some reformatting and striking overall

some improvements, adding a bnech
add ping-pong bench and formatting
2026-05-11 16:34:39 +00:00 · 2023-10-20 11:03:02 +02:00 · 2023-10-20 10:59:26 +02:00 · 2023-10-20 10:28:16 +02:00 · 2023-10-19 02:00:02 +02:00
40 changed files with 604 additions and 787 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,31 +0,0 @@
 name: CI
 on:
  pull_request:
  push:
 jobs:
  tox:
    name: chatmail tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: run chatmaild tests 
        working-directory: chatmaild
        run: pipx run tox
      - name: run deploy-chatmail offline tests 
        working-directory: deploy-chatmail
        run: pipx run tox
      - name: run deploy-chatmail offline tests 
        working-directory: deploy-chatmail
        run: pipx run tox
  scripts:
    name: chatmail script invocations 
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: run init.sh 
        run: ./scripts/init.sh 
      - name: run test.sh 
        run: ./scripts/test.sh 
--- a/.gitignore
+++ b/.gitignore
@@ -159,5 +159,3 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 chatmail.zone
--- a/README.md
+++ b/README.md
@@ -1,61 +1,23 @@
-# Chatmail instances optimized for Delta Chat apps 
+# Chat Mail server configuration
-This repository helps to setup a ready-to-use chatmail instance
+This repository setups a ready-to-go chatmail instance
 comprised of a minimal setup of the battle-tested 
-[postfix smtp](https://www.postfix.org) and [dovecot imap](https://www.dovecot.org) services. 
+[postfix smtp server](https://www.postfix.org) and [dovecot imap server](https://www.dovecot.org).
-The setup is designed and optimized for providing chatmail accounts 
+## Getting started 
 for use by [Delta Chat apps](https://delta.chat).
-Chatmail accounts are automatically created by a first login, 
+1. prepare your local system:
 after which the initially specified password is required for using them. 
 ## Getting Started deploying your own chatmail instance
 1. Prepare your local (presumably Linux) system:
    scripts/init.sh 
-2. Setup a domain with `A` and `AAAA` records for your chatmail server.
+2. set environment variable to the chatmail domain you want to setup:
 3. Set environment variable to the chatmail domain you want to setup:
    export CHATMAIL_DOMAIN=c1.testrun.org   # replace with your host
-4. Deploy the chat mail instance to your chatmail server: 
+3. run the deploy of the chat mail instance: 
    scripts/deploy.sh 
   This script uses `pyinfra` and `ssh` to setup packages and configure
   the chatmail instance on your remote server. 
 5. Run `scripts/generate-dns-zone.sh` and 
   transfer the generated DNS records at your DNS provider
 6. Start a Delta Chat app and create a new account 
   by typing an e-mail address with an arbitrary username 
   and `@<your-chatmail-domain>` appended. 
   Use an at least 10-character random password. 
 ### Ports
 Postfix listens on ports 25 (smtp) and 587 (submission) and 465 (submissions).
 Dovecot listens on ports 143(imap) and 993 (imaps).
 Delta Chat will, however, discover all ports and configurations 
 automatically by reading the `autoconfig.xml` file from the chatmail instance. 
 ## Emergency Commands to disable automatic account creation 
 If you need to stop account creation,
 e.g. because some script is wildly creating accounts, run:
    touch /etc/chatmail-nocreate
 While this file is present, account creation will be blocked. 
 ## Running tests and benchmarks (offline and online) 
@@ -70,26 +32,28 @@ While this file is present, account creation will be blocked.
    scripts/bench.sh 
 ## Running tests (offline and online) 
-## Development Background for chatmail instances 
+```
 ## Dovecot/Postfix configuration
-This repository drives the development of "chatmail instances", 
+### Ports
 comprised of minimal setups of 
- [postfix smtp server](https://www.postfix.org) 
+Postfix listens on ports 25 (smtp) and 587 (submission) and 465 (submissions).
- [dovecot imap server](https://www.dovecot.org) 
+Dovecot listens on ports 143(imap) and 993 (imaps).
-as well as two custom services that are integrated with these two: 
+## DNS
- `chatmaild/src/chatmaild/dictproxy.py` implements 
+For DKIM you must add a DNS entry as found in /etc/opendkim/selector.txt on your chatmail instance.
-  create-on-login account creation semantics and is used
+The above `scripts/deploy.sh` prints out the DKIM selector and DNS entry you
-  by Dovecot during login authentication and by Postfix
+need to setup with your DNS provider. 
  which in turn uses Dovecot SASL to authenticate users
  to send mails for them. 
 - `chatmaild/src/chatmaild/filtermail.py` prevents 
  unencrypted e-mail from leaving the chatmail instance
  and is integrated into postfix's outbound mail pipelines. 
 ## Emergency Commands
 If you need to stop account creation,
 e.g. because some script is wildly creating accounts,
 just run `touch /tmp/nocreate`.
 You can remove the file
 as soon as the attacker was banned
 by different means.
--- a/chatmaild/pyproject.toml
+++ b/chatmaild/pyproject.toml
@@ -20,7 +20,7 @@ addopts = "-v -ra --strict-markers"
 legacy_tox_ini = """
 [tox]
 isolated_build = true
-envlist = lint,py
+envlist = lint
 [testenv:lint]
 skipdist = True
@@ -31,10 +31,4 @@ deps =
 commands =
  black --quiet --check --diff src/
  ruff src/
 [testenv]
 passenv = CHATMAIL_DOMAIN
 deps = pytest 
       pdbpp 
 commands = pytest -v -rsXx {posargs: ../tests/chatmaild}
 """
--- a/chatmaild/src/chatmaild/dictproxy.py
+++ b/chatmaild/src/chatmaild/dictproxy.py
@@ -2,13 +2,13 @@ import logging
 import os
 import sys
 import json
 import crypt
 from socketserver import (
    UnixStreamServer,
    StreamRequestHandler,
    ThreadingMixIn,
 )
 import pwd
 import subprocess
 from .database import Database
@@ -16,45 +16,28 @@ NOCREATE_FILE = "/etc/chatmail-nocreate"
 def encrypt_password(password: str):
    password = password.encode("ascii")
    # https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
-    passhash = crypt.crypt(password, crypt.METHOD_SHA512)
+    process = subprocess.Popen(
-    return "{SHA512-CRYPT}" + passhash
+        ["doveadm", "pw", "-s", "SHA512-CRYPT"],
-
+        stdin=subprocess.PIPE,
-
+        stdout=subprocess.PIPE,
 def is_allowed_to_create(user, cleartext_password) -> bool:
    """Return True if user and password are admissable."""
    if os.path.exists(NOCREATE_FILE):
        logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
        return False
    if len(cleartext_password) < 10:
        logging.warning("Password needs to be at least 10 characters long")
        return False
    parts = user.split("@")
    if len(parts) != 2:
        logging.warning(f"user {user!r} is not a proper e-mail address")
        return False
    localpart, domain = parts
    if domain == "nine.testrun.org":
        # nine.testrun.org policy, username has to be exactly nine chars
        if len(localpart) != 9:
            logging.warning(f"localpart {localpart!r} has not exactly nine chars")
            return False
    return True
 def create_user(db, user, encrypted_password):
    with db.write_transaction() as conn:
        conn.create_user(user, encrypted_password)
    return dict(
        home=f"/home/vmail/{user}",
        uid="vmail",
        gid="vmail",
        password=encrypted_password,
    )
    stdout_data, _stderr_data = process.communicate(
        input=password + b"\n" + password + b"\n"
    )
    return stdout_data.decode("ascii").strip()
 def create_user(db, user, password):
    if os.path.exists(NOCREATE_FILE):
        logging.warning(
            f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation."
        )
        return
    with db.write_transaction() as conn:
        conn.create_user(user, password)
    return dict(home=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password)
 def get_user_data(db, user):
@@ -70,13 +53,10 @@ def lookup_userdb(db, user):
    return get_user_data(db, user)
-def lookup_passdb(db, user, cleartext_password):
+def lookup_passdb(db, user, password):
    userdata = get_user_data(db, user)
    if not userdata:
-        if not is_allowed_to_create(user, cleartext_password):
+        return create_user(db, user, encrypt_password(password))
            return
        encrypted_password = encrypt_password(cleartext_password)
        userdata = create_user(db=db, user=user, encrypted_password=encrypted_password)
    userdata["password"] = userdata["password"].strip()
    return userdata
@@ -100,7 +80,7 @@ def handle_dovecot_request(msg, db, mail_domain):
                    reply_command = "N"
            elif type == "passdb":
                if user.endswith(f"@{mail_domain}"):
-                    res = lookup_passdb(db, user, cleartext_password=args[0])
+                    res = lookup_passdb(db, user, password=args[0])
                if res:
                    reply_command = "O"
                else:
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -1,14 +1,12 @@
 #!/usr/bin/env python3
 import asyncio
 import logging
 import time
 import sys
 from email.parser import BytesParser
 from email import policy
 from email.utils import parseaddr
-from aiosmtpd.smtp import SMTP
+from aiosmtpd.lmtp import LMTP
-from aiosmtpd.controller import Controller
+from aiosmtpd.controller import UnixSocketController
 from smtplib import SMTP as SMTPClient
@@ -34,124 +32,94 @@ def check_encrypted(message):
    return True
-def check_mdn(message, envelope):
+class ExampleController(UnixSocketController):
    if len(envelope.rcpt_tos) != 1:
        return False
    for name in ["auto-submitted", "chat-version"]:
        if not message.get(name):
            return False
    if message.get_content_type() != "multipart/report":
        return False
    body = message.get_body()
    if body.get_content_type() != "text/plain":
        return False
    if list(body.iter_attachments()) or list(body.iter_parts()):
        return False
    # even with all mime-structural checks an attacker
    # could try to abuse the subject or body to contain links or other
    # annoyance -- we skip on checking subject/body for now as Delta Chat
    # should evolve to create E2E-encrypted read receipts anyway.
    # and then MDNs are just encrypted mail and can pass the border
    # to other instances.
    return True
 class SMTPController(Controller):
    def factory(self):
-        return SMTP(self.handler, **self.SMTP_kwargs)
+        return LMTP(self.handler, **self.SMTP_kwargs)
-class BeforeQueueHandler:
+class ExampleHandler:
-    def __init__(self):
+    async def handle_RCPT(self, server, session, envelope, address, rcpt_options):
-        self.send_rate_limiter = SendRateLimiter()
+        envelope.rcpt_tos.append(address)
    async def handle_MAIL(self, server, session, envelope, address, mail_options):
        logging.info(f"handle_MAIL from {address}")
        envelope.mail_from = address
        if not self.send_rate_limiter.is_sending_allowed(address):
            return f"450 4.7.1: Too much mail from {address}"
        parts = envelope.mail_from.split("@")
        if len(parts) != 2:
            return f"500 Invalid from address <{envelope.mail_from!r}>"
        return "250 OK"
    async def handle_DATA(self, server, session, envelope):
-        logging.info("handle_DATA before-queue")
+        valid_recipients, res = lmtp_handle_DATA(envelope)
-        error = check_DATA(envelope)
+        # Reinject the mail back into Postfix.
-        if error:
+        if valid_recipients:
-            return error
+            logging.info("Reinjecting the mail")
-        logging.info("re-injecting the mail that passed checks")
+            client = SMTPClient("localhost", "10026")
-        client = SMTPClient("localhost", "10025")
+            client.sendmail(envelope.mail_from, valid_recipients, envelope.content)
-        client.sendmail(envelope.mail_from, envelope.rcpt_tos, envelope.content)
+        else:
-        return "250 OK"
+            logging.info("no valid recipients, ignoring mail")
        return "\r\n".join(res)
-async def asyncmain_beforequeue(port):
+async def asyncmain(loop):
-    Controller(BeforeQueueHandler(), hostname="127.0.0.1", port=port).start()
+    controller = ExampleController(
        ExampleHandler(), unix_socket="/var/spool/postfix/private/filtermail"
    )
    controller.start()
-def check_DATA(envelope):
+def lmtp_handle_DATA(envelope):
    """the central filtering function for e-mails."""
    logging.info(f"Processing DATA message from {envelope.mail_from}")
    message = BytesParser(policy=policy.default).parsebytes(envelope.content)
    mail_encrypted = check_encrypted(message)
-    _, from_addr = parseaddr(message.get("from").strip())
+    valid_recipients = []
-    logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from!r}")
+    res = []
    if envelope.mail_from.lower() != from_addr.lower():
        return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"
    if not mail_encrypted and check_mdn(message, envelope):
        return
    envelope_from_domain = from_addr.split("@").pop()
    for recipient in envelope.rcpt_tos:
        my_local_domain = envelope.mail_from.split("@")
        if len(my_local_domain) != 2:
            res += [f"500 Invalid from address <{envelope.mail_from}>"]
            continue
        _, from_addr = parseaddr(message.get("from").strip())
        logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from}")
        if envelope.mail_from.lower() != from_addr.lower():
            res += [f"500 Invalid FROM <{from_addr}> for <{envelope.mail_from}>"]
            continue
        if envelope.mail_from == recipient:
            # Always allow sending emails to self.
            valid_recipients += [recipient]
            res += ["250 OK"]
            continue
        res = recipient.split("@")
        if len(res) != 2:
            return f"500 Invalid address <{recipient}>"
        _recipient_addr, recipient_domain = res
-        is_outgoing = recipient_domain != envelope_from_domain
+        recipient_local_domain = recipient.split("@")
-        if is_outgoing and not mail_encrypted:
+        if len(recipient_local_domain) != 2:
-            is_securejoin = message.get("secure-join") in ["vc-request", "vg-request"]
+            res += [f"500 Invalid address <{recipient}>"]
-            if not is_securejoin:
+            continue
                return f"500 Invalid unencrypted mail to <{recipient}>"
        is_outgoing = recipient_local_domain[1] != my_local_domain[1]
-class SendRateLimiter:
+        if (
-    MAX_USER_SEND_PER_MINUTE = 80
+            is_outgoing
            and not mail_encrypted
            and message.get("secure-join") != "vc-request"
            and message.get("secure-join") != "vg-request"
        ):
            res += ["500 Outgoing mail must be encrypted"]
            continue
-    def __init__(self):
+        valid_recipients += [recipient]
-        self.addr2timestamps = {}
+        res += ["250 OK"]
-    def is_sending_allowed(self, mail_from):
+    assert len(envelope.rcpt_tos) == len(res)
-        last = self.addr2timestamps.setdefault(mail_from, [])
+    assert len(valid_recipients) <= len(res)
-        now = time.time()
+    return valid_recipients, res
        last[:] = [ts for ts in last if ts >= (now - 60)]
        if len(last) <= self.MAX_USER_SEND_PER_MINUTE:
            last.append(now)
            return True
        return False
 def main():
    args = sys.argv[1:]
    assert len(args) == 1
    logging.basicConfig(level=logging.INFO)
    loop = asyncio.new_event_loop()
    asyncio.set_event_loop(loop)
-    task = asyncmain_beforequeue(port=int(args[0]))
+    loop.create_task(asyncmain(loop=loop))
    loop.create_task(task)
    loop.run_forever()
 if __name__ == "__main__":
    main()
--- a/chatmaild/src/chatmaild/filtermail.service
+++ b/chatmaild/src/chatmaild/filtermail.service
@@ -1,8 +1,8 @@
 [Unit]
-Description=Chatmail Postfix BeforeQeue filter 
+Description=Email filter for chatmail servers
 [Service]
-ExecStart=/usr/local/bin/filtermail 10080
+ExecStart=/usr/local/bin/filtermail
 Restart=always
 RestartSec=30
--- a/chatmaild/src/chatmaild/test_doveauth.py
+++ b/chatmaild/src/chatmaild/test_doveauth.py
@@ -0,0 +1,53 @@
 import os
 import pytest
 import chatmaild.dictproxy
 from .dictproxy import get_user_data, lookup_passdb
 from .database import Database, DBError
@pytest.fixture()
 def db(tmpdir):
    db_path = tmpdir / "passdb.sqlite"
    print("database path:", db_path)
    return Database(db_path)
 def test_basic(db):
    chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
    if os.path.exists(chatmaild.dictproxy.NOCREATE_FILE):
        os.remove(chatmaild.dictproxy.NOCREATE_FILE)
    lookup_passdb(db, "link2xt@c1.testrun.org", "asdf")
    data = get_user_data(db, "link2xt@c1.testrun.org")
    assert data
 def test_dont_overwrite_password_on_wrong_login(db):
    """Test that logging in with a different password doesn't create a new user"""
    res = lookup_passdb(db, "newuser1@something.org", "kajdlkajsldk12l3kj1983")
    assert res["password"]
    res2 = lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
    # this function always returns a password hash, which is actually compared by dovecot.
    assert res["password"] == res2["password"]
 def test_nocreate_file(db):
    chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
    with open(chatmaild.dictproxy.NOCREATE_FILE, "w+") as f:
        f.write("")
    assert os.path.exists(chatmaild.dictproxy.NOCREATE_FILE)
    lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
    assert not get_user_data(db, "newuser1@something.org")
    os.remove(chatmaild.dictproxy.NOCREATE_FILE)
 def test_db_version(db):
    assert db.get_schema_version() == 1
 def test_too_high_db_version(db):
    with db.write_transaction() as conn:
        conn.execute("PRAGMA user_version=%s;" % (999,))
    with pytest.raises(DBError):
        db.ensure_tables()
--- a/chatmaild/src/chatmaild/test_filtermail.py
+++ b/chatmaild/src/chatmaild/test_filtermail.py
@@ -0,0 +1,328 @@
 from .filtermail import check_encrypted, lmtp_handle_DATA
 from email.parser import BytesParser
 from email import policy
 def test_reject_forged_from():
    def makemail(from_addr):
        return BytesParser(policy=policy.default).parsebytes(
            "\r\n".join(
                [
                    f"From: <{from_addr}",
                    "To: <barbaz@c3.testrun.org>",
                    "Date: Sun, 15 Oct 2023 16:41:44 +0000",
                    "Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                    "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                    "Chat-Version: 1.0",
                    "MIME-Version: 1.0",
                    "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                    "",
                    "Hi!",
                    "",
                    "",
                ]
            ).encode()
        )
    class envelope:
        mail_from = "bob@c3.testrun.org"
        rcpt_tos = ["somebody@c3.testrun.org"]
    # test that the filter lets good mail through
    envelope.content = makemail(envelope.mail_from).as_bytes()
    valid_recipients, res = lmtp_handle_DATA(envelope=envelope)
    assert valid_recipients == envelope.rcpt_tos
    assert len(res) == 1 and "250" in res[0]
    # test that the filter rejects forged mail
    envelope.content = makemail("forged@c3.testrun.org").as_bytes()
    valid_recipients, res = lmtp_handle_DATA(envelope=envelope)
    assert not valid_recipients
    assert len(res) == 1 and "500" in res[0]
 def test_filtermail():
    def check_encrypted_bstr(content):
        message = BytesParser(policy=policy.default).parsebytes(content)
        return check_encrypted(message)
    assert not check_encrypted_bstr(b"foo")
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
                "Chat-Disposition-Notification-To: foobar@c2.testrun.org",
                "Chat-User-Avatar: 0",
                "From: <foobar@c2.testrun.org>",
                "To: <barbaz@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:41:44 +0000",
                "Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m",
                "\tnNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I",
                "\tHjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK",
                "\tKwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ",
                "\tJlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI",
                "\tvYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK",
                "MIME-Version: 1.0",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                "Hi!",
                "",
                "",
            ]
        ).encode()
    )
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
                "Chat-Disposition-Notification-To: foobar@c2.testrun.org",
                "Chat-User-Avatar: 0",
                "From: <foobar@c2.testrun.org>",
                "To: <barbaz@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:41:44 +0000",
                "Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m",
                "\tnNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I",
                "\tHjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK",
                "\tKwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ",
                "\tJlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI",
                "\tvYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK",
                "MIME-Version: 1.0",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                "Hi!",
                "",
                "",
            ]
        ).encode()
    )
    # https://xkcd.com/1181/
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=",
                "Chat-Disposition-Notification-To: foobar@c2.testrun.org",
                "Chat-User-Avatar: 0",
                "From: <foobar@c2.testrun.org>",
                "To: <barbaz@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:41:44 +0000",
                "Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m",
                "\tnNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I",
                "\tHjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK",
                "\tKwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ",
                "\tJlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI",
                "\tvYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK",
                "MIME-Version: 1.0",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                "-----BEGIN PGP MESSAGE-----",
                "Hi!",
                "-----END PGP MESSAGE-----",
                "",
                "",
            ]
        ).encode()
    )
    assert check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: ...",
                "From: <barbaz@c2.testrun.org>",
                "To: <foobar@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:43:21 +0000",
                "Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>",
                "In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "\t<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=barbaz@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH",
                "\trNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW",
                "\tXQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK",
                "\tKwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ",
                "\tJlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP",
                "\tIXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO",
                "MIME-Version: 1.0",
                'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";',
                '\tboundary="YFrteb74qSXmggbOxZL9dRnhymywAi"',
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: PGP/MIME version identification",
                "Content-Type: application/pgp-encrypted",
                "",
                "Version: 1",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: OpenPGP encrypted message",
                'Content-Disposition: inline; filename="encrypted.asc";',
                'Content-Type: application/octet-stream; name="encrypted.asc"',
                "",
                "-----BEGIN PGP MESSAGE-----",
                "",
                "wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg",
                "O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae",
                "8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI",
                "JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no",
                "lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz",
                "ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM",
                "YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA",
                "kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI",
                "+lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg",
                "RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo",
                "tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7",
                "rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp",
                "H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI",
                "fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9",
                "61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN",
                "XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3",
                "w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb",
                "NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs",
                "baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW",
                "A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8",
                "uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI",
                "E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn",
                "lkOWnEbCD+XTnbDd",
                "=agR5",
                "-----END PGP MESSAGE-----",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi--",
                "",
                "",
            ]
        ).encode()
    )
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: Buy Penis Enlargement at www.malicious-domain.com",
                "From: <barbaz@c2.testrun.org>",
                "To: <foobar@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:43:21 +0000",
                "Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>",
                "In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>",
                "\t<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "Chat-Version: 1.0",
                "Autocrypt: addr=barbaz@c2.testrun.org; prefer-encrypt=mutual;",
                "\tkeydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH",
                "\trNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID",
                "\tFgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW",
                "\tXQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK",
                "\tKwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ",
                "\tJlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP",
                "\tIXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO",
                "MIME-Version: 1.0",
                'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";',
                '\tboundary="YFrteb74qSXmggbOxZL9dRnhymywAi"',
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: PGP/MIME version identification",
                "Content-Type: application/pgp-encrypted",
                "",
                "Version: 1",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi",
                "Content-Description: OpenPGP encrypted message",
                'Content-Disposition: inline; filename="encrypted.asc";',
                'Content-Type: application/octet-stream; name="encrypted.asc"',
                "",
                "-----BEGIN PGP MESSAGE-----",
                "",
                "wU4DhW3gBZ/VvCYSAQdA8bMs2spwbKdGjVsL1ByPkNrqD7frpB73maeL6I6SzDYg",
                "O5G53tv339RdKq3WRcCtEEvxjHlUx2XNwXzC04BpmfvBTgNfPUyLDzjXnxIBB0Ae",
                "8ymwGvXMCCimHXN0Dg8Ui62KOi03h0UgheoHWovJSCDF4CKre/xtFr3nL7lq/PKI",
                "JsjVNz7/RK9FSXF6WwfONtLCyQGEuVAsB/KXfCBEyfKhaMwGHvhujRidGW5uV1no",
                "lMGl3ODmo29Lgeu2uSE7EpJRZoe6hU6ddmBkqxax61ZtkaFlGFFpdo2K8balNNdz",
                "ZsJ/9mmI9x3oOJ4/l1nhQbUO9ADbs7gJhFdV5Qkp30b5fCI7bU+aoe1ccBbLe/WM",
                "YUty1PqcuQT7XjA+XmYuL261tvW8pBetT+i33/E2d8PzzYt2IuK9qeevyS+yxdwA",
                "kfwejFWzzsUlJaDxs1x4XOxkMgSj+jo+g12dFOb7fyClsAnq23iDb8AuaT/BScAI",
                "+lO+gher69+6LmM7VGHLG5k762J1jTaQCaKt1s8TAWV99Eo4491vL6fyvk3l/Cfg",
                "RXSwiWFgj19Pn0Rq7CD9v22UE2vdUMBTcV4aw79mClk1YQ23jbF0y5DCjPdJ62Zo",
                "tskBgFt3NoWV80jZ76zIBLrrjLwCCll8JjJtFwSkt2GX5RFBsVa4A8IDht9RtEk7",
                "rrHgbSZQfkauEi/mH3/6CDZoLqSHudUZ7d4MaJwun1TkFYGe2ORwGJd4OBj3oGJp",
                "H8YBwCpk///L/fKjX0Gg3M8nrpM4wrRFhPKidAgO/kcm25X4+ZHlVkWBTCt5RWKI",
                "fHh6oLDZCqCfcgMkE1KKmwfIHaUkhq5BPRigwy6i5dh1DM4+1UCLh3dxzVbqE9b9",
                "61NB19nXdRtDA2sOUnj9ve6m/wEPyCb6/zBQZqvCBYb1/AjdXpUrFT+DbpfyxaXN",
                "XfhDVb5mNqNM/IVj0V5fvTc6vOfYbzQtPm10H+FdWWfb+rJRfyC3MA2w2IqstFe3",
                "w3bu2iE6CQvSqRvge+ZqLKt/NqYwOURiUmpuklbl3kPJ97+mfKWoiqk8Iz1VY+bb",
                "NMUC7aoGv+jcoj+WS6PYO8N6BeRVUUB3ZJSf8nzjgxm1/BcM+UD3BPrlhT11ODRs",
                "baifGbprMWwt3dhb8cQgRT8GPdpO1OsDkzL6iikMjLHWWiA99GV6ruiHsIPw6boW",
                "A6/uSOskbDHOROotKmddGTBd0iiHXAoQsJFt1ZjUkt6EHrgWs+GAvrvKpXs1mrz8",
                "uj3GwEFrHS+Xuf2UDgpszYT3hI2cL/kUtGakVR7m7vVMZqXBUbZdGAEb1PZNPwsI",
                "E4aMK02+EVB+tSN4Fzj99N2YD0inVYt+oPjr2tHhUS6aSGBNS/48Ki47DOg4Sxkn",
                "lkOWnEbCD+XTnbDd",
                "=agR5",
                "-----END PGP MESSAGE-----",
                "",
                "",
                "--YFrteb74qSXmggbOxZL9dRnhymywAi--",
                "",
                "",
            ]
        ).encode()
    )
    assert not check_encrypted_bstr(
        "\r\n".join(
            [
                "Subject: Message opened",
                "From: <barbaz@c2.testrun.org>",
                "To: <foobar@c2.testrun.org>",
                "Date: Sun, 15 Oct 2023 16:43:25 +0000",
                "Message-ID: <Mr.78MWtlV7RAi.goCFzBhCYfy@c2.testrun.org>",
                "Auto-Submitted: auto-replied",
                "Chat-Version: 1.0",
                "MIME-Version: 1.0",
                "Content-Type: multipart/report; report-type=disposition-notification;",
                '\tboundary="Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi"',
                "",
                "",
                "--Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi",
                "Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no",
                "",
                'The "Hi!" message you sent was displayed on the screen of the recipient.',
                "",
                "This is no guarantee the content was read.",
                "",
                "",
                "--Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi",
                "Content-Type: message/disposition-notification",
                "",
                "Reporting-UA: Delta Chat 1.124.1",
                "Original-Recipient: rfc822;barbaz@c2.testrun.org",
                "Final-Recipient: rfc822;barbaz@c2.testrun.org",
                "Original-Message-ID: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>",
                "Disposition: manual-action/MDN-sent-automatically; displayed",
                "",
                "",
                "--Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi--",
                "",
                "",
            ]
        ).encode()
    )
--- a/deploy-chatmail/src/deploy_chatmail/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/init.py
@@ -4,8 +4,8 @@ Chat Mail pyinfra deploy.
 import importlib.resources
 from pathlib import Path
-from pyinfra import host
+from pyinfra import host, logger
-from pyinfra.operations import apt, files, server, systemd
+from pyinfra.operations import apt, files, server, systemd, python
 from pyinfra.facts.files import File
 from .acmetool import deploy_acmetool
@@ -34,28 +34,43 @@ def _install_chatmaild() -> None:
            commands=[f"pip install --break-system-packages {remote_path}"],
        )
-        for fn in (
+        files.put(
-            "doveauth-dictproxy",
+            name="upload doveauth-dictproxy.service",
-            "filtermail",
+            src=importlib.resources.files("chatmaild")
-        ):
+            .joinpath("doveauth-dictproxy.service")
-            files.put(
+            .open("rb"),
-                name=f"Upload {fn}.service",
+            dest="/etc/systemd/system/doveauth-dictproxy.service",
-                src=importlib.resources.files("chatmaild")
+            user="root",
-                .joinpath(f"{fn}.service")
+            group="root",
-                .open("rb"),
+            mode="644",
-                dest=f"/etc/systemd/system/{fn}.service",
+        )
-                user="root",
+        systemd.service(
-                group="root",
+            name="Setup doveauth-dictproxy service",
-                mode="644",
+            service="doveauth-dictproxy.service",
-            )
+            running=True,
-            systemd.service(
+            enabled=True,
-                name=f"Setup {fn} service",
+            restarted=True,
-                service=f"{fn}.service",
+            daemon_reload=True,
-                running=True,
+        )
-                enabled=True,
+
-                restarted=True,
+        files.put(
-                daemon_reload=True,
+            name="upload filtermail.service",
-            )
+            src=importlib.resources.files("chatmaild")
            .joinpath("filtermail.service")
            .open("rb"),
            dest="/etc/systemd/system/filtermail.service",
            user="root",
            group="root",
            mode="644",
        )
        systemd.service(
            name="Setup filtermail service",
            service="filtermail.service",
            running=True,
            enabled=True,
            restarted=True,
            daemon_reload=True,
        )
 def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
@@ -70,36 +85,6 @@ def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
        mode="644",
        config={"domain_name": domain, "opendkim_selector": dkim_selector},
    )
    need_restart |= main_config.changed
    files.directory(
        name="Add opendkim directory to /etc",
        path="/etc/opendkim",
        user="opendkim",
        group="opendkim",
        mode="750",
        present=True,
    )
    keytable = files.template(
        src=importlib.resources.files(__package__).joinpath("opendkim/KeyTable"),
        dest="/etc/dkimkeys/KeyTable",
        user="opendkim",
        group="opendkim",
        mode="644",
        config={"domain_name": domain, "opendkim_selector": dkim_selector},
    )
    need_restart |= keytable.changed
    signing_table = files.template(
        src=importlib.resources.files(__package__).joinpath("opendkim/SigningTable"),
        dest="/etc/dkimkeys/SigningTable",
        user="opendkim",
        group="opendkim",
        mode="644",
        config={"domain_name": domain, "opendkim_selector": dkim_selector},
    )
    need_restart |= signing_table.changed
    files.directory(
        name="Add opendkim socket directory to /var/spool/postfix",
@@ -120,6 +105,8 @@ def _configure_opendkim(domain: str, dkim_selector: str) -> bool:
            _sudo_user="opendkim",
        )
    need_restart |= main_config.changed
    return need_restart
@@ -183,17 +170,6 @@ def _configure_dovecot(mail_server: str, debug: bool = False) -> bool:
        mode="644",
    )
    # as per https://doc.dovecot.org/configuration_manual/os/
    # it is recommended to set the following inotify limits
    for name in ("max_user_instances", "max_user_watches"):
        key = f"fs.inotify.{name}"
        server.sysctl(
            name=f"Change {key}",
            key=key,
            value=65535,
            persist=True,
        )
    return need_restart
@@ -277,12 +253,6 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
    opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
    nginx_need_restart = _configure_nginx(mail_domain)
    # deploy web pages and info if we have them
    pkg_root = importlib.resources.files(__package__)
    www_path = pkg_root.joinpath(f"../../../www/{mail_domain}").resolve()
    if www_path.is_dir():
        files.rsync(f"{www_path}/", "/var/www/html", flags=["-avz"])
    systemd.service(
        name="Start and enable OpenDKIM",
        service="opendkim.service",
@@ -322,18 +292,13 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
        commands=[f"echo {mail_domain} >/etc/mailname; chmod 644 /etc/mailname"],
    )
-    journald_conf = files.put(
+    def callback():
-        name="Configure journald",
+        result = server.shell(
-        src=importlib.resources.files(__package__).joinpath("journald.conf"),
+            commands=[
-        dest="/etc/systemd/journald.conf",
+                f"""sed 's/\tIN/ 600 IN/;s/\t(//;s/\"$//;s/^\t  \"//g; s/ ).*//' """
-        user="root",
+                f"""/etc/dkimkeys/{dkim_selector}.txt | tr --delete '\n'"""
-        group="root",
+            ]
-        mode="644",
+        )
-    )
+        logger.info(f"Add this TXT entry into DNS zone: {result.stdout}")
-    systemd.service(
+
-        name="Start and enable journald",
+    python.call(name="Print TXT entry for DKIM", function=callback)
        service="systemd-journald.service",
        running=True,
        enabled=True,
        restarted=journald_conf,
    )
--- a/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
+++ b/deploy-chatmail/src/deploy_chatmail/acmetool/init.py
@@ -1,6 +1,6 @@
 import importlib.resources
-from pyinfra.operations import apt, files, server
+from pyinfra.operations import apt, files, systemd, server
 def deploy_acmetool(nginx_hook=False, email="", domains=[]):
--- a/deploy-chatmail/src/deploy_chatmail/deploy.py
+++ b/deploy-chatmail/src/deploy_chatmail/deploy.py
@@ -6,7 +6,7 @@ from deploy_chatmail import deploy_chatmail
 def main():
    mail_domain = os.getenv("CHATMAIL_DOMAIN")
    mail_server = os.getenv("CHATMAIL_SERVER", mail_domain)
-    dkim_selector = os.getenv("CHATMAIL_DKIM_SELECTOR", "dkim")
+    dkim_selector = os.getenv("CHATMAIL_DKIM_SELECTOR", "2023")
    assert mail_domain
    assert mail_server
--- a/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2
@@ -118,24 +118,6 @@ service auth-worker {
  user = vmail
 }
 service imap-login {
    # High-security mode.
    # Each process serves a single connection and exits afterwards.
    # This is the default, but we set it explicitly to be sure.
    # See <https://doc.dovecot.org/admin_manual/login_processes/#high-security-mode> for details.
    service_count = 1
    # Inrease the number of simultaneous connections.
    #
    # As of Dovecot 2.3.19.1 the default is 100 processes.
    # Combined with `service_count = 1` it means only 100 connections
    # can be handled simultaneously.
    process_limit = 10000
    # Avoid startup latency for new connections.
    process_min_avail = 10
 }
 ssl = required
 ssl_cert = </var/lib/acme/live/{{ config.hostname }}/fullchain
 ssl_key = </var/lib/acme/live/{{ config.hostname }}/privkey
--- a/deploy-chatmail/src/deploy_chatmail/journald.conf
+++ b/deploy-chatmail/src/deploy_chatmail/journald.conf
@@ -1,2 +0,0 @@
 [Journal]
 MaxRetentionSec=3d
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/KeyTable
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/KeyTable
@@ -1 +0,0 @@
 dkim._domainkey.{{ config.domain_name }} {{ config.domain_name }}:{{ config.opendkim_selector }}:/etc/dkimkeys/dkim.private
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/SigningTable
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/SigningTable
@@ -1 +0,0 @@
 *@{{ config.domain_name }} {{ config.opendkim_selector }}._domainkey.{{ config.domain_name }}
--- a/deploy-chatmail/src/deploy_chatmail/opendkim/opendkim.conf
+++ b/deploy-chatmail/src/deploy_chatmail/opendkim/opendkim.conf
@@ -1,4 +1,7 @@
-# OpenDKIM configuration.
+# This is a basic configuration for signing and verifying. It can easily be
 # adapted to suit a basic installation. See opendkim.conf(5) and
 # /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete
 # documentation of available configuration parameters.
 Syslog			yes
 SyslogSuccess		yes
@@ -18,9 +21,7 @@ OversignHeaders		From
 # setup options can be found in /usr/share/doc/opendkim/README.opendkim.
 Domain			{{ config.domain_name }}
 Selector		{{ config.opendkim_selector }}
-KeyFile		  /etc/dkimkeys/{{ config.opendkim_selector }}.private
+KeyFile		/etc/dkimkeys/{{ config.opendkim_selector }}.private
 KeyTable          /etc/dkimkeys/KeyTable
 SigningTable      /etc/dkimkeys/SigningTable
 # In Debian, opendkim runs as user "opendkim". A umask of 007 is required when
 # using a local socket with MTAs that access the socket as a non-privileged
--- a/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
+++ b/deploy-chatmail/src/deploy_chatmail/postfix/master.cf.j2
@@ -32,7 +32,7 @@ submission inet n       -       y       -       -       smtpd
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
-  -o smtpd_proxy_filter=127.0.0.1:10080
+  -o content_filter=filter:unix:private/filtermail
 smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
@@ -47,7 +47,7 @@ smtps     inet  n       -       y       -       -       smtpd
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
-  -o smtpd_proxy_filter=127.0.0.1:10080
+  -o content_filter=filter:unix:private/filtermail
 #628       inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
@@ -76,5 +76,5 @@ scache    unix  -       -       y       -       1       scache
 postlog   unix-dgram n  -       n       -       1       postlogd
 filter    unix -        n       n       -       -       lmtp
 # Local SMTP server for reinjecting filered mail.
-localhost:10025 inet  n       -       n       -       10      smtpd
+localhost:10026 inet  n       -       n       -       10      smtpd
-  -o syslog_name=postfix/reinject
+        -o content_filter=
--- a/online-tests/benchmark.py
+++ b/online-tests/benchmark.py
@@ -45,7 +45,7 @@ class TestDC:
            msg.chat.send_text("pong")
            ac1.wait_next_incoming_message()
-        benchmark(ping_pong, 5)
+        benchmark(ping_pong, 3)
    def test_send_10_receive_10(self, benchmark, cmfactory, lp):
        ac1, ac2 = cmfactory.get_online_accounts(2)
@@ -57,4 +57,4 @@ class TestDC:
            for i in range(10):
                ac2.wait_next_incoming_message()
-        benchmark(send_10_receive_10, 5)
+        benchmark(send_10_receive_10, 1)
--- a/online-tests/conftest.py
+++ b/online-tests/conftest.py
@@ -6,16 +6,9 @@ import subprocess
 import imaplib
 import smtplib
 import itertools
 from email.parser import BytesParser
 from email import policy
 from pathlib import Path
 from math import ceil
 import pytest
 conftestdir = Path(__file__).parent
 def pytest_addoption(parser):
    parser.addoption(
        "--slow", action="store_true", default=False, help="also run slow tests"
@@ -24,9 +17,6 @@ def pytest_addoption(parser):
 def pytest_configure(config):
    config._benchresults = {}
    config.addinivalue_line(
        "markers", "slow: mark test to require --slow option to run"
    )
 def pytest_runtest_setup(item):
@@ -88,28 +78,14 @@ def benchmark(request):
 def pytest_terminal_summary(terminalreporter):
    tr = terminalreporter
    results = tr.config._benchresults
    if not results:
        return
    tr.section("benchmark results")
-    float_names = "median min max".split()
+    headers = f"{'benchmark name': <30} {'median': >6}"
    width = max(map(len, float_names))
    def fcol(parts):
        return " ".join(part.rjust(width) for part in parts)
    headers = f"{'benchmark name': <30} " + fcol(float_names)
    tr.write_line(headers)
    tr.write_line("-" * len(headers))
    for name, durations in results.items():
-        measures = [
+        median = sorted(durations)[len(durations) // 2]
-            sorted(durations)[len(durations) // 2],
+        median = f"{median:2.4f}"
-            min(durations),
+        tr.write_line(f"{name: <30} {median: >6}")
            max(durations),
        ]
        line = f"{name: <30} "
        line += fcol(f"{float: 2.2f}" for float in measures)
        tr.write_line(line)
@pytest.fixture
@@ -195,8 +171,8 @@ def gencreds(maildomain):
            num = next(count)
            alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
            user = "".join(random.choices(alphanumeric, k=10))
-            user = f"ac{num}_{user}"[:9]
+            user = f"ac{num}_{user}"
-            password = "".join(random.choices(alphanumeric, k=12))
+            password = "".join(random.choices(alphanumeric, k=10))
            yield f"{user}@{domain}", f"{password}"
    return lambda domain=None: next(gen(domain))
@@ -287,19 +263,13 @@ class Remote:
@pytest.fixture
-def maildata(request, gencreds):
+def mailgen(request):
-    datadir = conftestdir.joinpath("mail-data")
+    class Mailgen:
        def get_encrypted(self, from_addr, to_addr):
            data = request.fspath.dirpath("mailgen/encrypted.eml").read()
            return data.format(from_addr=from_addr, to_addr=to_addr)
-    def maildata(name, from_addr=None, to_addr=None):
+    return Mailgen()
        if from_addr is None:
            from_addr = gencreds()[0]
        if to_addr is None:
            to_addr = gencreds()[0]
        data = datadir.joinpath(name).read_text()
        text = data.format(from_addr=from_addr, to_addr=to_addr)
        return BytesParser(policy=policy.default).parsebytes(text.encode())
    return maildata
@pytest.fixture
--- a/online-tests/mailgen/encrypted.eml
+++ b/online-tests/mailgen/encrypted.eml
--- a/online-tests/pytest.ini
+++ b/online-tests/pytest.ini
@@ -0,0 +1,3 @@
 [pytest]
 addopts = -vrsx --strict-markers
 markers = slow: mark test as slow (requires --slow option to run)
--- a/online-tests/test_0_basic.py
+++ b/online-tests/test_0_basic.py
@@ -20,7 +20,7 @@ def test_use_two_chatmailservers(cmfactory, maildomain2):
@pytest.mark.parametrize("forgeaddr", ["internal", "someone@example.org"])
-def test_reject_forged_from(cmsetup, maildata, lp, forgeaddr):
+def test_reject_forged_from(cmsetup, mailgen, lp, remote, forgeaddr):
    user1, user3 = cmsetup.gen_users(2)
    lp.sec("send encrypted message with forged from")
@@ -31,33 +31,22 @@ def test_reject_forged_from(cmsetup, maildata, lp, forgeaddr):
        addr_to_forge = "someone@example.org"
    print("message to inject:")
-    msg = maildata("encrypted.eml", from_addr=addr_to_forge, to_addr=user3.addr)
+    msg = mailgen.get_encrypted(from_addr=addr_to_forge, to_addr=user3.addr)
    msg = msg.as_string()
    for line in msg.split("\n")[:4]:
        print(f"   {line}")
    lp.sec("Send forged mail and check remote postfix lmtp processing result")
-    with pytest.raises(smtplib.SMTPException) as e:
+    remote_log = remote.iter_output("journalctl -t postfix/lmtp")
-        user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user3.addr], msg=msg)
+    user1.smtp.sendmail(from_addr=user1.addr, to_addrs=[user3.addr], msg=msg)
-    assert "500" in str(e.value)
+    for line in remote_log:
        # print(line)
        if "500 invalid from" in line and user3.addr in line:
            break
    else:
        pytest.fail("remote postfix/filtermail failed to reject message")
-
+    # check that the logged in user (who sent the forged msg) got a non-delivery notice
-@pytest.mark.slow
+    for message in user1.imap.fetch_all_messages():
-def test_exceed_rate_limit(cmsetup, gencreds, maildata):
+        if "Invalid FROM" in message and addr_to_forge in message:
    """Test that the per-account send-mail limit is exceeded."""
    user1, user2 = cmsetup.gen_users(2)
    mail = maildata(
        "encrypted.eml", from_addr=user1.addr, to_addr=user2.addr
    ).as_string()
    for i in range(100):
        print("Sending mail", str(i))
        try:
            user1.smtp.sendmail(user1.addr, [user2.addr], mail)
        except smtplib.SMTPException as e:
            if i < 80:
                pytest.fail(f"rate limit was exceeded too early with msg {i}")
            outcome = e.recipients[user2.addr]
            assert outcome[0] == 450
            assert b"4.7.1: Too much mail from" in outcome[1]
            return
-    pytest.fail("Rate limit was not exceeded")
+    pytest.fail(f"forged From={addr_to_forge} did not cause non-delivery notice")
--- a/online-tests/test_0_login.py
+++ b/online-tests/test_0_login.py
@@ -1,5 +1,4 @@
 import pytest
 import smtplib
 def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
@@ -23,11 +22,6 @@ def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
    with pytest.raises(imap_or_smtp.AuthError):
        imap_or_smtp.login(user, password + "wrong")
    lp.sec(f"creating users with a short password is not allowed")
    user, _password = gencreds()
    with pytest.raises(imap_or_smtp.AuthError):
        imap_or_smtp.login(user, "admin")
 def test_login_same_password(imap_or_smtp, gencreds):
    """Test two different users logging in with the same password
--- a/online-tests/test_1_deltachat.py
+++ b/online-tests/test_1_deltachat.py
@@ -1,4 +1,3 @@
 import time
 import random
 import pytest
@@ -82,29 +81,3 @@ class TestEndToEndDeltaChat:
        ch = ac2.qr_setup_contact(qr)
        assert ch.id >= 10
        ac1._evtracker.wait_securejoin_inviter_progress(1000)
    def test_read_receipts_between_instances(self, cmfactory, lp, maildomain2):
        ac1 = cmfactory.new_online_configuring_account(cache=False)
        cmfactory.switch_maildomain(maildomain2)
        ac2 = cmfactory.new_online_configuring_account(cache=False)
        cmfactory.bring_accounts_online()
        lp.sec("setup encrypted comms between ac1 and ac2 on different instances")
        qr = ac1.get_setup_contact_qr()
        ch = ac2.qr_setup_contact(qr)
        msg = ac2.wait_next_incoming_message()
        assert "verified" in msg.text
        lp.sec("ac1 sends a message and ac2 marks it as seen")
        chat = ac1.create_chat(ac2)
        msg = chat.send_text("hi")
        m = ac2.wait_next_incoming_message()
        m.mark_seen()
        # we can only indirectly wait for mark-seen to cause an smtp-error
        lp.sec("try to wait for markseen to complete and check error states")
        deadline = time.time() + 3.1
        while time.time() < deadline:
            msgs = m.chat.get_messages()
            for msg in msgs:
                assert "error" not in m.get_message_info()
            time.sleep(1)
--- a/scripts/bench.sh
+++ b/scripts/bench.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 set -e
-venv/bin/pytest online-tests/benchmark.py -vrx 
+online-tests/venv/bin/pytest online-tests/benchmark.py -vrx 
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@@ -1,15 +1,10 @@
 #!/usr/bin/env bash
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
 export CHATMAIL_DOMAIN
-echo -----------------------------------------
+chatmaild/venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
 echo deploying to $CHATMAIL_DOMAIN 
 echo -----------------------------------------
-echo WARNING: in five seconds deploy to $CHATMAIL_DOMAIN starts
+deploy-chatmail/venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
 sleep 5
 venv/bin/python3 -m build -n --sdist chatmaild --outdir dist
 venv/bin/pyinfra --ssh-user root "$CHATMAIL_DOMAIN" \
    deploy-chatmail/src/deploy_chatmail/deploy.py
 rm -r dist/
--- a/scripts/generate-dns-zone.sh
+++ b/scripts/generate-dns-zone.sh
@@ -1,20 +0,0 @@
 #!/bin/sh
 : ${CHATMAIL_DOMAIN:=c1.testrun.org}
 : ${CHATMAIL_SSH:=$CHATMAIL_DOMAIN}
 set -e
 SSH="ssh root@$CHATMAIL_SSH"
 EMAIL="root@$CHATMAIL_DOMAIN"
 ACME_ACCOUNT_URL="$($SSH -- acmetool account-url)"
 cat <<EOF
 $CHATMAIL_DOMAIN. MX 10 $CHATMAIL_DOMAIN.
 $CHATMAIL_DOMAIN. TXT "v=spf1 a:$CHATMAIL_DOMAIN -all"
 _dmarc.$CHATMAIL_DOMAIN. TXT "v=DMARC1;p=reject;rua=mailto:$EMAIL;ruf=mailto:$EMAIL;fo=1;adkim=r;aspf=r"
 _submission._tcp.$CHATMAIL_DOMAIN.  SRV 0 1 587 $CHATMAIL_DOMAIN.
 _submissions._tcp.$CHATMAIL_DOMAIN. SRV 0 1 465 $CHATMAIL_DOMAIN.
 _imap._tcp.$CHATMAIL_DOMAIN.        SRV 0 1 143 $CHATMAIL_DOMAIN.
 _imaps._tcp.$CHATMAIL_DOMAIN.       SRV 0 1 993 $CHATMAIL_DOMAIN.
 $CHATMAIL_DOMAIN. IN CAA 0 issue "letsencrypt.org; accounturi=$ACME_ACCOUNT_URL"
 EOF
 $SSH opendkim-genzone -F | sed 's/^;.*$//;/^$/d'
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -1,8 +1,14 @@
 #!/bin/sh
 set -e
-python3 -m venv venv
+python3 -m venv deploy-chatmail/venv
-pip=venv/bin/pip
+deploy-chatmail/venv/bin/pip install pyinfra pytest
 deploy-chatmail/venv/bin/pip install -e deploy-chatmail
 deploy-chatmail/venv/bin/pip install -e chatmaild
-$pip install pyinfra pytest build 'setuptools>=68' tox deltachat
+python3 -m venv chatmaild/venv
-$pip install -e deploy-chatmail 
+sudo apt install -y dovecot-core && sudo systemctl disable --now dovecot
-$pip install -e chatmaild 
+chatmaild/venv/bin/pip install --upgrade pytest build 'setuptools>=68'
 chatmaild/venv/bin/pip install -e chatmaild
 python3 -m venv online-tests/venv
 online-tests/venv/bin/pip install pytest pytest-timeout pdbpp deltachat 
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -1,4 +1,3 @@
 #!/bin/bash
-venv/bin/tox -c chatmaild
+chatmaild/venv/bin/pytest chatmaild/ $@
-venv/bin/tox -c deploy-chatmail
+online-tests/venv/bin/pytest online-tests/ -vrx --durations=5 $@
 venv/bin/pytest tests/online -vrx --durations=5 $@
--- a/tests/chatmaild/test_dictproxy.py
+++ b/tests/chatmaild/test_dictproxy.py
@@ -1,64 +0,0 @@
 import os
 import json
 import pytest
 import chatmaild.dictproxy
 from chatmaild.dictproxy import get_user_data, lookup_passdb, handle_dovecot_request
 from chatmaild.database import Database, DBError
@pytest.fixture()
 def db(tmpdir):
    db_path = tmpdir / "passdb.sqlite"
    print("database path:", db_path)
    return Database(db_path)
 def test_basic(db):
    lookup_passdb(db, "link2xt@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
    data = get_user_data(db, "link2xt@c1.testrun.org")
    assert data
    data2 = lookup_passdb(db, "link2xt@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
    assert data == data2
 def test_dont_overwrite_password_on_wrong_login(db):
    """Test that logging in with a different password doesn't create a new user"""
    res = lookup_passdb(db, "newuser1@something.org", "kajdlkajsldk12l3kj1983")
    assert res["password"]
    res2 = lookup_passdb(db, "newuser1@something.org", "kajdlqweqwe")
    # this function always returns a password hash, which is actually compared by dovecot.
    assert res["password"] == res2["password"]
 def test_nocreate_file(db, monkeypatch, tmpdir):
    p = tmpdir.join("nocreate")
    p.write("")
    monkeypatch.setattr(chatmaild.dictproxy, "NOCREATE_FILE", str(p))
    lookup_passdb(db, "newuser1@something.org", "zequ0Aimuchoodaechik")
    assert not get_user_data(db, "newuser1@something.org")
 def test_db_version(db):
    assert db.get_schema_version() == 1
 def test_too_high_db_version(db):
    with db.write_transaction() as conn:
        conn.execute("PRAGMA user_version=%s;" % (999,))
    with pytest.raises(DBError):
        db.ensure_tables()
 def test_handle_dovecot_request(db):
    msg = ('Lshared/passdb/laksjdlaksjdlaksjdlk12j3l1k2j3123/'
           'some42@c3.testrun.org\tsome42@c3.testrun.org')
    res = handle_dovecot_request(msg, db, "c3.testrun.org")
    assert res
    assert res[0] == "O" and res.endswith("\n")
    userdata = json.loads(res[1:].strip())
    assert userdata["home"] == "/home/vmail/some42@c3.testrun.org"
    assert userdata["uid"] == userdata["gid"] == "vmail"
    assert userdata["password"].startswith("{SHA512-CRYPT}")
--- a/tests/chatmaild/test_filtermail.py
+++ b/tests/chatmaild/test_filtermail.py
@@ -1,82 +0,0 @@
 from chatmaild.filtermail import check_encrypted, check_DATA, SendRateLimiter, check_mdn
 import pytest
@pytest.fixture
 def maildomain():
    # let's not depend on a real chatmail instance for the offline tests below
    return "chatmail.example.org"
 def test_reject_forged_from(maildata, gencreds):
    class env:
        mail_from = gencreds()[0]
        rcpt_tos = [gencreds()[0]]
    # test that the filter lets good mail through
    env.content = maildata("plain.eml", from_addr=env.mail_from).as_bytes()
    assert not check_DATA(envelope=env)
    # test that the filter rejects forged mail
    env.content = maildata("plain.eml", from_addr="forged@c3.testrun.org").as_bytes()
    error = check_DATA(envelope=env)
    assert "500" in error
 def test_filtermail_no_encryption_detection(maildata):
    msg = maildata("plain.eml")
    assert not check_encrypted(msg)
    # https://xkcd.com/1181/
    msg = maildata("fake-encrypted.eml")
    assert not check_encrypted(msg)
 def test_filtermail_encryption_detection(maildata):
    msg = maildata("encrypted.eml")
    assert check_encrypted(msg)
    # if the subject is not "..." it is not considered ac-encrypted
    msg.replace_header("Subject", "Click this link")
    assert not check_encrypted(msg)
 def test_filtermail_is_mdn(maildata, gencreds):
    from_addr = gencreds()[0]
    to_addr = gencreds()[0] + ".other"
    msg = maildata("mdn.eml", from_addr, to_addr)
    class env:
        mail_from = from_addr
        rcpt_tos = [to_addr]
        content = msg.as_bytes()
    assert check_mdn(msg, env)
    print(msg.as_string())
    assert not check_DATA(env)
 def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
    from_addr = gencreds()[0]
    to_addr = gencreds()[0] + ".other"
    thirdaddr = gencreds()[0]
    msg = maildata("mdn.eml", from_addr, to_addr)
    class env:
        mail_from = from_addr
        rcpt_tos = [to_addr, thirdaddr]
        content = msg.as_bytes()
    assert not check_mdn(msg, env)
 def test_send_rate_limiter():
    limiter = SendRateLimiter()
    for i in range(100):
        if limiter.is_sending_allowed("some@example.org"):
            if i <= SendRateLimiter.MAX_USER_SEND_PER_MINUTE:
                continue
            pytest.fail("limiter didn't work")
        else:
            assert i == SendRateLimiter.MAX_USER_SEND_PER_MINUTE + 1
            break
--- a/tests/mail-data/fake-encrypted.eml
+++ b/tests/mail-data/fake-encrypted.eml
@@ -1,25 +0,0 @@
 Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=
 Chat-Disposition-Notification-To: foobar@c2.testrun.org
 Chat-User-Avatar: 0
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:41:44 +0000
 Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 Chat-Version: 1.0
 Autocrypt: addr={from_addr}; prefer-encrypt=mutual;
 	keydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m
 	nNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID
 	FgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I
 	HjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK
 	KwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ
 	JlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI
 	vYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK
 MIME-Version: 1.0
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 -----BEGIN PGP MESSAGE-----
 Hi!
 -----END PGP MESSAGE-----
--- a/tests/mail-data/mdn.eml
+++ b/tests/mail-data/mdn.eml
@@ -1,33 +0,0 @@
 Subject: Message opened
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:43:25 +0000
 Message-ID: <Mr.78MWtlV7RAi.goCFzBhCYfy@c2.testrun.org>
 Auto-Submitted: auto-replied
 Chat-Version: 1.0
 MIME-Version: 1.0
 Content-Type: multipart/report; report-type=disposition-notification;
 	boundary="Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi"
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 The "Hi!" message you sent was displayed on the screen of the recipient.
 This is no guarantee the content was read.
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi
 Content-Type: message/disposition-notification
 Reporting-UA: Delta Chat 1.124.1
 Original-Recipient: rfc822;barbaz@c2.testrun.org
 Final-Recipient: rfc822;barbaz@c2.testrun.org
 Original-Message-ID: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
 Disposition: manual-action/MDN-sent-automatically; displayed
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi--
--- a/tests/mail-data/plain.eml
+++ b/tests/mail-data/plain.eml
@@ -1,23 +0,0 @@
 Subject: =?utf-8?q?Message_from_foobar=40c2=2Etestrun=2Eorg?=
 Chat-Disposition-Notification-To: foobar@c2.testrun.org
 Chat-User-Avatar: 0
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:41:44 +0000
 Message-ID: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 Chat-Version: 1.0
 Autocrypt: addr=foobar@c2.testrun.org; prefer-encrypt=mutual;
 	keydata=xjMEZSrw3hYJKwYBBAHaRw8BAQdAiEKNQFU28c6qsx4vo/JHdt73RXdjMOmByf/XsGiJ7m
 	nNFzxmb29iYXJAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUq8N4CGwMECwkIBwYVCAkKCwID
 	FgIBFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJCX3gEAhm0MehE5byBBU1avPczr/I
 	HjNLht7Qf6++mAhlJmtDcA/0C8VYJhsUpmiDjuZaMDWNv4FO2BJG6LH7gSm6n7ClMJzjgEZSrw3hIK
 	KwYBBAGXVQEFAQEHQAxGG/QW0owCfMp1A+vXEMwgzWcBpNFr58kX2eXuPpM6AwEIB8J4BBgWCAAgBQ
 	JlKvDeAhsMFiEEGil0OvTIa6RngmCLUYNnEa9leJAACgkQUYNnEa9leJDg1gEAwLf8KDoAAKyYgjyI
 	vYvO9VEgBni1C4Xx1VjcaEmlDK8BALoFuUCK+enw76TtDcAUKhlhUiM6SDRExkS4Nskp/BcK
 MIME-Version: 1.0
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 Hi!
--- a/tests/pytest.ini
+++ b/tests/pytest.ini
@@ -1,2 +0,0 @@
 [pytest]
 addopts = -vrsx --strict-markers
--- a/www/nine.testrun.org/collage-bg.png
+++ b/www/nine.testrun.org/collage-bg.png
--- a/www/nine.testrun.org/collage-down.png
+++ b/www/nine.testrun.org/collage-down.png
--- a/www/nine.testrun.org/collage-top.png
+++ b/www/nine.testrun.org/collage-top.png
--- a/www/nine.testrun.org/index.html
+++ b/www/nine.testrun.org/index.html
@@ -1,61 +0,0 @@
 <!DOCTYPE html>
 <html>
 <head>
    <meta charset="utf-8" />
    <title>nine.testrun.org - Experimenting with the Future of Email</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <style>
        .wrapper {
            width: 100%;
            max-width: 596px;
            margin: 0 auto;
        }
        .section {
            width: 100%;
            max-width: 596px;
        }
        .text {
            box-sizing: border-box;
            padding: 9px;
            font-size: 18px;
            font-family: "Courier New", monospace;
            color: white;
            background-position: left top;
            background-image: url(collage-bg.png);
            background-repeat: no-repeat;
            background-size: 100% 100%;
        }
        h1, h2, h3 {
            font-size: 16px;
            font-weight: bold;
        }
    </style>
 </head>
 <body>
    <div class="wrapper">
        <img class="section" src="collage-top.png" />
        <div class="section text">
            <h1>welcome  to nine.testrun.org</h1>
            <p>
                to get an account,
                invent a word with <i>exactly</i> nine characters
                and append @nine.testrun.org to it.
                eg. <b>hellofits@nine.testrun.org</b>
            </p>
            <p>
                if the email address is not yet taken, you'll get that account.
                the first login sets your password.
                that's it.
            </p>
        </div>
        <img class="section" src="collage-down.png" />
        <div class="section text">
            <h1>faq</h1>
            <p><i>why are other email providers 1000 times more complicated?</i></p>
            <p>because they want to for $reasons</p>
        </div>
    </div>
 </body>
 </html>
Author	SHA1	Message	Date
holger krekel	9877c06bf1	some reformatting and striking overall	2023-10-20 11:03:02 +02:00
holger krekel	3a403d07de	some improvements, adding a bnech	2023-10-20 10:59:26 +02:00
holger krekel	115a07aecf	add ping-pong bench and formatting	2023-10-20 10:28:16 +02:00
holger krekel	ae2651c441	better benchmarking and reporting	2023-10-19 02:00:02 +02:00
		`@@ -1 +0,0 @@`
			`dkim._domainkey.{{ config.domain_name }} {{ config.domain_name }}:{{ config.opendkim_selector }}:/etc/dkimkeys/dkim.private`
		`@@ -1 +0,0 @@`
			`*@{{ config.domain_name }} {{ config.opendkim_selector }}._domainkey.{{ config.domain_name }}`
		`@@ -1,2 +0,0 @@`
			`[pytest]`
			`addopts = -vrsx --strict-markers`