feat!: ignore passthrough_sender and passthrough_recipients to eliminate one more source of unencrypted messages

When running "cmdeploy run" operators will see a warning if their chatmail.ini contains these unused options.
2026-05-14 18:04:38 +00:00 · 2026-05-14 18:04:47 +02:00
4 changed files with 18 additions and 11 deletions
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -41,8 +41,8 @@ class Config:
        self.username_min_length = int(params.get("username_min_length", 9))
        self.username_max_length = int(params.get("username_max_length", 9))
        self.password_min_length = int(params.get("password_min_length", 9))
-        self.passthrough_senders = params.get("passthrough_senders", "").split()
-        self.passthrough_recipients = params.get("passthrough_recipients", "").split()
+        _unused = ("passthrough_senders", "passthrough_recipients")
+        self.unused_keys = [k for k in _unused if params.get(k)]
        self.www_folder = params.get("www_folder", "")
        self.filtermail_smtp_port = int(params.get("filtermail_smtp_port", "10080"))
        self.filtermail_smtp_port_incoming = int(
--- a/chatmaild/src/chatmaild/ini/chatmail.ini.f
+++ b/chatmaild/src/chatmaild/ini/chatmail.ini.f
@@ -42,13 +42,6 @@ mail_domain = {mail_domain}
 # minimum length a password must have
 #password_min_length = 9

-# list of chatmail addresses which can send outbound un-encrypted mail
-#passthrough_senders =
-
-# list of e-mail recipients for which to accept outbound un-encrypted mails
-# (space-separated, item may start with "@" to whitelist whole recipient domains)
-#passthrough_recipients =
-
 # Use externally managed TLS certificates instead of built-in acmetool.
 # Paths refer to files on the deployment server (not the build machine).
 # Both files must already exist before running cmdeploy.
--- a/chatmaild/src/chatmaild/tests/test_config.py
+++ b/chatmaild/src/chatmaild/tests/test_config.py
@@ -45,8 +45,12 @@ def test_read_config_basic_using_defaults(tmp_path, maildomain):
    assert example_config.username_min_length == 9
    assert example_config.username_max_length == 9
    assert example_config.password_min_length == 9
-    assert example_config.passthrough_recipients == []
-    assert example_config.passthrough_senders == []
+    assert example_config.unused_keys == []
+
+
+def test_config_unused_keys(make_config):
+    config = make_config("chat.example.org", {"passthrough_senders": "x@y.org"})
+    assert config.unused_keys == ["passthrough_senders"]


 def test_config_userstate_paths(make_config, tmp_path):
--- a/cmdeploy/src/cmdeploy/cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/cmdeploy.py
@@ -84,6 +84,15 @@ def run_cmd_options(parser):
    add_ssh_host_option(parser)


+def _warn_unused_settings(unused_keys, out):
+    if unused_keys:
+        names = ", ".join(unused_keys)
+        out.red(
+            f"WARNING: chatmail.ini contains settings that have no effect: {names}\n"
+            "Please remove them from chatmail.ini."
+        )
+
+
 def run_cmd(args, out):
    """Deploy chatmail services on the remote server."""

@@ -125,6 +134,7 @@ def run_cmd(args, out):
            out.green("Deploy completed.")
        else:
            out.green("Deploy completed, call `cmdeploy dns` next.")
+        _warn_unused_settings(args.config.unused_keys, out)
        return 0
    except subprocess.CalledProcessError:
        out.red("Deploy failed")