Mirrors/go-inbucket
1
0
Fork 0
mirror of https://github.com/jhillyerd/inbucket.git synced 2025-12-17 09:37:02 +00:00
Code Issues Releases Wiki Activity
Page: Configuring TLS
Pages
Configuring TLS Development Quickstart Home Homebrew Test Lua Examples REST API REST DELETE mailbox REST DELETE message REST GET mailbox REST GET message source REST GET message Using a subdomain for inbucket (with mailcow) cmd client
Clone
1
Configuring TLS
James Hillyerd edited this page 2018-05-05 10:53:50 -07:00
Table of Contents

Enabling support for the SMTP STARTTLS

This adds support for opportunistic TLS connections for SMTP-only. Clients that follow the RFC of:

  S: 220 inbucket Inbucket SMTP ready
  C: EHLO openssl.client.net
  S: 250-Great, let's get this show on the road
  S: 250-8BITMIME
  S: 250-STARTTLS
  S: 250 SIZE 10240000
  C: STARTTLS
  S: 220 STARTTLS
  C: <starts TLS negotiation>
  C & S: <negotiate a TLS session>
  C & S: <check result of negotiation>
  C: EHLO nowhere.tld
  . . .

This feature is disabled by default.

Setup

To generate x509 certs:

$ openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.key -out certificate.crt -days 1024 -nodes

Run inbucket with TLS Enabled (the default private key is cert.key and default public key is cert.crt) -- you can change these with environmental variable also:

$ INBUCKET_SMTP_TLSENABLED=true ./inbucket

To use openssl's s_client for testing:

$ cat << EOF | openssl s_client -tls1_2 -starttls smtp -crlf -connect 127.0.0.1:2500 -ign_eof
ehlo nowhere.tld
mail from: <me@me.me>
rcpt to: <you@you.you>
data
Subject: Hello

This is the body

.
QUIT
EOF

Inbucket website