feat(smtp): capture full messages + attachments to disk

SMTP template now writes each accepted DATA body as a .eml file into a
bind-mounted per-decky quarantine dir and emits a `message_stored` log
with sha256, size, decoded headers, and an attachment manifest
(filename + sha256 + size + content-type). Attachment hashing uses the
*decoded* payload so operators can match against VT / MalwareBazaar
directly. Body accumulator is capped at SMTP_MAX_BODY_BYTES (default
10 MB, matching the EHLO SIZE advert) so a streaming client can't OOM
the container.

The existing /api/v1/artifacts/{decky}/{stored_as} endpoint now takes
an optional ?service= query param (defaults to ssh for back-compat)
and can serve .eml files out of the smtp subdir. Forensic metadata
rides the normal log pipeline, same as SSH file_captured.

decnet/services/smtp.py

@@ -1,8 +1,14 @@
+import os
 from pathlib import Path
 
 from decnet.services.base import BaseService
 
 TEMPLATES_DIR = Path(__file__).parent.parent / "templates" / "smtp"
+ARTIFACTS_ROOT = os.environ.get("DECNET_ARTIFACTS_ROOT", "/var/lib/decnet/artifacts")
+# In-container path for full-message capture. /var/spool/mqueue is where
+# sendmail historically parks unsent messages, so `ls` / `mount` inside the
+# container looks benign to an attacker poking around.
+_IN_CONTAINER_QUARANTINE = "/var/spool/mqueue"
 
 
 class SMTPService(BaseService):
@@ -17,6 +23,7 @@ class SMTPService(BaseService):
         service_cfg: dict | None = None,
     ) -> dict:
         cfg = service_cfg or {}
+        quarantine_host = f"{ARTIFACTS_ROOT}/{decky_name}/smtp"
         fragment: dict = {
             "build": {"context": str(TEMPLATES_DIR)},
             "container_name": f"{decky_name}-smtp",
@@ -24,7 +31,9 @@ class SMTPService(BaseService):
             "cap_add": ["NET_BIND_SERVICE"],
             "environment": {
                 "NODE_NAME": decky_name,
+                "SMTP_QUARANTINE_DIR": _IN_CONTAINER_QUARANTINE,
             },
+            "volumes": [f"{quarantine_host}:{_IN_CONTAINER_QUARANTINE}:rw"],
         }
         if log_target:
             fragment["environment"]["LOG_TARGET"] = log_target

decnet/services/smtp_relay.py

@@ -1,3 +1,4 @@
+import os
 from pathlib import Path
 
 from decnet.services.base import BaseService
@@ -5,6 +6,9 @@ from decnet.services.base import BaseService
 # Reuses the same template as the smtp service — only difference is
 # SMTP_OPEN_RELAY=1 in the environment, which enables the open relay persona.
 _TEMPLATES_DIR = Path(__file__).parent.parent / "templates" / "smtp"
+ARTIFACTS_ROOT = os.environ.get("DECNET_ARTIFACTS_ROOT", "/var/lib/decnet/artifacts")
+# See decnet/services/smtp.py — benign-looking in-container quarantine path.
+_IN_CONTAINER_QUARANTINE = "/var/spool/mqueue"
 
 
 class SMTPRelayService(BaseService):
@@ -21,6 +25,7 @@ class SMTPRelayService(BaseService):
         service_cfg: dict | None = None,
     ) -> dict:
         cfg = service_cfg or {}
+        quarantine_host = f"{ARTIFACTS_ROOT}/{decky_name}/smtp"
         fragment: dict = {
             "build": {"context": str(_TEMPLATES_DIR)},
             "container_name": f"{decky_name}-smtp_relay",
@@ -29,7 +34,9 @@ class SMTPRelayService(BaseService):
             "environment": {
                 "NODE_NAME": decky_name,
                 "SMTP_OPEN_RELAY": "1",
+                "SMTP_QUARANTINE_DIR": _IN_CONTAINER_QUARANTINE,
             },
+            "volumes": [f"{quarantine_host}:{_IN_CONTAINER_QUARANTINE}:rw"],
         }
         if log_target:
             fragment["environment"]["LOG_TARGET"] = log_target