mirror of
https://github.com/chatmail/relay.git
synced 2026-05-14 01:44:38 +00:00
cf96be2cbb
feat: support self-signed TLS via underscore domain convention Domains starting with "_" (e.g. _chat.example.org) automatically use self-signed TLS certificates instead of ACME/Let's Encrypt. The TLS mode is derived from the domain name — no separate config option needed. Internally, when config.tls_cert_mode is "self" (underscore domain): - Generate self-signed certificates via openssl - Set Postfix smtp_tls_security_level to "encrypt" (opportunistic TLS) - Add smtp_tls_policy_map entry for underscore domains - Skip ACME, MTA-STS and www CNAME checks in `cmdeploy dns` - Serve /new via GET (not redirect to dcaccount:) with rate-limiting (nginx limit_req, 2r/s burst=5) - Return dclogin: URLs with ic=3 (AcceptInvalidCertificates) from /new - Render QR codes client-side via JavaScript and qrcode-svg - Use config.tls_cert_path/tls_key_path in Postfix, Dovecot and nginx templates instead of hardcoded ACME paths
52 lines
1.9 KiB
Django/Jinja
52 lines
1.9 KiB
Django/Jinja
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<clientConfig version="1.1">
|
|
<emailProvider id="{{ config.mail_domain }}">
|
|
<domain>{{ config.mail_domain }}</domain>
|
|
<displayName>{{ config.mail_domain }} chatmail</displayName>
|
|
<displayShortName>{{ config.mail_domain }}</displayShortName>
|
|
<incomingServer type="imap">
|
|
<hostname>{{ config.mail_domain }}</hostname>
|
|
<port>993</port>
|
|
<socketType>SSL</socketType>
|
|
<authentication>password-cleartext</authentication>
|
|
<username>%EMAILADDRESS%</username>
|
|
</incomingServer>
|
|
<incomingServer type="imap">
|
|
<hostname>{{ config.mail_domain }}</hostname>
|
|
<port>143</port>
|
|
<socketType>STARTTLS</socketType>
|
|
<authentication>password-cleartext</authentication>
|
|
<username>%EMAILADDRESS%</username>
|
|
</incomingServer>
|
|
<incomingServer type="imap">
|
|
<hostname>{{ config.mail_domain }}</hostname>
|
|
<port>443</port>
|
|
<socketType>SSL</socketType>
|
|
<authentication>password-cleartext</authentication>
|
|
<username>%EMAILADDRESS%</username>
|
|
</incomingServer>
|
|
<outgoingServer type="smtp">
|
|
<hostname>{{ config.mail_domain }}</hostname>
|
|
<port>465</port>
|
|
<socketType>SSL</socketType>
|
|
<authentication>password-cleartext</authentication>
|
|
<username>%EMAILADDRESS%</username>
|
|
</outgoingServer>
|
|
<outgoingServer type="smtp">
|
|
<hostname>{{ config.mail_domain }}</hostname>
|
|
<port>587</port>
|
|
<socketType>STARTTLS</socketType>
|
|
<authentication>password-cleartext</authentication>
|
|
<username>%EMAILADDRESS%</username>
|
|
</outgoingServer>
|
|
<outgoingServer type="smtp">
|
|
<hostname>{{ config.mail_domain }}</hostname>
|
|
<port>443</port>
|
|
<socketType>SSL</socketType>
|
|
<authentication>password-cleartext</authentication>
|
|
<username>%EMAILADDRESS%</username>
|
|
</outgoingServer>
|
|
</emailProvider>
|
|
</clientConfig>
|