feat: add TLS support to Rust implementation

- Add async-native-tls dependency for secure IMAP connections - Implement ImapStream enum supporting both TLS and plain connections - Add automatic TLS detection based on port (993=TLS, 143=plain, 3143=test) - Add comprehensive Read/Write trait implementations for stream wrapper - Add debug logging for connection type verification - Create example configurations for Gmail, Outlook, and other providers - Add TLS_SUPPORT.md documentation with security guidelines - Test with existing test environment and TLS detection logic - Maintain backward compatibility with plain IMAP for testing The Rust implementation now supports secure connections to production email providers while maintaining compatibility with test environments. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-02 20:01:42 +02:00 · 2025-08-02 20:01:42 +02:00 · 35c3c8657a
commit 35c3c8657a
parent 4835df070e
5 changed files with 279 additions and 4 deletions
--- a/rust/TLS_SUPPORT.md
+++ b/rust/TLS_SUPPORT.md
@ -0,0 +1,98 @@
+# TLS Support in mail2couch Rust Implementation
+
+The Rust implementation of mail2couch now includes full TLS support for secure IMAP connections.
+
+## Automatic TLS Detection
+
+The client automatically determines whether to use TLS based on the configured port:
+
+- **Port 993** (IMAPS): Uses TLS encryption (default for Gmail, Outlook, etc.)
+- **Port 143** (IMAP): Uses plain text connection (insecure, typically for testing)
+- **Port 3143**: Uses plain text (test environment default)
+- **Other ports**: Defaults to TLS with a warning message
+
+## Example Configurations
+
+### Gmail with TLS (Recommended)
+```json
+{
+  "name": "Personal Gmail",
+  "host": "imap.gmail.com",
+  "port": 993,
+  "user": "your-email@gmail.com",
+  "password": "your-app-password"
+}
+```
+
+### Outlook with TLS
+```json
+{
+  "name": "Work Outlook",
+  "host": "outlook.office365.com", 
+  "port": 993,
+  "user": "you@company.com",
+  "password": "your-app-password"
+}
+```
+
+### Test Environment (Plain)
+```json
+{
+  "name": "Test Server",
+  "host": "localhost",
+  "port": 3143,
+  "user": "testuser",
+  "password": "testpass"
+}
+```
+
+## Security Notes
+
+1. **Always use port 993** for production email providers
+2. **Never use port 143** with real email accounts (credentials sent in plain text)
+3. **Use app passwords** instead of account passwords for Gmail/Outlook
+4. **Port 3143** is only for local testing environments
+
+## Provider-Specific Settings
+
+### Gmail
+- Host: `imap.gmail.com`
+- Port: `993` (TLS)
+- Requires app password (not regular password)
+- Enable 2FA and generate app password in Google Account settings
+
+### Microsoft Outlook/Office 365
+- Host: `outlook.office365.com`
+- Port: `993` (TLS)
+- May require app password depending on organization settings
+
+### Yahoo Mail
+- Host: `imap.mail.yahoo.com`
+- Port: `993` (TLS)
+- Requires app password
+
+## Testing TLS Functionality
+
+1. **Test with local environment**: Port 3143 (plain)
+   ```bash
+   ./mail2couch -c config-test.json
+   ```
+
+2. **Test with Gmail**: Port 993 (TLS)
+   ```bash
+   ./mail2couch -c config-gmail.json
+   ```
+
+3. **Verify TLS detection**: Check logs for connection type
+   - TLS connections will show successful handshake
+   - Plain connections will connect directly
+
+## Implementation Details
+
+The TLS support is implemented using:
+- `async-native-tls` for TLS connections
+- `async-std` for plain TCP connections
+- Custom `ImapStream` enum that wraps both connection types
+- Automatic port-based detection logic
+
+This ensures compatibility with both secure production environments and insecure test setups.