Add support for negotiating IMAP and SMTP on the HTTPS port 443 using TLS ALPN "imap" and "smtp"

Intended for future use with chatmail servers. Standard email ports may be blocked on some networks, while the HTTPS port may be accessible. This is a squashed commit of PR #255 by s0ph0s-dog.
2025-07-12 17:04:39 +03:00 · 2025-01-23 11:13:06 +01:00
parent 0203dfa9d9
commit 3c77e076e2
49 changed files with 14832 additions and 86 deletions
--- a/testdata/integration/example.zone
+++ b/testdata/integration/example.zone
@ -5,13 +5,14 @@ $TTL 5m

@ NS dns.example.

-moxacmepebble.mox1  A 172.28.1.10
-moxmail2.mox2       A 172.28.1.20
-dns                 A 172.28.1.30
-acmepebble          A 172.28.1.40
-test                A 172.28.1.50
-localserve.mox1     A 172.28.1.60
-postfixmail.postfix A 172.28.1.70
+moxacmepebble.mox1      A 172.28.1.10
+moxmail2.mox2           A 172.28.1.20
+dns                     A 172.28.1.30
+acmepebble              A 172.28.1.40
+test                    A 172.28.1.50
+localserve.mox1         A 172.28.1.60
+postfixmail.postfix     A 172.28.1.70
+moxacmepebblealpn.mox1  A 172.28.1.80

 postfix MX 10 postfixmail.postfix.example.
 postfixdkim0._domainkey.postfix TXT "v=DKIM1;h=sha256;t=s;k=ed25519;p=a4IsBTuMsSQjU+xVyx8KEd8eObis4FrCiV72OaEkvDY="
--- a/testdata/integration/moxacmepebblealpn.sh
+++ b/testdata/integration/moxacmepebblealpn.sh
@ -0,0 +1,33 @@
+#!/bin/sh
+set -x # print commands
+set -e # exit on failed command
+
+apk add curl
+
+(rm -r /tmp/mox 2>/dev/null || exit 0) # clean slate
+mkdir /tmp/mox
+cd /tmp/mox
+mox quickstart -skipdial moxtest1@mox1.example "$MOX_UID" > output.txt
+
+cp config/mox.conf config/mox.conf.orig
+sed -i -e 's/letsencrypt:/pebble:/g' -e 's/: letsencrypt/: pebble/g' -e 's,DirectoryURL: https://acme-v02.api.letsencrypt.org/directory,DirectoryURL: https://acmepebble.example:14000/dir,' -e 's/Submissions:$/Submissions:\n\t\t\tEnabledOnHTTPS: true/' -e 's/IMAPS:$/IMAPS:\n\t\t\tEnabledOnHTTPS: true/' config/mox.conf
+cat <<EOF >>config/mox.conf
+
+TLS:
+	CA:
+		CertFiles:
+                        # So certificates from moxmail2 are trusted, and pebble's certificate is trusted.
+			- /integration/tls/ca.pem
+EOF
+
+CURL_CA_BUNDLE=/integration/tls/ca.pem curl -o /integration/tmp-pebble-ca.pem https://acmepebble.example:15000/roots/0
+
+mox -checkconsistency serve &
+while true; do
+	if test -e data/ctl; then
+		echo -n accountpass1234 | mox setaccountpassword moxtest1
+		break
+	fi
+	sleep 0.1
+done
+wait