scripte/archivmail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: FQDN-Support, IMAP-TLS und SMTP-TLS via Master-Cert

Browse Source 
- config: IMAPServerConfig um TLSCert/TLSKey erweitert
- imapserver: TLS-Support (tls.Listen) mit automatischem Port 993-Default
- Server-Konfiguration: FQDN archivmail.scahome.local
  - nginx server_name auf archivmail.scahome.local gesetzt
  - SMTP domain auf archivmail.scahome.local
  - SMTP TLS aktiviert (/etc/ssl/archivmail/archivmail.crt)
  - IMAP-Server TLS auf Port 993 aktiviert
  - secure_cookies: true (HTTPS)
  - Firewall: Port 993 geöffnet
  - Zertifikat neu ausgestellt (SAN: archivmail.scahome.local + archivmail + 192.168.1.131)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sysops
2026-03-20 00:32:25 +01:00
parent 9e71af104f
commit 4a4136e4a6
2 changed files with 30 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/config.go
+3 -1
View File
@@ -35,7 +35,9 @@ type Config struct {
// IMAPServerConfig holds settings for the embedded read-only IMAP archive server. // IMAPServerConfig holds settings for the embedded read-only IMAP archive server.
type IMAPServerConfig struct { type IMAPServerConfig struct {
Enabled bool `yaml:"enabled"` Enabled bool `yaml:"enabled"`
Bind string `yaml:"bind"` // default: "127.0.0.1:1143" Bind string `yaml:"bind"` // plain: ":1143", TLS: ":993"
TLSCert string `yaml:"tls_cert"` // path to PEM certificate; if set, TLS is enabled
TLSKey string `yaml:"tls_key"` // path to PEM private key
} }
// ServerConfig holds port settings for the main services. // ServerConfig holds port settings for the main services.
internal/imapserver/server.go
+27 -4
View File
@@ -9,6 +9,7 @@ package imapserver
import ( import (
"bufio" "bufio"
"context" "context"
"crypto/tls"
"fmt" "fmt"
"log/slog" "log/slog"
"net" "net"
@@ -81,12 +82,34 @@ func New(
func (s *Server) Start() error { func (s *Server) Start() error {
bind := s.cfg.Bind bind := s.cfg.Bind
if bind == "" { if bind == "" {
bind = "127.0.0.1:1143" if s.cfg.TLSCert != "" {
bind = ":993"
} else {
bind = "127.0.0.1:1143"
}
} }
ln, err := net.Listen("tcp", bind) var ln net.Listener
if err != nil { var err error
return fmt.Errorf("imapserver: listen %s: %w", bind, err) if s.cfg.TLSCert != "" && s.cfg.TLSKey != "" {
cert, err := tls.LoadX509KeyPair(s.cfg.TLSCert, s.cfg.TLSKey)
if err != nil {
return fmt.Errorf("imapserver: load TLS cert: %w", err)
}
tlsCfg := &tls.Config{
Certificates: []tls.Certificate{cert},
MinVersion: tls.VersionTLS12,
}
ln, err = tls.Listen("tcp", bind, tlsCfg)
if err != nil {
return fmt.Errorf("imapserver: tls listen %s: %w", bind, err)
}
s.logger.Info("IMAP archive server TLS enabled", "addr", bind)
} else {
ln, err = net.Listen("tcp", bind)
if err != nil {
return fmt.Errorf("imapserver: listen %s: %w", bind, err)
}
} }
s.mu.Lock() s.mu.Lock()