Hi from another Rust project
Opened this issue · 8 comments
Hi !
I found your project and wanted to say hello.
It's cool to see more Rust for this subject.
My project: https://github.com/wdes/mail-autodiscover-autoconfig
Wow you have implemented Apple signing !
Line 67 in 220f468
Hello to you too!
To be fair, it is been a while I have looked at this as automail currently works well enough for my needs, but it is definitely really cool to see another project like this in Rust too. Also very interesting to see that our approaches are somewhat different: e.g. I used serde for all forms of serialization, whereas your project seems to rely on tera templates from a quick glance.
When I was looking at the time most of the options were in PHP, so I decided to figure out how MobileConfig, AutoDiscover, etc. work and decided to implement it in Rust using Rocket (as Rocket was popular at the time, and Axum didn't exist yet, I think). Even though I really liked Rocket at the time, after using Axum for another project, I would probably rewrite it on top of Axum nowadays.
Oh yes, I did implement signing for MobileConfig as I use an iPad and iPhone personally, and wanted to be able to conveniently set up my email. Looking at the README, I should mention that Apple products work too.
At some point I found out that some of Microsoft's products don't really rely on AutoDiscover anymore (I think Microsoft Exchange). So I have this idea of implementing a daemon that bridges Microsoft Exchange to SMTP/IMAP on the back burner. Basically, that way you can host a bridge that would allow Microsoft Exchange to interface with Postfix/Dovecot/etc. through Microsoft's own protocol. I did write a deserializer (I don't remember on top of the head if I also implemented the serializer, but probably not) for WBXML, which is what the Microsoft Exchange protocol uses. If you are interested, I can definitely share the code with you and/or get it set up on Github, even though it is just one of the many building blocks for such a bridge.
Hello to you too!
Hello ! 👋🏻
To be fair, it is been a while I have looked at this as automail currently works well enough for my needs, but it is definitely really cool to see another project like this in Rust too. Also very interesting to see that our approaches are somewhat different: e.g. I used serde for all forms of serialization, whereas your project seems to rely on tera templates from a quick glance.
Indeed, it made it easier for be to bootstrap the project. That said I hate the fact that template files must be with the binary for the project to work. Your approach is good, I would like to import it into my project ! (with licence attributions of course)
When I was looking at the time most of the options were in PHP, so I decided to figure out how MobileConfig, AutoDiscover, etc. work and decided to implement it in Rust using Rocket (as Rocket was popular at the time, and Axum didn't exist yet, I think). Even though I really liked Rocket at the time, after using Axum for another project, I would probably rewrite it on top of Axum nowadays.
PHP is awesome but needs way more that an standalone binary, that's also why Rust is perfect for this project
Never heard about Axum but maybe I should give a try
Oh yes, I did implement signing for MobileConfig as I use an iPad and iPhone personally, and wanted to be able to conveniently set up my email. Looking at the README, I should mention that Apple products work too.
Can I import the signing part into my project ?
Are signatures valid ?
What certificate do you use to sign ?
At some point I found out that some of Microsoft's products don't really rely on AutoDiscover anymore (I think Microsoft Exchange). So I have this idea of implementing a daemon that bridges Microsoft Exchange to SMTP/IMAP on the back burner. Basically, that way you can host a bridge that would allow Microsoft Exchange to interface with Postfix/Dovecot/etc. through Microsoft's own protocol. I did write a deserializer (I don't remember on top of the head if I also implemented the serializer, but probably not) for WBXML, which is what the Microsoft Exchange protocol uses. If you are interested, I can definitely share the code with you and/or get it set up on Github, even though it is just one of the many building blocks for such a bridge.
I would love to work with you on building a compatible bridge to SMTP/IMAP using Rust for us to be able to provide good support for mobilesync and new Outlook stuff. That was discussed here: wdes/mail-autodiscover-autoconfig#4 (comment)
My conclusion is to ask you if you would want to merge our two projects ?
Can I import the signing part into my project ?
Are signatures valid ?
What certificate do you use to sign ?
I think you have to set the path of your own certificate:
[ssl]
key = "/etc/letsencrypt/live/example.com/privkey.pem"
cert = "/etc/letsencrypt/live/example.com/cert.pem"
chain = "/etc/letsencrypt/live/example.com/chain.pem"But it is strange, in this example config file, LetsEncrypt is mentioned, but I thought they put some protections to prevent people from using their certificate for non-HTTP related signing ? @StephanvanSchaik
Hello, thank you for your project ! I would want to ask some questions, if you have time to answer.
I struggle to understand all of it. Microsoft's products look (with the Acompli's eyes) first at the SMTP domain, and then at the email domain. The goal of this potential bridge is to be able to set an autoconfig server accessible with the SMTP hostname. I ask myself, if this potential bridge is too much. If someone has the potential, to access their SMTP hostname, what can stop them from simply buying and using Microsoft Exchange. And if someone has the capacity to write the code of this bridge, it could go further, and implement every other functions, like the Microsoft "push" protocol, to enable push on Apple devices, and commercialize it. It seems this bridge could be overkill, or maybe I lack some comprehension ?
ZOHO Mail for example, has implemented the open Microsoft Exchange protocols, like ActiveExchange, to be able to push emails, and to autoconfigure.
I would like to import it into my project ! (with licence attributions of course)
Sure, you are free to. I will update the licensing at some point, but the code is available under the MIT license (and after I push a commit for it) also the Apache license at your choice.
Can I import the signing part into my project ?
See above. There is also an issue I need to create and then address, which is that the application needs to start as root, read the private key and then de-escalate the privileges to the automail user using nix::unistd::setuid for this part to work correctly.
Are signatures valid ?
They were when I implemented this, but I have to check what the current state is. I will probably look at that this weekend to be sure everything is still working correctly.
What certificate do you use to sign ?
The SSL certificate that belongs to the domain that you encode in the MobileConfig file. It's basically to attest that the MobileConfig file is produced by the owner of the domain and not someone else.
I would love to work with you on building a compatible bridge to SMTP/IMAP using Rust for us to be able to provide good support for mobilesync and new Outlook stuff.
I don't have much time until next weekend, but I can set up a repository for the wbxml part and the bridge. The bridge itself is pretty much out of scope of automail, since the goal of automail is to provide the bare minimum to get most email clients to automatically figure out the best configuration for SMTP/IMAP/POP3.
But it is strange, in this example config file, LetsEncrypt is mentioned, but I thought they put some protections to prevent people from using their certificate for non-HTTP related signing ?
I have been using LetsEncrypt SSL certificates for various other things including IMAPS, SMTPS, POP3S, but of course, all of those are essentially SSL too. A LetsEncrypt-signed MobileConfig file should work too, unless Apple changed something recently in their signature verification. At least, it did work when I was testing the implementation. At the cryptographic level, there is no difference in the intent or purpose in terms of what you use the private key for, other than the client deciding to only trust your SSL certificate for select protocols.
The goal of this potential bridge is to be able to set an autoconfig server accessible with the SMTP hostname.
It's been a while since I have really looked at this, but from what I remember Microsoft implements their own ActiveSync protocol for Microsoft Exchange with WAP Binary XML (WBXML) to encode/decode the messages. The actual commands are described in this document. For instance, this is an example of how to send an email using that protocol.
The goal of this bridge is to present itself as the most minimal Microsoft Exchange server possible with a focus on the email aspect. So it speaks Microsoft Exchange to the client and then translates the requests/response into/from SMTP/IMAP/POP3, such that it can just sit in between that client and Dovecot/Postfix (or Exim or whatever SMTP/POP3/IMAP server you are using).
The bridge would simply decode the request, and then use something like lettre to send the email over SMTP, and then depending on what the SMTP server sends back, translate that response to what a Microsoft ActiveSync client expects.
If someone has the potential, to access their SMTP hostname, what can stop them from simply buying and using Microsoft Exchange.
Yeah, you can always decide to buy into Microsoft's ecosystem or have someone else host such a compatibility bridge for you, but I already have my own SMTP/IMAP/POP3 server and instead care mostly about the compatibility aspect, i.e. that you can use a client that expects Microsoft Exchange to work with my infrastructure. I also greatly care about it being just FOSS.
And if someone has the capacity to write the code of this bridge, it could go further, and implement every other functions, like the Microsoft "push" protocol, to enable push on Apple devices, and commercialize it.
Yeah, you could, but again, my interest is only in providing a compatibility layer for email, the other features are simply out of scope for me for now.
ZOHO Mail for example, has implemented the open Microsoft Exchange protocols, like ActiveExchange, to be able to push emails, and to autoconfigure.
Yes, this does already exist to some extent, depending on what you are looking for/what your needs are. What I would be looking for is something that is free and open-source, easy to set up and just enough to provide that compatibility layer with SMTP/IMAP/POP3.
@StephanvanSchaik
Thank you very much for your explanations, it was very informative.
Hi !
Sure, you are free to. I will update the licensing at some point, but the code is available under the MIT license (and after I push a commit for it) also the Apache license at your choice.
Absolutely, just wanted to ask before copying
I don't have much time until next weekend, but I can set up a repository for the wbxml part and the bridge. The bridge itself is pretty much out of scope of automail, since the goal of automail is to provide the bare minimum to get most email clients to automatically figure out the best configuration for SMTP/IMAP/POP3.
I'd say we can keep this in my @wdes namespace ?
I would grant you rights on it.
And I agree this is out of the scope of automail, but it makes my autodiscover server kinda useless with new Microsoft tech
But it is strange, in this example config file, LetsEncrypt is mentioned, but I thought they put some protections to prevent people from using their certificate for non-HTTP related signing ? @StephanvanSchaik
Actually there is such protections included in each certificate, you can check any web certificate. See: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3
The bridge would simply decode the request, and then use something like lettre to send the email over SMTP, and then depending on what the SMTP server sends back, translate that response to what a Microsoft ActiveSync client expects.
I agree with the idea, it looks coherent
Yeah, you can always decide to buy into Microsoft's ecosystem or have someone else host such a compatibility bridge for you, but I already have my own SMTP/IMAP/POP3 server and instead care mostly about the compatibility aspect, i.e. that you can use a client that expects Microsoft Exchange to work with my infrastructure. I also greatly care about it being just FOSS.
I'd like to kick Microsoft's ass and build a bridge so people can use their software and us we can use our clean and maintained servers. A win-win ^^
Thanks for all the other feedback given, it's cool