tests: other bots could be in passthrough_recipients

Without this option parsing of answer was flaky
as for long records like
_submission._tcp.nine.testrun.org.
dig printed the result with a space rather
than tab as a separator and .split("\t") did not work.

This change makes the `dig` command print the answer
in the form we need so there is no need for complex parsing
other than taking the first line.

`-r` option is added to make sure options are not changed by .digrc
in the root home directory.

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -33,7 +33,7 @@ password_min_length = 9
 passthrough_senders =
 
 # list of e-mail recipients for which to accept outbound un-encrypted mails
-passthrough_recipients =
+passthrough_recipients = xstore@testrun.org groupsbot@hispanilandia.net
 
 #
 # Deployment Details

chatmaild/src/chatmaild/ini/override-testrun.ini

@@ -1,7 +1,7 @@
 
 [privacy]
 
-passthrough_recipients = privacy@testrun.org
+passthrough_recipients = privacy@testrun.org xstore@testrun.org groupsbot@hispanilandia.net
 
 privacy_postal =
     Merlinux GmbH, Represented by the managing director H. Krekel,

chatmaild/src/chatmaild/tests/test_config.py

@@ -28,5 +28,5 @@ def test_read_config_testrun(make_config):
     assert config.username_min_length == 9
     assert config.username_max_length == 9
     assert config.password_min_length == 9
-    assert config.passthrough_recipients == ["privacy@testrun.org"]
+    assert "privacy@testrun.org" in config.passthrough_recipients
     assert config.passthrough_senders == []

cmdeploy/src/cmdeploy/acmetool/__init__.py

@@ -1,6 +1,8 @@
 import importlib.resources
 
 from pyinfra.operations import apt, files, systemd, server
+from pyinfra import host
+from pyinfra.facts.systemd import SystemdStatus
 
 
 def deploy_acmetool(nginx_hook=False, email="", domains=[]):
@@ -55,6 +57,13 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
         group="root",
         mode="644",
     )
+    if host.get_fact(SystemdStatus).get("nginx.service"):
+        systemd.service(
+            name="Stop nginx service to free port 80",
+            service="nginx",
+            running=False,
+        )
+
     systemd.service(
         name="Setup acmetool-redirector service",
         service="acmetool-redirector.service",

cmdeploy/src/cmdeploy/dns.py

@@ -37,21 +37,15 @@ class DNS:
 
     def get(self, typ: str, domain: str) -> str | None:
         """Get a DNS entry"""
-        dig_result = self.shell(f"dig {typ} {domain}")
+        dig_result = self.shell(f"dig -r -q {domain} -t {typ} +short")
-        line_num = 0
+        line = dig_result.partition("\n")[0]
-        for line in dig_result.splitlines():
+        if line:
-            line_num += 1
+            return line
-            if line.strip() == ";; ANSWER SECTION:":
-                return dig_result.splitlines()[line_num].split("\t")[-1]
 
-    def check_ptr_record(self, ip: str, mail_domain) -> str:
+    def check_ptr_record(self, ip: str, mail_domain) -> bool:
         """Check the PTR record for an IPv4 or IPv6 address."""
-        result = self.get("-x", ip)
+        result = self.shell(f"dig -r -x {ip} +short").rstrip()
-        if result:
+        return result == f"{mail_domain}."
-            if ip_address(ip).version == 6:
-                result = result.split()[-1]
-            if result[:-1] == mail_domain:
-                return result
 
 
 def show_dns(args, out):

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -11,9 +11,8 @@ append_dot_mydomain = no
 
 readme_directory = no
 
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# See http://www.postfix.org/COMPATIBILITY_README.html
-# fresh installs.
+compatibility_level = 3.6
-compatibility_level = 2
 
 # TLS parameters
 smtpd_tls_cert_file=/var/lib/acme/live/{{ config.mail_domain }}/fullchain