www: if invite_token is set, don't show the QR code & register button

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,5 @@
 blank_issues_enabled: true
 contact_links:
   - name: Mutual Help Chat Group
-    url: https://i.delta.chat/#6CBFF8FFD505C0FDEA20A66674F2916EA8FBEE99&a=invitebot%40nine.testrun.org&g=Chatmail%20Mutual%20Help&x=7sFF7Ik50pWv6J1z7RVC5527&i=X69wTFfvCfs3d-JzqP0kVA3i&s=ibp-447dU-wUq-52QanwAtWc
+    url: https://i.delta.chat/#C2846EB4C1CB8DF84B1818F5E3A638FC3FBDC981&a=stalebot1%40nine.testrun.org&g=Chatmail%20Mutual%20Help&x=7sFF7Ik50pWv6J1z7RVC5527&i=d7s1HvOsk5UrSf9AoqRZggg4&s=XmX_9BAW6-g5Ao5E8PyaeKNB
     about: If you have troubles setting up the relay server, feel free to ask here.

CHANGELOG.md

@@ -2,24 +2,12 @@
 
 ## untagged
 
-- Update iroh-relay to 0.35.0
-  ([#650](https://github.com/chatmail/relay/pull/650))
+- Enable invite-only chatmail relays with invite tokens
+  that can override disabled account creation
+  ([#600](https://github.com/chatmail/relay/pull/600))
 
-- Ignore all RCPT TO: parameters
-  ([#651](https://github.com/chatmail/relay/pull/651))
-
-- Use max username length in newemail.py, not min
-  ([#648](https://github.com/chatmail/relay/pull/648))
-
-- Increase maxproc for reinjecting ports from 10 to 100
-  ([#646](https://github.com/chatmail/relay/pull/646))
-
-- Add markdown tabs blocks for rendering multilingual pages.
-  Add russian language support to `index.md`, `privacy.md`, and `info.md`.
-  ([#658](https://github.com/chatmail/relay/pull/658))
-
-- Allow ports 143 and 993 to be used by `dovecot` process
-  ([#639](https://github.com/chatmail/relay/pull/639))
+- dovecot: keep mailbox index only in memory to avoid unnecessary disc usage 
+  ([#632](https://github.com/chatmail/relay/pull/632))
 
 ## 1.7.0 2025-09-11
 

README.md

@@ -284,8 +284,23 @@ Fresh chatmail addresses have a mailbox directory that contains:
   will typically be empty unless the user of that address hasn't been online 
   for a while. 
 
+## Restrict address creation
 
-## Emergency Commands to disable automatic address creation
+### Only allow new addresses with an invite token
+
+To restrict address creation for anyone who doesn't have the invite link/QR code:
+
+1. Use the `invite_token` option to add
+   one or more tokens of your choice to `chatmail.ini`:
+   `invite_token = s3cr3t privil3g3`
+   - (recommendation: choose 9 or more letters, or it will be easily bruteforced)
+2. Run `scripts/cmdeploy run`
+3. Distribute a `dcaccount` invite link/QR code
+   (like the one on your web page)
+   with one of your invite tokens added at the end,
+   for example: `dcaccount:https://example.org/new?s3cr3t`
+
+### Emergency Command to disable automatic address creation
 
 If you need to stop address creation,
 e.g. because some script is wildly creating addresses, 

chatmaild/src/chatmaild/config.py

@@ -31,12 +31,9 @@ class Config:
         self.username_min_length = int(params["username_min_length"])
         self.username_max_length = int(params["username_max_length"])
         self.password_min_length = int(params["password_min_length"])
+        self.invite_token = params.get("invite_token", "")
         self.passthrough_senders = params["passthrough_senders"].split()
         self.passthrough_recipients = params["passthrough_recipients"].split()
-        self.is_development_instance = (
-                params.get("is_development_instance", "true").lower() == "true"
-        )
-        self.languages = (params.get("languages", "EN").split())
         self.www_folder = params.get("www_folder", "")
         self.filtermail_smtp_port = int(params["filtermail_smtp_port"])
         self.filtermail_smtp_port_incoming = int(

chatmaild/src/chatmaild/doveauth.py

@@ -26,8 +26,19 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
     if os.path.exists(NOCREATE_FILE):
         logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
         return False
+    password_length = len(cleartext_password)
+    if config.invite_token:
+        for inv_token in config.invite_token.split():
+            if cleartext_password.startswith(inv_token):
+                password_length = len(cleartext_password) - len(inv_token)
+                break
+        else:
+            logging.warning(
+                "blocked account creation because password didn't contain invite token(s)."
+            )
+            return False
 
-    if len(cleartext_password) < config.password_min_length:
+    if password_length < config.password_min_length:
         logging.warning(
             "Password needs to be at least %s characters long",
             config.password_min_length,

chatmaild/src/chatmaild/filtermail.py

@@ -197,13 +197,11 @@ class HackedController(Controller):
 
 class SMTPDiscardRCPTO_options(SMTP):
     def _getparams(self, params):
-        # Ignore RCPT TO parameters.
-        #
-        # Otherwise parameters such as `ORCPT=...`
-        # or `NOTIFY=DELAY,FAILURE` (generated by Stalwart)
-        # make aiosmtpd reject the message here:
-        # <https://github.com/aio-libs/aiosmtpd/blob/98f578389ae86e5345cc343fa4e5a17b21d9c96d/aiosmtpd/smtp.py#L1379-L1384>
-        return {}
+        # aiosmtpd's SMTP daemon fails to handle a request if there are RCPT TO options
+        # We just ignore them for our incoming filtermail purposes
+        if len(params) == 1 and params[0].startswith("ORCPT"):
+            return {}
+        return super()._getparams(params)
 
 
 class OutgoingBeforeQueueHandler:

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -49,12 +49,6 @@ passthrough_recipients = xstore@testrun.org echo@{mail_domain}
 # Deployment Details
 #
 
-# A space-separated list of languages to be displayed on the site.
-# Now available languages: EN RU
-# You can also use the keyword "ALL"
-# NOTE: The order of languages affects their order on the page
-languages = EN
-
 # SMTP outgoing filtermail and reinjection 
 filtermail_smtp_port = 10080
 postfix_reinject_port = 10025

chatmaild/src/chatmaild/newemail.py

@@ -3,6 +3,7 @@
 """CGI script for creating new accounts."""
 
 import json
+import os
 import random
 import secrets
 import string
@@ -15,12 +16,16 @@ ALPHANUMERIC_PUNCT = string.ascii_letters + string.digits + string.punctuation
 
 
 def create_newemail_dict(config: Config):
-    user = "".join(random.choices(ALPHANUMERIC, k=config.username_max_length))
+    user = "".join(random.choices(ALPHANUMERIC, k=config.username_min_length))
     password = "".join(
         secrets.choice(ALPHANUMERIC_PUNCT)
         for _ in range(config.password_min_length + 3)
     )
-    return dict(email=f"{user}@{config.mail_domain}", password=f"{password}")
+    redirect_uri = os.getenv("REQUEST_URI", "/new")
+    invite_token = "" if redirect_uri == "/new" else redirect_uri[5:]
+    return dict(
+        email=f"{user}@{config.mail_domain}", password=f"{invite_token}{password}"
+    )
 
 
 def print_new_account():

chatmaild/src/chatmaild/tests/test_doveauth.py

@@ -64,12 +64,38 @@ def test_dont_overwrite_password_on_wrong_login(dictproxy):
     assert res["password"] == res2["password"]
 
 
-def test_nocreate_file(monkeypatch, tmpdir, dictproxy):
-    p = tmpdir.join("nocreate")
-    p.write("")
-    monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
-    dictproxy.lookup_passdb("newuser12@chat.example.org", "zequ0Aimuchoodaechik")
-    assert not dictproxy.lookup_userdb("newuser12@chat.example.org")
+@pytest.mark.parametrize(
+    ["nocreate_file", "account", "invite_token", "password"],
+    [
+        (False, True, "asdf", "asdfasdmaimfelsgwerw"),
+        (False, False, "asdf", "z9873240187420913798"),
+        (False, True, "", "dsaiujfw9fjiwf9w"),
+        (False, False, "asdf", "z987324018742asdf0913798"),
+        (False, True, "as df", "asj0wiefkj0ofkeefok"),
+        (False, True, "as df", "dfj0wiefkj0ofkeefok"),
+        (False, False, "as df", "j0wiefkj0ofas dfkeefok"),
+        (True, False, "asdf", "asdfmosadkdkfwdofkw"),
+        (True, False, "asdf", "z9873240187420913798"),
+        (True, False, "", "dsaiujfw9fjiwf9w"),
+    ],
+)
+def test_nocreate_file(
+    monkeypatch,
+    tmpdir,
+    dictproxy,
+    example_config,
+    nocreate_file: bool,
+    account: bool,
+    invite_token: str,
+    password: str,
+):
+    if nocreate_file:
+        p = tmpdir.join("nocreate")
+        p.write("")
+        monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
+    example_config.invite_token = invite_token
+    dictproxy.lookup_passdb("newuser12@chat.example.org", password)
+    assert bool(dictproxy.lookup_userdb("newuser12@chat.example.org")) == account
 
 
 def test_handle_dovecot_request(dictproxy):

cmdeploy/pyproject.toml

@@ -20,7 +20,6 @@ dependencies = [
   "pytest-xdist", 
   "execnet",
   "imap_tools",
-  "pymdown-extensions",
 ]
 
 [project.scripts]

cmdeploy/src/cmdeploy/__init__.py

@@ -13,7 +13,7 @@ from pathlib import Path
 from chatmaild.config import Config, read_config
 from pyinfra import facts, host, logger
 from pyinfra.api import FactBase
-from pyinfra.facts.files import File, Sha256File
+from pyinfra.facts.files import File
 from pyinfra.facts.server import Sysctl
 from pyinfra.facts.systemd import SystemdEnabled
 from pyinfra.operations import apt, files, pip, server, systemd
@@ -555,12 +555,12 @@ def deploy_mtail(config):
 def deploy_iroh_relay(config) -> None:
     (url, sha256sum) = {
         "x86_64": (
-            "https://github.com/n0-computer/iroh/releases/download/v0.35.0/iroh-relay-v0.35.0-x86_64-unknown-linux-musl.tar.gz",
-            "45c81199dbd70f8c4c30fef7f3b9727ca6e3cea8f2831333eeaf8aa71bf0fac1",
+            "https://github.com/n0-computer/iroh/releases/download/v0.28.1/iroh-relay-v0.28.1-x86_64-unknown-linux-musl.tar.gz",
+            "2ffacf7c0622c26b67a5895ee8e07388769599f60e5f52a3bd40a3258db89b2c",
         ),
         "aarch64": (
-            "https://github.com/n0-computer/iroh/releases/download/v0.35.0/iroh-relay-v0.35.0-aarch64-unknown-linux-musl.tar.gz",
-            "f8ef27631fac213b3ef668d02acd5b3e215292746a3fc71d90c63115446008b1",
+            "https://github.com/n0-computer/iroh/releases/download/v0.28.1/iroh-relay-v0.28.1-aarch64-unknown-linux-musl.tar.gz",
+            "b915037bcc1ff1110cc9fcb5de4a17c00ff576fd2f568cd339b3b2d54c420dc4",
         ),
     }[host.get_fact(facts.server.Arch)]
 
@@ -569,18 +569,15 @@ def deploy_iroh_relay(config) -> None:
         packages=["curl"],
     )
 
-    need_restart = False
+    server.shell(
+        name="Download iroh-relay",
+        commands=[
+            f"(echo '{sha256sum} /usr/local/bin/iroh-relay' | sha256sum -c) || (curl -L {url} | gunzip | tar -x -f - ./iroh-relay -O >/usr/local/bin/iroh-relay.new && mv /usr/local/bin/iroh-relay.new /usr/local/bin/iroh-relay)",
+            "chmod 755 /usr/local/bin/iroh-relay",
+        ],
+    )
 
-    existing_sha256sum = host.get_fact(Sha256File, "/usr/local/bin/iroh-relay")
-    if existing_sha256sum != sha256sum:
-        server.shell(
-            name="Download iroh-relay",
-            commands=[
-                f"(curl -L {url} | gunzip | tar -x -f - ./iroh-relay -O >/usr/local/bin/iroh-relay.new && (echo '{sha256sum} /usr/local/bin/iroh-relay.new' | sha256sum -c) && mv /usr/local/bin/iroh-relay.new /usr/local/bin/iroh-relay)",
-                "chmod 755 /usr/local/bin/iroh-relay",
-            ],
-        )
-        need_restart = True
+    need_restart = False
 
     systemd_unit = files.put(
         name="Upload iroh-relay systemd unit",
@@ -682,11 +679,11 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         (["master", "smtpd"], 25),
         ("unbound", 53),
         ("acmetool", 80),
-        (["imap-login", "dovecot"], 143),
+        ("imap-login", 143),
         ("nginx", 443),
         (["master", "smtpd"], 465),
         (["master", "smtpd"], 587),
-        (["imap-login", "dovecot"], 993),
+        ("imap-login", 993),
         ("iroh-relay", 3340),
         ("nginx", 8443),
         (["master", "smtpd"], config.postfix_reinject_port),
@@ -699,9 +696,7 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         running_service = host.get_fact(Port, port=port)
         if running_service:
             if running_service not in service:
-                Out().red(
-                    f"Deploy failed: port {port} is occupied by: {running_service}"
-                )
+                Out().red(f"Deploy failed: port {port} is occupied by: {running_service}")
                 exit(1)
 
     apt.packages(
@@ -813,12 +808,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
         restarted=nginx_need_restart,
     )
 
-    systemd.service(
-        name="Restart echobot if postfix and dovecot were just started",
-        service="echobot.service",
-        restarted=postfix_need_restart and dovecot_need_restart,
-    )
-
     # This file is used by auth proxy.
     # https://wiki.debian.org/EtcMailName
     server.shell(

cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2

@@ -68,7 +68,7 @@ userdb {
 ##
 
 # Mailboxes are stored in the "mail" directory of the vmail user home.
-mail_location = maildir:{{ config.mailboxes_dir }}/%u
+mail_location = maildir:{{ config.mailboxes_dir }}/%u:INDEX=MEMORY
 
 namespace inbox {
   inbox = yes

cmdeploy/src/cmdeploy/nginx/nginx.conf.j2

@@ -84,12 +84,13 @@ http {
 			if ($request_method = GET) {
 				# Redirect to Delta Chat,
 				# which will in turn do a POST request.
-				return 301 dcaccount:https://{{ config.domain_name }}/new;
+				return 301 dcaccount:https://{{ config.domain_name }}$request_uri;
 			}
 
 			fastcgi_pass unix:/run/fcgiwrap.socket;
 			include /etc/nginx/fastcgi_params;
 			fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/newemail.py;
+			fastcgi_param QUERY_STRING $query_string;
 		}
 
 		# Old URL for compatibility with e.g. printed QR codes.
@@ -100,7 +101,7 @@ http {
 		# Redirects are only for browsers.
 		location /cgi-bin/newemail.py {
 			if ($request_method = GET) {
-				return 301 dcaccount:https://{{ config.domain_name }}/new;
+				return 301 dcaccount:https://{{ config.domain_name }}$request_uri;
 			}
 
 			fastcgi_pass unix:/run/fcgiwrap.socket;

cmdeploy/src/cmdeploy/postfix/master.cf.j2

@@ -77,13 +77,13 @@ scache    unix  -       -       y       -       1       scache
 postlog   unix-dgram n  -       n       -       1       postlogd
 filter    unix -        n       n       -       -       lmtp
 # Local SMTP server for reinjecting outgoing filtered mail.
-127.0.0.1:{{ config.postfix_reinject_port }} inet  n       -       n       -       100      smtpd
+127.0.0.1:{{ config.postfix_reinject_port }} inet  n       -       n       -       10      smtpd
   -o syslog_name=postfix/reinject
   -o smtpd_milters=unix:opendkim/opendkim.sock
   -o cleanup_service_name=authclean
 
 # Local SMTP server for reinjecting incoming filtered mail 
-127.0.0.1:{{ config.postfix_reinject_port_incoming }} inet  n       -       n       -       100      smtpd
+127.0.0.1:{{ config.postfix_reinject_port_incoming }} inet  n       -       n       -       10      smtpd
   -o syslog_name=postfix/reinject_incoming
   -o smtpd_milters=unix:opendkim/opendkim.sock
 

cmdeploy/src/cmdeploy/www.py

@@ -11,13 +11,6 @@ from jinja2 import Template
 
 from .genqr import gen_qr_png_data
 
-LANGUAGE_NAMES = {
-    "EN": " 🇬🇧 English",
-    "RU": " 🇷🇺 Русский",
-    # "UA": "Українська",
-    # "FR": "Français",
-    # "DE": "Deutsch",
-}
 
 def snapshot_dir_stats(somedir):
     d = {}
@@ -29,59 +22,12 @@ def snapshot_dir_stats(somedir):
     return d
 
 
-def prepare_template(source, locales_dir, languages=["EN"]):
-    assert source.exists(), f"Template {source} not found."
-    assert locales_dir.exists(), f"Locales directory {locales_dir} not found."
-    base_name = source.stem
-    render_vars = {
-        "pagename": "home" if base_name == "index" else base_name
-    }
-
-    selected_langs = (
-        sorted([d.name.upper() for d in locales_dir.iterdir() if d.is_dir()])
-        if "ALL" in [l.upper() for l in languages]
-        else [l.upper() for l in languages]
-    )
-
-    markdown_blocks = []
-
-    tabs_enabled = False
-    if len(selected_langs) > 1:
-        tabs_enabled = True
-
-    for lang_code in selected_langs:
-        lang_folder = locales_dir / lang_code
-        lang_file = lang_folder / f"{base_name}.md"
-        lang_name = LANGUAGE_NAMES.get(lang_code, lang_code)
-
-        if lang_file.exists():
-            content = lang_file.read_text().strip()
-        else:
-            print(f"[WARNING]: Missing file {lang_file}. Inserting fallback message.")
-            content = "Content for this language is not available, please contact your server administrator."
-
-        if tabs_enabled:
-            markdown_blocks.append(f"/// tab | {lang_name}\n{content}\n///")
-            continue
-
-        markdown_blocks.append(content)
-
-    if not markdown_blocks:
-        print("[WARNING] No valid language content found. Skipping file.")
-        return None, None
-
-    original_markdown = source.read_text()
-    combined_markdown = original_markdown.replace("%content placeholder%", "\n\n".join(markdown_blocks))
-
-    render_vars["markdown_html"] = markdown.markdown(
-        combined_markdown,
-        extensions=["pymdownx.blocks.tab"]
-    )
-
-    page_layout_path = source.with_name("page-layout.html")
-    assert page_layout_path.exists(), f"Missing template: {page_layout_path}"
-    page_layout = page_layout_path.read_text()
-
+def prepare_template(source):
+    assert source.exists(), source
+    render_vars = {}
+    render_vars["pagename"] = "home" if source.stem == "index" else source.stem
+    render_vars["markdown_html"] = markdown.markdown(source.read_text())
+    page_layout = source.with_name("page-layout.html").read_text()
     return render_vars, page_layout
 
 
@@ -134,7 +80,6 @@ def int_to_english(number):
 
 def _build_webpages(src_dir, build_dir, config):
     mail_domain = config.mail_domain
-    languages = config.languages
     assert src_dir.exists(), src_dir
     if not build_dir.exists():
         build_dir.mkdir()
@@ -142,19 +87,18 @@ def _build_webpages(src_dir, build_dir, config):
     qr_path = build_dir.joinpath(f"qr-chatmail-invite-{mail_domain}.png")
     qr_path.write_bytes(gen_qr_png_data(mail_domain).read())
 
-    locales_dir = src_dir / "locales"
-
     for path in src_dir.iterdir():
         if path.suffix == ".md":
-            render_vars, content = prepare_template(path, locales_dir, languages)
-
-            if render_vars is None:
-                continue
-
-            render_vars["username_min_length"] = int_to_english(config.username_min_length)
-            render_vars["username_max_length"] = int_to_english(config.username_max_length)
-            render_vars["password_min_length"] = int_to_english(config.password_min_length)
-
+            render_vars, content = prepare_template(path)
+            render_vars["username_min_length"] = int_to_english(
+                config.username_min_length
+            )
+            render_vars["username_max_length"] = int_to_english(
+                config.username_max_length
+            )
+            render_vars["password_min_length"] = int_to_english(
+                config.password_min_length
+            )
             target = build_dir.joinpath(path.stem + ".html")
 
             # recursive jinja2 rendering
@@ -166,11 +110,9 @@ def _build_webpages(src_dir, build_dir, config):
 
             with target.open("w") as f:
                 f.write(content)
-
-        elif path.name != "page-layout.html" and path.name != "locales":
+        elif path.name != "page-layout.html":
             target = build_dir.joinpath(path.name)
             target.write_bytes(path.read_bytes())
-
     return build_dir
 
 

www/src/index.md

@@ -1,8 +1,34 @@
 
 <img class="banner" src="collage-top.png"/>
 
-%content placeholder%
+## Dear [Delta Chat](https://get.delta.chat) users and newcomers ... 
 
-{% if config.is_development_instance == True %}
+{% if config.mail_domain != "nine.testrun.org" %}
+Welcome to instant, interoperable and [privacy-preserving](privacy.html) messaging :) 
+{% else %}
+Welcome to the default onboarding server ({{ config.mail_domain }}) 
+for Delta Chat users.  For details how it avoids storing personal information
+please see our [privacy policy](privacy.html). 
+{% endif %}
+
+{% if not config.invite_token %}
+<a class="cta-button" href="DCACCOUNT:https://{{ config.mail_domain }}/new">Get a {{config.mail_domain}} chat profile</a>
+
+If you are viewing this page on a different device
+without a Delta Chat app,
+you can also **scan this QR code** with Delta Chat:
+
+<a href="DCACCOUNT:https://{{ config.mail_domain }}/new">
+    <img width=300 style="float: none;" src="qr-chatmail-invite-{{config.mail_domain}}.png" /></a>
+
+🐣 **Choose** your Avatar and Name
+
+💬 **Start** chatting with any Delta Chat contacts using [QR invite codes](https://delta.chat/en/help#howtoe2ee)
+{% else %}
+**To join this instance, you need an invite link or QR code -
+ask the admin for an invite.**
+{% endif %}
+
+{% if config.mail_domain != "nine.testrun.org" %}
 <div class="experimental">Note: this is only a temporary development chatmail service</div>
 {% endif %}

www/src/info.md

@@ -1,3 +1,43 @@
-<img class="banner" src="collage-info.png"/>
 
-%content placeholder%
+## More information 
+
+{{ config.mail_domain }} provides a low-maintenance, resource efficient and 
+interoperable e-mail service for everyone. What's behind a `chatmail` is 
+effectively a normal e-mail address just like any other but optimized 
+for the usage in chats, especially DeltaChat.
+
+
+### Rate and storage limits 
+
+- Un-encrypted messages are blocked to recipients outside
+  {{config.mail_domain}} but setting up contact via [QR invite codes](https://delta.chat/en/help#howtoe2ee) 
+  allows your messages to pass freely to any outside recipients.
+
+- You may send up to {{ config.max_user_send_per_minute }} messages per minute.
+
+- You can store up to [{{ config.max_mailbox_size }} messages on the server](https://delta.chat/en/help#what-happens-if-i-turn-on-delete-old-messages-from-server).
+
+- Messages are unconditionally removed latest {{ config.delete_mails_after }} days after arriving on the server.
+  Earlier, if storage may exceed otherwise.
+
+
+### <a name="account-deletion"></a> Account deletion 
+
+If you remove a {{ config.mail_domain }} profile from within the Delta Chat app, 
+then the according account on the server, along with all associated data,
+is automatically deleted {{ config.delete_inactive_users_after }} days afterwards. 
+
+If you use multiple devices 
+then you need to remove the according chat profile from each device
+in order for all account data to be removed on the server side. 
+
+If you have any further questions or requests regarding account deletion
+please send a message from your account to {{ config.privacy_mail }}. 
+
+
+### Who are the operators? Which software is running? 
+
+This chatmail provider is run by a small voluntary group of devs and sysadmins,
+who [publically develop chatmail provider setups](https://github.com/deltachat/chatmail).
+Chatmail setups aim to be very low-maintenance, resource efficient and 
+interoperable with any other standards-compliant e-mail service. 

www/src/main.css

@@ -84,57 +84,3 @@ code {
     color: white !important;
     font-weight: bold;
 }
-
-.tabbed-set {
-  position: relative;
-  display: flex;
-  flex-wrap: wrap;
-  margin: 1em 0;
-  border-radius: 0.1rem;
-}
-
-.tabbed-set > input {
-  display: none;
-}
-
-.tabbed-set label {
-  width: auto;
-  padding: 0.9375em 1.25em 0.78125em;
-  font-weight: 700;
-  font-size: 0.84em;
-  white-space: nowrap;
-  border-bottom: 0.15rem solid transparent;
-  border-top-left-radius: 0.1rem;
-  border-top-right-radius: 0.1rem;
-  cursor: pointer;
-  transition: background-color 250ms, color 250ms;
-}
-
-.tabbed-set .tabbed-content {
-  width: 100%;
-  display: none;
-  box-shadow: 0 -.05rem #ddd;
-}
-
-.tabbed-set input {
-  position: absolute;
-  opacity: 0;
-}
-
-.tabbed-set input:checked:nth-child(n+1) + label {
-  color: red;
-  border-color: red;
-}
-
-@media screen {
-  .tabbed-set input:nth-child(n+1):checked + label + .tabbed-content {
-    order: 99;
-    display: block;
-  }
-}
-
-@media print {
-  .tabbed-content {
-    display: contents;
-  }
-}

www/src/privacy.md

@@ -1,3 +1,271 @@
-<img class="banner" src="collage-privacy.png"/>
 
-%content placeholder%
+# Privacy Policy for {{ config.mail_domain }} 
+
+{% if config.mail_domain == "nine.testrun.org" %}
+Welcome to `{{config.mail_domain}}`, the default chatmail onboarding server for Delta Chat users. 
+It is operated on the side by a small sysops team
+on a voluntary basis.
+See [other chatmail servers](https://delta.chat/en/chatmail) for alternative server operators. 
+{% endif %}
+
+
+## Summary: No personal data asked or collected 
+
+This chatmail server neither asks for nor retains personal information. 
+Chatmail servers exist to reliably transmit (store and deliver) end-to-end encrypted messages
+between user's devices running the Delta Chat messenger app. 
+Technically, you may think of a Chatmail server as 
+an end-to-end encrypted "messaging router" at Internet-scale. 
+
+A chatmail server is very unlike classic e-mail servers (for example Google Mail servers)
+that ask for personal data and permanently store messages. 
+A chatmail server behaves more like the Signal messaging server 
+but does not know about phone numbers and securely and automatically interoperates 
+with other chatmail and classic e-mail servers. 
+
+Unlike classic e-mail servers, this chatmail server 
+
+- unconditionally removes messages after {{ config.delete_mails_after }} days,
+
+- prohibits sending out un-encrypted messages,
+
+- does not store Internet addresses ("IP addresses"), 
+
+- does not process IP addresses in relation to email addresses.
+
+Due to the resulting lack of personal data processing
+this chatmail server may not require a privacy policy.
+
+Nevertheless, we provide legal details below to make life easier
+for data protection specialists and lawyers scrutinizing chatmail operations.
+
+
+
+## 1. Name and contact information 
+
+Responsible for the processing of your personal data is:
+```
+{{ config.privacy_postal }}
+```
+
+E-mail: {{ config.privacy_mail }}
+
+We have appointed a data protection officer:
+
+```
+{{ config.privacy_pdo }}
+```
+
+## 2. Processing when using chat e-mail services
+
+We provide services optimized for the use from [Delta Chat](https://delta.chat) apps
+and process only the data necessary
+for the setup and technical execution of message delivery.
+The purpose of the processing is that users can
+read, write, manage, delete, send, and receive chat messages.
+For this purpose,
+we operate server-side software
+that enables us to send and receive messages.
+
+We process the following data and details:
+
+- Outgoing and incoming messages (SMTP) are stored for transit
+  on behalf of their users until the message can be delivered.
+
+- E-Mail-Messages are stored for the recipient and made accessible via IMAP protocols,
+  until explicitly deleted by the user or until a fixed time period is exceeded,
+  (*usually 4-8 weeks*).
+
+- IMAP and SMTP protocols are password protected with unique credentials for each account.
+
+- Users can retrieve or delete all stored messages
+  without intervention from the operators using standard IMAP client tools.
+
+- Users can connect to a "realtime relay service"
+  to establish Peer-to-Peer connection between user devices,
+  allowing them to send and retrieve ephemeral messages
+  which are never stored on the chatmail server, also not in encrypted form.
+
+
+### 2.1 Account setup
+
+Creating an account happens in one of two ways on our mail servers: 
+
+- with a QR invitation token 
+  which is scanned using the Delta Chat app
+  and then the account is created.
+
+- by letting Delta Chat otherwise create an account 
+  and register it with a {{ config.mail_domain }} mail server. 
+
+In either case, we process the newly created email address.
+No phone numbers,
+other email addresses,
+or other identifiable data
+is currently required.
+The legal basis for the processing is
+Art. 6 (1) lit. b GDPR,
+as you have a usage contract with us
+by using our services.
+
+### 2.2 Processing of E-Mail-Messages
+
+In addition,
+we will process data
+to keep the server infrastructure operational
+for purposes of e-mail dispatch
+and abuse prevention.
+
+- Therefore,
+  it is necessary to process the content and/or metadata
+  (e.g., headers of the email as well as smtp chatter)
+  of E-Mail-Messages in transit. 
+
+- We will keep logs of messages in transit for a limited time.
+  These logs are used to debug delivery problems and software bugs.
+
+In addition,
+we process data to protect the systems from excessive use.
+Therefore, limits are enforced:
+
+- rate limits
+
+- storage limits
+
+- message size limits
+
+- any other limit necessary for the whole server to function in a healthy way
+  and to prevent abuse.
+
+The processing and use of the above permissions
+are performed to provide the service.
+The data processing is necessary for the use of our services,
+therefore the legal basis of the processing is
+Art. 6 (1) lit. b GDPR,
+as you have a usage contract with us
+by using our services.
+The legal basis for the data processing
+for the purposes of security and abuse prevention is
+Art. 6 (1) lit. f GDPR.
+Our legitimate interest results
+from the aforementioned purposes.
+We will not use the collected data
+for the purpose of drawing conclusions
+about your person.
+
+
+## 3. Processing when using our Website
+
+When you visit our website,
+the browser used on your end device
+automatically sends information to the server of our website.
+This information is temporarily stored in a so-called log file.
+The following information is collected and stored
+until it is automatically deleted
+(*usually 7 days*):
+
+- used type of browser,
+
+- used operating system, 
+
+- access date and time as well as
+
+- country of origin and IP address, 
+
+- the requested file name or HTTP resource,
+
+- the amount of data transferred,
+
+- the access status (file transferred, file not found, etc.) and
+
+- the page from which the file was requested.
+
+This website is hosted by an external service provider (hoster).
+The personal data collected on this website is stored
+on the hoster's servers.
+Our hoster will process your data
+only to the extent necessary to fulfill its obligations
+to perform under our instructions.
+In order to ensure data protection-compliant processing,
+we have concluded a data processing agreement with our hoster.
+
+The aforementioned data is processed by us for the following purposes:  
+
+- Ensuring a reliable connection setup of the website,
+
+- ensuring a convenient use of our website,
+
+- checking and ensuring system security and stability, and
+
+- for other administrative purposes.
+
+The legal basis for the data processing is
+Art. 6 (1) lit. f GDPR.
+Our legitimate interest results
+from the aforementioned purposes of data collection.
+We will not use the collected data
+for the purpose of drawing conclusions about your person.
+
+## 4. Transfer of Data
+
+We do not retain any personal data but e-mail messages waiting to be delivered 
+may contain personal data.
+Any such residual personal data will not be transferred to third parties
+for purposes other than those listed below:
+
+a) you have given your express consent
+in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,  
+
+b) the disclosure is necessary for the assertion, exercise or defence of legal claims
+pursuant to Art. 6 (1) sentence 1 lit. f GDPR
+and there is no reason to assume that you have
+an overriding interest worthy of protection
+in the non-disclosure of your data,  
+
+c) in the event that there is a legal obligation to disclose your data
+pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
+as well as  
+
+d) this is legally permissible and necessary
+in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR
+for the processing of contractual relationships with you,  
+
+e) this is carried out by a service provider
+acting on our behalf and on our exclusive instructions,
+whom we have carefully selected (Art. 28 (1) GDPR)
+and with whom we have concluded a corresponding contract on commissioned processing (Art. 28 (3) GDPR),
+which obliges our contractor,
+among other things,
+to implement appropriate security measures
+and grants us comprehensive control powers.
+
+## 5. Rights of the data subject
+
+The rights arise from Articles 12 to 23 GDPR.
+Since no personal data is stored on our servers,
+even in encrypted form,
+there is no need to provide information
+on these or possible objections.
+A deletion can be made
+directly in the Delta Chat email messenger.
+
+If you have any questions or complaints, 
+please feel free to contact us by email:  
+{{ config.privacy_mail }}
+
+As a rule, you can contact the supervisory authority of your usual place of residence
+or workplace
+or our registered office for this purpose.
+The supervisory authority responsible for our place of business
+is the `{{ config.privacy_supervisor }}`.
+
+
+## 6. Validity of this privacy policy 
+
+This data protection declaration is valid
+as of *October 2024*.
+Due to the further development of our service and offers
+or due to changed legal or official requirements,
+it may become necessary to revise this data protection declaration from time to time.
+
+