_domain} -all"
 _dmarc.{chatmail_domain}.            TXT "v=DMARC1;p=reject;rua=mailto:{email};ruf=mailto:{email};fo=1;adkim=r;aspf=r"
 _mta-sts.{chatmail_domain}.       IN TXT "v=STSv1; id={sts_id}"
 mta-sts.{chatmail_domain}.        IN CNAME {chatmail_domain}.
 _smtp._tls.{chatmail_domain}.     IN TXT "v=TLSRPTv1;rua=mailto:{email}"
 {dkim_entry}
--- a/cmdeploy/src/cmdeploy/cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/cmdeploy.py
@@ -1,308 +0,0 @@
 """
 Provides the `cmdeploy` entry point function,
 along with command line option and subcommand parsing.
 """
 import argparse
 import datetime
 import shutil
 import subprocess
 import importlib.resources
 import importlib.util
 import os
 import sys
 from pathlib import Path
 from termcolor import colored
 from chatmaild.config import read_config, write_initial_config
 #
 # cmdeploy sub commands and options
 #
 def init_cmd_options(parser):
    parser.add_argument(
        "chatmail_domain",
        action="store",
        help="fully qualified DNS domain name for your chatmail instance",
    )
 def init_cmd(args, out):
    """Initialize chatmail config file."""
    if args.inipath.exists():
        out.red(f"Path exists, not modifying: {args.inipath}")
        raise SystemExit(1)
    write_initial_config(args.inipath, args.chatmail_domain)
    out.green(f"created config file for {args.chatmail_domain} in {args.inipath}")
 def run_cmd_options(parser):
    parser.add_argument(
        "--dry-run",
        dest="dry_run",
        action="store_true",
        help="don't actually modify the server",
    )
 def run_cmd(args, out):
    """Deploy chatmail services on the remote server."""
    env = os.environ.copy()
    env["CHATMAIL_DOMAIN"] = args.config.mail_domain
    deploy_path = "cmdeploy/src/cmdeploy/deploy.py"
    pyinf = "pyinfra --dry" if args.dry_run else "pyinfra"
    cmd = f"{pyinf} --ssh-user root {args.config.mail_domain} {deploy_path}"
    out.check_call(cmd, env=env)
 def dns_cmd(args, out):
    """Generate dns zone file."""
    template = importlib.resources.files(__package__).joinpath("chatmail.zone.f")
    ssh = f"ssh root@{args.config.mail_domain}"
    def read_dkim_entries(entry):
        lines = []
        for line in entry.split("\n"):
            if line.startswith(";") or not line.strip():
                continue
            line = line.replace("\t", " ")
            lines.append(line)
        return "\n".join(lines)
    acme_account_url = out.shell_output(f"{ssh} -- acmetool account-url")
    dkim_entry = read_dkim_entries(out.shell_output(f"{ssh} -- opendkim-genzone -F"))
    out(
        f"[writing {args.config.mail_domain} zone data (using space as separator) to stdout output]",
        green=True,
    )
    print(
        template.read_text()
        .format(
            acme_account_url=acme_account_url,
            email=f"root@{args.config.mail_domain}",
            sts_id=datetime.datetime.now().strftime("%Y%m%d%H%M"),
            chatmail_domain=args.config.mail_domain,
            dkim_entry=dkim_entry,
        )
        .strip()
    )
 def status_cmd(args, out):
    """Display status for online chatmail instance."""
    ssh = f"ssh root@{args.config.mail_domain}"
    out.green(f"chatmail domain: {args.config.mail_domain}")
    if args.config.privacy_mail:
        out.green("privacy settings: present")
    else:
        out.red("no privacy settings")
    s1 = "systemctl --type=service --state=running"
    for line in out.shell_output(f"{ssh} -- {s1}").split("\n"):
        if line.startswith("  "):
            print(line)
 def test_cmd_options(parser):
    parser.add_argument(
        "--slow",
        dest="slow",
        action="store_true",
        help="also run slow tests",
    )
 def test_cmd(args, out):
    """Run local and online tests for chatmail deployment.
    This will automatically pip-install 'deltachat' if it's not available.
    """
    x = importlib.util.find_spec("deltachat")
    if x is None:
        out.check_call(f"{sys.executable} -m pip install deltachat")
    pytest_path = shutil.which("pytest")
    pytest_args = [pytest_path, "cmdeploy/src/", "-n4", "-rs", "-x", "-vrx", "--durations=5"]
    if args.slow:
        pytest_args.append("--slow")
    ret = out.run_ret(pytest_args)
    return ret
 def fmt_cmd_options(parser):
    parser.add_argument(
        "--verbose",
        "-v",
        dest="verbose",
        action="store_true",
        help="provide information on invocations",
    )
    parser.add_argument(
        "--check",
        "-c",
        action="store_true",
        help="only check but don't fix problems",
    )
 def fmt_cmd(args, out):
    """Run formattting fixes (fuff and black) on all chatmail source code."""
    sources = [str(importlib.resources.files(x)) for x in ("chatmaild", "cmdeploy")]
    black_args = [shutil.which("black")]
    ruff_args = [shutil.which("ruff")]
    if args.check:
        black_args.append("--check")
    else:
        ruff_args.append("--fix")
    if not args.verbose:
        black_args.append("-q")
        ruff_args.append("-q")
    black_args.extend(sources)
    ruff_args.extend(sources)
    out.check_call(" ".join(black_args), quiet=not args.verbose)
    out.check_call(" ".join(ruff_args), quiet=not args.verbose)
    return 0
 def bench_cmd(args, out):
    """Run benchmarks against an online chatmail instance."""
    args = ["pytest", "--pyargs", "cmdeploy.tests.online.benchmark", "-vrx"]
    cmdstring = " ".join(args)
    out.green(f"[$ {cmdstring}]")
    subprocess.check_call(args)
 def webdev_cmd(args, out):
    """Run local web development loop for static web pages."""
    from .www import main
    main()
 #
 # Parsing command line options and starting commands
 #
 class Out:
    """Convenience output printer providing coloring."""
    def red(self, msg, file=sys.stderr):
        print(colored(msg, "red"), file=file)
    def green(self, msg, file=sys.stderr):
        print(colored(msg, "green"), file=file)
    def __call__(self, msg, red=False, green=False, file=sys.stdout):
        color = "red" if red else ("green" if green else None)
        print(colored(msg, color), file=file)
    def shell_output(self, arg):
        self(f"[$ {arg}]", file=sys.stderr)
        return subprocess.check_output(arg, shell=True).decode()
    def check_call(self, arg, env=None, quiet=False):
        if not quiet:
            self(f"[$ {arg}]", file=sys.stderr)
        return subprocess.check_call(arg, shell=True, env=env)
    def run_ret(self, args, env=None, quiet=False):
        if not quiet:
            cmdstring = " ".join(args)
            self(f"[$ {cmdstring}]", file=sys.stderr)
        proc = subprocess.run(args, env=env)
        return proc.returncode
 def add_config_option(parser):
    parser.add_argument(
        "--config",
        dest="inipath",
        action="store",
        default=Path("chatmail.ini"),
        type=Path,
        help="path to the chatmail.ini file",
    )
 def add_subcommand(subparsers, func):
    name = func.__name__
    assert name.endswith("_cmd")
    name = name[:-4]
    doc = func.__doc__.strip()
    help = doc.split("\n")[0].strip(".")
    p = subparsers.add_parser(name, description=doc, help=help)
    p.set_defaults(func=func)
    add_config_option(p)
    return p
 description = """
 Setup your chatmail server configuration and
 deploy it via SSH to your remote location.
 """
 def get_parser():
    """Return an ArgumentParser for the 'cmdeploy' CLI"""
    parser = argparse.ArgumentParser(description=description.strip())
    subparsers = parser.add_subparsers(title="subcommands")
    # find all subcommands in the module namespace
    glob = globals()
    for name, func in glob.items():
        if name.endswith("_cmd"):
            subparser = add_subcommand(subparsers, func)
            addopts = glob.get(name + "_options")
            if addopts is not None:
                addopts(subparser)
    return parser
 def main(args=None):
    """Provide main entry point for 'xdcget' CLI invocation."""
    parser = get_parser()
    args = parser.parse_args(args=args)
    if not hasattr(args, "func"):
        return parser.parse_args(["-h"])
    out = Out()
    kwargs = {}
    if args.func.__name__ not in ("init_cmd", "fmt_cmd"):
        if not args.inipath.exists():
            out.red(f"expecting {args.inipath} to exist, run init first?")
            raise SystemExit(1)
        try:
            args.config = read_config(args.inipath)
        except Exception as ex:
            out.red(ex)
            raise SystemExit(1)
    try:
        res = args.func(args, out, **kwargs)
        if res is None:
            res = 0
        return res
    except KeyboardInterrupt:
        out.red("KeyboardInterrupt")
        sys.exit(130)
 if __name__ == "__main__":
    main()
--- a/cmdeploy/src/cmdeploy/dovecot/expunge.cron.j2
+++ b/cmdeploy/src/cmdeploy/dovecot/expunge.cron.j2
@@ -1,4 +0,0 @@
 2 0 * * * dovecot doveadm expunge -A SEEN BEFORE {{ config.delete_mails_after }} INBOX
 2 0 * * * dovecot doveadm expunge -A SEEN BEFORE {{ config.delete_mails_after }} Deltachat
 2 0 * * * dovecot doveadm expunge -A SEEN BEFORE {{ config.delete_mails_after }} Trash
 2 30 * * * dovecot doveadm purge -A
--- a/cmdeploy/src/cmdeploy/tests/init.py
+++ b/cmdeploy/src/cmdeploy/tests/init.py
--- a/cmdeploy/src/cmdeploy/tests/online/init.py
+++ b/cmdeploy/src/cmdeploy/tests/online/init.py
--- a/cmdeploy/src/cmdeploy/tests/online/test_0_qr.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_0_qr.py
@@ -1,16 +0,0 @@
 import requests
 from cmdeploy.genqr import gen_qr_png_data
 def test_gen_qr_png_data(maildomain):
    data = gen_qr_png_data(maildomain)
    assert data
 def test_fastcgi_working(maildomain, chatmail_config):
    url = f"https://{maildomain}/cgi-bin/newemail.py"
    print(url)
    res = requests.post(url)
    assert maildomain in res.json().get("email")
    assert len(res.json().get("password")) > chatmail_config.password_min_length
--- a/cmdeploy/src/cmdeploy/tests/test_cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/tests/test_cmdeploy.py
@@ -1,33 +0,0 @@
 import os
 import pytest
 from cmdeploy.cmdeploy import get_parser, main
 from chatmaild.config import read_config
@pytest.fixture(autouse=True)
 def _chdir(tmp_path):
    old = os.getcwd()
    os.chdir(tmp_path)
    yield
    os.chdir(old)
 class TestCmdline:
    def test_parser(self, capsys):
        parser = get_parser()
        parser.parse_args([])
        init = parser.parse_args(["init", "chat.example.org"])
        run = parser.parse_args(["run"])
        assert init and run
    def test_init(self, tmp_path):
        main(["init", "chat.example.org"])
        inipath = tmp_path.joinpath("chatmail.ini")
        config = read_config(inipath)
        assert config.mail_domain == "chat.example.org"
    def test_init_not_overwrite(self):
        main(["init", "chat.example.org"])
        with pytest.raises(SystemExit):
            main(["init", "chat.example.org"])
--- a/cmdeploy/src/cmdeploy/tests/test_helpers.py
+++ b/cmdeploy/src/cmdeploy/tests/test_helpers.py
@@ -1,13 +0,0 @@
 import importlib.resources
 from cmdeploy.www import build_webpages
 def test_build_webpages(tmp_path, make_config):
    pkgroot = importlib.resources.files("cmdeploy")
    src_dir = pkgroot.joinpath("../../../www/src").resolve()
    assert src_dir.exists(), src_dir
    config = make_config("chat.example.org")
    build_dir = tmp_path.joinpath("build")
    build_webpages(src_dir, build_dir, config)
    assert len([x for x in build_dir.iterdir() if x.suffix == ".html"]) >= 3
--- a/deploy-chatmail/pyproject.toml
+++ b/deploy-chatmail/pyproject.toml
@@ -0,0 +1,33 @@
 [build-system]
 requires = ["setuptools>=45"]
 build-backend = "setuptools.build_meta"
 [project]
 name = "deploy-chatmail"
 version = "0.1"
 dependencies = [
  "pyinfra",
  "pillow",
  "qrcode",
  "markdown",
 ]
 [tool.pytest.ini_options]
 addopts = "-v -ra --strict-markers"
 [tool.tox]
 legacy_tox_ini = """
 [tox]
 isolated_build = true
 envlist = lint
 [testenv:lint]
 skipdist = True
 skip_install = True
 deps =
  ruff
  black
 commands =
  black --quiet --check --diff src/
  ruff src/
 """
--- a/deploy-chatmail/src/deploy_chatmail/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/init.py
@@ -14,7 +14,8 @@ from pyinfra.facts.files import File
 from pyinfra.facts.systemd import SystemdEnabled
 from .acmetool import deploy_acmetool
-from chatmaild.config import read_config, Config
+import chatmaild.filtermail
 from chatmaild.config import read_config
 def _build_chatmaild(dist_dir) -> None:
@@ -195,7 +196,7 @@ def _install_mta_sts_daemon() -> bool:
    server.shell(
        name="install postfix-mta-sts-resolver with pip",
        commands=[
-            "python3 -m virtualenv /usr/local/lib/postfix-mta-sts-resolver",
+            "python3 -m venv /usr/local/lib/postfix-mta-sts-resolver",
            "/usr/local/lib/postfix-mta-sts-resolver/bin/pip install postfix-mta-sts-resolver",
        ],
    )
@@ -215,7 +216,7 @@ def _install_mta_sts_daemon() -> bool:
    return need_restart
-def _configure_postfix(config: Config, debug: bool = False) -> bool:
+def _configure_postfix(config: chatmaild.config.Config, debug: bool = False) -> bool:
    """Configures Postfix SMTP server."""
    need_restart = False
@@ -243,7 +244,7 @@ def _configure_postfix(config: Config, debug: bool = False) -> bool:
    return need_restart
-def _configure_dovecot(config: Config, debug: bool = False) -> bool:
+def _configure_dovecot(mail_server: str, debug: bool = False) -> bool:
    """Configures Dovecot IMAP server."""
    need_restart = False
@@ -253,7 +254,7 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
        user="root",
        group="root",
        mode="644",
-        config=config,
+        config={"hostname": mail_server},
        debug=debug,
    )
    need_restart |= main_config.changed
@@ -266,13 +267,14 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
    )
    need_restart |= auth_config.changed
-    files.template(
+    files.put(
-        src=importlib.resources.files(__package__).joinpath("dovecot/expunge.cron.j2"),
+        src=importlib.resources.files(__package__)
        .joinpath("dovecot/expunge.cron")
        .open("rb"),
        dest="/etc/cron.d/expunge",
        user="root",
        group="root",
        mode="644",
        config=config,
    )
    # as per https://doc.dovecot.org/configuration_manual/os/
@@ -346,8 +348,8 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
 def check_config(config):
-    mail_domain = config.mail_domain
+    mailname = config.mailname
-    if mail_domain != "testrun.org" and not mail_domain.endswith(".testrun.org"):
+    if mailname != "testrun.org" and not mailname.endswith(".testrun.org"):
        blocked_words = "merlinux schmieder testrun.org".split()
        for value in config.__dict__.values():
            if any(x in value for x in blocked_words):
@@ -411,7 +413,7 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
    pkg_root = importlib.resources.files(__package__)
    chatmail_ini = pkg_root.joinpath("../../../chatmail.ini").resolve()
-    config = read_config(chatmail_ini)
+    config = read_config(chatmail_ini, mailname=mail_domain)
    check_config(config)
    www_path = pkg_root.joinpath("../../../www").resolve()
@@ -422,7 +424,7 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
    _install_remote_venv_with_chatmaild(config)
    debug = False
-    dovecot_need_restart = _configure_dovecot(config, debug=debug)
+    dovecot_need_restart = _configure_dovecot(mail_server, debug=debug)
    postfix_need_restart = _configure_postfix(config, debug=debug)
    opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
    mta_sts_need_restart = _install_mta_sts_daemon()
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/acmetool.cron
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/acmetool.cron
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/acmetool.hook
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/acmetool.hook
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/response-file.yaml.j2
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/response-file.yaml.j2
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/target.yaml.j2
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/target.yaml.j2
--- a/deploy-chatmail/src/deploy_chatmail/data/delta-chat-bw.png
+++ b/deploy-chatmail/src/deploy_chatmail/data/delta-chat-bw.png
--- a/deploy-chatmail/src/deploy_chatmail/data/opensans-regular.ttf
+++ b/deploy-chatmail/src/deploy_chatmail/data/opensans-regular.ttf
--- a/deploy-chatmail/src/deploy_chatmail/deploy.py
+++ b/deploy-chatmail/src/deploy_chatmail/deploy.py
@@ -1,6 +1,6 @@
 import os
 import pyinfra
-from cmdeploy import deploy_chatmail
+from deploy_chatmail import deploy_chatmail
 def main():
--- a/deploy-chatmail/src/deploy_chatmail/dovecot/auth.conf
+++ b/deploy-chatmail/src/deploy_chatmail/dovecot/auth.conf
--- a/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
@@ -86,7 +86,7 @@ plugin {
 plugin {
  # for now we define static quota-rules for all users 
  quota = maildir:User quota
-  quota_rule = *:storage={{ config.max_mailbox_size }}
+  quota_rule = *:storage=100M
  quota_max_mail_size=30M
  quota_grace = 0
  # quota_over_flag_value = TRUE
@@ -137,8 +137,8 @@ service imap-login {
 }
 ssl = required
-ssl_cert = </var/lib/acme/live/{{ config.mail_domain }}/fullchain
+ssl_cert = </var/lib/acme/live/{{ config.hostname }}/fullchain
-ssl_key = </var/lib/acme/live/{{ config.mail_domain }}/privkey
+ssl_key = </var/lib/acme/live/{{ config.hostname }}/privkey
 ssl_dh = </usr/share/dovecot/dh.pem
 ssl_min_protocol = TLSv1.2
 ssl_prefer_server_ciphers = yes
--- a/deploy-chatmail/src/deploy_chatmail/dovecot/expunge.cron
+++ b/deploy-chatmail/src/deploy_chatmail/dovecot/expunge.cron
@@ -0,0 +1,4 @@
 2 0 * * * dovecot doveadm expunge -A SEEN BEFORE 40d INBOX
 2 0 * * * dovecot doveadm expunge -A SEEN BEFORE 40d Deltachat
 2 0 * * * dovecot doveadm expunge -A SEEN BEFORE 40d Trash
 2 30 * * * dovecot doveadm purge -A
--- a/deploy-chatmail/src/deploy_chatmail/genqr.py
+++ b/deploy-chatmail/src/deploy_chatmail/genqr.py
--- a/deploy-chatmail/src/deploy_chatmail/journald.conf
+++ b/deploy-chatmail/src/deploy_chatmail/journald.conf
--- a/deploy-chatmail/src/deploy_chatmail/nginx/autoconfig.xml.j2
+++ b/deploy-chatmail/src/deploy_chatmail/nginx/autoconfig.xml.j2
--- a/deploy-chatmail/src/deploy_chatmail/nginx/mta-sts.txt.j2
+++ b/deploy-chatmail/src/deploy_chatmail/nginx/mta-sts.txt.j2
--- a/deploy-chatmail/src/deploy_chatmail/nginx/nginx.conf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/nginx/nginx.conf.j2
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/KeyTable
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/KeyTable
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/SigningTable
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/SigningTable
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/opendkim.conf
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/opendkim.conf
--- a/deploy-chatmail/src/deploy_chatmail/postfix/main.cf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/postfix/main.cf.j2
@@ -1,4 +1,4 @@
-myorigin = {{ config.mail_domain }}
+myorigin = {{ config.mailname }}
 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no
@@ -16,8 +16,8 @@ readme_directory = no
 compatibility_level = 2
 # TLS parameters
-smtpd_tls_cert_file=/var/lib/acme/live/{{ config.mail_domain }}/fullchain
+smtpd_tls_cert_file=/var/lib/acme/live/{{ config.mailname }}/fullchain
-smtpd_tls_key_file=/var/lib/acme/live/{{ config.mail_domain }}/privkey
+smtpd_tls_key_file=/var/lib/acme/live/{{ config.mailname }}/privkey
 smtpd_tls_security_level=may
 smtp_tls_CApath=/etc/ssl/certs
@@ -26,7 +26,7 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8461:postfix
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = {{ config.mail_domain }}
+myhostname = {{ config.mailname }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
@@ -45,7 +45,7 @@ inet_interfaces = all
 inet_protocols = all
 virtual_transport = lmtp:unix:private/dovecot-lmtp
-virtual_mailbox_domains = {{ config.mail_domain }}
+virtual_mailbox_domains = {{ config.mailname }}
 smtpd_milters = unix:opendkim/opendkim.sock
 non_smtpd_milters = $smtpd_milters
--- a/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
--- a/deploy-chatmail/src/deploy_chatmail/postfix/mta-sts-daemon.service
+++ b/deploy-chatmail/src/deploy_chatmail/postfix/mta-sts-daemon.service
--- a/deploy-chatmail/src/deploy_chatmail/postfix/mta-sts-daemon.yml
+++ b/deploy-chatmail/src/deploy_chatmail/postfix/mta-sts-daemon.yml
--- a/deploy-chatmail/src/deploy_chatmail/www.py
+++ b/deploy-chatmail/src/deploy_chatmail/www.py
@@ -37,7 +37,7 @@ def build_webpages(src_dir, build_dir, config):
 def _build_webpages(src_dir, build_dir, config):
-    mail_domain = config.mail_domain
+    mail_domain = config.mailname
    assert src_dir.exists(), src_dir
    if not build_dir.exists():
        build_dir.mkdir()
@@ -66,12 +66,12 @@ def _build_webpages(src_dir, build_dir, config):
 def main():
    chatmail_domain = "example.testrun.org"
    path = importlib.resources.files(__package__)
    reporoot = path.joinpath("../../../").resolve()
    inipath = reporoot.joinpath("chatmail.ini")
-    config = read_config(inipath)
+    config = read_config(inipath, mailname=chatmail_domain)
-    config.webdev = True
+    config["webdev"] = True
    assert config.mail_domain
    www_path = reporoot.joinpath("www")
    src_path = www_path.joinpath("src")
    stats = None
--- a/plan.txt
+++ b/plan.txt
@@ -0,0 +1,65 @@
 # Chat-mail server development (up until Oct 18th)
 ## Dovecot goals/steps
 - automatic expiry of messages older than M days
   - also expunge unread messages
 - limit: configure max-connections per account
 ## nami: send out rate limit / rspamd
 - basic outgoing send rate/limits (depending on "account-rating")
  use rspamd in a minimal way, check support dkim-signing
  (including an online test exceeding rate limit)
 ## doveauth questions/futures
 - bcrypt-password scheme is slow: require long passwords, use faster hashing
 - define user-name and password policies, and implement them
  (be very restrictive at the beginning, we can relax later)
 - password is part of the dictproxy-lookup key, is it safe to use auth-caching?
 ## How to limit creation of accounts?
 attack: a 3-line bash script to fill the chatmail db with millions of unused accouts
 - make it computationally expensive (somehow try to except our tests from it)
  1st pass instant onboarding: create userid + cheap password -- if it fails then
  2nd pass instant onboarding: create userdid + comput. expensive password
 - probably also do firewall: limit number of new tcp-connections per IP address per duration
 ## Open/deferred questions
 - automatic expiry of users that haven't logged in for N days
  Is it neccessary?  If all messages are gone, does the existence of
  an e-mail address bother anybody?
 ## web page for chat-mail servers?
 - documentation for users, privacy policy etc.
  (probably also with provider-messages ...)
 ## online tests (first with plain python/pytest)
 - write tests for dovecot login (exists)
 - write tests for postfix logins (exists)
 - write A<>B send/receive tests (exists)
 ## Delta Chat
 1. qr code that defines access to a chatmail instance (like mailadm but without http etc.)
 2. support for creating username/password and verifying login works
--- a/scripts/bench.sh
+++ b/scripts/bench.sh
@@ -0,0 +1,4 @@
 #!/bin/bash
 set -e
 venv/bin/pytest tests/online/benchmark.py -vrx
--- a/scripts/cmdeploy
+++ b/scripts/cmdeploy
@@ -1,6 +0,0 @@
 #!/usr/bin/env bash
 #
 # Wrapper for cmdelpoy to run it in activated virtualenv.
 set -e
 . venv/bin/activate
 cmdeploy "$@"
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -0,0 +1,8 @@
 #!/usr/bin/env bash
 echo -----------------------------------------
 echo deploying to $CHATMAIL_DOMAIN 
 echo -----------------------------------------
 venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
    deploy-chatmail/src/deploy_chatmail/deploy.py
--- a/scripts/generate-dns-zone.sh
+++ b/scripts/generate-dns-zone.sh
@@ -0,0 +1,23 @@
 #!/bin/sh
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
 : ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
 set -e
 SSH="ssh root@$CHATMAIL_SSH"
 EMAIL="root@$CHATMAIL_DOMAIN"
 ACME_ACCOUNT_URL="$($SSH -- acmetool account-url)"
 cat <<EOF
 $CHATMAIL_DOMAIN. MX 10 $CHATMAIL_DOMAIN.
 $CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_DOMAIN -all"
 _dmarc.$CHATMAIL_DOMAIN. TXT "v=DMARC1;p=reject;rua=mailto:$EMAIL;ruf=mailto:$EMAIL;fo=1;adkim=r;aspf=r"
 _submission._tcp.$CHATMAIL_DOMAIN.  SRV 0 1 587 $CHATMAIL_DOMAIN.
 _submissions._tcp.$CHATMAIL_DOMAIN. SRV 0 1 465 $CHATMAIL_DOMAIN.
 _imap._tcp.$CHATMAIL_DOMAIN.        SRV 0 1 143 $CHATMAIL_DOMAIN.
 _imaps._tcp.$CHATMAIL_DOMAIN.       SRV 0 1 993 $CHATMAIL_DOMAIN.
 $CHATMAIL_DOMAIN. IN CAA 128 issue "letsencrypt.org;accounturi=$ACME_ACCOUNT_URL"
 _mta-sts.$CHATMAIL_DOMAIN. IN TXT "v=STSv1; id=$(date -u '+%Y%m%d%H%M')"
 mta-sts.$CHATMAIL_DOMAIN. IN CNAME $CHATMAIL_DOMAIN.
 _smtp._tls.$CHATMAIL_DOMAIN. IN TXT "v=TLSRPTv1;rua=mailto:$EMAIL"
 EOF
 $SSH opendkim-genzone -F | sed 's/^;.*$//;/^$/d'
--- a/scripts/get_imap_capabilities.py
+++ b/scripts/get_imap_capabilities.py
@@ -0,0 +1,14 @@
 import os
 import time
 import imaplib
 domain = os.environ.get("CHATMAIL_DOMAIN", "c3.testrun.org")
 print("connecting")
 conn = imaplib.IMAP4_SSL(domain)
 print("logging in")
 conn.login(f"imapcapa", "pass")
 status, res = conn.capability()
 for capa in sorted(res[0].decode().split()):
    print(capa)
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -0,0 +1,8 @@
 #!/bin/sh
 set -e
 python3 -m venv venv
 pip=venv/bin/pip
 $pip install pyinfra pytest build 'setuptools>=68' tox 
 $pip install -e deploy-chatmail 
 $pip install -e chatmaild 
--- a/scripts/initenv.sh
+++ b/scripts/initenv.sh
@@ -1,6 +0,0 @@
 #!/bin/bash
 set -e
 python3 -m venv venv
 venv/bin/pip install -e chatmaild 
 venv/bin/pip install -e cmdeploy
--- a/scripts/measure_tls_and_logins.py
+++ b/scripts/measure_tls_and_logins.py
@@ -0,0 +1,28 @@
 #!/usr/bin/env python3
 import os
 import time
 import imaplib
 domain = os.environ.get("CHATMAIL_DOMAIN", "c3.testrun.org")
 NUM_CONNECTIONS=10
 conns = []
 start = time.time()
 for i in range(NUM_CONNECTIONS):
    print(f"opening connection {i} to {domain}")
    conn = imaplib.IMAP4_SSL(domain)
    conns.append(conn)
 tlsdone = time.time()
 duration = tlsdone-start
 print(f"{duration}: TLS connections opening TLS connections")
 for i, conn in enumerate(conns):
    print(f"logging into connection {i}")
    conn.login(f"measure{i}", "pass")
 logindone = time.time()
 duration = logindone - tlsdone
 print(f"{duration}: LOGINS done")
--- a/scripts/remote-deploy.sh
+++ b/scripts/remote-deploy.sh
@@ -0,0 +1,8 @@
 #!/bin/sh
 set -e
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
 : ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
 rsync -avz . "root@$CHATMAIL_SSH:/root/chatmail" --exclude='/.git' --filter="dir-merge,- .gitignore"
 ssh "root@$CHATMAIL_SSH" "cd /root/chatmail; apt install -y python3-venv; python3 -m venv venv; venv/bin/pip install pyinfra build; venv/bin/python3 -m build -n --sdist chatmaild --outdir dist; venv/bin/pip install -e ./deploy-chatmail -e ./chatmaild; export CHATMAIL_DOMAIN=$CHATMAIL_DOMAIN; venv/bin/pyinfra @local deploy.py"
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -0,0 +1,4 @@
 #!/bin/bash
 venv/bin/tox -c chatmaild
 venv/bin/tox -c deploy-chatmail
 venv/bin/pytest tests/online -rs -vrx --durations=5 $@
--- a/scripts/webdev.sh
+++ b/scripts/webdev.sh
@@ -0,0 +1,9 @@
 #!/usr/bin/env bash
 echo -----------------------------------------
 echo starting local webdev 
 echo -----------------------------------------
 venv/bin/python3 -m deploy_chatmail.www 
--- a/tests/chatmaild/test_config.py
+++ b/tests/chatmaild/test_config.py
@@ -0,0 +1,88 @@
 from chatmaild.config import read_config
 import chatmaild.config
 def test_read_config_without_mailname(tmp_path, create_ini, monkeypatch):
    mailname_path = tmp_path.joinpath("mailname")
    mailname_path.write_text("something.example.org")
    monkeypatch.setattr(chatmaild.config, "system_mailname_path", mailname_path)
    inipath = create_ini(
        """
        [params]
        max_user_send_per_minute = 40
        filtermail_smtp_port = 9875
        postfix_reinject_port = 9999
        passthrough_recipients =
    """
    )
    config = read_config(inipath)
    assert config.mailname == "something.example.org"
 def test_read_config_without_privacy_policy(tmp_path, create_ini):
    inipath = create_ini(
        """
        [params]
        max_user_send_per_minute = 40
        filtermail_smtp_port = 9875
        postfix_reinject_port = 9999
        passthrough_recipients =
        [privacy:testrun]
        domain = *.example.org
    """
    )
    config = read_config(inipath, "something.example.org")
    assert config.mailname == "something.example.org"
    assert config.max_user_send_per_minute == 40
    assert config.filtermail_smtp_port == 9875
    assert config.postfix_reinject_port == 9999
    assert config.passthrough_recipients == []
    assert not config.privacy_postal
    assert not config.privacy_mail
    assert not config.privacy_pdo
    assert not config.privacy_supervisor
 def test_read_config(create_ini):
    inipath = create_ini(
        """
        [params]
        max_user_send_per_minute = 40
        filtermail_smtp_port = 10080
        postfix_reinject_port = 10025
        passthrough_recipients = x@example.org y@example.org
        [privacy:testrun]
        domain = *.testrun.org
        privacy_postal =
            Postal Ltd
        privacy_mail = privacy@merlinux.eu
        privacy_pdo =
            Postal PDO
            You can contact him at *delta-privacy@merlinux.eu* (Keyword: DPO)
        privacy_supervisor =
            line1
            line2 with space
    """
    )
    config = read_config(inipath, "something.testrun.org")
    assert config.mailname == "something.testrun.org"
    assert config.filtermail_smtp_port == 10080
    assert config.postfix_reinject_port == 10025
    assert config.passthrough_recipients == ["x@example.org", "y@example.org"]
    assert config.privacy_postal == "Postal Ltd"
    assert config.privacy_mail == "privacy@merlinux.eu"
    lines = config.privacy_pdo.split("\n")
    assert lines[0] == "Postal PDO"
    assert lines[1].startswith("You can ")
    lines = config.privacy_supervisor.split("\n")
    assert lines[0] == "line1"
    assert lines[1] == "line2 with space"
--- a/chatmaild/src/chatmaild/tests/test_doveauth.py
+++ b/chatmaild/src/chatmaild/tests/test_doveauth.py
@@ -9,35 +9,29 @@ from chatmaild.doveauth import get_user_data, lookup_passdb, handle_dovecot_requ
 from chatmaild.database import DBError
-def test_basic(db, example_config):
+def test_basic(db):
-    lookup_passdb(db, example_config, "asdf12345@chat.example.org", "q9mr3faue")
+    lookup_passdb(db, "link2xt@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
-    data = get_user_data(db, "asdf12345@chat.example.org")
+    data = get_user_data(db, "link2xt@c1.testrun.org")
    assert data
-    data2 = lookup_passdb(
+    data2 = lookup_passdb(db, "link2xt@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
        db, example_config, "asdf12345@chat.example.org", "q9mr3jewvadsfaue"
    )
    assert data == data2
-def test_dont_overwrite_password_on_wrong_login(db, example_config):
+def test_dont_overwrite_password_on_wrong_login(db):
    """Test that logging in with a different password doesn't create a new user"""
-    res = lookup_passdb(
+    res = lookup_passdb(db, "newuser1@something.org", "kajdlkajsldk12l3kj1983")
        db, example_config, "newuser12@chat.example.org", "kajdlkajsldk12l3kj1983"
    )
    assert res["password"]
-    res2 = lookup_passdb(db, example_config, "newuser12@chat.example.org", "kajdslqwe")
+    res2 = lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
    # this function always returns a password hash, which is actually compared by dovecot.
    assert res["password"] == res2["password"]
-def test_nocreate_file(db, monkeypatch, tmpdir, example_config):
+def test_nocreate_file(db, monkeypatch, tmpdir):
    p = tmpdir.join("nocreate")
    p.write("")
    monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
-    lookup_passdb(
+    lookup_passdb(db, "newuser1@something.org", "zequ0Aimuchoodaechik")
-        db, example_config, "newuser12@chat.example.org", "zequ0Aimuchoodaechik"
+    assert not get_user_data(db, "newuser1@something.org")
    )
    assert not get_user_data(db, "newuser12@chat.example.org")
 def test_db_version(db):
@@ -51,22 +45,22 @@ def test_too_high_db_version(db):
        db.ensure_tables()
-def test_handle_dovecot_request(db, example_config):
+def test_handle_dovecot_request(db):
    msg = (
        "Lshared/passdb/laksjdlaksjdlaksjdlk12j3l1k2j3123/"
-        "some42123@chat.example.org\tsome42123@chat.example.org"
+        "some42@c3.testrun.org\tsome42@c3.testrun.org"
    )
-    res = handle_dovecot_request(msg, db, example_config)
+    res = handle_dovecot_request(msg, db, "c3.testrun.org")
    assert res
    assert res[0] == "O" and res.endswith("\n")
    userdata = json.loads(res[1:].strip())
-    assert userdata["home"] == "/home/vmail/some42123@chat.example.org"
+    assert userdata["home"] == "/home/vmail/some42@c3.testrun.org"
    assert userdata["uid"] == userdata["gid"] == "vmail"
    assert userdata["password"].startswith("{SHA512-CRYPT}")
-def test_50_concurrent_lookups_different_accounts(db, gencreds, example_config):
+def test_100_concurrent_lookups_different_accounts(db, gencreds):
-    num_threads = 50
+    num_threads = 100
    req_per_thread = 5
    results = queue.Queue()
@@ -74,7 +68,7 @@ def test_50_concurrent_lookups_different_accounts(db, gencreds, example_config):
        for i in range(req_per_thread):
            addr, password = gencreds()
            try:
-                lookup_passdb(db, example_config, addr, password)
+                lookup_passdb(db, addr, password)
            except Exception:
                results.put(traceback.format_exc())
            else:
--- a/chatmaild/src/chatmaild/tests/test_filtermail.py
+++ b/chatmaild/src/chatmaild/tests/test_filtermail.py
@@ -5,6 +5,8 @@ from chatmaild.filtermail import (
    check_mdn,
 )
 from chatmaild.config import read_config
 import pytest
@@ -15,8 +17,8 @@ def maildomain():
@pytest.fixture
-def handler(make_config, maildomain):
+def handler(create_ini, maildomain):
-    config = make_config(maildomain)
+    config = read_config(create_ini(), maildomain)
    return BeforeQueueHandler(config)
@@ -26,36 +28,27 @@ def test_reject_forged_from(maildata, gencreds, handler):
        rcpt_tos = [gencreds()[0]]
    # test that the filter lets good mail through
-    to_addr = gencreds()[0]
+    env.content = maildata("plain.eml", from_addr=env.mail_from).as_bytes()
    env.content = maildata(
        "plain.eml", from_addr=env.mail_from, to_addr=to_addr
    ).as_bytes()
    assert not handler.check_DATA(envelope=env)
    # test that the filter rejects forged mail
-    env.content = maildata(
+    env.content = maildata("plain.eml", from_addr="forged@c3.testrun.org").as_bytes()
        "plain.eml", from_addr="forged@c3.testrun.org", to_addr=to_addr
    ).as_bytes()
    error = handler.check_DATA(envelope=env)
    assert "500" in error
 def test_filtermail_no_encryption_detection(maildata):
-    msg = maildata(
+    msg = maildata("plain.eml")
        "plain.eml", from_addr="some@example.org", to_addr="other@example.org"
    )
    assert not check_encrypted(msg)
    # https://xkcd.com/1181/
-    msg = maildata(
+    msg = maildata("fake-encrypted.eml")
        "fake-encrypted.eml", from_addr="some@example.org", to_addr="other@example.org"
    )
    assert not check_encrypted(msg)
 def test_filtermail_encryption_detection(maildata):
-    msg = maildata("encrypted.eml", from_addr="1@example.org", to_addr="2@example.org")
+    msg = maildata("encrypted.eml")
    assert check_encrypted(msg)
    # if the subject is not "..." it is not considered ac-encrypted
@@ -108,8 +101,9 @@ def test_send_rate_limiter():
 def test_excempt_privacy(maildata, gencreds, handler):
    from_addr = gencreds()[0]
    to_addr = "privacy@testrun.org"
-    handler.config.passthrough_recipients = [to_addr]
+    false_to = "privacy@tstrn.org"
-    false_to = "privacy@something.org"
+    false_to2 = "prvcy@testrun.org"
    assert to_addr in handler.config.passthrough_recipients
    msg = maildata("plain.eml", from_addr, to_addr)
@@ -123,23 +117,7 @@ def test_excempt_privacy(maildata, gencreds, handler):
    class env2:
        mail_from = from_addr
-        rcpt_tos = [to_addr, false_to]
+        rcpt_tos = [to_addr, false_to, false_to2]
        content = msg.as_bytes()
    assert "500" in handler.check_DATA(envelope=env2)
 def test_passthrough_senders(gencreds, handler, maildata):
    acc1 = gencreds()[0]
    to_addr = "recipient@something.org"
    handler.config.passthrough_senders = [acc1]
    msg = maildata("plain.eml", acc1, to_addr)
    class env:
        mail_from = acc1
        rcpt_tos = to_addr
        content = msg.as_bytes()
    # assert that None/no error is returned
    assert not handler.check_DATA(envelope=env)
--- a/chatmaild/src/chatmaild/tests/test_newmail.py
+++ b/chatmaild/src/chatmaild/tests/test_newmail.py
@@ -4,24 +4,26 @@ import chatmaild
 from chatmaild.newemail import create_newemail_dict, print_new_account
-def test_create_newemail_dict(example_config):
+def test_create_newemail_dict():
-    ac1 = create_newemail_dict(example_config)
+    ac1 = create_newemail_dict(domain="example.org")
    assert "@" in ac1["email"]
    assert len(ac1["password"]) >= 10
-    ac2 = create_newemail_dict(example_config)
+    ac2 = create_newemail_dict(domain="example.org")
    assert ac1["email"] != ac2["email"]
    assert ac1["password"] != ac2["password"]
-def test_print_new_account(capsys, monkeypatch, maildomain, tmpdir, example_config):
+def test_print_new_account(capsys, monkeypatch, maildomain, tmpdir):
-    monkeypatch.setattr(chatmaild.newemail, "CONFIG_PATH", str(example_config._inipath))
+    p = tmpdir.join("mailname")
    p.write(maildomain)
    monkeypatch.setattr(chatmaild.newemail, "mailname_path", str(p))
    print_new_account()
    out, err = capsys.readouterr()
    lines = out.split("\n")
    assert lines[0] == "Content-Type: application/json"
    assert not lines[1]
    dic = json.loads(lines[2])
-    assert dic["email"].endswith(f"@{example_config.mail_domain}")
+    assert dic["email"].endswith(f"@{maildomain}")
    assert len(dic["password"]) >= 10
--- a/cmdeploy/src/cmdeploy/tests/plugin.py
+++ b/cmdeploy/src/cmdeploy/tests/plugin.py
@@ -3,14 +3,17 @@ import io
 import time
 import random
 import subprocess
 import textwrap
 import imaplib
 import smtplib
 import importlib.resources
 import itertools
 from email.parser import BytesParser
 from email import policy
 from pathlib import Path
 import pytest
 from chatmaild.database import Database
 from chatmaild.config import read_config
 conftestdir = Path(__file__).parent
@@ -37,22 +40,19 @@ def pytest_runtest_setup(item):
@pytest.fixture
-def chatmail_config(pytestconfig):
+def inipath():
-    current = basedir = Path().resolve()
+    dpath = importlib.resources.files("chatmaild")
-    while 1:
+    inipath = dpath.joinpath("../../../chatmail.ini").resolve()
-        path = current.joinpath("chatmail.ini").resolve()
+    assert inipath.exists()
-        if path.exists():
+    return inipath
            return read_config(path)
        if current == current.parent:
            break
        current = current.parent
    pytest.skip(f"no chatmail.ini file found in {basedir} or parent dirs")
@pytest.fixture
-def maildomain(chatmail_config):
+def maildomain():
-    return chatmail_config.mail_domain
+    domain = os.environ.get("CHATMAIL_DOMAIN")
    if not domain:
        pytest.skip("set CHATMAIL_DOMAIN to a ssh-reachable chatmail instance")
    return domain
@pytest.fixture
@@ -228,25 +228,18 @@ def imap_or_smtp(request):
@pytest.fixture
-def gencreds(chatmail_config):
+def gencreds(maildomain):
    count = itertools.count()
    next(count)
    def gen(domain=None):
-        domain = domain if domain else chatmail_config.mail_domain
+        domain = domain if domain else maildomain
        while 1:
            num = next(count)
            alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
-            user = "".join(
+            user = "".join(random.choices(alphanumeric, k=10))
-                random.choices(alphanumeric, k=chatmail_config.username_max_length)
+            user = f"ac{num}_{user}"[:9]
-            )
+            password = "".join(random.choices(alphanumeric, k=12))
            if domain == "nine.testrun.org":
                user = f"ac{num}_{user}"[:9]
            else:
                user = f"ac{num}_{user}"[: chatmail_config.username_max_length]
            password = "".join(
                random.choices(alphanumeric, k=chatmail_config.password_min_length)
            )
            yield f"{user}@{domain}", f"{password}"
    return lambda domain=None: next(gen(domain))
@@ -357,6 +350,22 @@ def lp(request):
    return LP()
@pytest.fixture
 def maildata(request, gencreds):
    datadir = conftestdir.joinpath("mail-data")
    def maildata(name, from_addr=None, to_addr=None):
        if from_addr is None:
            from_addr = gencreds()[0]
        if to_addr is None:
            to_addr = gencreds()[0]
        data = datadir.joinpath(name).read_text()
        text = data.format(from_addr=from_addr, to_addr=to_addr)
        return BytesParser(policy=policy.default).parsebytes(text.encode())
    return maildata
@pytest.fixture
 def cmsetup(maildomain, gencreds):
    return CMSetup(maildomain, gencreds)
@@ -403,3 +412,16 @@ class CMUser:
            imap.login(self.addr, self.password)
            self._imap = imap
        return self._imap
@pytest.fixture
 def create_ini(tmp_path, inipath):
    def create_ini_func(source=None):
        if source is None:
            source = inipath.read_text()
        p = tmp_path.joinpath("chatmail.ini")
        assert not p.exists(), p
        p.write_text(textwrap.dedent(source))
        return p
    return create_ini_func
--- a/chatmaild/src/chatmaild/tests/mail-data/encrypted.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/encrypted.eml
--- a/chatmaild/src/chatmaild/tests/mail-data/fake-encrypted.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/fake-encrypted.eml
--- a/chatmaild/src/chatmaild/tests/mail-data/mdn.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/mdn.eml
--- a/chatmaild/src/chatmaild/tests/mail-data/plain.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/plain.eml
--- a/cmdeploy/src/cmdeploy/tests/online/benchmark.py
+++ b/cmdeploy/src/cmdeploy/tests/online/benchmark.py
--- a/cmdeploy/src/cmdeploy/tests/online/test_0_login.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_0_login.py
--- a/tests/online/test_0_qr.py
+++ b/tests/online/test_0_qr.py
@@ -0,0 +1,6 @@
 from deploy_chatmail.genqr import gen_qr_png_data
 def test_gen_qr_png_data(maildomain):
    data = gen_qr_png_data(maildomain)
    assert data
--- a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
@@ -20,7 +20,7 @@ def test_use_two_chatmailservers(cmfactory, maildomain2):
@pytest.mark.parametrize("forgeaddr", ["internal", "someone@example.org"])
-def test_reject_forged_from(cmsetup, maildata, gencreds, lp, forgeaddr):
+def test_reject_forged_from(cmsetup, maildata, lp, forgeaddr):
    user1, user3 = cmsetup.gen_users(2)
    lp.sec("send encrypted message with forged from")
@@ -43,18 +43,18 @@ def test_reject_forged_from(cmsetup, maildata, gencreds, lp, forgeaddr):
@pytest.mark.slow
-def test_exceed_rate_limit(cmsetup, gencreds, maildata, chatmail_config):
+def test_exceed_rate_limit(cmsetup, gencreds, maildata):
    """Test that the per-account send-mail limit is exceeded."""
    user1, user2 = cmsetup.gen_users(2)
    mail = maildata(
        "encrypted.eml", from_addr=user1.addr, to_addr=user2.addr
    ).as_string()
-    for i in range(chatmail_config.max_user_send_per_minute + 5):
+    for i in range(100):
        print("Sending mail", str(i))
        try:
            user1.smtp.sendmail(user1.addr, [user2.addr], mail)
        except smtplib.SMTPException as e:
-            if i < chatmail_config.max_user_send_per_minute:
+            if i < 60:
                pytest.fail(f"rate limit was exceeded too early with msg {i}")
            outcome = e.recipients[user2.addr]
            assert outcome[0] == 450
--- a/cmdeploy/src/cmdeploy/tests/online/test_2_deltachat.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_2_deltachat.py
@@ -1,5 +1,4 @@
 import time
 import re
 import random
 import pytest
@@ -21,24 +20,14 @@ class TestEndToEndDeltaChat:
        assert msg2.text == "message0"
    @pytest.mark.slow
-    def test_exceed_quota(self, cmfactory, lp, tmpdir, remote, chatmail_config):
+    def test_exceed_quota(self, cmfactory, lp, tmpdir, remote):
        """This is a very slow test as it needs to upload >100MB of mail data
        before quota is exceeded, and thus depends on the speed of the upload.
        """
        ac1, ac2 = cmfactory.get_online_accounts(2)
        chat = cmfactory.get_accepted_chat(ac1, ac2)
-        def parse_size_limit(limit: str) -> int:
+        quota = 1024 * 1024 * 100
            """Parse a size limit and return the number of bytes as integer.
            Example input: 100M, 2.4T, 500 K
            """
            units = {"B": 1, "K": 2**10, "M": 2**20, "G": 2**30, "T": 2**40}
            size = re.sub(r'([KMGT])', r' \1', limit.upper())
            number, unit = [string.strip() for string in size.split()]
            return int(float(number) * units[unit])
        quota = parse_size_limit(chatmail_config.max_mailbox_size)
        attachsize = 1 * 1024 * 1024
        num_to_send = quota // attachsize + 2
        lp.sec(f"ac1: send {num_to_send} large files to ac2")
@@ -102,9 +91,9 @@ class TestEndToEndDeltaChat:
        lp.sec("setup encrypted comms between ac1 and ac2 on different instances")
        qr = ac1.get_setup_contact_qr()
-        ch = ac2.qr_setup_contact(qr)
+        ac2.qr_setup_contact(qr)
-        assert ch.id >= 10
+        msg = ac2.wait_next_incoming_message()
-        ac1._evtracker.wait_securejoin_inviter_progress(1000)
+        assert "verified" in msg.text
        lp.sec("ac1 sends a message and ac2 marks it as seen")
        chat = ac1.create_chat(ac2)
--- a/cmdeploy/src/cmdeploy/tests/pytest.ini
+++ b/cmdeploy/src/cmdeploy/tests/pytest.ini
--- a/tests/test_helpers.py
+++ b/tests/test_helpers.py
@@ -0,0 +1,48 @@
 import textwrap
 import importlib.resources
 from deploy_chatmail.www import build_webpages
 from chatmaild.config import read_config
 def make_config(create_ini, domain="example.org"):
    inipath = create_ini(
        textwrap.dedent(
            f"""\
        [params]
        max_user_send_per_minute = 60
        filtermail_smtp_port = 10080
        postfix_reinject_port = 10025
        passthrough_recipients =
        [privacy:{domain}]
        domain = example.org
        privacy_postal =
            address-line1
            address-line2
        privacy_mail = privacy@{domain}
        privacy_pdo =
            address-line3
    """
        )
    )
    return read_config(inipath, domain)
 def test_build_webpages(tmp_path, create_ini):
    pkgroot = importlib.resources.files("deploy_chatmail")
    src_dir = pkgroot.joinpath("../../../www/src").resolve()
    assert src_dir.exists(), src_dir
    config = make_config(create_ini, "example.org")
    build_dir = tmp_path.joinpath("build")
    build_webpages(src_dir, build_dir, config)
 def test_get_settings(tmp_path, create_ini):
    config = make_config(create_ini, "example.org")
    assert config.privacy_postal == "address-line1\naddress-line2"
    assert config.privacy_mail == "privacy@example.org"
    assert config.privacy_pdo == "address-line3"
    assert config.mailname == "example.org"
--- a/www/src/index.md
+++ b/www/src/index.md
@@ -1,5 +1,5 @@
-<img class="banner" src="collage-top.png"/>
+<img width="800px" src="collage-top.png"/>
 ## Dear [Delta Chat](https://get.delta.chat) users and newcomers, 
@@ -14,7 +14,6 @@ Welcome to instant, interoperable and [privacy-preserving](privacy.html) messagi
 💬 **Start** chatting with any Delta Chat contacts using [QR invite codes](https://delta.chat/en/help#howtoe2ee)
 <div class="experimental">Note: this is an experimental service</div>
 ## ⚡ Note: this is an experimental service ⚡
--- a/www/src/info.md
+++ b/www/src/info.md
@@ -1,5 +1,5 @@
-<img class="banner" src="collage-info.png"/>
+<img width="800px" src="collage-info.png"/>
 ## More information 
@@ -26,7 +26,7 @@ The first login sets your password.
 - You may send up to 60 messages per minute
- Seen messages are removed 40 days after arriving on the server
+- Messages are unconditionally removed 40 days after arriving on the server
 - You can store up to [100MB messages on the server](https://delta.chat/en/help#what-happens-if-i-turn-on-delete-old-messages-from-server)
--- a/www/src/logo.svg
+++ b/www/src/logo.svg
@@ -1,44 +0,0 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
   width="145"
   height="145"
   version="1.1"
   id="svg4"
   sodipodi:docname="At_sign.svg"
   inkscape:version="1.2.2 (b0a84865, 2022-12-01)"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:svg="http://www.w3.org/2000/svg">
  <defs
     id="defs8" />
  <sodipodi:namedview
     id="namedview6"
     pagecolor="#ffffff"
     bordercolor="#000000"
     borderopacity="0.25"
     inkscape:showpageshadow="2"
     inkscape:pageopacity="0.0"
     inkscape:pagecheckerboard="0"
     inkscape:deskcolor="#d1d1d1"
     showgrid="false"
     inkscape:zoom="3.0241379"
     inkscape:cx="67.622577"
     inkscape:cy="72.913341"
     inkscape:window-width="1390"
     inkscape:window-height="1027"
     inkscape:window-x="55"
     inkscape:window-y="25"
     inkscape:window-maximized="0"
     inkscape:current-layer="svg4" />
  <g
     aria-label="@"
     id="text2"
     style="font-size:144px;font-family:Arial">
    <path
       d="m 79.927878,94.422406 c -2.704286,3.120332 -5.741407,5.637394 -9.111364,7.551194 -3.328352,1.87221 -6.677506,2.80831 -10.047463,2.80831 -3.702792,0 -7.301573,-1.08172 -10.796342,-3.24515 -3.49477,-2.163426 -6.344671,-5.491779 -8.549704,-9.985058 -2.163429,-4.493275 -3.245144,-9.423397 -3.245144,-14.790365 0,-6.615099 1.684978,-13.230199 5.054935,-19.845299 3.411561,-6.656705 7.634407,-11.649233 12.66854,-14.977585 5.034133,-3.328352 9.92265,-4.992528 14.665552,-4.992528 3.619583,0 7.072748,0.956901 10.359496,2.870704 3.286748,1.872198 6.115847,4.742902 8.487297,8.612111 l 2.121825,-9.673023 h 11.170784 l -8.986557,41.87483 c -1.248129,5.824616 -1.872194,9.048957 -1.872194,9.673023 0,1.123319 0.416044,2.101022 1.248132,2.93311 0.873692,0.790484 1.913802,1.185726 3.120332,1.185726 2.20503,0 5.096537,-1.268934 8.674517,-3.806803 4.7429,-3.328352 8.4873,-7.780023 11.23319,-13.355013 2.78749,-5.616594 4.18124,-11.399606 4.18124,-17.349035 0,-6.947935 -1.78899,-13.438222 -5.36697,-19.47086 -3.53637,-6.032638 -8.84094,-10.858749 -15.913687,-14.478332 -7.03114,-3.619583 -14.811161,-5.429374 -23.340064,-5.429374 -9.73543,0 -18.638772,2.288242 -26.710026,6.864726 -8.029649,4.534879 -14.27031,11.06677 -18.721981,19.595673 -4.410066,8.487298 -6.615099,17.598662 -6.615099,27.334092 0,10.193078 2.205033,18.971607 6.615099,26.33559 2.290454,3.78888 -7.136335,18.96983 -3.810585,21.73443 3.138096,2.60861 18.971963,-7.14297 23.031819,-5.44631 8.404089,3.53637 17.702673,5.30456 27.895752,5.30456 10.90035,0 20.032515,-1.83059 27.396492,-5.49178 7.36399,-3.66119 12.87657,-8.11286 16.53776,-13.35501 l 9.29559,4 c -2.12183,4.36846 -3.76221,4.82013 -8.92116,9.35501 -5.15895,4.53488 -11.2956,8.11286 -18.40995,10.73393 -7.114346,2.66268 -15.684851,3.99402 -25.711512,3.99402 -9.236177,0 -17.76508,-1.18572 -25.586707,-3.55717 -7.780023,-2.37145 -29.296198,9.26152 -34.78798,4.47701 -5.49178,-4.7429 5.248856,-25.42482 2.461361,-31.62388 -3.49477,-7.863231 -5.242155,-16.350531 -5.242155,-25.461894 0,-10.151474 2.08022,-19.824498 6.240661,-29.019071 5.075736,-11.274793 12.273297,-19.907706 21.592683,-25.898739 9.360991,-5.991034 20.69819,-8.986551 34.011599,-8.986551 10.317891,0 19.574873,2.121824 27.77093,6.365473 8.23767,4.202045 14.72796,10.484309 19.47086,18.846794 4.03563,7.197561 6.05344,15.019189 6.05344,23.464883 0,12.065277 -4.24365,22.77841 -12.73094,32.1394 -7.572,8.404095 -15.85128,12.606135 -24.837827,12.606135 -2.870704,0 -5.200551,-0.43684 -6.98954,-1.31053 -1.747385,-0.8737 -3.037121,-2.12183 -3.869209,-3.744402 -0.540857,-1.040114 -0.936099,-2.829105 -1.185726,-5.366972 z M 49.723082,77.510217 c 0,5.699803 1.352143,10.130671 4.05643,13.292606 2.704286,3.161935 5.803814,4.742902 9.298583,4.742902 2.329847,0 4.784506,-0.686473 7.363979,-2.059418 2.579473,-1.41455 5.034133,-3.49477 7.363979,-6.240661 2.371451,-2.74589 4.306056,-6.219857 5.803815,-10.421902 1.497759,-4.243649 2.246638,-8.487298 2.246638,-12.730947 0,-5.658198 -1.41455,-10.047462 -4.243649,-13.167793 -2.787495,-3.12033 -6.199056,-4.680495 -10.234683,-4.680495 -2.662682,0 -5.179749,0.686473 -7.5512,2.059418 -2.329846,1.331341 -4.597286,3.494769 -6.802319,6.490286 -2.205033,2.995517 -3.97322,6.635903 -5.304561,10.921156 -1.331341,4.285253 -1.997012,8.216869 -1.997012,11.794848 z"
       id="path347"
       style="stroke-width:0.887561"
       sodipodi:nodetypes="ccsscscsscccccscsccsccsccscscssccscscccsccsccscscccssscccscscsss" />
  </g>
 </svg>
--- a/www/src/main.css
+++ b/www/src/main.css
@@ -1,31 +0,0 @@
 #menu {
  display: flex;
  flex-wrap: wrap;
  padding: 0;
 }
 #menu li {
  display: inline-block;
  padding-right: 0.5em;
 }
 #domain {
  margin-left: auto;
 }
 #domain a {
  color: #888;
 }
 .banner {
  width: 100%;
 }
 .experimental {
  margin: 3em 0;
  padding: 1em;
  border: 4px dashed red;
  color: red;
  font-weight: bold;
 }
--- a/www/src/page-layout.html
+++ b/www/src/page-layout.html
@@ -7,21 +7,14 @@
    {% endif %}
    <title>{{ config.mail_domain }} {{ pagename }}</title>
    <link rel="stylesheet" href="./water.css">
    <link rel="stylesheet" href="./main.css">
    <link rel="icon" href="/logo.svg">
    <link rel=”mask-icon” href=”/logo.svg” color=”#000000">
 </head>
 <body>
 <ul id="menu">
    <li><a href="index.html">home</a></li>
    <li><a href="info.html">info</a></li>
    <li><a href="privacy.html">privacy</a></li>
    <li><a href="https://github.com/deltachat/chatmail">public code ↗</a></li>
    <li id="domain"><a href="index.html">{{ config.mail_domain }}</a></li>
 </ul>
 {{ markdown_html }}
-
+<footer>
    <a href="index.html">home</a> |
    <a href="info.html">more info</a> |
    <a href="privacy.html">privacy</a> |
    <a href="https://github.com/deltachat/chatmail">-> public development </a>
 </footer>
 </body>
 </html>
--- a/www/src/privacy.md
+++ b/www/src/privacy.md
@@ -1,4 +1,4 @@
-<img class="banner" src="collage-privacy.png"/>
+<img width="800px" src="collage-privacy.png"/>
 # Privacy Policy for {{ config.mail_domain }}
Author	SHA1	Message	Date
holger krekel	009f549619	document some attributes in chatmail.ini	2023-12-09 01:20:17 +01:00
holger krekel	99d36235fe	get passthrough_recipients list from config	2023-12-09 01:07:37 +01:00
holger krekel	b52a8c969f	various fixes	2023-12-09 00:22:58 +01:00
holger krekel	8520a9d8f2	introduce basic config file	2023-12-08 21:56:15 +01:00
`@@ -1,4 +1,4 @@`
	`<img class="banner" src="collage-privacy.png"/>`	`<img width="800px" src="collage-privacy.png"/>`

	`# Privacy Policy for {{ config.mail_domain }}`	`# Privacy Policy for {{ config.mail_domain }}`