IMAP

Section [IMAP]

Added in version 1.0.0.dev5.

IMAP.Server: list

Each server entry is mapped to an instance of imap.IMAPServerConfig.

Represents a list of IMAP server configuration sections. For general guidance on defining section lists, refer to the TOML documentation for Array Tables.

Server.Port: int

Linked to imap.IMAPServerConfig.imap_port

Defines the port used by the IMAP server instance. This option is mandatory.

Important

This value must be specified within a [[IMAP.Server]] section.

The attributes described below may also be specified in the global [IMAP] section, where they act as defaults for all individual server entries — unless explicitly overridden.

Server.Capabilities: str = [ "IMAP4rev1", "IMAP4rev2" ]

Linked to imap.IMAPServerConfig.imap_caps. Can also be set in [IMAP].

Defines the server capabilities to advertise to the client. According to the IMAP specification, the revision (such as IMAP4rev1) must be returned.

Server.FQDN: str = "Dementor"

Linked to imap.IMAPServerConfig.imap_fqdn. Can also be set in [IMAP] or [Globals].

Specifies the Fully Qualified Domain Name (FQDN) hostname used by the IMAP server. The hostname portion appears in server responses; the domain part is optional.

Server.Banner: str = "IMAP Server ready"

Linked to imap.IMAPServerConfig.imap_banner. Can also be set in [IMAP].

Defines a custom banner message sent in the server’s greeting upon client connection.

Server.AuthMechanisms: list[str] = [ "NTLM", "PLAIN", "LOGIN" ]

Linked to imap.IMAPServerConfig.imap_auth_mechs. Can also be set in [IMAP].

Lists the authentication mechanisms supported by the server. Currently implemented options:

  • LOGIN — Base64-encoded challenge-based login.

  • PLAIN — Sends credentials in cleartext.

  • NTLM — Implements NTLM authentication per [MS-SMTPNTLM].

To enforce NTLM-only authentication, remove LOGIN and PLAIN. For downgrade attacks, refer to SMTP.Server.Downgrade.

Server.Downgrade: bool = true

Linked to imap.IMAPServerConfig.imap_downgrade. Can also be set in [IMAP].

Attempts to downgrade authentication from NTLM to weaker methods like LOGIN. Effective only if the client permits plaintext authentication. See SMTP/IMAP/POP3 Downgrade for usage examples.

Server.TLS: bool = false

Linked to imap.IMAPServerConfig.use_ssl. Can also be set in [IMAP].

Enables SSL/TLS for the IMAP server using a custom certificate.

Server.Cert: str

Linked to imap.IMAPServerConfig.certfile. Can also be set in [IMAP] or [Globals].

Specifies the path to the TLS certificate file.

Server.Key: str

Linked to imap.IMAPServerConfig.keyfile. Can also be set in [IMAP] or [Globals].

Specifies the path to the private key file associated with the TLS certificate.

IMAP.ExtendedSessionSecurity: bool = true

Maps to imap.IMAPServerConfig.ntlm_ess.

Enables NTLM Extended Session Security (ESS). When enabled, NTLMv1/NTLMv2-SSP hashes are captured instead of raw NTLM hashes. Resolution precedence:

  1. IMAP.ExtendedSessionSecurity

  2. NTLM.ExtendedSessionSecurity (fallback)

IMAP.Challenge: str = NTLM.Challenge

Maps to imap.IMAPServerConfig.ntlm_challenge.

Sets the NTLM challenge value used during authentication. Resolution order:

  1. IMAP.Challenge

  2. NTLM.Challenge

Default Configuration

IMAP configuration section (default values)
1[IMAP]
2Banner = "IMAP Server ready"
3AuthMechanisms = ["NTLM", "PLAIN", "LOGIN"]
4Downgrade = true
5
6[[IMAP.Server]]
7Port = 110

Note

The default configuration does NOT include an IMAP server wrapped in an SSLContext. To configure a server with TLS enabled, use:

Dementor.toml
[IMAP]
# ...

[[IMAP.Server]]
Port = 993
TLS = true  # must be explicitly set
Cert = "/path/to/certificate"
Key = "/path/to/key"