feat(mailer-smtp): add SCRAM-SHA-256 auth, Ed25519 DKIM, opportunistic TLS, SNI cert selection, pipelining and delivery/bridge improvements

rust/crates/mailer-smtp/src/config.rs

@@ -2,6 +2,17 @@
 
 use serde::{Deserialize, Serialize};
 
+/// Per-domain TLS certificate for SNI-based cert selection.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TlsDomainCert {
+    /// Domain names this certificate covers (matched against SNI hostname).
+    pub domains: Vec<String>,
+    /// Certificate chain in PEM format.
+    pub cert_pem: String,
+    /// Private key in PEM format.
+    pub key_pem: String,
+}
+
 /// Configuration for an SMTP server instance.
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct SmtpServerConfig {
@@ -11,10 +22,13 @@ pub struct SmtpServerConfig {
     pub ports: Vec<u16>,
     /// Port for implicit TLS (e.g. 465). None = no implicit TLS port.
     pub secure_port: Option<u16>,
-    /// TLS certificate chain in PEM format.
+    /// TLS certificate chain in PEM format (default cert).
     pub tls_cert_pem: Option<String>,
-    /// TLS private key in PEM format.
+    /// TLS private key in PEM format (default key).
     pub tls_key_pem: Option<String>,
+    /// Additional per-domain TLS certificates for SNI-based selection.
+    #[serde(default)]
+    pub additional_tls_certs: Vec<TlsDomainCert>,
     /// Maximum message size in bytes.
     pub max_message_size: u64,
     /// Maximum number of concurrent connections.
@@ -43,6 +57,7 @@ impl Default for SmtpServerConfig {
             secure_port: None,
             tls_cert_pem: None,
             tls_key_pem: None,
+            additional_tls_certs: Vec::new(),
             max_message_size: 10 * 1024 * 1024, // 10 MB
             max_connections: 100,
             max_recipients: 100,