james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Waibel <BWai...@intarsys.de>
Subject AW: Apache James Server 3.0-beta5-SNAPSHOT : Unable receive email from outside domains using SSL [unsigned]
Date Tue, 27 Sep 2016 17:31:32 GMT
Hello Shawn,

you are not disturbing anyone, you're just welcome.

The standard port for mail handling is 25. This normally is not SSL encrypted.

There is a protocol extension which is called STARTTLS, also on Port 25.
If STARTTLS is used, the sending SMTP servers connect to port 25, sends a (not encrypted)
STARTTLS command, and after that the communication will be SSL encrypted. All over port 25.
This is supported by James3 (not by James2).
So it starts without encryption, and then changes to encryption on-the-fly.

The SSL encrypted SMTP (called SSMTP or SMTPS) is on another port, normally 465, but this
is not used by standard mail handling.
That is: every mail server does use port 25, because there is no other way to find out another
port like 465.
The SSL Port is just for direct server-to-server connections, or user-to-server connections.
So the sender (server or user) need to know that this is SSL encrypted.
And these "pure-SSL" connections have to be configured inside the sending mail server or sending
mail client directly.
So it is normally used only for user-to-server connections.

See here: https://en.wikipedia.org/wiki/Opportunistic_TLS
And here: https://en.wikipedia.org/wiki/SMTPS

So: 
For Server-to-server you need a Port 25 (which should support STARTTLS, but do not need to).
For Client-to-server you need a Port 465 with "SSL only" connections.
So you have one instance, with two ports, same database.

In smptserver.xml you define one <smtpserver>.
This one you bind to port 25.
Also you set up TLS (which is just the private key and certificate to use for STARTTLS).
Here you set <tls socketTLS="false" startTLS="true">.
If you want to support STARTTLS, which is recommended.

Then you set up (copy all) another <smtpserver> in the same file.
This one you bind to port 465.
You should use <authRequired>, if you want user-to-server connection, and if the user
should supply username and password for sending mails through this service. Very recommened.
Also you set up TLS (which is just the private key and certificate to use for SSL/TLS).
Here you set <tls socketTLS="true" startTLS="false">.

Btw. I did not do that till now, but this is the way it should work.

Best regards
Bernd Waibel

-----Urspr√ľngliche Nachricht-----
Von: Shawn Fu Sheng [mailto:shawn@victz.com] 
Gesendet: Dienstag, 27. September 2016 18:13
An: server-dev@james.apache.org
Betreff: Apache James Server 3.0-beta5-SNAPSHOT : Unable receive email from outside domains
using SSL

Dear All,

sorry to disturb. i am new to James and i built james-server-app-3.0.0-beta5-SNAPSHOT-app.zip
from latest source code (22 Sep 2016) on GIT. It was working perfectly before i setup SSL.
After i open SMTP SSL i am unable receive email from outside domains.

Learnt that in order to receive email from outside domains, there must have SMTP instance
listening 25 without encryption. but if i want my user to use SSL to connect my email service,
should i have to set up multiple SMTP instances using same database? is this the correct approach?
or is there already have any setting to handle this scenario? 

Appreciate your advice, please. thank you very much in advance.

Thanks and Regards,
Shawn


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message