Merge branch 'main' into build

simonrob · Mar 15, 2024 · 30e80a2 · 30e80a2
2 parents 6dcea15 + 6ef9d4f
commit 30e80a2
Show file tree

Hide file tree

Showing 2 changed files with 197 additions and 63 deletions.
diff --git a/emailproxy.config b/emailproxy.config
@@ -21,9 +21,9 @@ documentation = Local servers are specified as demonstrated below where, for exa
 	behalf to the remote server from the outset by default (i.e., implicit SSL/TLS); see below if STARTTLS is required.
 
 	Server customisation:
-	- If your SMTP server uses the STARTTLS approach, add `starttls = True`, as shown in the [SMTP-1587] example below
-	(assumed to be False otherwise). With this parameter set, STARTTLS negotiation will be handled by the proxy on your
-	behalf (i.e., do not enable STARTTLS in your client). IMAP STARTTLS and POP STARTTLS are not currently supported.
+	- If your SMTP server uses the STARTTLS approach, add `server_starttls = True`, as shown in the [SMTP-1587] example
+	below (assumed to be False otherwise). With this parameter set, STARTTLS negotiation will be handled by the proxy
+	on your behalf (i.e., do not enable STARTTLS in your client). IMAP/POP STARTTLS are not currently supported.
 
 	- The `local_address` property can be used to set an IP address or hostname for the proxy to listen on. Both IPv4
 	and IPv6 are supported. If not specified, this value is set to `::` (i.e., dual-stack IPv4/IPv6 on all interfaces).
@@ -33,6 +33,11 @@ documentation = Local servers are specified as demonstrated below where, for exa
 	if you are having trouble connecting to the proxy, it is worth actually testing both IPv4 and IPv6 connections.
 
 	Advanced server configuration:
+	- As explained above, you should not enable STARTTLS in your local client, as the proxy handles secure communication
+	with the server on your behalf. However, if your client does not allow STARTTLS to be disabled, you can in addition
+	set `local_starttls = True` to emulate STARTTLS locally to allow your client to connect. If you set this parameter,
+	you must also provide a local certificate as outlined below.
+
 	- In the standard configuration the channel between your email client and the proxy is unencrypted. This is not
 	normally of any concern since the proxy is typically a local-only service. However, if you prefer, you may provide
 	a `local_certificate_path` (e.g., /etc/letsencrypt/live/mail.example.net/fullchain.pem) and `local_key_path` (e.g.,
@@ -52,7 +57,7 @@ local_address = 127.0.0.1
 [SMTP-1587]
 server_address = smtp.office365.com
 server_port = 587
-starttls = True
+server_starttls = True
 local_address = 127.0.0.1
 
 [IMAP-2993]