-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi from another Rust project #1
Comments
Wow you have implemented Apple signing ! Line 67 in 220f468
|
Hello to you too! To be fair, it is been a while I have looked at this as automail currently works well enough for my needs, but it is definitely really cool to see another project like this in Rust too. Also very interesting to see that our approaches are somewhat different: e.g. I used serde for all forms of serialization, whereas your project seems to rely on tera templates from a quick glance. When I was looking at the time most of the options were in PHP, so I decided to figure out how MobileConfig, AutoDiscover, etc. work and decided to implement it in Rust using Rocket (as Rocket was popular at the time, and Axum didn't exist yet, I think). Even though I really liked Rocket at the time, after using Axum for another project, I would probably rewrite it on top of Axum nowadays. Oh yes, I did implement signing for MobileConfig as I use an iPad and iPhone personally, and wanted to be able to conveniently set up my email. Looking at the README, I should mention that Apple products work too. At some point I found out that some of Microsoft's products don't really rely on AutoDiscover anymore (I think Microsoft Exchange). So I have this idea of implementing a daemon that bridges Microsoft Exchange to SMTP/IMAP on the back burner. Basically, that way you can host a bridge that would allow Microsoft Exchange to interface with Postfix/Dovecot/etc. through Microsoft's own protocol. I did write a deserializer (I don't remember on top of the head if I also implemented the serializer, but probably not) for WBXML, which is what the Microsoft Exchange protocol uses. If you are interested, I can definitely share the code with you and/or get it set up on Github, even though it is just one of the many building blocks for such a bridge. |
Hello ! 👋🏻
Indeed, it made it easier for be to bootstrap the project. That said I hate the fact that template files must be with the binary for the project to work. Your approach is good, I would like to import it into my project ! (with licence attributions of course)
PHP is awesome but needs way more that an standalone binary, that's also why Rust is perfect for this project
Can I import the signing part into my project ?
I would love to work with you on building a compatible bridge to SMTP/IMAP using Rust for us to be able to provide good support for mobilesync and new Outlook stuff. That was discussed here: wdes/mail-autodiscover-autoconfig#4 (comment) My conclusion is to ask you if you would want to merge our two projects ? |
I think you have to set the path of your own certificate: [ssl]
key = "/etc/letsencrypt/live/example.com/privkey.pem"
cert = "/etc/letsencrypt/live/example.com/cert.pem"
chain = "/etc/letsencrypt/live/example.com/chain.pem" But it is strange, in this example config file, LetsEncrypt is mentioned, but I thought they put some protections to prevent people from using their certificate for non-HTTP related signing ? @StephanvanSchaik |
Hello, thank you for your project ! I would want to ask some questions, if you have time to answer. ZOHO Mail for example, has implemented the open Microsoft Exchange protocols, like ActiveExchange, to be able to push emails, and to autoconfigure. |
Sure, you are free to. I will update the licensing at some point, but the code is available under the MIT license (and after I push a commit for it) also the Apache license at your choice.
See above. There is also an issue I need to create and then address, which is that the application needs to start as root, read the private key and then de-escalate the privileges to the automail user using
They were when I implemented this, but I have to check what the current state is. I will probably look at that this weekend to be sure everything is still working correctly.
The SSL certificate that belongs to the domain that you encode in the MobileConfig file. It's basically to attest that the MobileConfig file is produced by the owner of the domain and not someone else.
I don't have much time until next weekend, but I can set up a repository for the wbxml part and the bridge. The bridge itself is pretty much out of scope of automail, since the goal of automail is to provide the bare minimum to get most email clients to automatically figure out the best configuration for SMTP/IMAP/POP3.
I have been using LetsEncrypt SSL certificates for various other things including IMAPS, SMTPS, POP3S, but of course, all of those are essentially SSL too. A LetsEncrypt-signed MobileConfig file should work too, unless Apple changed something recently in their signature verification. At least, it did work when I was testing the implementation. At the cryptographic level, there is no difference in the intent or purpose in terms of what you use the private key for, other than the client deciding to only trust your SSL certificate for select protocols.
It's been a while since I have really looked at this, but from what I remember Microsoft implements their own ActiveSync protocol for Microsoft Exchange with WAP Binary XML (WBXML) to encode/decode the messages. The actual commands are described in this document. For instance, this is an example of how to send an email using that protocol. The goal of this bridge is to present itself as the most minimal Microsoft Exchange server possible with a focus on the email aspect. So it speaks Microsoft Exchange to the client and then translates the requests/response into/from SMTP/IMAP/POP3, such that it can just sit in between that client and Dovecot/Postfix (or Exim or whatever SMTP/POP3/IMAP server you are using). The bridge would simply decode the request, and then use something like lettre to send the email over SMTP, and then depending on what the SMTP server sends back, translate that response to what a Microsoft ActiveSync client expects.
Yeah, you can always decide to buy into Microsoft's ecosystem or have someone else host such a compatibility bridge for you, but I already have my own SMTP/IMAP/POP3 server and instead care mostly about the compatibility aspect, i.e. that you can use a client that expects Microsoft Exchange to work with my infrastructure. I also greatly care about it being just FOSS.
Yeah, you could, but again, my interest is only in providing a compatibility layer for email, the other features are simply out of scope for me for now.
Yes, this does already exist to some extent, depending on what you are looking for/what your needs are. What I would be looking for is something that is free and open-source, easy to set up and just enough to provide that compatibility layer with SMTP/IMAP/POP3. |
@StephanvanSchaik |
Hi !
Absolutely, just wanted to ask before copying
I'd say we can keep this in my @wdes namespace ?
Actually there is such protections included in each certificate, you can check any web certificate. See: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3
I agree with the idea, it looks coherent
I'd like to kick Microsoft's ass and build a bridge so people can use their software and us we can use our clean and maintained servers. A win-win ^^ Thanks for all the other feedback given, it's cool |
Hi !
I found your project and wanted to say hello.
It's cool to see more Rust for this subject.
My project: https://github.com/wdes/mail-autodiscover-autoconfig
The text was updated successfully, but these errors were encountered: