echobot: require dovecot to be running

.github/workflows/ci.yaml

@@ -14,8 +14,7 @@ jobs:
         # Otherwise `test_deployed_state` will be unhappy.
         with:
           ref: ${{ github.event.pull_request.head.sha }}
-      - name: download filtermail
-        run: curl -L https://github.com/chatmail/filtermail/releases/download/v0.3.0/filtermail-x86_64 -o /usr/local/bin/filtermail && chmod +x /usr/local/bin/filtermail
+
       - name: run chatmaild tests 
         working-directory: chatmaild
         run: pipx run tox

.github/workflows/docs-preview.yaml

@@ -11,9 +11,6 @@ jobs:
   scripts:
     name: build 
     runs-on: ubuntu-latest
-    environment:
-      name: 'staging.chatmail.at/doc/relay/'
-      url: https://staging.chatmail.at/doc/relay/${{ steps.prepare.outputs.prid }}
     steps:
       - uses: actions/checkout@v4
 
@@ -47,6 +44,36 @@ jobs:
           chmod 600 "$HOME/.ssh/key"
           rsync -rILvh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/doc/build/ "${{ secrets.USERNAME }}@chatmail.at:/var/www/html/staging.chatmail.at/doc/relay/${{ steps.prepare.outputs.prid }}/"
 
+      - name: "Post links to details"
+        id: details
+        if: steps.prepare.outputs.uploadtoserver
+        run: |
+          # URLs for API connection and uploads
+          export GITHUB_API_URL="https://api.github.com/repos/chatmail/relay/statuses/${{ github.event.after }}"
+          export PREVIEW_LINK="https://staging.chatmail.at/doc/relay/${{ steps.prepare.outputs.prid }}/"
+          export STATUS_DATA="{\"state\": \"success\", \
+                               \"description\": \"Preview the changed documentation here:\", \
+                               \"context\": \"Documentation Preview\", \
+                               \"target_url\": \"${PREVIEW_LINK}\"}"
+          curl -X POST --header "Accept: application/vnd.github+json" --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" --url "$GITHUB_API_URL" --header "content-type: application/json" --data "$STATUS_DATA"
+
+          #check if comment already exists, if not post it
+          export GITHUB_API_URL="https://api.github.com/repos/chatmail/relay/issues/${{ steps.prepare.outputs.prid }}/comments"
+          export RESPONSE=$(curl -L --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" --url "$GITHUB_API_URL" --header "content-type: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28")
+          echo $RESPONSE > response
+          grep -v '"Check out the page preview at https://staging.chatmail.at/doc/relay' response && echo "comment=true" >> $GITHUB_OUTPUT || true
+      - name: "Post link to comments"
+        if: steps.details.outputs.comment
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "Check out the page preview at https://staging.chatmail.at/doc/relay/${{ steps.prepare.outputs.prid }}/"
+            })
+
       - name: check links 
         working-directory: doc
         run: sphinx-build --builder linkcheck source build

.github/workflows/docs.yaml

@@ -14,9 +14,6 @@ jobs:
   scripts:
     name: build 
     runs-on: ubuntu-latest
-    environment: 
-      name: 'chatmail.at/doc/relay/'
-      url: https://chatmail.at/doc/relay/
     steps:
       - uses: actions/checkout@v4
 

.github/workflows/test-and-deploy-ipv4only.yaml

@@ -16,11 +16,13 @@ jobs:
     name: deploy on staging-ipv4.testrun.org, and run tests
     runs-on: ubuntu-latest
     timeout-minutes: 30
-    environment:
-      name: staging-ipv4.testrun.org
-      url: https://staging-ipv4.testrun.org/
-    concurrency: staging-ipv4.testrun.org
+    concurrency:
+      group: ci-ipv4-${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: ${{ !contains(github.ref, '$GITHUB_REF') }}
     steps:
+      - uses: jsok/serialize-workflow-action@515cd04c46d7ea7435c4a22a3b4419127afdefe9
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: actions/checkout@v4
 
       - name: prepare SSH
@@ -71,35 +73,25 @@ jobs:
       - name: run deploy-chatmail offline tests 
         run: pytest --pyargs cmdeploy 
 
-      - name: setup dependencies
-        run: |
-          ssh root@staging-ipv4.testrun.org apt update
-          ssh root@staging-ipv4.testrun.org apt install -y git python3.11-venv python3-dev gcc
-          ssh root@staging-ipv4.testrun.org git clone https://github.com/chatmail/relay
-          ssh root@staging-ipv4.testrun.org "cd relay && git checkout " ${{ github.head_ref }}
-          ssh root@staging-ipv4.testrun.org "cd relay && scripts/initenv.sh"
+      - run: |
+          cmdeploy init staging-ipv4.testrun.org
+          sed -i 's#disable_ipv6 = False#disable_ipv6 = True#' chatmail.ini
 
-      - name: initialize config
-        run: |
-          ssh root@staging-ipv4.testrun.org "cd relay && scripts/cmdeploy init staging-ipv4.testrun.org"
-          ssh root@staging-ipv4.testrun.org "sed -i 's#disable_ipv6 = False#disable_ipv6 = True#' relay/chatmail.ini"
-          ssh root@staging-ipv4.testrun.org "sed -i 's/#\s*mtail_address/mtail_address/' relay/chatmail.ini"
-
-      - run: ssh root@staging-ipv4.testrun.org "cd relay && scripts/cmdeploy run --verbose --skip-dns-check"
+      - run: cmdeploy run --verbose --skip-dns-check
 
       - name: set DNS entries
         run: |
-          ssh root@staging-ipv4.testrun.org chown opendkim:opendkim -R /etc/dkimkeys
-          ssh root@staging-ipv4.testrun.org "cd relay && scripts/cmdeploy dns --zonefile staging-generated.zone"
-          ssh root@staging-ipv4.testrun.org cat relay/staging-generated.zone >> .github/workflows/staging-ipv4.testrun.org-default.zone
+          ssh -o StrictHostKeyChecking=accept-new -v root@staging-ipv4.testrun.org chown opendkim:opendkim -R /etc/dkimkeys
+          cmdeploy dns --zonefile staging-generated.zone
+          cat staging-generated.zone >> .github/workflows/staging-ipv4.testrun.org-default.zone
           cat .github/workflows/staging-ipv4.testrun.org-default.zone
           scp .github/workflows/staging-ipv4.testrun.org-default.zone root@ns.testrun.org:/etc/nsd/staging-ipv4.testrun.org.zone
           ssh root@ns.testrun.org nsd-checkzone staging-ipv4.testrun.org /etc/nsd/staging-ipv4.testrun.org.zone
           ssh root@ns.testrun.org systemctl reload nsd
 
       - name: cmdeploy test
-        run: ssh root@staging-ipv4.testrun.org "cd relay && CHATMAIL_DOMAIN2=ci-chatmail.testrun.org scripts/cmdeploy test --slow"
+        run: CHATMAIL_DOMAIN2=nine.testrun.org cmdeploy test --slow
 
       - name: cmdeploy dns
-        run: ssh root@staging-ipv4.testrun.org "cd relay && scripts/cmdeploy dns -v"
+        run: cmdeploy dns -v
 

.github/workflows/test-and-deploy.yaml

@@ -16,11 +16,13 @@ jobs:
     name: deploy on staging2.testrun.org, and run tests
     runs-on: ubuntu-latest
     timeout-minutes: 30
-    environment:
-      name: staging2.testrun.org
-      url: https://staging2.testrun.org/
-    concurrency: staging2.testrun.org
+    concurrency:
+      group: ci-${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: ${{ !contains(github.ref, '$GITHUB_REF') }}
     steps:
+      - uses: jsok/serialize-workflow-action@515cd04c46d7ea7435c4a22a3b4419127afdefe9
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: actions/checkout@v4
 
       - name: prepare SSH
@@ -68,16 +70,10 @@ jobs:
           rsync -avz dkimkeys-restore/dkimkeys root@staging2.testrun.org:/etc/ || true
           ssh -o StrictHostKeyChecking=accept-new -v root@staging2.testrun.org chown root:root -R /var/lib/acme || true
 
-      - name: add hpk42 key to staging server
-        run: ssh root@staging2.testrun.org 'curl -s https://github.com/hpk42.keys >> .ssh/authorized_keys'
-
       - name: run deploy-chatmail offline tests 
         run: pytest --pyargs cmdeploy 
 
-      - run: |
-          cmdeploy init staging2.testrun.org
-          sed -i 's/^ssh_host/#ssh_host/' chatmail.ini
-          sed -i 's/#\s*mtail_address/mtail_address/' chatmail.ini
+      - run: cmdeploy init staging2.testrun.org
 
       - run: cmdeploy run --verbose --skip-dns-check
 
@@ -92,7 +88,7 @@ jobs:
           ssh root@ns.testrun.org systemctl reload nsd
 
       - name: cmdeploy test
-        run: CHATMAIL_DOMAIN2=ci-chatmail.testrun.org cmdeploy test --slow
+        run: CHATMAIL_DOMAIN2=nine.testrun.org cmdeploy test --slow
 
       - name: cmdeploy dns
         run: cmdeploy dns -v

CHANGELOG.md

@@ -1,41 +1,6 @@
 # Changelog for chatmail deployment 
 
-## 1.9.0 2025-12-18
-
-### Documentation
-
-- Add RELEASE.md and CONTRIBUTING.md
-- README update, mention Chatmail Cookbook project
-
-### Bug Fixes
-
-- Expire messages also from IMAP subfolders
-- Use absolute path instead of relative path in message expiration script
-- Restart Postfix and Dovecot automatically on failure
-- acmetool: Use a fixed name and `reconcile` instead of `want`
-
-### Features
-
-- Report DKIM error code in SMTP response
-- Remove development notice from the web pages
-
-### Miscellaneous Tasks
-
-- Update the heading in the CHANGELOG.md
-- Setup git-cliff
-- Run tests against ci-chatmail.testrun.org instead of nine.testrun.org
-- Cleanup remaining echobot code, remove echobot user from deployment and passthrough recipients
-
-## 1.8.0 2025-12-12
-
-- Add imap_compress option to chatmail.ini
-  ([#760](https://github.com/chatmail/relay/pull/760))
-
-- Remove echobot from relays 
-  ([#753](https://github.com/chatmail/relay/pull/753))
-
-- Fix `cmdeploy webdev`
-  ([#743](https://github.com/chatmail/relay/pull/743))
+## untagged
 
 - Add robots.txt to exclude all web crawlers
   ([#732](https://github.com/chatmail/relay/pull/732))

CONTRIBUTING.md

@@ -1,7 +0,0 @@
-# Contributing to the chatmail relay
-
-Commit messages follow the [Conventional Commits] notation.
-We use [git-cliff] to generate the changelog from commit messages before the release.
-
-[Conventional Commits]: https://www.conventionalcommits.org/
-[git-cliff]: https://git-cliff.org/

RELEASE.md

@@ -1,15 +0,0 @@
-# Releasing a new version of chatmail relay
-
-For example, to release version 1.9.0 of chatmail relay, do the following steps.
-
-1. Update the changelog: `git cliff --unreleased --tag 1.9.0 --prepend CHANGELOG.md` or `git cliff -u -t 1.9.0 -p CHANGELOG.md`.
-
-2. Open the changelog in the editor, edit it if required.
-
-3. Commit the changes to the changelog with a commit message `chore(release): prepare for 1.9.0`.
-
-3. Tag the release: `git tag --annotate 1.9.0`.
-
-4. Push the release tag: `git push origin 1.9.0`.
-
-5. Create a GitHub release: `gh release create 1.9.0`.

chatmaild/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "chatmaild"
-version = "0.3"
+version = "0.2"
 dependencies = [
   "aiosmtpd",
   "iniconfig",
@@ -24,6 +24,8 @@ where = ['src']
 [project.scripts]
 doveauth = "chatmaild.doveauth:main"
 chatmail-metadata = "chatmaild.metadata:main"
+filtermail = "chatmaild.filtermail:main"
+echobot = "chatmaild.echo:main"
 chatmail-metrics = "chatmaild.metrics:main"
 chatmail-expire = "chatmaild.expire:main"
 chatmail-fsreport = "chatmaild.fsreport:main"
@@ -71,6 +73,5 @@ commands =
 deps = pytest 
        pdbpp 
        pytest-localserver
-       execnet
 commands = pytest -v -rsXx {posargs}
 """

chatmaild/src/chatmaild/config.py

@@ -1,52 +1,51 @@
-import os
 from pathlib import Path
 
 import iniconfig
 
 from chatmaild.user import User
 
+echobot_password_path = Path("/run/echobot/password")
+
 
 def read_config(inipath):
     assert Path(inipath).exists(), inipath
     cfg = iniconfig.IniConfig(inipath)
-    return Config(inipath, params=cfg.sections["params"])
+    params = cfg.sections["params"]
+    default_config_content = get_default_config_content(params["mail_domain"])
+    df_params = iniconfig.IniConfig("ini", data=default_config_content)["params"]
+    new_params = dict(df_params.items())
+    new_params.update(params)
+    return Config(inipath, params=new_params)
 
 
 class Config:
     def __init__(self, inipath, params):
         self._inipath = inipath
         self.mail_domain = params["mail_domain"]
-        self.ssh_host = params.get("ssh_host", self.mail_domain)
-        self.max_user_send_per_minute = int(params.get("max_user_send_per_minute", 60))
-        self.max_user_send_burst_size = int(params.get("max_user_send_burst_size", 10))
-        self.max_mailbox_size = params.get("max_mailbox_size", "500M")
-        self.max_message_size = int(params.get("max_message_size", 31457280))
-        self.delete_mails_after = params.get("delete_mails_after", "20")
-        self.delete_large_after = params.get("delete_large_after", "7")
-        self.delete_inactive_users_after = int(
-            params.get("delete_inactive_users_after", 100)
-        )
-        self.username_min_length = int(params.get("username_min_length", 9))
-        self.username_max_length = int(params.get("username_max_length", 9))
-        self.password_min_length = int(params.get("password_min_length", 9))
-        self.passthrough_senders = params.get("passthrough_senders", "").split()
-        self.passthrough_recipients = params.get("passthrough_recipients", "").split()
+        self.max_user_send_per_minute = int(params["max_user_send_per_minute"])
+        self.max_mailbox_size = params["max_mailbox_size"]
+        self.max_message_size = int(params.get("max_message_size", "31457280"))
+        self.delete_mails_after = params["delete_mails_after"]
+        self.delete_large_after = params["delete_large_after"]
+        self.delete_inactive_users_after = int(params["delete_inactive_users_after"])
+        self.username_min_length = int(params["username_min_length"])
+        self.username_max_length = int(params["username_max_length"])
+        self.password_min_length = int(params["password_min_length"])
+        self.passthrough_senders = params["passthrough_senders"].split()
+        self.passthrough_recipients = params["passthrough_recipients"].split()
         self.www_folder = params.get("www_folder", "")
-        self.filtermail_smtp_port = int(params.get("filtermail_smtp_port", "10080"))
+        self.filtermail_smtp_port = int(params["filtermail_smtp_port"])
         self.filtermail_smtp_port_incoming = int(
-            params.get("filtermail_smtp_port_incoming", "10081")
+            params["filtermail_smtp_port_incoming"]
         )
-        self.postfix_reinject_port = int(params.get("postfix_reinject_port", "10025"))
+        self.postfix_reinject_port = int(params["postfix_reinject_port"])
         self.postfix_reinject_port_incoming = int(
-            params.get("postfix_reinject_port_incoming", "10026")
+            params["postfix_reinject_port_incoming"]
         )
         self.mtail_address = params.get("mtail_address")
         self.disable_ipv6 = params.get("disable_ipv6", "false").lower() == "true"
-        self.addr_v4 = os.environ.get("CHATMAIL_ADDR_V4", "")
-        self.addr_v6 = os.environ.get("CHATMAIL_ADDR_V6", "")
         self.acme_email = params.get("acme_email", "")
         self.imap_rawlog = params.get("imap_rawlog", "false").lower() == "true"
-        self.imap_compress = params.get("imap_compress", "false").lower() == "true"
         if "iroh_relay" not in params:
             self.iroh_relay = "https://" + params["mail_domain"]
             self.enable_iroh_relay = True
@@ -73,7 +72,10 @@ class Config:
             raise ValueError(f"invalid address {addr!r}")
 
         maildir = self.mailboxes_dir.joinpath(addr)
-        password_path = maildir.joinpath("password")
+        if addr.startswith("echo@"):
+            password_path = echobot_password_path
+        else:
+            password_path = maildir.joinpath("password")
 
         return User(maildir, addr, password_path, uid="vmail", gid="vmail")
 

chatmaild/src/chatmaild/dictproxy.py

@@ -22,7 +22,7 @@ class DictProxy:
                 wfile.flush()
 
     def handle_dovecot_request(self, msg, transactions):
-        # see https://doc.dovecot.org/2.3/developer_manual/design/dict_protocol/#dovecot-dict-protocol
+        # see https://doc.dovecot.org/developer_manual/design/dict_protocol/#dovecot-dict-protocol
         short_command = msg[0]
         parts = msg[1:].split("\t")
 

chatmaild/src/chatmaild/doveauth.py

@@ -16,7 +16,7 @@ NOCREATE_FILE = "/etc/chatmail-nocreate"
 
 
 def encrypt_password(password: str):
-    # https://doc.dovecot.org/2.3/configuration_manual/authentication/password_schemes/
+    # https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
     passhash = crypt_r.crypt(password, crypt_r.METHOD_SHA512)
     return "{SHA512-CRYPT}" + passhash
 
@@ -40,6 +40,10 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
         return False
     localpart, domain = parts
 
+    if localpart == "echo":
+        # echobot account should not be created in the database
+        return False
+
     if (
         len(localpart) > config.username_max_length
         or len(localpart) < config.username_min_length

chatmaild/src/chatmaild/echo.py

@@ -0,0 +1,109 @@
+#!/usr/bin/env python3
+"""Advanced echo bot example.
+
+it will echo back any message that has non-empty text and also supports the /help command.
+"""
+
+import logging
+import os
+import subprocess
+import sys
+from pathlib import Path
+
+from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events
+
+from chatmaild.config import echobot_password_path, read_config
+from chatmaild.doveauth import encrypt_password
+from chatmaild.newemail import create_newemail_dict
+
+hooks = events.HookCollection()
+
+
+@hooks.on(events.RawEvent)
+def log_event(event):
+    if event.kind == EventType.INFO:
+        logging.info(event.msg)
+    elif event.kind == EventType.WARNING:
+        logging.warning(event.msg)
+
+
+@hooks.on(events.RawEvent(EventType.ERROR))
+def log_error(event):
+    logging.error("%s", event.msg)
+
+
+@hooks.on(events.MemberListChanged)
+def on_memberlist_changed(event):
+    logging.info(
+        "member %s was %s", event.member, "added" if event.member_added else "removed"
+    )
+
+
+@hooks.on(events.GroupImageChanged)
+def on_group_image_changed(event):
+    logging.info("group image %s", "deleted" if event.image_deleted else "changed")
+
+
+@hooks.on(events.GroupNameChanged)
+def on_group_name_changed(event):
+    logging.info(f"group name changed, old name: {event.old_name}")
+
+
+@hooks.on(events.NewMessage(func=lambda e: not e.command))
+def echo(event):
+    snapshot = event.message_snapshot
+    if snapshot.is_info:
+        # Ignore info messages
+        return
+    if snapshot.text or snapshot.file:
+        snapshot.chat.send_message(text=snapshot.text, file=snapshot.file)
+
+
+@hooks.on(events.NewMessage(command="/help"))
+def help_command(event):
+    snapshot = event.message_snapshot
+    snapshot.chat.send_text("Send me any message and I will echo it back")
+
+
+def main():
+    logging.basicConfig(level=logging.INFO)
+    path = os.environ.get("PATH")
+    venv_path = sys.argv[0].strip("echobot")
+    os.environ["PATH"] = path + ":" + venv_path
+    with Rpc() as rpc:
+        deltachat = DeltaChat(rpc)
+        system_info = deltachat.get_system_info()
+        logging.info(f"Running deltachat core {system_info.deltachat_core_version}")
+
+        accounts = deltachat.get_all_accounts()
+        account = accounts[0] if accounts else deltachat.add_account()
+
+        bot = Bot(account, hooks)
+
+        config = read_config(sys.argv[1])
+        addr = "echo@" + config.mail_domain
+
+        # Create password file
+        if bot.is_configured():
+            password = bot.account.get_config("mail_pw")
+        else:
+            password = create_newemail_dict(config)["password"]
+
+        echobot_password_path.write_text(encrypt_password(password))
+        # Give the user which doveauth runs as access to the password file.
+        subprocess.check_call(
+            ["/usr/bin/setfacl", "-m", "user:vmail:r", echobot_password_path],
+        )
+
+        if not bot.is_configured():
+            bot.configure(addr, password)
+
+        # write invite link to working directory
+        invitelink = bot.account.get_qr_code()
+        Path("invite-link.txt").write_text(invitelink)
+
+        bot.run_forever()
+
+
+if __name__ == "__main__":
+    main()

chatmaild/src/chatmaild/expire.py

@@ -14,7 +14,7 @@ from stat import S_ISREG
 
 from chatmaild.config import read_config
 
-FileEntry = namedtuple("FileEntry", ("path", "mtime", "size"))
+FileEntry = namedtuple("FileEntry", ("relpath", "mtime", "size"))
 
 
 def iter_mailboxes(basedir, maxnum):
@@ -51,27 +51,33 @@ class MailboxStat:
 
     def __init__(self, basedir):
         self.basedir = str(basedir)
+        # all detected messages in cur/new/tmp folders
         self.messages = []
-        self.extrafiles = []
-        self.scandir(self.basedir)
 
-    def scandir(self, folderdir):
-        for name in os_listdir_if_exists(folderdir):
-            path = f"{folderdir}/{name}"
+        # all detected files in mailbox top dir
+        self.extrafiles = []
+
+        # scan all relevant files (without recursion)
+        old_cwd = os.getcwd()
+        try:
+            os.chdir(self.basedir)
+        except FileNotFoundError:
+            return
+        for name in os_listdir_if_exists("."):
             if name in ("cur", "new", "tmp"):
-                for msg_name in os_listdir_if_exists(path):
-                    entry = get_file_entry(f"{path}/{msg_name}")
+                for msg_name in os_listdir_if_exists(name):
+                    entry = get_file_entry(f"{name}/{msg_name}")
                     if entry is not None:
                         self.messages.append(entry)
-            elif os.path.isdir(path):
-                self.scandir(path)
+
             else:
-                entry = get_file_entry(path)
+                entry = get_file_entry(name)
                 if entry is not None:
                     self.extrafiles.append(entry)
                     if name == "password":
                         self.last_login = entry.mtime
         self.extrafiles.sort(key=lambda x: -x.size)
+        os.chdir(old_cwd)
 
 
 def print_info(msg):
@@ -124,6 +130,13 @@ class Expiry:
             self.remove_mailbox(mbox.basedir)
             return
 
+        # all to-be-removed files are relative to the mailbox basedir
+        try:
+            os.chdir(mbox.basedir)
+        except FileNotFoundError:
+            print_info(f"mailbox not found/vanished {mbox.basedir}")
+            return
+
         mboxname = os.path.basename(mbox.basedir)
         if self.verbose:
             date = datetime.fromtimestamp(mbox.last_login) if mbox.last_login else None
@@ -134,17 +147,16 @@ class Expiry:
         self.all_files += len(mbox.messages)
         for message in mbox.messages:
             if message.mtime < cutoff_mails:
-                self.remove_file(message.path, mtime=message.mtime)
+                self.remove_file(message.relpath, mtime=message.mtime)
             elif message.size > 200000 and message.mtime < cutoff_large_mails:
                 # we only remove noticed large files (not unnoticed ones in new/)
-                parts = message.path.split("/")
-                if len(parts) >= 2 and parts[-2] == "cur":
-                    self.remove_file(message.path, mtime=message.mtime)
+                if message.relpath.startswith("cur/"):
+                    self.remove_file(message.relpath, mtime=message.mtime)
             else:
                 continue
             changed = True
         if changed:
-            self.remove_file(f"{mbox.basedir}/maildirsize")
+            self.remove_file("maildirsize")
 
     def get_summary(self):
         return (

chatmaild/src/chatmaild/filtermail.py

@@ -0,0 +1,381 @@
+#!/usr/bin/env python3
+import asyncio
+import base64
+import binascii
+import sys
+import time
+from email import policy
+from email.parser import BytesParser
+from email.utils import parseaddr
+from smtplib import SMTP as SMTPClient
+
+from aiosmtpd.controller import Controller
+from aiosmtpd.smtp import SMTP
+
+from .config import read_config
+
+ENCRYPTION_NEEDED_523 = "523 Encryption Needed: Invalid Unencrypted Mail"
+
+
+def check_openpgp_payload(payload: bytes):
+    """Checks the OpenPGP payload.
+
+    OpenPGP payload must consist only of PKESK and SKESK packets
+    terminated by a single SEIPD packet.
+
+    Returns True if OpenPGP payload is correct,
+    False otherwise.
+
+    May raise IndexError while trying to read OpenPGP packet header
+    if it is truncated.
+    """
+    i = 0
+    while i < len(payload):
+        # Only OpenPGP format is allowed.
+        if payload[i] & 0xC0 != 0xC0:
+            return False
+
+        packet_type_id = payload[i] & 0x3F
+        i += 1
+
+        while payload[i] >= 224 and payload[i] < 255:
+            # Partial body length.
+            partial_length = 1 << (payload[i] & 0x1F)
+            i += 1 + partial_length
+
+        if payload[i] < 192:
+            # One-octet length.
+            body_len = payload[i]
+            i += 1
+        elif payload[i] < 224:
+            # Two-octet length.
+            body_len = ((payload[i] - 192) << 8) + payload[i + 1] + 192
+            i += 2
+        elif payload[i] == 255:
+            # Five-octet length.
+            body_len = (
+                (payload[i + 1] << 24)
+                | (payload[i + 2] << 16)
+                | (payload[i + 3] << 8)
+                | payload[i + 4]
+            )
+            i += 5
+        else:
+            # Impossible, partial body length was processed above.
+            return False
+
+        i += body_len
+
+        if i == len(payload):
+            # Last packet should be
+            # Symmetrically Encrypted and Integrity Protected Data Packet (SEIPD)
+            #
+            # This is the only place where this function may return `True`.
+            return packet_type_id == 18
+        elif packet_type_id not in [1, 3]:
+            # All packets except the last one must be either
+            # Public-Key Encrypted Session Key Packet (PKESK)
+            # or
+            # Symmetric-Key Encrypted Session Key Packet (SKESK)
+            return False
+
+    return False
+
+
+def check_armored_payload(payload: str, outgoing: bool):
+    """Check the armored PGP message for invalid content.
+
+    :param payload: the armored PGP message
+    :param outgoing: whether the message is outgoing or incoming
+    :return: whether the message is a valid PGP message
+    """
+    prefix = "-----BEGIN PGP MESSAGE-----\r\n"
+    if not payload.startswith(prefix):
+        return False
+    payload = payload.removeprefix(prefix)
+
+    while payload.endswith("\r\n"):
+        payload = payload.removesuffix("\r\n")
+    suffix = "-----END PGP MESSAGE-----"
+    if not payload.endswith(suffix):
+        return False
+    payload = payload.removesuffix(suffix)
+
+    version_comment = "Version: "
+    if payload.startswith(version_comment):
+        if outgoing:  # Disallow comments in outgoing messages
+            return False
+        # Remove comments from incoming messages
+        payload = payload.partition("\r\n")[2]
+
+    while payload.startswith("\r\n"):
+        payload = payload.removeprefix("\r\n")
+
+    # Remove CRC24.
+    payload = payload.rpartition("=")[0]
+
+    try:
+        payload = base64.b64decode(payload)
+    except binascii.Error:
+        return False
+
+    try:
+        return check_openpgp_payload(payload)
+    except IndexError:
+        return False
+
+
+def is_securejoin(message):
+    if message.get("secure-join") not in ["vc-request", "vg-request"]:
+        return False
+    if not message.is_multipart():
+        return False
+    parts_count = 0
+    for part in message.iter_parts():
+        parts_count += 1
+        if parts_count > 1:
+            return False
+        if part.is_multipart():
+            return False
+        if part.get_content_type() != "text/plain":
+            return False
+
+        payload = part.get_payload().strip().lower()
+        if payload not in ("secure-join: vc-request", "secure-join: vg-request"):
+            return False
+    return True
+
+
+def check_encrypted(message, outgoing=True):
+    """Check that the message is an OpenPGP-encrypted message.
+
+    MIME structure of the message must correspond to <https://www.rfc-editor.org/rfc/rfc3156>.
+    """
+    if not message.is_multipart():
+        return False
+    if message.get_content_type() != "multipart/encrypted":
+        return False
+    parts_count = 0
+    for part in message.iter_parts():
+        # We explicitly check Content-Type of each part later,
+        # but this is to be absolutely sure `get_payload()` returns string and not list.
+        if part.is_multipart():
+            return False
+
+        if parts_count == 0:
+            if part.get_content_type() != "application/pgp-encrypted":
+                return False
+
+            payload = part.get_payload()
+            if payload.strip() != "Version: 1":
+                return False
+        elif parts_count == 1:
+            if part.get_content_type() != "application/octet-stream":
+                return False
+
+            if not check_armored_payload(part.get_payload(), outgoing=outgoing):
+                return False
+        else:
+            return False
+        parts_count += 1
+    return True
+
+
+async def asyncmain_beforequeue(config, mode):
+    if mode == "outgoing":
+        port = config.filtermail_smtp_port
+        handler = OutgoingBeforeQueueHandler(config)
+    else:
+        port = config.filtermail_smtp_port_incoming
+        handler = IncomingBeforeQueueHandler(config)
+    HackedController(
+        handler,
+        hostname="127.0.0.1",
+        port=port,
+        data_size_limit=config.max_message_size,
+    ).start()
+
+
+def recipient_matches_passthrough(recipient, passthrough_recipients):
+    for addr in passthrough_recipients:
+        if recipient == addr:
+            return True
+        if addr[0] == "@" and recipient.endswith(addr):
+            return True
+    return False
+
+
+class HackedController(Controller):
+    def factory(self):
+        return SMTPDiscardRCPTO_options(self.handler, **self.SMTP_kwargs)
+
+
+class SMTPDiscardRCPTO_options(SMTP):
+    def _getparams(self, params):
+        # Ignore RCPT TO parameters.
+        #
+        # Otherwise parameters such as `ORCPT=...`
+        # or `NOTIFY=DELAY,FAILURE` (generated by Stalwart)
+        # make aiosmtpd reject the message here:
+        # <https://github.com/aio-libs/aiosmtpd/blob/98f578389ae86e5345cc343fa4e5a17b21d9c96d/aiosmtpd/smtp.py#L1379-L1384>
+        return {}
+
+
+class OutgoingBeforeQueueHandler:
+    def __init__(self, config):
+        self.config = config
+        self.send_rate_limiter = SendRateLimiter()
+
+    async def handle_MAIL(self, server, session, envelope, address, mail_options):
+        log_info(f"handle_MAIL from {address}")
+        envelope.mail_from = address
+        max_sent = self.config.max_user_send_per_minute
+        if not self.send_rate_limiter.is_sending_allowed(address, max_sent):
+            return f"450 4.7.1: Too much mail from {address}"
+
+        parts = envelope.mail_from.split("@")
+        if len(parts) != 2:
+            return f"500 Invalid from address <{envelope.mail_from!r}>"
+
+        return "250 OK"
+
+    async def handle_DATA(self, server, session, envelope):
+        loop = asyncio.get_running_loop()
+        return await loop.run_in_executor(None, self.sync_handle_DATA, envelope)
+
+    def sync_handle_DATA(self, envelope):
+        log_info("handle_DATA before-queue")
+        error = self.check_DATA(envelope)
+        if error:
+            return error
+        log_info("re-injecting the mail that passed checks")
+        client = SMTPClient("localhost", self.config.postfix_reinject_port)
+        client.sendmail(
+            envelope.mail_from, envelope.rcpt_tos, envelope.original_content
+        )
+        return "250 OK"
+
+    def check_DATA(self, envelope):
+        """the central filtering function for e-mails."""
+        log_info(f"Processing DATA message from {envelope.mail_from}")
+
+        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
+        mail_encrypted = check_encrypted(message, outgoing=True)
+
+        _, from_addr = parseaddr(message.get("from").strip())
+
+        if envelope.mail_from.lower() != from_addr.lower():
+            return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"
+
+        if mail_encrypted or is_securejoin(message):
+            print("Outgoing: Filtering encrypted mail.", file=sys.stderr)
+            return
+
+        print("Outgoing: Filtering unencrypted mail.", file=sys.stderr)
+
+        if envelope.mail_from in self.config.passthrough_senders:
+            return
+
+        # allow self-sent Autocrypt Setup Message
+        if envelope.rcpt_tos == [from_addr]:
+            if message.get("subject") == "Autocrypt Setup Message":
+                if message.get_content_type() == "multipart/mixed":
+                    return
+
+        passthrough_recipients = self.config.passthrough_recipients
+
+        for recipient in envelope.rcpt_tos:
+            if recipient_matches_passthrough(recipient, passthrough_recipients):
+                continue
+
+            print("Rejected unencrypted mail.", file=sys.stderr)
+            return ENCRYPTION_NEEDED_523
+
+
+class IncomingBeforeQueueHandler:
+    def __init__(self, config):
+        self.config = config
+
+    async def handle_DATA(self, server, session, envelope):
+        loop = asyncio.get_running_loop()
+        return await loop.run_in_executor(None, self.sync_handle_DATA, envelope)
+
+    def sync_handle_DATA(self, envelope):
+        log_info("handle_DATA before-queue")
+        error = self.check_DATA(envelope)
+        if error:
+            return error
+        log_info("re-injecting the mail that passed checks")
+
+        # the smtp daemon on reinject_port_incoming gives it to dkim milter
+        # which looks at source address to determine whether to verify or sign
+        client = SMTPClient(
+            "localhost",
+            self.config.postfix_reinject_port_incoming,
+            source_address=("127.0.0.2", 0),
+        )
+        client.sendmail(
+            envelope.mail_from, envelope.rcpt_tos, envelope.original_content
+        )
+        return "250 OK"
+
+    def check_DATA(self, envelope):
+        """the central filtering function for e-mails."""
+        log_info(f"Processing DATA message from {envelope.mail_from}")
+
+        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
+        mail_encrypted = check_encrypted(message, outgoing=False)
+
+        if mail_encrypted or is_securejoin(message):
+            print("Incoming: Filtering encrypted mail.", file=sys.stderr)
+            return
+
+        print("Incoming: Filtering unencrypted mail.", file=sys.stderr)
+
+        # we want cleartext mailer-daemon messages to pass through
+        # chatmail core will typically not display them as normal messages
+        if message.get("auto-submitted"):
+            _, from_addr = parseaddr(message.get("from").strip())
+            if from_addr.lower().startswith("mailer-daemon@"):
+                if message.get_content_type() == "multipart/report":
+                    return
+
+        for recipient in envelope.rcpt_tos:
+            user = self.config.get_user(recipient)
+            if user is None or user.is_incoming_cleartext_ok():
+                continue
+
+            print("Rejected unencrypted mail.", file=sys.stderr)
+            return ENCRYPTION_NEEDED_523
+
+
+class SendRateLimiter:
+    def __init__(self):
+        self.addr2timestamps = {}
+
+    def is_sending_allowed(self, mail_from, max_send_per_minute):
+        last = self.addr2timestamps.setdefault(mail_from, [])
+        now = time.time()
+        last[:] = [ts for ts in last if ts >= (now - 60)]
+        if len(last) <= max_send_per_minute:
+            last.append(now)
+            return True
+        return False
+
+
+def log_info(msg):
+    print(msg, file=sys.stderr)
+
+
+def main():
+    args = sys.argv[1:]
+    assert len(args) == 2
+    config = read_config(args[0])
+    mode = args[1]
+    loop = asyncio.new_event_loop()
+    asyncio.set_event_loop(loop)
+    assert mode in ["incoming", "outgoing"]
+    task = asyncmain_beforequeue(config, mode)
+    loop.create_task(task)
+    log_info("entering serving loop")
+    loop.run_forever()

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -3,9 +3,6 @@
 # mail domain (MUST be set to fully qualified chat mail domain)
 mail_domain = {mail_domain}
 
-# Where to deploy the relay - if unspecified, mail_domain will be used.
-ssh_host = localhost
-
 #
 # If you only do private test deploys, you don't need to modify any settings below
 #
@@ -14,14 +11,11 @@ ssh_host = localhost
 # Restrictions on user addresses
 #
 
-# email sending rate per user and minute
+# how many mails a user can send out per minute
 max_user_send_per_minute = 60
 
-# per-user max burst size for sending rate limiting (GCRA bucket capacity)
-max_user_send_burst_size = 10
-
 # maximum mailbox size of a chatmail address
-max_mailbox_size = 500M
+max_mailbox_size = 100M
 
 # maximum message size for an e-mail in bytes
 max_message_size = 31457280
@@ -49,9 +43,9 @@ passthrough_senders =
 
 # list of e-mail recipients for which to accept outbound un-encrypted mails
 # (space-separated, item may start with "@" to whitelist whole recipient domains)
-passthrough_recipients =
+passthrough_recipients = echo@{mail_domain}
 
-# path to www directory - documented here: https://chatmail.at/doc/relay/getting_started.html#custom-web-pages
+# path to www directory - documented here: https://github.com/chatmail/relay/#custom-web-pages
 #www_folder = www
 
 #
@@ -105,12 +99,6 @@ acme_email =
 # so use this option with caution on production servers. 
 imap_rawlog = false 
 
-# set to true if you want to enable the IMAP COMPRESS Extension,
-# which allows IMAP connections to be efficiently compressed.
-# WARNING: Enabling this makes it impossible to hibernate IMAP
-# processes which will result in much higher memory/RAM usage.
-imap_compress = false
-
 
 #
 # Privacy Policy

chatmaild/src/chatmaild/lastlogin.py

@@ -13,6 +13,8 @@ class LastLoginDictProxy(DictProxy):
         keyname = parts[1].split("/")
         value = parts[2] if len(parts) > 2 else ""
         if keyname[0] == "shared" and keyname[1] == "last-login":
+            if addr.startswith("echo@"):
+                return True
             addr = keyname[2]
             timestamp = int(value)
             user = self.config.get_user(addr)

chatmaild/src/chatmaild/tests/test_config.py

@@ -33,7 +33,7 @@ def test_read_config_testrun(make_config):
     assert config.filtermail_smtp_port == 10080
     assert config.postfix_reinject_port == 10025
     assert config.max_user_send_per_minute == 60
-    assert config.max_mailbox_size == "500M"
+    assert config.max_mailbox_size == "100M"
     assert config.delete_mails_after == "20"
     assert config.delete_large_after == "7"
     assert config.username_min_length == 9

chatmaild/src/chatmaild/tests/test_expire.py

@@ -17,17 +17,19 @@ from chatmaild.expire import main as expiry_main
 from chatmaild.fsreport import main as report_main
 
 
-def fill_mbox(folderdir):
-    password = folderdir.joinpath("password")
+def fill_mbox(basedir):
+    basedir1 = basedir.joinpath("mailbox1@example.org")
+    basedir1.mkdir()
+    password = basedir1.joinpath("password")
     password.write_text("xxx")
-    folderdir.joinpath("maildirsize").write_text("xxx")
+    basedir1.joinpath("maildirsize").write_text("xxx")
 
-    garbagedir = folderdir.joinpath("garbagedir")
+    garbagedir = basedir1.joinpath("garbagedir")
     garbagedir.mkdir()
-    garbagedir.joinpath("bimbum").write_text("hello")
 
-    create_new_messages(folderdir, ["cur/msg1"], size=500)
-    create_new_messages(folderdir, ["new/msg2"], size=600)
+    create_new_messages(basedir1, ["cur/msg1"], size=500)
+    create_new_messages(basedir1, ["new/msg2"], size=600)
+    return basedir1
 
 
 def create_new_messages(basedir, relpaths, size=1000, days=0):
@@ -43,21 +45,8 @@ def create_new_messages(basedir, relpaths, size=1000, days=0):
 
 @pytest.fixture
 def mbox1(example_config):
-    mboxdir = example_config.mailboxes_dir.joinpath("mailbox1@example.org")
-    mboxdir.mkdir()
-    fill_mbox(mboxdir)
-    return MailboxStat(mboxdir)
-
-
-def test_deltachat_folder(example_config):
-    """Test old setups that might have a .DeltaChat folder where messages also need to get removed."""
-    mboxdir = example_config.mailboxes_dir.joinpath("mailbox1@example.org")
-    mboxdir.mkdir()
-    mbox2dir = mboxdir.joinpath(".DeltaChat")
-    mbox2dir.mkdir()
-    fill_mbox(mbox2dir)
-    mb = MailboxStat(mboxdir)
-    assert len(mb.messages) == 2
+    basedir1 = fill_mbox(example_config.mailboxes_dir)
+    return MailboxStat(basedir1)
 
 
 def test_filentry_ordering(tmp_path):
@@ -87,7 +76,7 @@ def test_stats_mailbox(mbox1):
     create_new_messages(mbox1.basedir, ["large-extra"], size=1000)
     create_new_messages(mbox1.basedir, ["index-something"], size=3)
     mbox2 = MailboxStat(mbox1.basedir)
-    assert len(mbox2.extrafiles) == 5
+    assert len(mbox2.extrafiles) == 4
     assert mbox2.extrafiles[0].size == 1000
 
     # cope well with mailbox dirs that have no password (for whatever reason)

chatmaild/src/chatmaild/tests/test_filtermail.py

@@ -0,0 +1,361 @@
+import pytest
+
+from chatmaild.filtermail import (
+    IncomingBeforeQueueHandler,
+    OutgoingBeforeQueueHandler,
+    SendRateLimiter,
+    check_armored_payload,
+    check_encrypted,
+    is_securejoin,
+)
+
+
+@pytest.fixture
+def maildomain():
+    # let's not depend on a real chatmail instance for the offline tests below
+    return "chatmail.example.org"
+
+
+@pytest.fixture
+def handler(make_config, maildomain):
+    config = make_config(maildomain)
+    return OutgoingBeforeQueueHandler(config)
+
+
+@pytest.fixture
+def inhandler(make_config, maildomain):
+    config = make_config(maildomain)
+    return IncomingBeforeQueueHandler(config)
+
+
+def test_reject_forged_from(maildata, gencreds, handler):
+    class env:
+        mail_from = gencreds()[0]
+        rcpt_tos = [gencreds()[0]]
+
+    # test that the filter lets good mail through
+    to_addr = gencreds()[0]
+    env.content = maildata(
+        "encrypted.eml", from_addr=env.mail_from, to_addr=to_addr
+    ).as_bytes()
+
+    assert not handler.check_DATA(envelope=env)
+
+    # test that the filter rejects forged mail
+    env.content = maildata(
+        "encrypted.eml", from_addr="forged@c3.testrun.org", to_addr=to_addr
+    ).as_bytes()
+    error = handler.check_DATA(envelope=env)
+    assert "500" in error
+
+
+def test_filtermail_no_encryption_detection(maildata):
+    msg = maildata(
+        "plain.eml", from_addr="some@example.org", to_addr="other@example.org"
+    )
+    assert not check_encrypted(msg)
+
+    # https://xkcd.com/1181/
+    msg = maildata(
+        "fake-encrypted.eml", from_addr="some@example.org", to_addr="other@example.org"
+    )
+    assert not check_encrypted(msg)
+
+
+def test_filtermail_securejoin_detection(maildata):
+    msg = maildata(
+        "securejoin-vc.eml", from_addr="some@example.org", to_addr="other@example.org"
+    )
+    assert is_securejoin(msg)
+
+    msg = maildata(
+        "securejoin-vc-fake.eml",
+        from_addr="some@example.org",
+        to_addr="other@example.org",
+    )
+    assert not is_securejoin(msg)
+
+
+def test_filtermail_encryption_detection(maildata):
+    msg = maildata(
+        "encrypted.eml",
+        from_addr="1@example.org",
+        to_addr="2@example.org",
+        subject="Subject does not matter, will be replaced anyway",
+    )
+    assert check_encrypted(msg)
+
+
+def test_filtermail_no_literal_packets(maildata):
+    """Test that literal OpenPGP packet is not considered an encrypted mail."""
+    msg = maildata("literal.eml", from_addr="1@example.org", to_addr="2@example.org")
+    assert not check_encrypted(msg)
+
+
+def test_filtermail_unencrypted_mdn(maildata, gencreds):
+    """Unencrypted MDNs should not pass."""
+    from_addr = gencreds()[0]
+    to_addr = gencreds()[0] + ".other"
+    msg = maildata("mdn.eml", from_addr=from_addr, to_addr=to_addr)
+
+    assert not check_encrypted(msg)
+
+
+def test_send_rate_limiter():
+    limiter = SendRateLimiter()
+    for i in range(100):
+        if limiter.is_sending_allowed("some@example.org", 10):
+            if i <= 10:
+                continue
+            pytest.fail("limiter didn't work")
+        else:
+            assert i == 11
+            break
+
+
+def test_cleartext_excempt_privacy(maildata, gencreds, handler):
+    from_addr = gencreds()[0]
+    to_addr = "privacy@testrun.org"
+    handler.config.passthrough_recipients = [to_addr]
+    false_to = "privacy@something.org"
+
+    msg = maildata("plain.eml", from_addr=from_addr, to_addr=to_addr)
+
+    class env:
+        mail_from = from_addr
+        rcpt_tos = [to_addr]
+        content = msg.as_bytes()
+
+    # assert that None/no error is returned
+    assert not handler.check_DATA(envelope=env)
+
+    class env2:
+        mail_from = from_addr
+        rcpt_tos = [to_addr, false_to]
+        content = msg.as_bytes()
+
+    assert "523" in handler.check_DATA(envelope=env2)
+
+
+def test_cleartext_self_send_autocrypt_setup_message(maildata, gencreds, handler):
+    from_addr = gencreds()[0]
+    to_addr = from_addr
+
+    msg = maildata("asm.eml", from_addr=from_addr, to_addr=to_addr)
+
+    class env:
+        mail_from = from_addr
+        rcpt_tos = [to_addr]
+        content = msg.as_bytes()
+
+    assert not handler.check_DATA(envelope=env)
+
+
+def test_cleartext_send_fails(maildata, gencreds, handler):
+    from_addr = gencreds()[0]
+    to_addr = gencreds()[0]
+
+    msg = maildata("plain.eml", from_addr=from_addr, to_addr=to_addr)
+
+    class env:
+        mail_from = from_addr
+        rcpt_tos = [to_addr]
+        content = msg.as_bytes()
+
+    res = handler.check_DATA(envelope=env)
+    assert "523 Encryption Needed" in res
+
+
+def test_cleartext_incoming_fails(maildata, gencreds, inhandler):
+    from_addr = gencreds()[0]
+    to_addr, password = gencreds()
+
+    msg = maildata("plain.eml", from_addr=from_addr, to_addr=to_addr)
+
+    class env:
+        mail_from = from_addr
+        rcpt_tos = [to_addr]
+        content = msg.as_bytes()
+
+    user = inhandler.config.get_user(to_addr)
+    user.set_password(password)
+    res = inhandler.check_DATA(envelope=env)
+    assert "523 Encryption Needed" in res
+
+    user.allow_incoming_cleartext()
+    assert not inhandler.check_DATA(envelope=env)
+
+
+def test_cleartext_incoming_mailer_daemon(maildata, gencreds, inhandler):
+    from_addr = "mailer-daemon@example.org"
+    to_addr = gencreds()[0]
+
+    msg = maildata("mailer-daemon.eml", from_addr=from_addr, to_addr=to_addr)
+
+    class env:
+        mail_from = from_addr
+        rcpt_tos = [to_addr]
+        content = msg.as_bytes()
+
+    assert not inhandler.check_DATA(envelope=env)
+
+
+def test_cleartext_passthrough_domains(maildata, gencreds, handler):
+    from_addr = gencreds()[0]
+    to_addr = "privacy@x.y.z"
+    handler.config.passthrough_recipients = ["@x.y.z"]
+    false_to = "something@x.y"
+
+    msg = maildata("plain.eml", from_addr=from_addr, to_addr=to_addr)
+
+    class env:
+        mail_from = from_addr
+        rcpt_tos = [to_addr]
+        content = msg.as_bytes()
+
+    # assert that None/no error is returned
+    assert not handler.check_DATA(envelope=env)
+
+    class env2:
+        mail_from = from_addr
+        rcpt_tos = [to_addr, false_to]
+        content = msg.as_bytes()
+
+    assert "523" in handler.check_DATA(envelope=env2)
+
+
+def test_cleartext_passthrough_senders(gencreds, handler, maildata):
+    acc1 = gencreds()[0]
+    to_addr = "recipient@something.org"
+    handler.config.passthrough_senders = [acc1]
+
+    msg = maildata("plain.eml", from_addr=acc1, to_addr=to_addr)
+
+    class env:
+        mail_from = acc1
+        rcpt_tos = to_addr
+        content = msg.as_bytes()
+
+    # assert that None/no error is returned
+    assert not handler.check_DATA(envelope=env)
+
+
+def test_check_armored_payload():
+    prefix = "-----BEGIN PGP MESSAGE-----\r\n"
+    comment = "Version: ProtonMail\r\n"
+    payload = """\r
+wU4DSqFx0d1yqAoSAQdAYkX/ZN/Az4B0k7X47zKyWrXxlDEdS3WOy0Yf2+GJTFgg\r
+Zk5ql0mLG8Ze+ZifCS0XMO4otlemSyJ0K1ZPdFMGzUDBTgNqzkFabxXoXRIBB0AM\r
+755wlX41X6Ay3KhnwBq7yEqSykVH6F3x11iHPKraLCAGZoaS8bKKNy/zg5slda1X\r
+pt14b4aC1VwtSnYhcRRELNLD/wE2TFif+g7poMmFY50VyMPLYjVP96Z5QCT4+z4H\r
+Ikh/pRRN8S3JNMrRJHc6prooSJmLcx47Y5un7VFy390MsJ+LiUJuQMDdYWRAinfs\r
+Ebm89Ezjm7F03qbFPXE0X4ZNzVXS/eKO0uhJQdiov/vmbn41rNtHmNpqjaO0vi5+\r
+sS9tR7yDUrIXiCUCN78eBLVioxtktsPZm5cDORbQWzv+7nmCEz9/JowCUcBVdCGn\r
+1ofOaH82JCAX/cRx08pLaDNj6iolVBsi56Dd+2bGxJOZOG2AMcEyz0pXY0dOAJCD\r
+iUThcQeGIdRnU3j8UBcnIEsjLu2+C+rrwMZQESMWKnJ0rnqTk0pK5kXScr6F/L0L\r
+UE49ccIexNm3xZvYr5drszr6wz3Tv5fdue87P4etBt90gF/Vzknck+g1LLlkzZkp\r
+d8dI0k2tOSPjUbDPnSy1x+X73WGpPZmj0kWT+RGvq0nH6UkJj3AQTG2qf1T8jK+3\r
+rTp3LR9vDkMwDjX4R8SA9c0wdnUzzr79OYQC9lTnzcx+fM6BBmgQ2GrS33jaFLp7\r
+L6/DFpCl5zhnPjM/2dKvMkw/Kd6XS/vjwsO405FQdjSDiQEEAZA+ZvAfcjdccbbU\r
+yCO+x0QNdeBsufDVnh3xvzuWy4CICdTQT4s1AWRPCzjOj+SGmx5WqCLWfsd8Ma0+\r
+w/C7SfTYu1FDQILLM+llpq1M/9GPley4QZ8JQjo262AyPXsPF/OW48uuZz0Db1xT\r
+Yh4iHBztj4VSdy7l2+IyaIf7cnL4EEBFxv/MwmVDXvDlxyvfAfIsd3D9SvJESzKZ\r
+VWDYwaocgeCN+ojKu1p885lu1EfRbX3fr3YO02K5/c2JYDkc0Py0W3wUP/J1XUax\r
+pbKpzwlkxEgtmzsGqsOfMJqBV3TNDrOA2uBsa+uBqP5MGYLZ49S/4v/bW9I01Cr1\r
+D2ZkV510Y1Vgo66WlP8mRqOTyt/5WRhPD+MxXdk67BNN/PmO6tMlVoJDuk+XwWPR\r
+t2TvNaND/yabT9eYI55Og4fzKD6RIjouUX8DvKLkm+7aXxVs2uuLQ3Jco3O82z55\r
+dbShU1jYsrw9oouXUz06MHPbkdhNbF/2hfhZ2qA31sNeovJw65iUv7sDKX3LVWgJ\r
+10jlywcDwqlU8CO7WC9lGixYTbnOkYZpXCGEl8e6Jbs79l42YFo4ogYpFK1NXFhV\r
+kOXRmDf/wmfj+c/ld3L2PkvwlgofhCudOQknZbo3ub1gjiTn7L+lMGHIj/3suMIl\r
+ID4EUxAXScIM1ZEz2fjtW5jATlqYcLjLTbf/olw6HFyPNH+9IssqXeZNKnGwPUB9\r
+3lTXsg0tpzl+x7F/2WjEw1DSNhjC0KnHt1vEYNMkUGDGFdN9y3ERLqX/FIgiASUb\r
+bTvAVupnAK3raBezGmhrs6LsQtLS9P0VvQiLU3uDhMqw8Z4SISLpcD+NnVBHzQqm\r
+6W5Qn/8xsCL6av18yUVTi2G3igt3QCNoYx9evt2ZcIkNoyyagUVjfZe5GHXh8Dnz\r
+GaBXW/hg3HlXLRGaQu4RYCzBMJILcO25OhZOg6jbkCLiEexQlm2e9krB5cXR49Al\r
+UN4fiB0KR9JyG2ayUdNJVkXZSZLnHyRgiaadlpUo16LVvw==\r
+=b5Kp\r
+-----END PGP MESSAGE-----\r
+\r
+\r
+"""
+
+    commented_payload = prefix + comment + payload
+    assert check_armored_payload(commented_payload, outgoing=False) == True
+    assert check_armored_payload(commented_payload, outgoing=True) == False
+
+    payload = prefix + payload
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True
+
+    payload = payload.removesuffix("\r\n")
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True
+
+    payload = payload.removesuffix("\r\n")
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True
+
+    payload = payload.removesuffix("\r\n")
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True
+
+    payload = """-----BEGIN PGP MESSAGE-----\r
+\r
+HELLOWORLD
+-----END PGP MESSAGE-----\r
+\r
+"""
+    assert check_armored_payload(payload, outgoing=False) == False
+    assert check_armored_payload(payload, outgoing=True) == False
+
+    payload = """-----BEGIN PGP MESSAGE-----\r
+\r
+=njUN
+-----END PGP MESSAGE-----\r
+\r
+"""
+    assert check_armored_payload(payload, outgoing=False) == False
+    assert check_armored_payload(payload, outgoing=True) == False
+
+    # Test payload using partial body length
+    # as generated by GopenPGP.
+    payload = """-----BEGIN PGP MESSAGE-----\r
+\r
+wV4DdCVjRfOT3TQSAQdAY5+pjT6mlCxPGdR3be4w7oJJRUGIPI/Vnh+mJxGSm34w\r
+LNlVc89S1g22uQYFif2sUJsQWbpoHpNkuWpkSgOaHmNvrZiY/YU5iv+cZ3LbmtUG\r
+0uoBisSHh9O1c+5sYZSbrvYZ1NOwlD7Fv/U5/Mw4E5+CjxfdgNGp5o3DDddzPK78\r
+jseDhdSXxnaiIJC93hxNX6R1RPt3G2gukyzx69wciPQShcF8zf3W3o75Ed7B8etV\r
+QEeB16xzdFhKa9JxdjTu3osgCs21IO7wpcFkjc7nZzlW6jPnELJJaNmv4yOOCjMp\r
+6YAkaN/BkL+jHTznHDuDsT5ilnTXpwHDU1Cm9PIx/KFcNCQnIB+2DcdIHPHUH1ci\r
+jvqoeXAVWjKXEjS7PqPFuP/xGbrWG2ugs+toXJOKbgRkExvKs1dwPFKrgghvCVbW\r
+AcKejQKAPArLwpkA7aD875TZQShvGt74fNs45XBlGOYOnNOAJ1KAmzrXLIDViyyB\r
+kDsmTBk785xofuCkjBpXSe6vsMprPzCteDfaUibh8FHeJjucxPerwuOPEmnogNaf\r
+YyL4+iy8H8I9/p7pmUqILprxTG0jTOtlk0bTVzeiF56W1xbtSEMuOo4oFbQTyOM2\r
+bKXaYo774Jm+rRtKAnnI2dtf9RpK19cog6YNzfYjesLKbXDsPZbN5rmwyFiCvvxC\r
+kQ6JLob+B2fPdY2gzy7LypxktS8Zi1HJcWDHJGVmQodaDLqKUObb4M26bXDe6oxI\r
+NS8PJz5exVbM3KhZnUOEn6PJRBBf5a/ZqxlhZPcQo/oBuhKpBRpO5kSDwPIUByu3\r
+UlXLSkpMqe9pUarAOEuQjfl2RVY7U+RrQYp4YP5keMO+i8NCefAFbowTTufO1JIq\r
+2nVgCi/QVnxZyEc9OYt/8AE3g4cdojE+vsSDifZLSWYIetpfrohHv3dT3StD1QRG\r
+0QE6qq6oKpg/IL0cjvuX4c7a7bslv2fXp8t75y37RU6253qdIebhxc/cRhPbc/yu\r
+p0YLyD4SrvKTLP2ZV95jT4IPEpqm4AN3QmiOzdtqR2gLyb62L8QfqI/FdwsIiRiM\r
+hqydwoqt/lfSqG1WKPh+6EkMkH+TDiCC1BQdbN1MNcyUtcjb35PR2c8Ld2TF3guA\r
+jLIqMt/Vb7hBoMb2FcsOYY25ka9oV62OwgKWLXnFzk+modMR5fzb4kxVVAYEqP+D\r
+T5KO1Vs76v1fyPGOq6BbBCvLwTqe/e6IZInJles4v5jrhnLcGKmNGivCUDe6X6NY\r
+UKNt5RsZllwDQpaAb5dMNhyrk8SgIE7TBI7rvqIdUCE52Vy+0JDxFg5olRpFUfO6\r
+/MyTW3Yo/ekk/npHr7iYYqJTCc21bDGLWQcIo/XO7WPxrKNWGBNPFnkRdw0MaKr4\r
++cEM3V8NFnSEpC12xA+RX/CezuJtwXZK5MpG76eYqMO6qyC+c25YcFecEufDZDxx\r
+ZLqRszVRyxyWPtk/oIeQK2v9wOqY6N9/ff01gHz69vqYqN5bUw/QKZsmx1zW+gPw\r
+6x2tDK2BHeYl182gCbhlKISRFwCtbjqZSkiKWao/VtygHkw0fK34avJuyQ/X9YaN\r
+BRy+7Lf3VA53pnB5WJ1xwRXN8VDvmZeXzv2krHveCMemj0OjnRoCLu117xN0A5m9\r
+Fm/RoDix5PolDHtWTtr2m1n2hp2LHnj8at9lFEd0SKhAYHVL9KjzycwWODZRXt+x\r
+zGDDuooEeTvdY5NLyKcl4gETz1ZP4Ez5jGGjhPSwSpq1mU7UaJ9ZXXdr4KHyifW6\r
+ggNzNsGhXTap7IWZpTtqXABydfiBshmH2NjqtNDwBweJVSgP10+r0WhMWlaZs6xl\r
+V3o5yskJt6GlkwpJxZrTvN6Tiww/eW7HFV6NGf7IRSWY5tJc/iA7/92tOmkdvJ1q\r
+myLbG7cJB787QjplEyVe2P/JBO6xYvbkJLf9Q+HaviTO25rugRSrYsoKMDfO8VlQ\r
+1CcnTPVtApPZJEQzAWJEgVAM8uIlkqWJJMgyWT34sTkdBeCUFGloXQFs9Yxd0AGf\r
+/zHEkYZSTKpVSvAIGu4=\r
+=6iHb\r
+-----END PGP MESSAGE-----\r
+"""
+    assert check_armored_payload(payload, outgoing=False) == True
+    assert check_armored_payload(payload, outgoing=True) == True

chatmaild/src/chatmaild/tests/test_lastlogin.py

@@ -36,3 +36,29 @@ def test_handle_dovecot_request_last_login(testaddr, example_config):
     res = dictproxy.handle_dovecot_request(msg, dictproxy_transactions)
     assert res == "O\n"
     assert len(dictproxy_transactions) == 0
+
+
+def test_handle_dovecot_request_last_login_echobot(example_config):
+    dictproxy = LastLoginDictProxy(config=example_config)
+
+    authproxy = AuthDictProxy(config=example_config)
+    testaddr = f"echo@{example_config.mail_domain}"
+    authproxy.lookup_passdb(testaddr, "ignore")
+    user = dictproxy.config.get_user(testaddr)
+
+    transactions = {}
+
+    # set last-login info for user
+    tx = "1111"
+    msg = f"B{tx}\t{testaddr}"
+    res = dictproxy.handle_dovecot_request(msg, transactions)
+    assert not res
+    assert transactions == {tx: dict(addr=testaddr, res="O\n")}
+
+    timestamp = int(time.time())
+    msg = f"S{tx}\tshared/last-login/{testaddr}\t{timestamp}"
+    res = dictproxy.handle_dovecot_request(msg, transactions)
+    assert not res
+    assert len(transactions) == 1
+    read_timestamp = user.get_last_login_timestamp()
+    assert read_timestamp is None

chatmaild/src/chatmaild/user.py

@@ -19,7 +19,7 @@ class User:
 
     @property
     def can_track(self):
-        return "@" in self.addr
+        return "@" in self.addr and not self.addr.startswith("echo@")
 
     def get_userdb_dict(self):
         """Return a non-empty dovecot 'userdb' style dict
@@ -55,9 +55,11 @@ class User:
         try:
             write_bytes_atomic(self.password_path, password)
         except PermissionError:
-            logging.error(f"could not write password for: {self.addr}")
-            raise
-        self.enforce_E2EE_path.touch()
+            if not self.addr.startswith("echo@"):
+                logging.error(f"could not write password for: {self.addr}")
+                raise
+        if not self.addr.startswith("echo@"):
+            self.enforce_E2EE_path.touch()
 
     def set_last_login_timestamp(self, timestamp):
         """Track login time with daily granularity

cliff.toml

@@ -1,94 +0,0 @@
-# git-cliff ~ configuration file
-# https://git-cliff.org/docs/configuration
-
-
-[changelog]
-# A Tera template to be rendered for each release in the changelog.
-# See https://keats.github.io/tera/docs/#introduction
-body = """
-{% if version %}\
-    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
-{% else %}\
-    ## [unreleased]
-{% endif %}\
-{% for group, commits in commits | group_by(attribute="group") %}
-    ### {{ group | striptags | trim | upper_first }}
-    {% for commit in commits %}
-        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
-            {% if commit.breaking %}[**breaking**] {% endif %}\
-            {{ commit.message | upper_first }}\
-    {% endfor %}
-{% endfor %}
-"""
-# Remove leading and trailing whitespaces from the changelog's body.
-trim = true
-# Render body even when there are no releases to process.
-render_always = true
-# An array of regex based postprocessors to modify the changelog.
-postprocessors = [
-    # Replace the placeholder <REPO> with a URL.
-    #{ pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" },
-]
-# render body even when there are no releases to process
-# render_always = true
-# output file path
-# output = "test.md"
-
-[git]
-# Parse commits according to the conventional commits specification.
-# See https://www.conventionalcommits.org
-conventional_commits = true
-# Exclude commits that do not match the conventional commits specification.
-filter_unconventional = true
-# Require all commits to be conventional.
-# Takes precedence over filter_unconventional.
-require_conventional = false
-# Split commits on newlines, treating each line as an individual commit.
-split_commits = false
-# An array of regex based parsers to modify commit messages prior to further processing.
-commit_preprocessors = [
-    # Replace issue numbers with link templates to be updated in `changelog.postprocessors`.
-    #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
-    # Check spelling of the commit message using https://github.com/crate-ci/typos.
-    # If the spelling is incorrect, it will be fixed automatically.
-    #{ pattern = '.*', replace_command = 'typos --write-changes -' },
-]
-# Prevent commits that are breaking from being excluded by commit parsers.
-protect_breaking_commits = false
-# An array of regex based parsers for extracting data from the commit message.
-# Assigns commits to groups.
-# Optionally sets the commit's scope and can decide to exclude commits from further processing.
-commit_parsers = [
-    { message = "^feat", group = "Features" },
-    { message = "^fix", group = "Bug Fixes" },
-    { message = "^docs", group = "Documentation" },
-    { message = "^perf", group = "Performance" },
-    { message = "^refactor", group = "Refactor" },
-    { message = "^style", group = "Styling" },
-    { message = "^test", group = "Testing" },
-    { message = "^chore\\(release\\): prepare for", skip = true },
-    { message = "^chore\\(deps.*\\)", skip = true },
-    { message = "^chore\\(pr\\)", skip = true },
-    { message = "^chore\\(pull\\)", skip = true },
-    { message = "^chore|^ci", group = "Miscellaneous Tasks" },
-    { body = ".*security", group = "Security" },
-    { message = "^revert", group = "Revert" },
-    { message = ".*", group = "Other" },
-]
-# Exclude commits that are not matched by any commit parser.
-filter_commits = false
-# Fail on a commit that is not matched by any commit parser.
-fail_on_unmatched_commit = false
-# An array of link parsers for extracting external references, and turning them into URLs, using regex.
-link_parsers = []
-# Include only the tags that belong to the current branch.
-use_branch_tags = false
-# Order releases topologically instead of chronologically.
-topo_order = false
-# Order commits topologically instead of chronologically.
-topo_order_commits = true
-# Order of commits in each group/release within the changelog.
-# Allowed values: newest, oldest
-sort_commits = "oldest"
-# Process submodules commits
-recurse_submodules = false

cmdeploy/src/cmdeploy/acmetool/__init__.py

@@ -61,19 +61,6 @@ class AcmetoolDeployer(Deployer):
             mode="644",
         )
 
-        server.shell(
-            name=f"Remove old acmetool desired files for {self.domains[0]}",
-            commands=[f"rm -f /var/lib/acme/desired/{self.domains[0]}-*"],
-        )
-        files.template(
-            src=importlib.resources.files(__package__).joinpath("desired.yaml.j2"),
-            dest=f"/var/lib/acme/desired/{self.domains[0]}", # 0 is mailhost TLD
-            user="root",
-            group="root",
-            mode="644",
-            domains=self.domains,
-        )
-
         service_file = files.put(
             src=importlib.resources.files(__package__).joinpath(
                 "acmetool-redirector.service"
@@ -136,6 +123,6 @@ class AcmetoolDeployer(Deployer):
         self.need_restart_reconcile_timer = False
 
         server.shell(
-            name=f"Reconcile certificates for: {', '.join(self.domains)}",
-            commands=["acmetool --batch --xlog.severity=debug reconcile"],
+            name=f"Request certificate for: {', '.join(self.domains)}",
+            commands=[f"acmetool want --xlog.severity=debug {' '.join(self.domains)}"],
         )

cmdeploy/src/cmdeploy/acmetool/desired.yaml.j2

@@ -1,6 +0,0 @@
-satisfy:
-  names:
-{%- for domain in domains %}
-  - {{ domain }}
-{%- endfor %}
-

cmdeploy/src/cmdeploy/basedeploy.py

@@ -17,8 +17,9 @@ def configure_remote_units(mail_domain, units) -> None:
 
     # install systemd units
     for fn in units:
+        execpath = fn if fn != "filtermail-incoming" else "filtermail"
         params = dict(
-            execpath=f"{remote_venv_dir}/bin/{fn}",
+            execpath=f"{remote_venv_dir}/bin/{execpath}",
             config_path=remote_chatmail_inipath,
             remote_venv_dir=remote_venv_dir,
             mail_domain=mail_domain,

cmdeploy/src/cmdeploy/cmdeploy.py

@@ -71,11 +71,6 @@ def run_cmd_options(parser):
         action="store_true",
         help="install/upgrade the server, but disable postfix & dovecot for now",
     )
-    parser.add_argument(
-        "--website-only",
-        action="store_true",
-        help="only update/deploy the website, skipping full server upgrade/deployment, useful when you only changed/updated the web pages and don't need to re-run a full server upgrade",
-    )
     parser.add_argument(
         "--skip-dns-check",
         dest="dns_check_disabled",
@@ -88,7 +83,7 @@ def run_cmd_options(parser):
 def run_cmd(args, out):
     """Deploy chatmail services on the remote server."""
 
-    ssh_host = args.ssh_host if args.ssh_host else args.config.ssh_host
+    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
     sshexec = get_sshexec(ssh_host)
     require_iroh = args.config.enable_iroh_relay
     if not args.dns_check_disabled:
@@ -98,17 +93,13 @@ def run_cmd(args, out):
 
     env = os.environ.copy()
     env["CHATMAIL_INI"] = args.inipath
-    env["CHATMAIL_WEBSITE_ONLY"] = "True" if args.website_only else ""
     env["CHATMAIL_DISABLE_MAIL"] = "True" if args.disable_mail else ""
     env["CHATMAIL_REQUIRE_IROH"] = "True" if require_iroh else ""
-    if not args.dns_check_disabled:
-        env["CHATMAIL_ADDR_V4"] = remote_data.get("A") or ""
-        env["CHATMAIL_ADDR_V6"] = remote_data.get("AAAA") or ""
     deploy_path = importlib.resources.files(__package__).joinpath("run.py").resolve()
     pyinf = "pyinfra --dry" if args.dry_run else "pyinfra"
 
     cmd = f"{pyinf} --ssh-user root {ssh_host} {deploy_path} -y"
-    if ssh_host in ["localhost", "@local", "@docker"]:
+    if ssh_host in ["localhost", "@docker"]:
         cmd = f"{pyinf} @local {deploy_path} -y"
 
     if version.parse(pyinfra.__version__) < version.parse("3"):
@@ -117,14 +108,18 @@ def run_cmd(args, out):
 
     try:
         retcode = out.check_call(cmd, env=env)
-        if args.website_only:
-            if retcode == 0:
-                out.green("Website deployment completed.")
-            else:
-                out.red("Website deployment failed.")
-        elif retcode == 0:
+        if retcode == 0:
+            if not args.disable_mail:
+                print("\nYou can try out the relay by talking to this echo bot: ")
+                sshexec = SSHExec(args.config.mail_domain, verbose=args.verbose)
+                print(
+                    sshexec(
+                        call=remote.rshell.shell,
+                        kwargs=dict(command="cat /var/lib/echobot/invite-link.txt"),
+                    )
+                )
             out.green("Deploy completed, call `cmdeploy dns` next.")
-        elif not args.dns_check_disabled and not remote_data["acme_account_url"]:
+        elif not remote_data["acme_account_url"]:
             out.red("Deploy completed but letsencrypt not configured")
             out.red("Run 'cmdeploy run' again")
             retcode = 0
@@ -149,7 +144,7 @@ def dns_cmd_options(parser):
 
 def dns_cmd(args, out):
     """Check DNS entries and optionally generate dns zone file."""
-    ssh_host = args.ssh_host if args.ssh_host else args.config.ssh_host
+    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
     sshexec = get_sshexec(ssh_host, verbose=args.verbose)
     remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
     if not remote_data:
@@ -183,7 +178,7 @@ def status_cmd_options(parser):
 def status_cmd(args, out):
     """Display status for online chatmail instance."""
 
-    ssh_host = args.ssh_host if args.ssh_host else args.config.ssh_host
+    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
     sshexec = get_sshexec(ssh_host, verbose=args.verbose)
 
     out.green(f"chatmail domain: {args.config.mail_domain}")
@@ -203,7 +198,6 @@ def test_cmd_options(parser):
         action="store_true",
         help="also run slow tests",
     )
-    add_ssh_host_option(parser)
 
 
 def test_cmd(args, out):
@@ -215,9 +209,6 @@ def test_cmd(args, out):
     x = importlib.util.find_spec("deltachat")
     if x is None:
         out.check_call(f"{sys.executable} -m pip install deltachat")
-    env = os.environ.copy()
-    if args.ssh_host:
-        env["CHATMAIL_SSH"] = args.ssh_host
 
     pytest_path = shutil.which("pytest")
     pytest_args = [
@@ -231,7 +222,7 @@ def test_cmd(args, out):
     ]
     if args.slow:
         pytest_args.append("--slow")
-    ret = out.run_ret(pytest_args, env=env)
+    ret = out.run_ret(pytest_args)
     return ret
 
 

cmdeploy/src/cmdeploy/deployers.py

@@ -10,7 +10,6 @@ from pathlib import Path
 
 from chatmaild.config import read_config
 from pyinfra import facts, host, logger
-from pyinfra.facts import hardware
 from pyinfra.api import FactBase
 from pyinfra.facts.files import Sha256File
 from pyinfra.facts.systemd import SystemdEnabled
@@ -27,7 +26,6 @@ from .basedeploy import (
     get_resource,
 )
 from .dovecot.deployer import DovecotDeployer
-from .filtermail.deployer import FiltermailDeployer
 from .mtail.deployer import MtailDeployer
 from .nginx.deployer import NginxDeployer
 from .opendkim.deployer import OpendkimDeployer
@@ -37,7 +35,7 @@ from .www import build_webpages, find_merge_conflict, get_paths
 
 class Port(FactBase):
     """
-    Returns the process occupying a port.
+    Returns the process occuping a port.
     """
 
     def command(self, port: int) -> str:
@@ -142,10 +140,6 @@ def _configure_remote_venv_with_chatmaild(config) -> None:
 
 
 class UnboundDeployer(Deployer):
-    def __init__(self, config):
-        self.config = config
-        self.need_restart = False
-
     def install(self):
         # Run local DNS resolver `unbound`.
         # `resolvconf` takes care of setting up /etc/resolv.conf
@@ -182,27 +176,6 @@ class UnboundDeployer(Deployer):
                 "unbound-anchor -a /var/lib/unbound/root.key || true",
             ],
         )
-        if self.config.disable_ipv6:
-            files.directory(
-                path="/etc/unbound/unbound.conf.d",
-                present=True,
-                user="root",
-                group="root",
-                mode="755",
-            )
-            conf = files.put(
-                src=get_resource("unbound/unbound.conf.j2"),
-                dest="/etc/unbound/unbound.conf.d/chatmail.conf",
-                user="root",
-                group="root",
-                mode="644",
-            )
-        else:
-            conf = files.file(
-                path="/etc/unbound/unbound.conf.d/chatmail.conf",
-                present=False,
-            )
-        self.need_restart |= conf.changed
 
     def activate(self):
         server.shell(
@@ -217,7 +190,6 @@ class UnboundDeployer(Deployer):
             service="unbound.service",
             running=True,
             enabled=True,
-            restarted=self.need_restart,
         )
 
 
@@ -298,14 +270,6 @@ class LegacyRemoveDeployer(Deployer):
             path="/var/log/journal/",
             present=False,
         )
-        # remove echobot if it is still running
-        if host.get_fact(SystemdEnabled).get("echobot.service"):
-            systemd.service(
-                name="Disable echobot.service",
-                service="echobot.service",
-                running=False,
-                enabled=False,
-            )
 
 
 def check_config(config):
@@ -440,10 +404,36 @@ class JournaldDeployer(Deployer):
         self.need_restart = False
 
 
+class EchobotDeployer(Deployer):
+    #
+    # This deployer depends on the dovecot and postfix deployers because
+    # it needs to base its decision of whether to restart the service on
+    # whether those two services were restarted.
+    #
+    def __init__(self, mail_domain):
+        self.mail_domain = mail_domain
+        self.units = ["echobot"]
+
+    def install(self):
+        apt.packages(
+            # required for setfacl for echobot
+            name="Install acl",
+            packages="acl",
+        )
+
+    def configure(self):
+        configure_remote_units(self.mail_domain, self.units)
+
+    def activate(self):
+        activate_remote_units(self.units)
+
+
 class ChatmailVenvDeployer(Deployer):
     def __init__(self, config):
         self.config = config
         self.units = (
+            "filtermail",
+            "filtermail-incoming",
             "chatmail-metadata",
             "lastlogin",
             "chatmail-expire",
@@ -466,6 +456,7 @@ class ChatmailVenvDeployer(Deployer):
 class ChatmailDeployer(Deployer):
     required_users = [
         ("vmail", "vmail", None),
+        ("echobot", None, None),
         ("iroh", None, None),
     ]
 
@@ -528,44 +519,30 @@ class GithashDeployer(Deployer):
         except Exception:
             git_diff = ""
         files.put(
-            name="Upload chatmail relay git commit hash",
+            name="Upload chatmail relay git commiit hash",
             src=StringIO(git_hash + git_diff),
             dest="/etc/chatmail-version",
             mode="700",
         )
 
 
-def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -> None:
+def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     """Deploy a chat-mail instance.
 
     :param config_path: path to chatmail.ini
     :param disable_mail: whether to disable postfix & dovecot
-    :param website_only: if True, only deploy the website
     """
     config = read_config(config_path)
     check_config(config)
     mail_domain = config.mail_domain
 
-    if website_only:
-        Deployment().perform_stages([WebsiteDeployer(config)])
-        return
-
     if host.get_fact(Port, port=53) != "unbound":
         files.line(
             name="Add 9.9.9.9 to resolv.conf",
             path="/etc/resolv.conf",
-            # Guard against resolv.conf missing a trailing newline (SolusVM bug).
-            line="\nnameserver 9.9.9.9",
+            line="nameserver 9.9.9.9",
         )
 
-    # Check if mtail_address interface is available (if configured)
-    if config.mtail_address and config.mtail_address not in ('127.0.0.1', '::1', 'localhost'):
-        ipv4_addrs = host.get_fact(hardware.Ipv4Addrs)
-        all_addresses = [addr for addrs in ipv4_addrs.values() for addr in addrs]
-        if config.mtail_address not in all_addresses:
-            Out().red(f"Deploy failed: mtail_address {config.mtail_address} is not available (VPN up?).\n")
-            exit(1)
-
     port_services = [
         (["master", "smtpd"], 25),
         ("unbound", 53),
@@ -576,8 +553,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -
         (["master", "smtpd"], 587),
         (["imap-login", "dovecot"], 993),
         ("iroh-relay", 3340),
-        ("mtail", 3903),
-        ("stats", 3904),
         ("nginx", 8443),
         (["master", "smtpd"], config.postfix_reinject_port),
         (["master", "smtpd"], config.postfix_reinject_port_incoming),
@@ -587,9 +562,8 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -
     for service, port in port_services:
         print(f"Checking if port {port} is available for {service}...")
         running_service = host.get_fact(Port, port=port)
-        services = [service] if isinstance(service, str) else service
         if running_service:
-            if running_service not in services:
+            if running_service not in service:
                 Out().red(
                     f"Deploy failed: port {port} is occupied by: {running_service}"
                 )
@@ -600,9 +574,8 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -
     all_deployers = [
         ChatmailDeployer(mail_domain),
         LegacyRemoveDeployer(),
-        FiltermailDeployer(),
         JournaldDeployer(),
-        UnboundDeployer(config),
+        UnboundDeployer(),
         TurnDeployer(mail_domain),
         IrohDeployer(config.enable_iroh_relay),
         AcmetoolDeployer(config.acme_email, tls_domains),
@@ -617,6 +590,7 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -
         PostfixDeployer(config, disable_mail),
         FcgiwrapDeployer(),
         NginxDeployer(config),
+        EchobotDeployer(mail_domain),
         MtailDeployer(config.mtail_address),
         GithashDeployer(),
     ]

cmdeploy/src/cmdeploy/dovecot/auth.conf

@@ -4,7 +4,7 @@ iterate_prefix = userdb/
 
 default_pass_scheme = plain
 # %E escapes characters " (double quote), ' (single quote) and \ (backslash) with \ (backslash).
-# See <https://doc.dovecot.org/2.3/configuration_manual/config_file/config_variables/#modifiers>
+# See <https://doc.dovecot.org/configuration_manual/config_file/config_variables/#modifiers>
 # for documentation.
 #
 # We escape user-provided input and use double quote as a separator.

cmdeploy/src/cmdeploy/dovecot/deployer.py

@@ -13,8 +13,6 @@ from cmdeploy.basedeploy import (
 
 
 class DovecotDeployer(Deployer):
-    daemon_reload = False
-
     def __init__(self, config, disable_mail):
         self.config = config
         self.disable_mail = disable_mail
@@ -29,7 +27,7 @@ class DovecotDeployer(Deployer):
 
     def configure(self):
         configure_remote_units(self.config.mail_domain, self.units)
-        self.need_restart, self.daemon_reload = _configure_dovecot(self.config)
+        self.need_restart = _configure_dovecot(self.config)
 
     def activate(self):
         activate_remote_units(self.units)
@@ -37,12 +35,13 @@ class DovecotDeployer(Deployer):
         restart = False if self.disable_mail else self.need_restart
 
         systemd.service(
-            name="Disable dovecot for now" if self.disable_mail else "Start and enable Dovecot",
+            name="disable dovecot for now"
+            if self.disable_mail
+            else "Start and enable Dovecot",
             service="dovecot.service",
             running=False if self.disable_mail else True,
             enabled=False if self.disable_mail else True,
             restarted=restart,
-            daemon_reload=self.daemon_reload,
         )
         self.need_restart = False
 
@@ -81,10 +80,9 @@ def _install_dovecot_package(package: str, arch: str):
     apt.deb(name=f"Install dovecot-{package}", src=deb_filename)
 
 
-def _configure_dovecot(config: Config, debug: bool = False) -> (bool, bool):
+def _configure_dovecot(config: Config, debug: bool = False) -> bool:
     """Configures Dovecot IMAP server."""
     need_restart = False
-    daemon_reload = False
 
     main_config = files.template(
         src=get_resource("dovecot/dovecot.conf.j2"),
@@ -114,7 +112,7 @@ def _configure_dovecot(config: Config, debug: bool = False) -> (bool, bool):
     )
     need_restart |= lua_push_notification_script.changed
 
-    # as per https://doc.dovecot.org/2.3/configuration_manual/os/
+    # as per https://doc.dovecot.org/configuration_manual/os/
     # it is recommended to set the following inotify limits
     for name in ("max_user_instances", "max_user_watches"):
         key = f"fs.inotify.{name}"
@@ -136,18 +134,4 @@ def _configure_dovecot(config: Config, debug: bool = False) -> (bool, bool):
     )
     need_restart |= timezone_env.changed
 
-    restart_conf = files.put(
-        name="dovecot: restart automatically on failure",
-        src=get_resource("service/10_restart.conf"),
-        dest="/etc/systemd/system/dovecot.service.d/10_restart.conf",
-    )
-    daemon_reload |= restart_conf.changed
-
-    # Validate dovecot configuration before restart
-    if need_restart:
-        server.shell(
-            name="Validate dovecot configuration",
-            commands=["doveconf -n >/dev/null"],
-        )
-
-    return need_restart, daemon_reload
+    return need_restart

cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2

@@ -1,7 +1,7 @@
 ## Dovecot configuration file
 
 {% if disable_ipv6 %}
-listen = 0.0.0.0
+listen = *
 {% endif %}
 
 protocols = imap lmtp
@@ -26,7 +26,7 @@ default_client_limit = 20000
 # Increase number of logged in IMAP connections.
 # Each connection is handled by a separate `imap` process.
 # `imap` process should have `client_limit=1` as described in
-# <https://doc.dovecot.org/2.3/configuration_manual/service_configuration/#service-limits>
+# <https://doc.dovecot.org/configuration_manual/service_configuration/#service-limits>
 # so each logged in IMAP session will need its own `imap` process.
 #
 # If this limit is reached,
@@ -44,11 +44,11 @@ mail_server_comment = Chatmail server
 
 # `zlib` enables compressing messages stored in the maildir.
 # See
-# <https://doc.dovecot.org/2.3/configuration_manual/zlib_plugin/>
+# <https://doc.dovecot.org/configuration_manual/zlib_plugin/>
 # for documentation.
 #
 # quota plugin documentation:
-# <https://doc.dovecot.org/2.3/configuration_manual/quota_plugin/>
+# <https://doc.dovecot.org/configuration_manual/quota_plugin/>
 mail_plugins = zlib quota
 
 imap_capability = +XDELTAPUSH XCHATMAIL
@@ -113,7 +113,7 @@ mail_attribute_dict = proxy:/run/chatmail-metadata/metadata.socket:metadata
 # `imap_zlib` enables IMAP COMPRESS (RFC 4978).
 # <https://datatracker.ietf.org/doc/html/rfc4978.html>
 protocol imap {
-  mail_plugins = $mail_plugins imap_quota last_login {% if config.imap_compress %}imap_zlib{% endif %}
+  mail_plugins = $mail_plugins imap_zlib imap_quota last_login
   imap_metadata = yes
 }
 
@@ -125,13 +125,13 @@ plugin {
 
 protocol lmtp {
   # notify plugin is a dependency of push_notification plugin:
-  # <https://doc.dovecot.org/2.3/settings/plugin/notify-plugin/>
+  # <https://doc.dovecot.org/settings/plugin/notify-plugin/>
   #
   # push_notification plugin documentation:
-  # <https://doc.dovecot.org/2.3/configuration_manual/push_notification/>
+  # <https://doc.dovecot.org/configuration_manual/push_notification/>
   #
   # mail_lua and push_notification_lua are needed for Lua push notification handler.
-  # <https://doc.dovecot.org/2.3/configuration_manual/push_notification/#configuration>
+  # <https://doc.dovecot.org/configuration_manual/push_notification/#configuration>
   mail_plugins = $mail_plugins mail_lua notify push_notification push_notification_lua
 }
 
@@ -154,7 +154,7 @@ plugin {
 
 # push_notification configuration
 plugin {
-  # <https://doc.dovecot.org/2.3/configuration_manual/push_notification/#lua-lua>
+  # <https://doc.dovecot.org/configuration_manual/push_notification/#lua-lua>
   push_notification_driver = lua:file=/etc/dovecot/push_notification.lua
 }
 
@@ -168,8 +168,6 @@ service lmtp {
   }
 }
 
-lmtp_add_received_header = no
-
 service auth {
   unix_listener /var/spool/postfix/private/auth {
     mode = 0660
@@ -254,181 +252,3 @@ protocol imap {
   rawlog_dir = %h 
 } 
 {% endif %}
-
-{% if not config.imap_compress %}
-# Hibernate IDLE users to save memory and CPU resources
-# NOTE: this will have no effect if imap_zlib plugin is used
-imap_hibernate_timeout = 30s
-service imap {
-  # Note that this change will allow any process running as
-  # $default_internal_user (dovecot) to access mails as any other user.
-  # This may be insecure in some installations, which is why this isn't
-  # done by default.
-  unix_listener imap-master {
-    user = $default_internal_user
-  }
-}
-# The following is the default already in v2.3.1+:
-service imap {
-  extra_groups = $default_internal_group
-}
-service imap-hibernate {
-  unix_listener imap-hibernate {
-    mode = 0660
-    group = $default_internal_group
-  }
-}
-{% endif %}
-
-{% if config.mtail_address %}
-#
-# Dovecot Statistics
-#
-# OpenMetrics endpoint at http://{{- config.mtail_address}}:3904/metrics
-service stats {
-  inet_listener http {
-    port = 3904
-    address = {{- config.mtail_address}}
-  }
-}
-
-# IMAP Command Metrics
-# - Bytes in/out for compression efficiency analysis
-# - Lock wait time for contention debugging
-# - Grouped by command name and reply state
-metric imap_command {
-  filter = event=imap_command_finished
-  fields = bytes_in bytes_out lock_wait_usecs running_usecs
-  group_by = cmd_name tagged_reply_state
-}
-
-# Duration buckets for latency histograms (base 10: 10us, 100us, 1ms, 10ms, 100ms, 1s, 10s, 100s)
-metric imap_command_duration {
-  filter = event=imap_command_finished
-  group_by = cmd_name duration:exponential:1:8:10
-}
-
-# Slow command outliers (>1 second = 1000000 usecs)
-# Useful for alerting without high cardinality
-metric imap_command_slow {
-  filter = event=imap_command_finished AND duration>1000000 AND NOT cmd_name=IDLE
-  group_by = cmd_name
-}
-
-# IDLE-specific Metrics
-
-metric imap_idle {
-  filter = event=imap_command_finished AND cmd_name=IDLE
-  fields = bytes_in bytes_out running_usecs
-  group_by = tagged_reply_state
-}
-
-metric imap_idle_duration {
-  filter = event=imap_command_finished AND cmd_name=IDLE
-  # Base 10: 100ms to 27h (covers short wakeups to long idle sessions)
-  group_by = duration:exponential:5:11:10
-}
-
-metric imap_idle_commands {
-  filter = event=imap_command_finished AND cmd_name=IDLE
-  group_by = tagged_reply_state
-}
-
-metric imap_idle_failed {
-  filter = event=imap_command_finished AND cmd_name=IDLE AND NOT tagged_reply_state=OK
-}
-
-# Hibernation Metrics (requires imap_hibernate_timeout)
-
-metric imap_hibernated {
-  filter = event=imap_client_hibernated
-}
-
-metric imap_hibernated_failed {
-  filter = event=imap_client_hibernated AND error=*
-}
-
-metric imap_unhibernated {
-  filter = event=imap_client_unhibernated
-  fields = hibernation_usecs
-}
-
-metric imap_unhibernated_reason {
-  filter = event=imap_client_unhibernated
-  group_by = reason
-  fields = hibernation_usecs
-}
-
-metric imap_unhibernated_reason_sleep {
-  filter = event=imap_client_unhibernated
-  group_by = reason hibernation_usecs:exponential:4:8:10
-}
-
-metric imap_unhibernated_failed {
-  filter = event=imap_client_unhibernated AND error=*
-}
-
-# Hibernation duration buckets (how long clients stayed hibernated)
-# Base 10: 100ms to 27h
-metric imap_hibernation_duration {
-  filter = event=imap_client_unhibernated
-  group_by = reason duration:exponential:5:11:10
-}
-
-# Authentication / Login Metrics
-
-metric auth_request {
-  filter = event=auth_request_finished
-  group_by = success
-}
-
-metric auth_request_duration {
-  filter = event=auth_request_finished
-  group_by = success duration:exponential:2:6:10
-}
-
-metric auth_failed {
-  filter = event=auth_request_finished AND success=no
-}
-
-# Passdb cache effectiveness
-metric auth_passdb {
-  filter = event=auth_passdb_request_finished
-  group_by = result cache
-}
-
-# Master login (post-auth userdb lookup)
-metric auth_master_login {
-  filter = event=auth_master_client_login_finished
-}
-
-metric auth_master_login_failed {
-  filter = event=auth_master_client_login_finished AND error=*
-}
-
-# Mail Delivery (LMTP) - affects IDLE wakeup latency
-
-metric mail_delivery {
-  filter = event=mail_delivery_finished
-}
-
-metric mail_delivery_duration {
-  filter = event=mail_delivery_finished
-  group_by = duration:exponential:3:7:10
-}
-
-metric mail_delivery_failed {
-  filter = event=mail_delivery_finished AND error=*
-}
-
-# Connection Events
-
-metric client_connected {
-  filter = event=client_connection_connected AND category="service:imap"
-}
-
-metric client_disconnected {
-  filter = event=client_connection_disconnected AND category="service:imap"
-  fields = bytes_in bytes_out
-}
-{% endif %}

cmdeploy/src/cmdeploy/filtermail/deployer.py

@@ -1,52 +0,0 @@
-from pyinfra import facts, host
-from pyinfra.operations import files, systemd
-
-from cmdeploy.basedeploy import Deployer, get_resource
-
-
-class FiltermailDeployer(Deployer):
-    services = ["filtermail", "filtermail-incoming"]
-    bin_path = "/usr/local/bin/filtermail"
-    config_path = "/usr/local/lib/chatmaild/chatmail.ini"
-
-    def __init__(self):
-        self.need_restart = False
-
-    def install(self):
-        arch = host.get_fact(facts.server.Arch)
-        url = f"https://github.com/chatmail/filtermail/releases/download/v0.3.0/filtermail-{arch}"
-        sha256sum = {
-            "x86_64": "f14a31323ae2dad3b59d3fdafcde507521da2f951a9478cd1f2fe2b4463df71d",
-            "aarch64": "933770d75046c4fd7084ce8d43f905f8748333426ad839154f0fc654755ef09f",
-        }[arch]
-        self.need_restart |= files.download(
-            name="Download filtermail",
-            src=url,
-            sha256sum=sha256sum,
-            dest=self.bin_path,
-            mode="755",
-        ).changed
-
-    def configure(self):
-        for service in self.services:
-            self.need_restart |= files.template(
-                src=get_resource(f"filtermail/{service}.service.j2"),
-                dest=f"/etc/systemd/system/{service}.service",
-                user="root",
-                group="root",
-                mode="644",
-                bin_path=self.bin_path,
-                config_path=self.config_path,
-            ).changed
-
-    def activate(self):
-        for service in self.services:
-            systemd.service(
-                name=f"Start and enable {service}",
-                service=f"{service}.service",
-                running=True,
-                enabled=True,
-                restarted=self.need_restart,
-                daemon_reload=True,
-            )
-        self.need_restart = False

cmdeploy/src/cmdeploy/mtail/delivered_mail.mtail

@@ -44,37 +44,21 @@ counter warning_count
 }
 
 
-counter filtered_outgoing_mail_count
+counter filtered_mail_count
 
-counter outgoing_encrypted_mail_count
-/Outgoing: Filtering encrypted mail\./ {
-  outgoing_encrypted_mail_count++
-  filtered_outgoing_mail_count++
+counter encrypted_mail_count
+/Filtering encrypted mail\./ {
+  encrypted_mail_count++
+  filtered_mail_count++
 }
 
-counter outgoing_unencrypted_mail_count
-/Outgoing: Filtering unencrypted mail\./ {
-  outgoing_unencrypted_mail_count++
-  filtered_outgoing_mail_count++
+counter unencrypted_mail_count
+/Filtering unencrypted mail\./ {
+  unencrypted_mail_count++
+  filtered_mail_count++
 }
 
-
-counter filtered_incoming_mail_count
-
-counter incoming_encrypted_mail_count
-/Incoming: Filtering encrypted mail\./ {
-  incoming_encrypted_mail_count++
-  filtered_incoming_mail_count++
-}
-
-counter incoming_unencrypted_mail_count
-/Incoming: Filtering unencrypted mail\./ {
-  incoming_unencrypted_mail_count++
-  filtered_incoming_mail_count++
-}
-
-
 counter rejected_unencrypted_mail_count
-/Rejected unencrypted mail/ {
+/Rejected unencrypted mail\./ {
   rejected_unencrypted_mail_count++
 }

cmdeploy/src/cmdeploy/opendkim/final.lua

@@ -1,5 +1,4 @@
-mtaname = odkim.get_mtasymbol(ctx, "{daemon_name}")
-if mtaname == "ORIGINATING" then
+if odkim.internal_ip(ctx) == 1 then
 	-- Outgoing message will be signed,
 	-- no need to look for signatures.
 	return nil
@@ -10,11 +9,9 @@ if nsigs == nil then
 	return nil
 end
 
-local valid = false
-local error_msg = "No valid DKIM signature found."
 for i = 1, nsigs do
-	sig = odkim.get_sighandle(ctx, i - 1)
-	sigres = odkim.sig_result(sig)
+        sig = odkim.get_sighandle(ctx, i - 1)
+        sigres = odkim.sig_result(sig)
 
 	-- All signatures that do not correspond to From: 
 	-- were ignored in screen.lua and return sigres -1.
@@ -22,21 +19,10 @@ for i = 1, nsigs do
 	-- Any valid signature that was not ignored like this
 	-- means the message is acceptable.
 	if sigres == 0 then
-		valid = true
-    else
-        error_msg = "DKIM signature is invalid, error code " .. tostring(sigres) .. ", search https://github.com/trusteddomainproject/OpenDKIM/blob/master/libopendkim/dkim.h#L108"
-	end
-end
-
-if valid then
-	-- Strip all DKIM-Signature headers after successful validation
-	-- Delete in reverse order to avoid index shifting.
-	for i = nsigs, 1, -1 do
-		odkim.del_header(ctx, "DKIM-Signature", i)
-	end
-else
-	odkim.set_reply(ctx, "554", "5.7.1", error_msg)
-	odkim.set_result(ctx, SMFIS_REJECT)
+		return nil
+	end	
 end
 
+odkim.set_reply(ctx, "554", "5.7.1", "No valid DKIM signature found")
+odkim.set_result(ctx, SMFIS_REJECT)
 return nil

cmdeploy/src/cmdeploy/opendkim/opendkim.conf

@@ -65,9 +65,3 @@ PidFile			/run/opendkim/opendkim.pid
 # The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided
 # by the package dns-root-data.
 TrustAnchorFile		/usr/share/dns/root.key
-
-# Sign messages when `-o milter_macro_daemon_name=ORIGINATING` is set.
-MTA ORIGINATING
-
-# No hosts are treated as internal, ORIGINATING daemon name should be set explicitly.
-InternalHosts -

cmdeploy/src/cmdeploy/postfix/deployer.py

@@ -1,11 +1,10 @@
-from pyinfra.operations import apt, files, server, systemd
+from pyinfra.operations import apt, files, systemd
 
 from cmdeploy.basedeploy import Deployer, get_resource
 
 
 class PostfixDeployer(Deployer):
     required_users = [("postfix", None, ["opendkim"])]
-    daemon_reload = False
 
     def __init__(self, config, disable_mail):
         self.config = config
@@ -52,29 +51,6 @@ class PostfixDeployer(Deployer):
         )
         need_restart |= header_cleanup.changed
 
-        lmtp_header_cleanup = files.put(
-            src=get_resource("postfix/lmtp_header_cleanup"),
-            dest="/etc/postfix/lmtp_header_cleanup",
-            user="root",
-            group="root",
-            mode="644",
-        )
-        need_restart |= lmtp_header_cleanup.changed
-
-        tls_policy_map = files.put(
-            name="Upload SMTP TLS Policy that accepts self-signed certificates for IP-only hosts",
-            src=get_resource("postfix/smtp_tls_policy_map"),
-            dest="/etc/postfix/smtp_tls_policy_map",
-            user="root",
-            group="root",
-            mode="644",
-        )
-        need_restart |= tls_policy_map.changed
-        if tls_policy_map.changed:
-            server.shell(
-                commands=["postmap /etc/postfix/smtp_tls_policy_map"],
-            )
-
         # Login map that 1:1 maps email address to login.
         login_map = files.put(
             src=get_resource("postfix/login_map"),
@@ -84,21 +60,6 @@ class PostfixDeployer(Deployer):
             mode="644",
         )
         need_restart |= login_map.changed
-
-        restart_conf = files.put(
-            name="postfix: restart automatically on failure",
-            src=get_resource("service/10_restart.conf"),
-            dest="/etc/systemd/system/postfix@.service.d/10_restart.conf",
-        )
-        self.daemon_reload = restart_conf.changed
-
-        # Validate postfix configuration before restart
-        if need_restart:
-            server.shell(
-                name="Validate postfix configuration",
-                # Extract stderr and quit with error if non-zero
-                commands=["""bash -c 'w=$(postconf 2>&1 >/dev/null); [[ -z "$w" ]] || { echo "$w"; false; }'"""],
-            )
         self.need_restart = need_restart
 
     def activate(self):
@@ -112,6 +73,5 @@ class PostfixDeployer(Deployer):
             running=False if self.disable_mail else True,
             enabled=False if self.disable_mail else True,
             restarted=restart,
-            daemon_reload=self.daemon_reload,
         )
         self.need_restart = False

cmdeploy/src/cmdeploy/postfix/lmtp_header_cleanup

@@ -1,3 +0,0 @@
-/^DKIM-Signature:/            IGNORE
-/^Authentication-Results:/            IGNORE
-/^Received:/            IGNORE

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -25,7 +25,7 @@ smtp_tls_security_level=verify
 # <https://www.postfix.org/postconf.5.html#smtp_tls_servername>
 smtp_tls_servername = hostname
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtp_tls_policy_maps = regexp:/etc/postfix/smtp_tls_policy_map
+smtp_tls_policy_maps = inline:{nauta.cu=may}
 smtp_tls_protocols = >=TLSv1.2
 smtp_tls_mandatory_protocols = >=TLSv1.2
 
@@ -64,20 +64,7 @@ alias_database = hash:/etc/aliases
 mydestination =
 
 relayhost = 
-{% if disable_ipv6 %}
-mynetworks = 127.0.0.0/8
-{% else %}
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-{% endif %}
-{% if config.addr_v4 %}
-smtp_bind_address = {{ config.addr_v4 }}
-{% endif %}
-{% if config.addr_v6 %}
-smtp_bind_address6 = {{ config.addr_v6 }}
-{% endif %}
-{% if config.addr_v4 or config.addr_v6 %}
-smtp_bind_address_enforce = yes
-{% endif %}
 mailbox_size_limit = 0
 message_size_limit = {{config.max_message_size}}
 recipient_delimiter = +
@@ -90,7 +77,6 @@ inet_protocols = all
 
 virtual_transport = lmtp:unix:private/dovecot-lmtp
 virtual_mailbox_domains = {{ config.mail_domain }}
-lmtp_header_checks = regexp:/etc/postfix/lmtp_header_cleanup
 
 mua_client_restrictions = permit_sasl_authenticated, reject
 mua_sender_restrictions = reject_sender_login_mismatch, permit_sasl_authenticated, reject

cmdeploy/src/cmdeploy/postfix/master.cf.j2

@@ -31,6 +31,7 @@ submission inet n       -       y       -       5000    smtpd
   -o smtpd_sender_restrictions=$mua_sender_restrictions
   -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_client_connection_count_limit=1000
   -o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port }}
 smtps     inet  n       -       y       -       5000    smtpd
@@ -48,6 +49,7 @@ smtps     inet  n       -       y       -       5000    smtpd
   -o smtpd_recipient_restrictions=
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
   -o smtpd_client_connection_count_limit=1000
+  -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port }}
 #628       inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
@@ -79,7 +81,6 @@ filter    unix -        n       n       -       -       lmtp
 # Local SMTP server for reinjecting outgoing filtered mail.
 127.0.0.1:{{ config.postfix_reinject_port }} inet  n       -       n       -       100      smtpd
   -o syslog_name=postfix/reinject
-  -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_milters=unix:opendkim/opendkim.sock
   -o cleanup_service_name=authclean
 

cmdeploy/src/cmdeploy/postfix/smtp_tls_policy_map

@@ -1,2 +0,0 @@
-/^\[[^]]+\]$/ encrypt
-/^nauta\.cu$/    may

cmdeploy/src/cmdeploy/remote/rdns.py

@@ -37,10 +37,7 @@ def perform_initial_checks(mail_domain, pre_command=""):
         return res
 
     # parse out sts-id if exists, example: "v=STSv1; id=2090123"
-    mta_sts_txt = query_dns("TXT", f"_mta-sts.{mail_domain}")
-    if not mta_sts_txt:
-        return res
-    parts = mta_sts_txt.split("id=")
+    parts = query_dns("TXT", f"_mta-sts.{mail_domain}").split("id=")
     res["sts_id"] = parts[1].rstrip('"') if len(parts) == 2 else ""
     return res
 

cmdeploy/src/cmdeploy/run.py

@@ -14,9 +14,8 @@ def main():
         importlib.resources.files("cmdeploy").joinpath("../../../chatmail.ini"),
     )
     disable_mail = bool(os.environ.get("CHATMAIL_DISABLE_MAIL"))
-    website_only = bool(os.environ.get("CHATMAIL_WEBSITE_ONLY"))
 
-    deploy_chatmail(config_path, disable_mail, website_only)
+    deploy_chatmail(config_path, disable_mail)
 
 
 if pyinfra.is_cli:

cmdeploy/src/cmdeploy/service/10_restart.conf

@@ -1,3 +0,0 @@
-[Service]
-Restart=always
-RestartSec=30

cmdeploy/src/cmdeploy/service/echobot.service.f

@@ -0,0 +1,68 @@
+[Unit]
+Description=Chatmail echo bot for testing it works
+Requires=dovecot.service
+
+[Service]
+ExecStart={execpath} {config_path}
+Environment="PATH={remote_venv_dir}:$PATH"
+Restart=always
+RestartSec=30
+
+User=echobot
+Group=echobot
+
+# Create /var/lib/echobot
+StateDirectory=echobot
+
+# Create /run/echobot
+#
+# echobot stores /run/echobot/password
+# with a password there, which doveauth then reads.
+RuntimeDirectory=echobot
+
+WorkingDirectory=/var/lib/echobot
+
+# Apply security restrictions suggested by
+#   systemd-analyze security echobot.service
+CapabilityBoundingSet=
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateMounts=true
+PrivateTmp=true
+
+# We need to know about doveauth user to give it access to /run/echobot/password
+PrivateUsers=false
+
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=noaccess
+
+# Should be "strict", but we currently write /accounts folder in a protected path
+ProtectSystem=full
+
+RemoveIPC=true
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=~@clock
+SystemCallFilter=~@cpu-emulation
+SystemCallFilter=~@debug
+SystemCallFilter=~@module
+SystemCallFilter=~@mount
+SystemCallFilter=~@obsolete
+SystemCallFilter=~@raw-io
+SystemCallFilter=~@reboot
+SystemCallFilter=~@resources
+SystemCallFilter=~@swap
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target

cmdeploy/src/cmdeploy/service/filtermail-incoming.service.f

@@ -2,10 +2,11 @@
 Description=Incoming Chatmail Postfix before queue filter 
 
 [Service]
-ExecStart={{ bin_path }} {{ config_path }} incoming
+ExecStart={execpath} {config_path} incoming
 Restart=always
 RestartSec=30
 User=vmail
 
 [Install]
 WantedBy=multi-user.target
+

cmdeploy/src/cmdeploy/service/filtermail.service.f

@@ -2,7 +2,7 @@
 Description=Outgoing Chatmail Postfix before queue filter
 
 [Service]
-ExecStart={{ bin_path }} {{ config_path }} outgoing
+ExecStart={execpath} {config_path} outgoing
 Restart=always
 RestartSec=30
 User=vmail

cmdeploy/src/cmdeploy/sshexec.py

@@ -85,31 +85,16 @@ class SSHExec:
 
 
 class LocalExec:
-    FuncError = FuncError
-
     def __init__(self, verbose=False, docker=False):
         self.verbose = verbose
         self.docker = docker
 
-    def __call__(self, call, kwargs=None, log_callback=None):
-        if kwargs is None:
-            kwargs = {}
-        return call(**kwargs)
-
     def logged(self, call, kwargs: dict):
-        title = call.__doc__
-        if not title:
-            title = call.__name__
         where = "locally"
         if self.docker:
             if call == remote.rdns.perform_initial_checks:
                 kwargs["pre_command"] = "docker exec chatmail "
                 where = "in docker"
         if self.verbose:
-            print_stderr(f"Running {where}: {title}(**{kwargs})")
-            return self(call, kwargs, log_callback=print_stderr)
-        else:
-            print_stderr(title, end="")
-            res = self(call, kwargs, log_callback=remote.rshell.log_progress)
-            print_stderr()
-            return res
+            print(f"Running {where}: {call.__name__}(**{kwargs})")
+        return call(**kwargs)

cmdeploy/src/cmdeploy/tests/online/test_1_basic.py

@@ -1,4 +1,5 @@
 import datetime
+import os
 import smtplib
 import socket
 import subprocess
@@ -7,13 +8,14 @@ import time
 import pytest
 
 from cmdeploy import remote
-from cmdeploy.cmdeploy import get_sshexec
+from cmdeploy.cmdeploy import main
+from cmdeploy.sshexec import SSHExec
 
 
 class TestSSHExecutor:
     @pytest.fixture(scope="class")
     def sshexec(self, sshdomain):
-        return get_sshexec(sshdomain)
+        return SSHExec(sshdomain)
 
     def test_ls(self, sshexec):
         out = sshexec(call=remote.rdns.shell, kwargs=dict(command="ls"))
@@ -27,7 +29,6 @@ class TestSSHExecutor:
         assert res["A"] or res["AAAA"]
 
     def test_logged(self, sshexec, maildomain, capsys):
-        sshexec.verbose = False
         sshexec.logged(
             remote.rdns.perform_initial_checks, kwargs=dict(mail_domain=maildomain)
         )
@@ -53,8 +54,6 @@ class TestSSHExecutor:
                 remote.rdns.perform_initial_checks,
                 kwargs=dict(mail_domain=None),
             )
-        except AssertionError:
-            pass
         except sshexec.FuncError as e:
             assert "rdns.py" in str(e)
             assert "AssertionError" in str(e)
@@ -71,6 +70,47 @@ class TestSSHExecutor:
         assert (now - since_date).total_seconds() < 60 * 60 * 51
 
 
+def test_status_cmd(chatmail_config, capsys, request):
+    os.chdir(request.config.invocation_params.dir)
+    assert main(["status"]) == 0
+    status_out = capsys.readouterr()
+    print(status_out.out)
+
+    services = [
+        "acmetool-redirector",
+        "chatmail-metadata",
+        "doveauth",
+        "dovecot",
+        "echobot",
+        "fcgiwrap",
+        "filtermail-incoming",
+        "filtermail",
+        "lastlogin",
+        "nginx",
+        "opendkim",
+        "postfix@-",
+        "systemd-journald",
+        "turnserver",
+        "unbound",
+    ]
+    not_running = []
+    for service in services:
+        active = False
+        for line in status_out:
+            if service in line:
+                active = True
+                if not "loaded" in line:
+                    active = False
+                if not "active" in line:
+                    active = False
+                if not "running" in line:
+                    active = False
+                break
+        if not active:
+            not_running.append(service)
+    assert not_running == []
+
+
 def test_timezone_env(remote):
     for line in remote.iter_output("env"):
         print(line)
@@ -192,14 +232,12 @@ def test_exceed_rate_limit(cmsetup, gencreds, maildata, chatmail_config):
     mail = maildata(
         "encrypted.eml", from_addr=user1.addr, to_addr=user2.addr
     ).as_string()
-
-    start = time.time()
-    for i in range(chatmail_config.max_user_send_per_minute * 3):
-        print("Sending mail", str(i + 1), "at", time.time() - start, "s.")
+    for i in range(chatmail_config.max_user_send_per_minute + 5):
+        print("Sending mail", str(i))
         try:
             user1.smtp.sendmail(user1.addr, [user2.addr], mail)
         except smtplib.SMTPException as e:
-            if i < chatmail_config.max_user_send_burst_size:
+            if i < chatmail_config.max_user_send_per_minute:
                 pytest.fail(f"rate limit was exceeded too early with msg {i}")
             outcome = e.recipients[user2.addr]
             assert outcome[0] == 450

cmdeploy/src/cmdeploy/tests/online/test_2_deltachat.py

@@ -7,7 +7,7 @@ import pytest
 import requests
 
 from cmdeploy.remote import rshell
-from cmdeploy.cmdeploy import get_sshexec
+from cmdeploy.sshexec import SSHExec
 
 
 @pytest.fixture
@@ -17,7 +17,6 @@ def imap_mailbox(cmfactory):
     password = ac1.get_config("mail_pw")
     mailbox = imap_tools.MailBox(user.split("@")[1])
     mailbox.login(user, password)
-    mailbox.dc_ac = ac1
     return mailbox
 
 
@@ -90,7 +89,7 @@ class TestEndToEndDeltaChat:
         lp.sec(f"filling remote inbox for {user}")
         fn = f"7743102289.M843172P2484002.c20,S={quota},W=2398:2,"
         path = chatmail_config.mailboxes_dir.joinpath(user, "cur", fn)
-        sshexec = get_sshexec(sshdomain)
+        sshexec = SSHExec(sshdomain)
         sshexec(call=rshell.write_numbytes, kwargs=dict(path=str(path), num=120))
         res = sshexec(call=rshell.dovecot_recalc_quota, kwargs=dict(user=user))
         assert res["percent"] >= 100
@@ -122,28 +121,6 @@ class TestEndToEndDeltaChat:
         assert ch.id >= 10
         ac1._evtracker.wait_securejoin_inviter_progress(1000)
 
-    def test_dkim_header_stripped(self, cmfactory, maildomain2, lp, imap_mailbox):
-        """Test that if a DC address receives a message, it has no
-        DKIM-Signature and Authentication-Results headers."""
-        ac1 = cmfactory.new_online_configuring_account(cache=False)
-        cmfactory.switch_maildomain(maildomain2)
-        ac2 = cmfactory.new_online_configuring_account(cache=False)
-        cmfactory.bring_accounts_online()
-        chat = cmfactory.get_accepted_chat(ac1, imap_mailbox.dc_ac)
-        chat.send_text("message0")
-        chat2 = cmfactory.get_accepted_chat(ac2, imap_mailbox.dc_ac)
-        chat2.send_text("message1")
-
-        lp.sec("receive message with ac1...")
-        received = 0
-        while received < 2:
-            msgs = imap_mailbox.fetch()
-            for msg in msgs:
-                lp.sec(f"ac1 received msg from {msg.from_}")
-                received += 1
-                assert "authentication-results" not in msg.headers
-                assert "dkim-signature" not in msg.headers
-
     def test_read_receipts_between_instances(self, cmfactory, lp, maildomain2):
         ac1 = cmfactory.new_online_configuring_account(cache=False)
         cmfactory.switch_maildomain(maildomain2)
@@ -183,3 +160,22 @@ def test_hide_senders_ip_address(cmfactory):
     user2.direct_imap.select_folder("Inbox")
     msg = user2.direct_imap.get_all_messages()[0]
     assert public_ip not in msg.obj.as_string()
+
+
+def test_echobot(cmfactory, chatmail_config, lp, sshdomain):
+    ac = cmfactory.get_online_accounts(1)[0]
+
+    # establish contact with echobot
+    sshexec = SSHExec(sshdomain)
+    command = "cat /var/lib/echobot/invite-link.txt"
+    echo_invite_link = sshexec(call=rshell.shell, kwargs=dict(command=command))
+    chat = ac.qr_setup_contact(echo_invite_link)
+    ac._evtracker.wait_securejoin_joiner_progress(1000)
+
+    # send message and check it gets replied back
+    lp.sec("Send message to echobot")
+    text = "hi, I hope you text me back"
+    chat.send_text(text)
+    lp.sec("Wait for reply from echobot")
+    reply = ac._evtracker.wait_next_incoming_message()
+    assert reply.text == text

cmdeploy/src/cmdeploy/tests/online/test_3_status.py

@@ -1,53 +0,0 @@
-import os
-
-from cmdeploy.cmdeploy import main
-
-
-def test_status_cmd(chatmail_config, capsys, request):
-    os.chdir(request.config.invocation_params.dir)
-    command = ["status"]
-    if os.getenv("CHATMAIL_SSH"):
-        command.append("--ssh-host")
-        command.append(os.getenv("CHATMAIL_SSH"))
-    assert main(command) == 0
-    status_out = capsys.readouterr()
-    print(status_out.out)
-
-    assert len(status_out.out.splitlines()) > 5
-
-    """
-    don't test actual server state:
-
-    services = [
-        "acmetool-redirector",
-        "chatmail-metadata",
-        "doveauth",
-        "dovecot",
-        "fcgiwrap",
-        "filtermail-incoming",
-        "filtermail",
-        "lastlogin",
-        "nginx",
-        "opendkim",
-        "postfix@-",
-        "systemd-journald",
-        "turnserver",
-        "unbound",
-    ]
-    not_running = []
-    for service in services:
-        active = False
-        for line in status_out:
-            if service in line:
-                active = True
-                if not "loaded" in line:
-                    active = False
-                if not "active" in line:
-                    active = False
-                if not "running" in line:
-                    active = False
-                break
-        if not active:
-            not_running.append(service)
-    assert not_running == []
-    """

cmdeploy/src/cmdeploy/tests/plugin.py

@@ -54,8 +54,8 @@ def maildomain(chatmail_config):
 
 
 @pytest.fixture(scope="session")
-def sshdomain(chatmail_config):
-    return os.environ.get("CHATMAIL_SSH", chatmail_config.ssh_host)
+def sshdomain(maildomain):
+    return os.environ.get("CHATMAIL_SSH", maildomain)
 
 
 @pytest.fixture
@@ -337,14 +337,8 @@ class Remote:
 
     def iter_output(self, logcmd=""):
         getjournal = "journalctl -f" if not logcmd else logcmd
-        print(self.sshdomain)
-        match self.sshdomain:
-            case "@local": command = []
-            case "localhost": command = []
-            case _: command = ["ssh", f"root@{self.sshdomain}"]
-        [command.append(arg) for arg in getjournal.split()]
         self.popen = subprocess.Popen(
-            command,
+            ["ssh", f"root@{self.sshdomain}", getjournal],
             stdout=subprocess.PIPE,
         )
         while 1:

cmdeploy/src/cmdeploy/unbound/unbound.conf.j2

@@ -1,4 +0,0 @@
-# Managed by cmdeploy: disable IPv6 in unbound.
-server:
-  interface: 127.0.0.1
-  do-ip6: no

cmdeploy/src/cmdeploy/www.py

@@ -140,34 +140,34 @@ def main():
     config.webdev = True
     assert config.mail_domain
 
+    # start web page generation, open a browser and wait for changes
     www_path, src_path, build_dir = get_paths(config)
     build_dir = build_webpages(src_path, build_dir, config)
     index_path = build_dir.joinpath("index.html")
     webbrowser.open(str(index_path))
-
-    print(f"\nOpened URL: file://{index_path.resolve()}\n")
-    print(f"Watching {src_path} directory for changes...")
-
     stats = snapshot_dir_stats(src_path)
+    print(f"\nOpened URL: file://{index_path.resolve()}\n")
+    print(f"watching {src_path} directory for changes")
+
     changenum = 0
-    debounce_time = 0.5  # wait 0.5s after detecting a change
-
+    count = 0
     while True:
-        time.sleep(1)
         newstats = snapshot_dir_stats(src_path)
+        if newstats == stats and count % 60 != 0:
+            count += 1
+            time.sleep(1.0)
+            continue
 
-        if newstats != stats:
-            changed_files = [f for f in newstats if stats.get(f) != newstats[f]]
-            for f in changed_files:
-                print(f"*** CHANGED: {f}")
+        for key in newstats:
+            if stats[key] != newstats[key]:
+                print(f"*** CHANGED: {key}")
+                changenum += 1
 
-            stats = newstats
-            changenum += 1
-            build_webpages(src_path, build_dir, config)
-            print(f"[{changenum}] regenerated web pages at: {index_path}")
-            print(f"URL: file://{index_path.resolve()}\n\n")
-
-            time.sleep(debounce_time)  # simple debounce
+        stats = newstats
+        build_webpages(src_path, build_dir, config)
+        print(f"[{changenum}] regenerated web pages at: {index_path}")
+        print(f"URL: file://{index_path.resolve()}\n\n")
+        count = 0
 
 
 if __name__ == "__main__":

doc/README.md

@@ -6,7 +6,7 @@ You can use the `make` command and `make html` to build web pages.
 
 You need a Python environment where the following install was excuted: 
 
-    pip install furo sphinx-autobuild
+    pip install sphinx-build furo sphinx-autobuild 
 
 To develop/change documentation, you can then do: 
 

doc/source/getting_started.rst

@@ -21,6 +21,12 @@ You will need the following:
    1GB RAM, one CPU, and perhaps 10GB storage for a few thousand active
    chatmail addresses.
 
+-  Key-based SSH authentication to the root user. You must add a
+   passphrase-protected private key to your local ssh-agent because you
+   can’t type in your passphrase during deployment. (An ed25519 private
+   key is required due to an `upstream bug in
+   paramiko <https://github.com/paramiko/paramiko/issues/2191>`_)
+
 
 Setup with ``scripts/cmdeploy``
 -------------------------------------
@@ -28,36 +34,40 @@ Setup with ``scripts/cmdeploy``
 We use ``chat.example.org`` as the chatmail domain in the following
 steps. Please substitute it with your own domain.
 
-1. Setup the initial DNS records for your relay.
-   The following is an example in the
+1. Setup the initial DNS records. The following is an example in the
    familiar BIND zone file format with a TTL of 1 hour (3600 seconds).
    Please substitute your domain and IP addresses.
 
    ::
 
-       chat.example.org. 3600 IN A 198.51.100.5
-       chat.example.org. 3600 IN AAAA 2001:db8::5
-       www.chat.example.org. 3600 IN CNAME chat.example.org.
-       mta-sts.chat.example.org. 3600 IN CNAME chat.example.org.
+       chat.example.com. 3600 IN A 198.51.100.5
+       chat.example.com. 3600 IN AAAA 2001:db8::5
+       www.chat.example.com. 3600 IN CNAME chat.example.com.
+       mta-sts.chat.example.com. 3600 IN CNAME chat.example.com.
 
-2. Login to the server with SSH, clone the repository and bootstrap the Python
+2. On your local PC, clone the repository and bootstrap the Python
    virtualenv.
 
    ::
 
-       ssh root@chat.example.org
        git clone https://github.com/chatmail/relay
        cd relay
        scripts/initenv.sh
 
-3. Then, create a chatmail configuration file
+3. On your local PC, create chatmail configuration file
    ``chatmail.ini``:
 
    ::
 
        scripts/cmdeploy init chat.example.org  # <-- use your domain
 
-4. Now run the deployment script to install the relay to the server:
+4. Verify that SSH root login to your remote server works:
+
+   ::
+
+       ssh root@chat.example.org  # <-- use your domain
+
+5. From your local PC, deploy the remote chatmail relay server:
 
    ::
 
@@ -68,31 +78,26 @@ steps. Please substitute it with your own domain.
    configure at your DNS provider (it can take some time until they are
    public).
 
-Next Steps
-----------
-
-Now you should display and check all recommended DNS records
-to enable federation with other relays:
-
-::
-
-   scripts/cmdeploy dns
-
-You should also test whether your chatmail service is working correctly:
-
-::
-
-   scripts/cmdeploy test
-
-Other Helpful Commands
+Other helpful commands
 ----------------------
 
-To check the status of your chatmail relay:
+To check the status of your remotely running chatmail service:
 
 ::
 
    scripts/cmdeploy status
 
+To display and check all recommended DNS records:
+
+::
+
+   scripts/cmdeploy dns
+
+To test whether your chatmail service is working correctly:
+
+::
+
+   scripts/cmdeploy test
 
 To measure the performance of your chatmail service:
 
@@ -134,9 +139,8 @@ This starts a local live development cycle for chatmail web pages:
    directory and generating HTML files and copying assets to the
    ``www/build`` directory.
 
--  if you are running scripts/cmdeploy webdev on the relay itself,
-   you need to configure a route in /etc/nginx/nginx.conf
-   to expose the build directory.
+-  Starts a browser window automatically where you can “refresh” as
+   needed.
 
 Custom web pages
 ----------------
@@ -154,7 +158,7 @@ Disable automatic address creation
 --------------------------------------------------------
 
 If you need to stop address creation, e.g. because some script is wildly
-creating addresses, login with ssh to the relay and run:
+creating addresses, login with ssh and run:
 
 ::
 
@@ -162,3 +166,4 @@ creating addresses, login with ssh to the relay and run:
 
 Chatmail address creation will be denied while this file is present.
 
+

doc/source/migrate.rst

@@ -1,98 +1,73 @@
 
-Migrating to a new machine
-===========================
+Migrating to a new host
+-----------------------
 
-This migration tutorial provides a step-wise approach
-to safely migrate a chatmail relay from one remote machine to another.
+If you want to migrate chatmail relay from an old machine to a new
+machine, you can use these steps. They were tested with a Linux laptop;
+you might need to adjust some of the steps to your environment.
 
-Preliminary notes and assumptions
----------------------------------
+Let’s assume that your ``mail_domain`` is ``mail.example.org``, all
+involved machines run Debian 12, your old site’s IP address is
+``13.37.13.37``, and your new site’s IP address is ``13.12.23.42``.
 
-- If the migration is a planned move,
-  it's recommended to lower the Time To Live (TTL) of your DNS records to a value such as 300 (5 minutes),
-  at best much earlier than the actual planned migration.
-  This speeds up propagation of DNS changes in the Internet after the migration is complete.
+Note, you should lower the TTLs of your DNS records to a value such as
+300 (5 minutes) so the migration happens as smoothly as possible.
 
-- The migration steps were tested with a Linux laptop; you might need to adjust some of the steps to your local environment.
+During the guide you might get a warning about changed SSH Host keys; in
+this case, just run ``ssh-keygen -R "mail.example.org"`` as recommended.
 
-- Your ``mail_domain`` is ``mail.example.org``.
-
-- All remote machines run Debian 12.
-
-- The old site’s IP version 4 address is ``$OLD_IP4``.
-
-- The new site’s IP addresses are ``$NEW_IP4`` and ``$NEW_IPV6``.
-
-
-The six steps to migrate
-------------------------
-
-Note that during some of the following steps you might get a warning about changed SSH Host keys;
-in this case, just run ``ssh-keygen -R "mail.example.org"`` as recommended.
-
-
-1. **Initially transfer mailboxes from old to new site.**
-
-   Login to old site, forwarding your ssh-agent with ``ssh -A``
-   to allow using ssh to directly copy files from old to new site.
-   ::
-
-       ssh -A root@$OLD_IP4
-       tar c /home/vmail/mail | ssh root@$NEW_IP4 "tar x -C /"
-
-
-2. **Pre-configure the new site but keep it inactive until step 6**
-   ::
-
-       CMDEPLOY_STAGES=install,configure scripts/cmdeploy run --ssh-host $NEW_IP4
-
-
-3. **It's getting serious: disable mail services on the old site.**
-   Users will not be able to send or receive messages until all steps are completed.
-   Other relays and mail servers will retry delivering messages from time to time,
-   so nothing is lost for users.
+1. First, disable mail services on the old site.
 
    ::
 
-       scripts/cmdeploy run --disable-mail --ssh-host $OLD_IP4
+       cmdeploy run --disable-mail --ssh-host 13.37.13.37
 
+   Now your users will notice the migration and will not be able to send
+   or receive messages until the migration is completed.
 
-4. **Final synchronization of TLS/DKIM secrets, mail queues and mailboxes.**
-   Again we use ssh-agent forwarding (``-A``) to allow transfering all important data directly
-   from the old to the new site.
-   ::
-
-       ssh -A root@$OLD_IP4
-       tar c /var/lib/acme /etc/dkimkeys /var/spool/postfix | ssh root@$NEW_IP4 "tar x -C /"
-       rsync -azH /home/vmail/mail root@$NEW_IP4:/home/vmail/
-
-   Login to the new site and ensure file ownerships are correctly set:
+2. Now we want to copy ``/home/vmail``, ``/var/lib/acme``,
+   ``/etc/dkimkeys``, ``/run/echobot``, and ``/var/spool/postfix`` to
+   the new site. Login to the old site while forwarding your SSH agent
+   so you can copy directly from the old to the new site with your SSH
+   key:
+
+   ::
+
+       ssh -A root@13.37.13.37
+       tar c - /home/vmail/mail /var/lib/acme /etc/dkimkeys /run/echobot /var/spool/postfix | ssh root@13.12.23.42 "tar x -C /"
+
+   This transfers all addresses, the TLS certificate, DKIM keys (so DKIM
+   DNS record remains valid), and the echobot’s password so it continues
+   to function. It also preserves the Postfix mail spool so any messages
+   pending delivery will still be delivered.
+
+3. Install chatmail on the new machine:
+
+   ::
+
+       cmdeploy run --disable-mail --ssh-host 13.12.23.42
+
+   Postfix and Dovecot are disabled for now; we will enable them later.
+   We first need to make the new site fully operational.
+
+4. On the new site, run the following to ensure the ownership is correct
+   in case UIDs/GIDs changed:
 
    ::
 
-       ssh root@$NEW_IP4
        chown root: -R /var/lib/acme
        chown opendkim: -R /etc/dkimkeys
        chown vmail: -R /home/vmail/mail
+       chown echobot: -R /run/echobot
 
+5. Now, update DNS entries.
 
-5. **Update the DNS entries to point to the new site.**
-   You only need to change the ``A`` and ``AAAA`` records, for example:
+   If other MTAs try to deliver messages to your chatmail domain they
+   may fail intermittently, as DNS catches up with the new site settings
+   but normally will retry delivering messages for at least a week, so
+   messages will not be lost.
 
-   ::
-
-       mail.example.org.    IN A    $NEW_IP4
-       mail.example.org.    IN AAAA $NEW_IP6
-
-
-6. **Activate chatmail relay on new site.**
-
-   ::
-
-        CMDEPLOY_STAGES=activate scripts/cmdeploy run --ssh-host $NEW_IP4
-
-   Voilà!
-   Users will be able to use the relay as soon as the DNS changes have propagated.
-   If you have lowered the Time-to-Live for DNS records in step 1,
-   better use a higher value again (between 14400 and 86400 seconds) once you are sure everything works.
+6. Finally, you can execute ``cmdeploy run --ssh-host 13.12.23.42`` to
+   turn on chatmail on the new relay. Your users will be able to use the
+   chatmail relay as soon as the DNS changes have propagated. Voilà!
 

doc/source/overview.rst

@@ -42,11 +42,6 @@ The deployed system components of a chatmail relay are:
 -  Dovecot_ is the Mail Delivery Agent (MDA) and
    stores messages for users until they download them
 
--  `filtermail <https://github.com/chatmail/filtermail>`_
-   prevents unencrypted email from leaving or entering the chatmail
-   service and is integrated into Postfix’s outbound and inbound mail
-   pipelines.
-
 -  Nginx_ shows the web page with privacy policy and additional information
 
 -  `acmetool <https://hlandau.github.io/acmetool/>`_ manages TLS
@@ -90,6 +85,11 @@ short overview of ``chatmaild`` services:
    <https://doc.dovecot.org/2.3/configuration_manual/authentication/dict/#complete-example-for-authenticating-via-a-unix-socket>`_
    to authenticate logins.
 
+-  `filtermail <https://github.com/chatmail/relay/blob/main/chatmaild/src/chatmaild/filtermail.py>`_
+   prevents unencrypted email from leaving or entering the chatmail
+   service and is integrated into Postfix’s outbound and inbound mail
+   pipelines.
+
 -  `chatmail-metadata <https://github.com/chatmail/relay/blob/main/chatmaild/src/chatmaild/metadata.py>`_
    is contacted by a `Dovecot lua
    script <https://github.com/chatmail/relay/blob/main/cmdeploy/src/cmdeploy/dovecot/push_notification.lua>`_
@@ -109,6 +109,10 @@ short overview of ``chatmaild`` services:
    is contacted by Dovecot when a user logs in and stores the date of
    the login.
 
+-  `echobot <https://github.com/chatmail/relay/blob/main/chatmaild/src/chatmaild/echo.py>`_
+   is a small bot for test purposes. It simply echoes back messages from
+   users.
+
 -  `metrics <https://github.com/chatmail/relay/blob/main/chatmaild/src/chatmaild/metrics.py>`_
    collects some metrics and displays them at
    ``https://example.org/metrics``.
@@ -269,11 +273,9 @@ Incoming emails must have a valid DKIM signature with
 Signing Domain Identifier (SDID, ``d=`` parameter in the DKIM-Signature
 header) equal to the ``From:`` header domain. This property is checked
 by OpenDKIM screen policy script before validating the signatures. This
-corresponds to strict :rfc:`DMARC <7489>` alignment (``adkim=s``).
+correpsonds to strict :rfc:`DMARC <7489>` alignment (``adkim=s``).
 If there is no valid DKIM signature on the incoming email, the
 sender receives a “5.7.1 No valid DKIM signature found” error.
-After validating the DKIM signature,
-the `final.lua` script strips all ``OpenDKIM:`` headers to reduce message size on disc.
 
 Note that chatmail relays
 

doc/source/proxy.rst

@@ -22,12 +22,7 @@ Note that your chatmail relay still needs to be able to make outgoing
 connections on port 25 to send messages outside.
 
 To setup a reverse proxy (or rather Destination NAT, DNAT) for your
-chatmail relay, follow these instructions:
-
-Linux
-^^^^^
-
-Put the following configuration in
+chatmail relay, put the following configuration in
 ``/etc/nftables.conf``:
 
 ::
@@ -115,61 +110,5 @@ Uncomment in ``/etc/sysctl.conf`` the following two lines:
 Then reboot the relay or do ``sysctl -p`` and
 ``nft -f /etc/nftables.conf``.
 
-FreeBSD / pf
-^^^^^^^^^^^^
-
-Put the following configuration in
-``/etc/pf.conf``:
-
-::
-
-    ext_if = "em0"
-    forward_ports = "{ 25, 80, 143, 443, 465, 587, 993 }"
-    chatmail_ipv4 = "AAA.BBB.CCC.DDD"
-    icmp_types = "{ echoreq, echorep, unreach, timex }"
-    chatmail_ipv6 = "XXX::1"
-    icmp6_types = "{ echorep, echoreq, neighbradv, neighbrsol, routeradv, routersol, unreach, toobig, timex }"
-
-    set skip on lo0
-
-    nat on $ext_if inet from any to any -> ($ext_if:0)
-    nat on $ext_if inet6 from any to any -> ($ext_if:0)
-
-    # Define the redirect rules
-    rdr on $ext_if inet proto tcp from any to ($ext_if:0) port $forward_ports -> $chatmail_ipv4
-    rdr on $ext_if inet6 proto tcp from any to ($ext_if:0) port $forward_ports -> $chatmail_ipv6
-
-    # Accept the incoming traffic to the specified ports we will NAT redirect
-    pass in quick on $ext_if inet proto tcp from any to any port $forward_ports flags S/SA modulate state
-    pass in quick on $ext_if inet6 proto tcp from any to any port $forward_ports flags S/SA modulate state
-
-    # Allow incoming SSH for host mgmt
-    pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 flags S/SA modulate state
-
-    # Allow ICMP
-    pass in quick on $ext_if inet proto icmp all icmp-type $icmp_types keep state
-    pass in quick on $ext_if inet6 proto ipv6-icmp all icmp6-type $icmp6_types keep state
-
-    # Allow traffic from anyone to go through the NAT
-    pass on $ext_if inet proto tcp from any to $chatmail_ipv4 flags S/SA modulate state
-    pass on $ext_if inet6 proto tcp from any to $chatmail_ipv6 flags S/SA modulate state
-
-    # Default allow out
-    pass out quick on $ext_if from any to any
-
-    # Default block
-    block drop in log all
-
-Insert into ``/etc/sysctl.conf.local`` the following two lines:
-
-::
-
-    net.inet.ip.forwarding=1
-    net.inet6.ip6.forwarding=1
-
-Activate the sysctls with ``service sysctl onestart``.
-Enable the pf firewall with ``service pf enable``.
-Apply the firewall rules with ``service pf start`` or ``pfctl -f /etc/pf.conf``.
-Note, enabling the firewall may interrupt your SSH session, but you can reconnect.
-
 Once proxy relay is set up, you can add its IP address to the DNS.
+

doc/source/related.rst

@@ -7,21 +7,14 @@ Active development takes place in the `chatmail/relay github repository <https:/
 You can check out the `'chatmail' tag in the support.delta.chat forum <https://support.delta.chat/tag/chatmail>`_
 and ask to get added to a non-public support chat for debugging issues.
 
-We know of three work-in-progress alternative implementation efforts:
+We know of two work-in-progress alternative implementation efforts:
 
 -  `Mox <https://github.com/mjl-/mox>`_: A Golang email server. `Work
    is in progress <https://github.com/mjl-/mox/issues/251>`_ to modify
    it to support all of the features and configuration settings required
    to operate as a chatmail relay.
 
--  `Madmail <https://github.com/themadorg/madmail>`_: an
-   experimental fork of `Maddy Mail Server <https://maddy.email/>`_, modified
-   for chatmail deployments.  It provides a single binary solution
-   for running a chatmail relay.
-
--  `Chatmail Cookbook <https://github.com/feld/chatmail-cookbook>`_:
-   A Chef Cookbook implementing a relay server. The project follows the
-   official relay server software and configurations converted to a Chef
-   Cookbook with only minor differences. The cookbook uses DNS-01 for
-   certificate validation and additionally supports FreeBSD. It does not
-   require a Chef server to use.
+-  `Maddy-Chatmail <https://github.com/sadraiiali/maddy_chatmail>`_: a
+   plugin for the `Maddy email server <https://maddy.email/>`_ which
+   aims to implement the chatmail relay features and configuration
+   options.

www/src/index.md

@@ -23,3 +23,7 @@ you can also **scan this QR code** with Delta Chat:
 🐣 **Choose** your Avatar and Name
 
 💬 **Start** chatting with any Delta Chat contacts using [QR invite codes](https://delta.chat/en/help#howtoe2ee)
+
+{% if config.mail_domain != "nine.testrun.org" %}
+<div class="experimental">Note: this is only a temporary development chatmail service</div>
+{% endif %}