From 78cf72dde26ae8a4036ed796567160ac0c2fc7ee Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 23 Jan 2024 16:22:17 +0100 Subject: [PATCH] Introduce TLS config --- content/documentation/cookbook/config.md | 2 +- content/documentation/reference/config.md | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/content/documentation/cookbook/config.md b/content/documentation/cookbook/config.md index e4ac3de..0ce0374 100644 --- a/content/documentation/cookbook/config.md +++ b/content/documentation/cookbook/config.md @@ -12,7 +12,7 @@ If you want a complete reference, check the dedicated [Configuration Reference]( role = "Provider" pid = "aerogramme.pid" -[imap] +[imap_unsecure] bind_addr = "[::]:1143" [lmtp] diff --git a/content/documentation/reference/config.md b/content/documentation/reference/config.md index 856a94f..39a8c6f 100644 --- a/content/documentation/reference/config.md +++ b/content/documentation/reference/config.md @@ -34,8 +34,13 @@ The common part of the provider daemon configuration: role = "Provider" pid = "/var/run/aerogramme.pid" +[imap_unsecure] +bind_addr="[::1]:143" + [imap] -bind_addr="[::]:143" +bind_addr="[::]:993" +certs = "my-certs.pem" +key = "my-key.pem" [lmtp] bind_addr="[::1]:1025" @@ -51,13 +56,19 @@ sure people run Aerogramme in the intended mode. 🔑 `pid` - *Optional, Path (String)* - The path to the file where the daemon PID will be stored. It's required to use the `aerogramme provider reload` command. -🗃️ `imap` - *Optional* - The IMAP configuration block, if not set, the IMAP cleartext service is not started -🔑 `imap.bind_addr` - *Required, Socket (String)* - On which IP address and port the IMAP service must bind, can be IPv6 or IPv4 syntax. +🗃️ `imap_unsecure` - *Optional* - The cleartext IMAP configuration block, if not set, the IMAP cleartext service is not started. Be careful, it is dangerous to run IMAP without transport encryption. +🔑 `imap.bind_addr` - *Required, Socket (String)* - On which IP address and port the cleartext IMAP service must bind, can be IPv6 or IPv4 syntax. (Port 143 is reserved for this use). + +🗃️ `imap` - *Optional* - The TLS IMAP configuration block, if not set, the IMAP TLS service is not started. This is the recommanded way to expose your IMAP service. +🔑 `imap.bind_addr` - *Required, Socket (String)* - On which IP address and port the IMAP service must bind, can be IPv6 or IPv4 syntax. (Port 993 is reserved for this use). +🔑 `imap.certs` - *Required, Path (String)* - A path to the PEM encoded certificate list +🔑 `imap.key` - *Required, Path (String)* - A path to the PEM encoded private key + 🗃️ `lmtp` - *Optional* - The LMTP configuration block, if not set, the LMTP service is not started 🔑 `lmtp.bind_addr` - *Required, Socket (String)* - On which IP address and port the LMTP service must bind, can be IPv6 or IPv4 syntax. -🗃️ `users` - *Required* - How users must be handled +🗃️ `users` - *Required* - How users must be handled 🔑 `user_driver` - *Required, Enum (String)* - Define which user driver must be used, the rest of the configuration depends on it. Valid values are: `Ldap` and `Static`. ### LDAP user_driver