I got it. But in conditions where internet access is censored it’s trivial for censor to get all the application’ servers addresses, and block them. Custom server with limited number of users is more robust solution. I’m mostly thinking about this scenario.
Ok, this is another question turning to FR.
Quote from RFC9051 “Internet Message Access Protocol (IMAP) - Version 4rev2”:
7.1. 'Server Responses - Generic Status Responses"
ALERT
The human-readable text contains a special alert that is presented to the user in a fashion that calls the user’s attention to the message.
Content of ALERT response codes received on a connection without TLS or SASL security-layer confidentiality SHOULD be ignored by clients
(…)
Alerts received after successful establishment of a TLS/SASL confidentiality layer MUST be presented to the user.
(The only difference with older RFC 3501 is it allows to send such ALERT messages over plaintext connection, and sure it was exploited.)
How it may be used:
(1) chatmail server will send ‘* OK [ALERT …’ by postlogin shell script; no Postfix code modification needed
see Post-login scripting — Dovecot documentation
at this point, connection is alreary TLS-encrypted and authentificated; there is no need for additional encryption; it can be send only on first login, or on some conditions checked by the script
(2) on the first such alert, DC client will create ‘contact’ named e.g. as server DNS name, maybe with some preset ‘generic server image’ avatar; text input field is not needed (like in broadcast channel)
(3) the first message in thet channel should be auto-generated warning about rogue or cracked servers, not clicking links, etc.
This alert is actually standard IMAP feature, so theoretically should be supported on any IMAP client and server. Don’t know what is actual situation.
(PS: dear moderators, could this be combined with previous topic on the same subject? Announcement channels for chatmail )