james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Vieujot (JIRA)" <server-...@james.apache.org>
Subject [jira] Commented: (JAMES-1105) Support multiple port configurations per protocol
Date Sun, 19 Dec 2010 11:11:02 GMT

    [ https://issues.apache.org/jira/browse/JAMES-1105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12972960#action_12972960
] 

Sylvain Vieujot commented on JAMES-1105:
----------------------------------------

In fact we found that in the last snapshots (post M2), you need to add another jmxname tag
to the smtpserver_ssl.xml configuration to avoid the duplicate name.
For us this solved the issue.
Once the documentation is update, this bug report can be closed (I can't do it).

As I think this is a very common configuration, maybe it would be helpful to ship an smtpserver_ssl.xml
file with the distribution, with 
<smtpserver enabled="false"> by default.
So the only change would be to set enable="true".

For reference, here is our smtpserver_ssl.xml file :

<smtpserver enabled="true">
  <port>465</port>
  <connectionBacklog>200</connectionBacklog>
  <tls socketTLS="true" startTLS="false">
		<keystore>file://conf/keystore</keystore>
		<secret>password</secret>
		<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
  </tls>
  <handler>
	 <helloName autodetect="false">reit.ae</helloName>
     <connectiontimeout>360</connectiontimeout>
     <connectionLimit> 0 </connectionLimit>
     <connectionLimitPerIP> 0 </connectionLimitPerIP>
	 <authRequired>true</authRequired>
     <authorizedAddresses>127.0.0.0/8</authorizedAddresses>
     <authRequired>true</authRequired>
     <maxmessagesize>0</maxmessagesize>
     <addressBracketsEnforcement>true</addressBracketsEnforcement>
     <handlerchain>
         <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
         <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
     </handlerchain>
  </handler>
<jmxName>smtpserver_ssl</jmxName> 
</smtpserver>

> Support multiple port configurations per protocol
> -------------------------------------------------
>
>                 Key: JAMES-1105
>                 URL: https://issues.apache.org/jira/browse/JAMES-1105
>             Project: JAMES Server
>          Issue Type: Improvement
>          Components: IMAPServer, POP3Server, SMTPServer
>    Affects Versions: 3.0-M1
>            Reporter: Patrick Pyette
>         Attachments: spring-beans.xml
>
>
> A single instance of James should be able to accept connections on multiple ports for
each protocol.   As an example, I want to have the following SMTP connections:
> port 25:  no authorization, no relaying
> port 465: STARTTLS, AUTH required, relaying allowed
> port 587:  SMTP/TLS, AUTH required, relaying allowed.
> I can set up the relaying decision with a mailet/matcher, but having multiple port configurations
per protocol allow me to deploy James as a primary multi-domain mail server.
> The config files might look something like:
>     <!-- The SMTP server is enabled by default -->
>     <!-- Disabling blocks will stop them from listening, -->
>     <!-- but does not free as many resources as removing them would -->
>    <smtpserver enabled="true">
>       <!-- 
>             Port 25 is the well-known/IANA registered port for SMTP. 
>             Port 465 is the well-known/IANA registered port for SMTP over TLS.
>          -->
>       <endpoints>
>          <endpoint port="465">
>           <!-- Uncomment this if you want to bind this port to a specific inetaddress
-->
>           <!-- Please NOTE: you should add this IP also to your RemoteAddrNotInNetwork
-->
>           <!-- in order to avoid relay check for locallly generated bounces -->
>           <!--
>           <bind> </bind>
>           -->
>          <!-- Set to true to support STARTTLS or TLS for the Socket.
>            To use this you need to copy sunjce_provider.jar to /path/james/lib directory.
>          -->
>          <tls socketTLS="false" startTLS="true">
>             <!-- To create a new keystore execute:
>             keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore
>             -->
>            <keystore>file://conf/keystore</keystore>
>            <secret>changeit</secret>
>            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>          </tls>
>          <!--  Uncomment this if you want to require SMTP authentication.
>                supported values:
>                true: required but announced only to not authorizedAddresses
>                false: don't use AUTH
>                announce: like true, but always announce AUTH capability to clients
>                The correct behaviour per RFC value would be false or announce
>                but we still support true for backward compatibility and because
>                some webmail client fails when AUTH is announced but no authentication
>                information has been provided
>           -->
>          <authRequired>announce</authRequired>
>          
>          <!--  Uncomment this if you want to authorize specific addresses/networks.
>                If you use SMTP AUTH, addresses that match those specified here will
>                be permitted to relay without SMTP AUTH.  If you do not use SMTP
>                AUTH, and you specify addreses here, then only addresses that match
>                those specified will be permitted to relay.
>                Addresses may be specified as a an IP address or domain name, with an
>                optional netmask, e.g.,
>                127.*, 127.0.0.0/8, 127.0.0.0/255.0.0.0, and localhost/8 are all the same
>                See also the RemoteAddrNotInNetwork matcher in the transport processor.
>                You would generally use one OR the other approach.
>          -->
>          <!--
>          <authorizedAddresses>127.0.0.0/8</authorizedAddresses>
>          -->
>          <!--  Uncomment this if you want to verify sender addresses, ensuring that
-->
>          <!--  the sender address matches the user who has authenticated. -->
>          <!--  This prevents a user of your mail server from acting as someone else
-->
>          <!--  If unspecified, default value is true -->
>          <!--
>          <verifyIdentity>true</verifyIdentity>
>          -->
>     </endpoint>
>     <endpoint port="587">
>       ...
>     </endpoint>
> </endpoints>   

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message