olemd/mail2couch
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
mail2couch/rust/TLS_SUPPORT.md

98 lines
2.5 KiB
Markdown
Raw Permalink Normal View History

feat: add TLS support to Rust implementation - Add async-native-tls dependency for secure IMAP connections - Implement ImapStream enum supporting both TLS and plain connections - Add automatic TLS detection based on port (993=TLS, 143=plain, 3143=test) - Add comprehensive Read/Write trait implementations for stream wrapper - Add debug logging for connection type verification - Create example configurations for Gmail, Outlook, and other providers - Add TLS_SUPPORT.md documentation with security guidelines - Test with existing test environment and TLS detection logic - Maintain backward compatibility with plain IMAP for testing The Rust implementation now supports secure connections to production email providers while maintaining compatibility with test environments. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-02 20:01:42 +02:00
# TLS Support in mail2couch Rust Implementation
The Rust implementation of mail2couch now includes full TLS support for secure IMAP connections.
## Automatic TLS Detection
The client automatically determines whether to use TLS based on the configured port:
- **Port 993** (IMAPS): Uses TLS encryption (default for Gmail, Outlook, etc.)
- **Port 143** (IMAP): Uses plain text connection (insecure, typically for testing)
- **Port 3143**: Uses plain text (test environment default)
- **Other ports**: Defaults to TLS with a warning message
## Example Configurations
### Gmail with TLS (Recommended)
```json
{
"name": "Personal Gmail",
"host": "imap.gmail.com",
"port": 993,
"user": "your-email@gmail.com",
"password": "your-app-password"
}
```
### Outlook with TLS
```json
{
"name": "Work Outlook",
"host": "outlook.office365.com",
"port": 993,
"user": "you@company.com",
"password": "your-app-password"
}
```
### Test Environment (Plain)
```json
{
"name": "Test Server",
"host": "localhost",
"port": 3143,
"user": "testuser",
"password": "testpass"
}
```
## Security Notes
1. **Always use port 993** for production email providers
2. **Never use port 143** with real email accounts (credentials sent in plain text)
3. **Use app passwords** instead of account passwords for Gmail/Outlook
4. **Port 3143** is only for local testing environments
## Provider-Specific Settings
### Gmail
- Host: `imap.gmail.com`
- Port: `993` (TLS)
- Requires app password (not regular password)
- Enable 2FA and generate app password in Google Account settings
### Microsoft Outlook/Office 365
- Host: `outlook.office365.com`
- Port: `993` (TLS)
- May require app password depending on organization settings
### Yahoo Mail
- Host: `imap.mail.yahoo.com`
- Port: `993` (TLS)
- Requires app password
## Testing TLS Functionality
1. **Test with local environment**: Port 3143 (plain)
```bash
./mail2couch -c config-test.json
```
2. **Test with Gmail**: Port 993 (TLS)
```bash
./mail2couch -c config-gmail.json
```
3. **Verify TLS detection**: Check logs for connection type
- TLS connections will show successful handshake
- Plain connections will connect directly
## Implementation Details
The TLS support is implemented using:
- `async-native-tls` for TLS connections
- `async-std` for plain TCP connections
- Custom `ImapStream` enum that wraps both connection types
- Automatic port-based detection logic
This ensures compatibility with both secure production environments and insecure test setups.
Reference in a new issue Copy permalink