fix(SNI): Autogenerate SNI certificate if needed

.prettierrc.js

@@ -1,5 +1,8 @@
 module.exports = {
     printWidth: 160,
     tabWidth: 4,
-    singleQuote: true
+    singleQuote: true,
+    endOfLine: 'lf',
+    trailingComma: 'none',
+    arrowParens: 'avoid'
 };

config.example.toml

@@ -1,69 +1,111 @@
 # plugins/wildduck.toml
 ["modules/zonemta-wildduck"]
-enabled=["receiver", "main", "sender"]
+enabled = ["receiver", "main", "sender"]
 
 # to which SMTP interfaces this plugin applies to. Use "*" for all interfaces
-interfaces=["feeder"]
+interfaces = ["feeder"]
 
 # optional hostname to be used in headers
 # defaults to os.hostname()
-hostname="example.com"
+hostname = "example.com"
 
 # How long to keep auth records in log
 # NB! removed, use const:authlog:time setting instead
 #authlogExpireDays=30
 
-disableUploads=false # if true then messages are not uploaded to Sent Mail folder
-uploadAll=false # if false then messages from Outlook are not uploaded to Sent Mail folder
+disableUploads = false # if true then messages are not uploaded to Sent Mail folder
+uploadAll = false      # if false then messages from Outlook are not uploaded to Sent Mail folder
 
 # SRS settings for forwarded emails
 # ---------------------------------
 
 ["modules/zonemta-wildduck".srs]
-    # Handle rewriting of forwarded emails. If false then SRS is not used
-    # Only affect messages that have interface set to "forwarder"
-    enabled=true
+# Handle rewriting of forwarded emails. If false then SRS is not used
+# Only affect messages that have interface set to "forwarder"
+enabled = true
 
-    # SRS secret value. Must be the same as in the MX side
-    secret="secret value"
+# SRS secret value. Must be the same as in the MX side
+secret = "secret value"
 
-    # SRS domain, must resolve back to MX
-    rewriteDomain="example.com"
+# SRS domain, must resolve back to MX
+rewriteDomain = "example.com"
 
 # DKIM Settings
 # -------------
 
 ["modules/zonemta-wildduck".dkim]
-    # If true then also adds a signature for the outbound domain
-    signTransportDomain=false
+# If true then also adds a signature for the outbound domain
+signTransportDomain = false
 
-    # If set then decrypt encrypted DKIM keys using this password
-    #secret="a secret cat"
+# If set then decrypt encrypted DKIM keys using this password
+#secret="a secret cat"
 
-    # Cipher to use to decrypt encrypted DKIM keys (legacy keys only)
-    #cipher="aes192"
+# Cipher to use to decrypt encrypted DKIM keys (legacy keys only)
+#cipher="aes192"
 
+# Logging Settings
+# -------------
 
 ["modules/zonemta-wildduck".gelf]
-    enabled=false
-    component="mta"
-
-    ["modules/zonemta-wildduck".gelf.options]
-        graylogPort=12201
-        graylogHostname='127.0.0.1'
-        connection='lan'
+enabled = false
+component = "mta"
 
-["modules/zonemta-wildduck".certs]
-    # Configuration for centralised TLS certification handling
+["modules/zonemta-wildduck".gelf.options]
+graylogPort = 12201
+graylogHostname = '127.0.0.1'
+connection = 'lan'
 
-    # If set then decrypt encrypted TLS keys using this password
-    #secret="a secret cat"
+# Certificate Settings
+# -------------
 
-    # Cipher to use to decrypt encrypted TLS keys (legacy keys only)
-    #cipher="aes192"
-    ["modules/zonemta-wildduck".certs.tlsOptions]
-        # options from https://nodejs.org/dist/latest-v16.x/docs/api/tls.html#tls_tls_createsecurecontext_options
-        minVersion = "TLSv1"
+["modules/zonemta-wildduck".certs]
+# Configuration for centralised TLS certification handling
+
+# If set then decrypt encrypted TLS keys using this password
+#secret="a secret cat"
+
+# Cipher to use to decrypt encrypted TLS keys (legacy keys only)
+#cipher="aes192"
+["modules/zonemta-wildduck".certs.tlsOptions]
+# options from https://nodejs.org/dist/latest-v16.x/docs/api/tls.html#tls_tls_createsecurecontext_options
+minVersion = "TLSv1"
+
+# Autogenerated SNI certificates
+# ------------------------------
+
+["modules/zonemta-wildduck".acme]
+# ACME configuration for generating TLS certificates with Let's Encrypt
+# Only relevant if acme.autogenerate.enabled is `true`, otherwise no certificates are generated using this module
+
+# ACME production settings
+# Must match with ACME settings in WildDuck
+key = "production"
+directoryUrl = "https://acme-v02.api.letsencrypt.org/directory"
+email = "[email protected]"
+
+# If hostname has a CAA record set then match it against this list
+# CAA check is done before WildDuck tries to request certificate from ACME
+caaDomains = ["letsencrypt.org"]
+
+# Private key settings, if WildDuck has to generate a key by itself
+keyBits = 2048
+keyExponent = 65537
+
+["modules/zonemta-wildduck".acme.autogenerate]
+# If enabled then automatically generates TLS certificates based on SNI servernames
+enabled = false
+
+["modules/zonemta-wildduck".acme.autogenerate.cnameMapping]
+# Sudomain CNAME mapping
+#   "abc" = ["def.com"] means that if the SNI servername domain is "abc.{domain}"
+#   then there must be a CNAME record for this domain that points to "def.com".
+#   If multiple CNAME targets are defined (eg ["def.com", "bef.com"], then at least 1 must match.
+#   Additionally, there must be at least 1 email account with "@{domain}" address.
+#   If there is no match, then TLS certificate is not generated.
+
+#imap = ["imap.example.com"]
+#smtp = ["smtp.example.com"]
+#pop3 = ["imap.example.com"]
 
 #["modules/zonemta-wildduck".mxRoutes]
 #    "*.l.google.com" = "gmail"