feat(mail): Z-Push Exchange ActiveSync gateway for mobile clients
Wraps Stalwart in EAS so iOS/Android native Mail/Calendar 'Exchange' accounts get two-way mail+calendar+contacts sync (BackendCombined: IMAP + CalDAV /dav/cal/%l/ + CardDAV, credentials pass through). - services/zpush: Z-Push 2.6.4 (AGPLv3, see LICENSE-NOTES.md) on php:8.2-apache-bookworm (trixie dropped libc-client); PHP 8 sysv sprintf fatal sed-patched; autodiscover dispatcher answers mobilesync schema, proxies outlook schema to Stalwart unchanged - prod: zpush Deployment (replicas:1, Recreate — file sync state), /Microsoft-Server-ActiveSync Ingress on mail.dezky.eu (no redirect, POST-heavy), autodiscover.dezky.eu repointed to the dispatcher, selectorless stalwart-imaps/-smtps Services (host-Stalwart is implicit-TLS only: 993/465, no plain 143/587 — verified on node1) - CI: build+deploy zpush like the other apps EAS tops out at 14.1: covers native mobile clients, NOT the Outlook mobile app (needs 16.1) and not new Outlook for Windows (no EAS).
This commit is contained in:
Ronni Baslund
@@ -0,0 +1,48 @@
|
||||
<?php
|
||||
// dezky replacement for Z-Push's backend/imap/config.php (applied at image
|
||||
// build, see Dockerfile). Talks to Stalwart over the internal network —
|
||||
// plaintext IMAP/submission on the container network is fine, TLS
|
||||
// terminates at Traefik for the public endpoints.
|
||||
|
||||
define('IMAP_SERVER', getenv('IMAP_SERVER') ?: 'stalwart');
|
||||
define('IMAP_PORT', (int) (getenv('IMAP_PORT') ?: 143));
|
||||
// Dev talks plain IMAP on the docker network; prod host-Stalwart only
|
||||
// exposes IMAPS :993, so zpush.yaml sets '/ssl/novalidate-cert' (the cert
|
||||
// is for mail.dezky.eu, we connect via the cluster service name).
|
||||
define('IMAP_OPTIONS', getenv('IMAP_OPTIONS') ?: '/notls/norsh');
|
||||
define('IMAP_AUTOSEEN_ON_DELETE', false);
|
||||
|
||||
// Stalwart's auto-created special-use folders. Configured explicitly so
|
||||
// Z-Push doesn't guess from localized names.
|
||||
define('IMAP_FOLDER_CONFIGURED', true);
|
||||
define('IMAP_FOLDER_PREFIX', '');
|
||||
define('IMAP_FOLDER_PREFIX_IN_INBOX', false);
|
||||
define('IMAP_FOLDER_INBOX', 'INBOX');
|
||||
define('IMAP_FOLDER_SENT', 'Sent Items');
|
||||
define('IMAP_FOLDER_DRAFT', 'Drafts');
|
||||
define('IMAP_FOLDER_TRASH', 'Deleted Items');
|
||||
define('IMAP_FOLDER_SPAM', 'Junk Mail');
|
||||
define('IMAP_FOLDER_ARCHIVE', 'Archive');
|
||||
|
||||
define('IMAP_INLINE_FORWARD', true);
|
||||
define('IMAP_EXCLUDED_FOLDERS', '');
|
||||
// From-address comes from the authenticated login (full email).
|
||||
define('IMAP_DEFAULTFROM', '');
|
||||
|
||||
// Outgoing mail: authenticated submission to Stalwart as the device's own
|
||||
// user — the same Basic credentials the EAS client supplied. Prod uses
|
||||
// implicit TLS (SMTP_SERVER gets an ssl:// prefix, port 465 — host-Stalwart
|
||||
// has no plain :587); the verify flags are off because this is node-internal
|
||||
// traffic against a cert issued for the public hostname.
|
||||
define('IMAP_SMTP_METHOD', 'smtp');
|
||||
global $imap_smtp_params;
|
||||
$imap_smtp_params = array(
|
||||
'host' => getenv('SMTP_SERVER') ?: (getenv('IMAP_SERVER') ?: 'stalwart'),
|
||||
'port' => (int) (getenv('SMTP_PORT') ?: 587),
|
||||
'auth' => true,
|
||||
'username' => 'imap_username',
|
||||
'password' => 'imap_password',
|
||||
'verify_peer' => false,
|
||||
'verify_peer_name' => false,
|
||||
'allow_self_signed' => true,
|
||||
);
|
||||
Reference in New Issue
Block a user