Is there a foss relay that can be configure to do this or is it still a roll-your-own thing?
Yes, they're just relays, however, the good ones are those that use nip42 auth, and do not allow just anyone to download the sensitive events such as DM events and those related to nip17 DMs/groups/gifts. Those events are only served to the pubkeys that are supposed to have access to them (tag inspection). That's what auth.nostr1.com is configured to do.
nostr:npub1nxa4tywfz9nqp7z9zp7nr7d4nchhclsf58lcqt5y782rmf2hefjquaa6q8 do you know are there other settings events besides nip65 that store the amethyst settings? I am confused trying to understand how a client even knows about your DM inbox, or if it just failed to publish my list or etc. when I update it, the 10002 does not seem to be posting.
Discussion
I have opensourced the proxy that adds this functionality at GitHub.com/jeremyd/interceptor-proxy
This is very new and to run it yourself you would likely want to slightly change how it looks up the pubkey access control list. Not a hard mod to make.. if you would like to try I'd be happy to help. Right now just running traffic against it to see how well it performs.
Whoops, typod the url it's GitHub.com/relaytools/interceptor-proxy