Skip to content

Latest commit

 

History

History
74 lines (56 loc) · 2.29 KB

imap.md

File metadata and controls

74 lines (56 loc) · 2.29 KB

Inbound mail through IMAP

While CMS will not use IMAP directly, it can act as an OAUTH authentication broker for other mail clients. In this mode CMS would be configured to only do authentication and not handle mail.

Authenticate only CMS Configuration

In this mode no mailboxes are defined, just accounts and the CredentialServer

account = Office365_Account(user="[email protected]")
CredentialServer("/var/run/user/XXX/cms.sock",
                 accounts=[account],
                 protocols=["SMTP", "IMAP"])

CMS will still run as a daemon and it keeps track of the refresh token and periodically updates the access tokens.

Configuration Test

CMS provides the cms-auth tool to get tokens out of the daemon. It has a test mode which should be used to verify that the IMAP server is working correctly:

$ cms-oauth [email protected] --cms_sock=/var/run/user/XXX/cms.sock --test-imap=outlook.office365.com

On success their should be a log something like:

  40:51.37 < b'NDNI1 OK AUTHENTICATE completed.'

mutt

Since Mutt 1.11 it has support for OAUTHBEARER authentication. This can be used with GMail and CMS. The below fragment of the .mutt RC shows the configuration.

set imap_authenticators="oauthbearer"
set imap_oauth_refresh_command="cms-oauth --cms_sock=cms.sock --proto=IMAP --user user@domain --output=token"
set spoolfile="imaps://imap.gmail.com/INBOX"

As of mutt commit c7a872d1eeea ("Add basic XOAUTH2 support.") (possibly will be in version 1.15) mutt can also do XOAUTH2 for use with Office365:

set imap_authenticators="xoauth2"
set imap_oauth_refresh_command="cms-oauth --cms_sock=cms.sock --proto=IMAP --user user@domain --output=token"
set spoolfile="imaps://outlook.office365.com/INBOX"

isync / mbsync

mbsync can support XOAUTH2 with the Cyrus SASL OAuth2 plugin. Here is an example configuration excerpt, assuming mbsync has been correctly installed with the plugin.

IMAPAccount accountname
# Address to connect to
Host imap.server.address
Port 993
User [email protected]
# Using cloud-mdir-sync to manage OAuth2 bearer token
PassCmd "cms-oauth --cms_sock=/var/run/user/XXX/cms.sock --proto=IMAP --user [email protected] --output=token"
AuthMechs XOAUTH2
# Use SSL
SSLType IMAPS
CertificateFile /etc/ssl/certs/ca-certificates.crt