mirrors/maddy
1
0
Fork 0
mirror of https://github.com/foxcpp/maddy.git synced 2025-04-06 06:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity
maddy/docs/reference/endpoints/imap.md
fox.cpp 798c411824
Merge branch 'master' into dev
2024-01-22 00:43:53 +03:00

153 lines
3.4 KiB
Markdown
Raw Blame History

# IMAP4rev1 endpoint
Module 'imap' is a listener that implements IMAP4rev1 protocol and provides
access to local messages storage specified by 'storage' directive.
In most cases, local storage modules will auto-create accounts when they are
accessed via IMAP. This relies on authentication provider used by IMAP endpoint
to provide what essentially is access control. There is a caveat, however: this
auto-creation will not happen when delivering incoming messages via SMTP as
there is no authentication to confirm that this account should indeed be
created.
## Configuration directives
```
imap tcp://0.0.0.0:143 tls://0.0.0.0:993 {
tls /etc/ssl/private/cert.pem /etc/ssl/private/pkey.key
io_debug no
debug no
insecure_auth no
auth pam
storage &local_mailboxes
auth_map identity
auth_map_normalize auto
storage_map identity
storage_map_normalize auto
}
```
### tls _certificate-path_ _key-path_ { ... }
Default: global directive value
TLS certificate & key to use. Fine-tuning of other TLS properties is possible
by specifying a configuration block and options inside it:
```
tls cert.crt key.key {
protocols tls1.2 tls1.3
}
```
See [TLS configuration / Server](/reference/tls/#server-side) for details.
---
### proxy_protocol _trusted ips..._ { ... }
Default: not enabled
Enable use of HAProxy PROXY protocol. Supports both v1 and v2 protocols.
If a list of trusted IP addresses or subnets is provided, only connections
from those will be trusted.
TLS for the channel between the proxies and maddy can be configured
using a 'tls' directive:
```
proxy_protocol {
trust 127.0.0.1 ::1 192.168.0.1/24
tls &proxy_tls
}
```
Note that the top-level 'tls' directive is not inherited here. If you
need TLS on top of the PROXY protocol, securing the protocol header,
you must declare TLS explicitly.
---
### io_debug _boolean_
Default: `no`
Write all commands and responses to stderr.
---
### io_errors _boolean_
Default: `no`
Log I/O errors.
---
### debug _boolean_
Default: global directive value
Enable verbose logging.
---
### insecure_auth _boolean_
Default: `no` (`yes` if TLS is disabled)
---
### auth _module-reference_
**Required.**
Use the specified module for authentication.
---
### storage _module-reference_
**Required.**
Use the specified module for message storage.
---
### storage_map _module-reference_
Default: `identity`
Use the specified table to map SASL usernames to storage account names.
Before username is looked up, it is normalized using function defined by
`storage_map_normalize`.
This directive is useful if you want users user@example.org and user@example.com
to share the same storage account named "user". In this case, use
```
storage_map email_localpart
```
Note that `storage_map` does not affect the username passed to the
authentication provider.
It also does not affect how message delivery is handled, you should specify
`delivery_map` in storage module to define how to map email addresses
to storage accounts. E.g.
```
storage.imapsql local_mailboxes {
...
delivery_map email_localpart # deliver "user@*" to mailbox for "user"
}
```
---
### storage_map_normalize _function_
Default: `auto`
Same as `auth_map_normalize` but for `storage_map`.
---
### auth_map_normalize _function_
Default: `auto`
Overrides global `auth_map_normalize` value for this endpoint.
See [Global configuration](/reference/global-config) for details.
Reference in a new issue View git blame Copy permalink