You're right on! Only problem is that I wasn't planning on putting Tomcat on the server with the ssl certificate - yet.
I wanted to have java/james/tomcat on a server & web server with ssl on dif machine. Will it be a problem? -----Original Message----- From: Noel J. Bergman [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 3:04 PM To: James Users List Subject: RE: SMTP > I just want to use it to send mail, via a browser interface, without > being an open relay. If you want to browse to a server and send mail from anywhere, then I presume that you are creating some sort of HTML form-based interface. That is one of the common causes of spam problems. You need to make sure that only authorized users can use that interface to keep spambots from using your page to send their e-mail. If you are using a CGI script or Java servlet to handle the HTTP POST action, then when it wants to send mail through James, James will see it as originating with that web component, not the original browser IP. > Was planning to use SSL. Jsp interface. I would log in using the > email account username & password. If they don't match the user can't > send email. The page would not be open to the public. That should be fine, with all normal password authentication caveats. Just make sure that the JSP or servlet that actually sends the message to James is secured, not just the form page, if they aren't the same page. If you are using tomcat, you can use its authentication mechanisms. Take a look at the Admin and Manager webapps. You should also tell Tomcat to require an SSL connection for your e-mail webapp. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
