update doc

niiknow · Jan 14, 2024 · 8f8e21e · 8f8e21e
1 parent 7637f8e
commit 8f8e21e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -51,11 +51,22 @@ Then to test locally, simply open a new terminal and exec:
 ```sh
 # swaks can be install with homebrew on your macos
 # type: PLAIN,LOGIN,CRAM-MD5
+# note: -tls is important here if you want to test with authenticate
+# https://github.com/haraka/Haraka/issues/2760#issuecomment-597248728
 swaks -f [email protected] -t [email protected] \
 	--server localhost -tls --port 25 --auth LOGIN \
 	--auth-user "usertest1" --auth-password "testes123"
 ```
 
+NOTE: it is recommended that you enable tls.  See Haraka documentation here: https://haraka.github.io/plugins/tls
+
+Since we allow sending with any `FROM` address, `resque` requires authentication.  Therefore, we must configure `resque.json` with user credentials in order to authenticate. Then we also need to do the following configuration for Hakara to work:
+
+1. Enable tls in config/plugins - which is handle inside of our `mystart.sh`
+2. Enable tls by adding tls.ini - which is included in folder `defaults/config/tls.ini`
+3. Set your server `HOSTNAME` inside of docker-compose for using OpenSSL generated self-sign cert.
+4. Test it with `-tls` with swaks.  If you have SSL issue with certain email client (such as Wordpress SMTP plugin), then you might have to purchase an actual certificate and replace the two files `tls_cert.pem` and `tls_key.pem` inside of config folder.
+
 ## Planning / Todo
 - [x] Json configuration
 - [x] Support login credential

diff --git a/defaults/config/tls.ini b/defaults/config/tls.ini
@@ -2,6 +2,7 @@
 ; Also see https://haraka.github.io/plugins/tls
 ; Updated: 2024-01-14
 
+; tls must be enable to use with resque
 ; key=tls_key.pem
 ; cert=tls_cert.pem
 ; dhparam=dhparams.pem
@@ -14,7 +15,6 @@ dhparam=dhparams.pem
 ; the time of that versions release. If you have problems with the default cipher
 ; list, try enabling this "kinda high but more compatible" setting.
 ; ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
-ciphers=EECDH+AESGCM:EDH+aRSA+AESGCM:EECDH+AES256:EDH+aRSA+AES256:EECDH+AES128:EDH+aRSA+AES128:RSA+AES:RSA+3DES
 
 ; minimum TLS version (node.js 11.4+ required)
 ; Allowed values are 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "haraka-plugin-resque",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "description": "Haraka plugin that act as a queue and perform REST post to a remote url",
   "main": "index.js",
   "scripts": {