Ole-Morten Duesund 35c3c8657a feat: add TLS support to Rust implementation

- Add async-native-tls dependency for secure IMAP connections
- Implement ImapStream enum supporting both TLS and plain connections
- Add automatic TLS detection based on port (993=TLS, 143=plain, 3143=test)
- Add comprehensive Read/Write trait implementations for stream wrapper
- Add debug logging for connection type verification
- Create example configurations for Gmail, Outlook, and other providers
- Add TLS_SUPPORT.md documentation with security guidelines
- Test with existing test environment and TLS detection logic
- Maintain backward compatibility with plain IMAP for testing

The Rust implementation now supports secure connections to production
email providers while maintaining compatibility with test environments.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-08-02 20:01:42 +02:00

2.5 KiB

Raw Blame History

TLS Support in mail2couch Rust Implementation

The Rust implementation of mail2couch now includes full TLS support for secure IMAP connections.

Automatic TLS Detection

The client automatically determines whether to use TLS based on the configured port:

Port 993 (IMAPS): Uses TLS encryption (default for Gmail, Outlook, etc.)
Port 143 (IMAP): Uses plain text connection (insecure, typically for testing)
Port 3143: Uses plain text (test environment default)
Other ports: Defaults to TLS with a warning message

Example Configurations

Gmail with TLS (Recommended)

{
  "name": "Personal Gmail",
  "host": "imap.gmail.com",
  "port": 993,
  "user": "your-email@gmail.com",
  "password": "your-app-password"
}

Outlook with TLS

{
  "name": "Work Outlook",
  "host": "outlook.office365.com", 
  "port": 993,
  "user": "you@company.com",
  "password": "your-app-password"
}

Test Environment (Plain)

{
  "name": "Test Server",
  "host": "localhost",
  "port": 3143,
  "user": "testuser",
  "password": "testpass"
}

Security Notes

Always use port 993 for production email providers
Never use port 143 with real email accounts (credentials sent in plain text)
Use app passwords instead of account passwords for Gmail/Outlook
Port 3143 is only for local testing environments

Provider-Specific Settings

Gmail

Host: imap.gmail.com
Port: 993 (TLS)
Requires app password (not regular password)
Enable 2FA and generate app password in Google Account settings

Microsoft Outlook/Office 365

Host: outlook.office365.com
Port: 993 (TLS)
May require app password depending on organization settings

Yahoo Mail

Host: imap.mail.yahoo.com
Port: 993 (TLS)
Requires app password

Testing TLS Functionality

Test with local environment: Port 3143 (plain)
```
./mail2couch -c config-test.json
```
Test with Gmail: Port 993 (TLS)
```
./mail2couch -c config-gmail.json
```
Verify TLS detection: Check logs for connection type
- TLS connections will show successful handshake
- Plain connections will connect directly

Implementation Details

The TLS support is implemented using:

async-native-tls for TLS connections
async-std for plain TCP connections
Custom ImapStream enum that wraps both connection types
Automatic port-based detection logic

This ensures compatibility with both secure production environments and insecure test setups.

2.5 KiB Raw Blame History