Hi, Within [2] I do work on documenting how to secure remote delivery with SSL and startTls.
Matthieu Baechler asks wether we should require encrypted delivery (startTls / ssl) by default in shipped configuration. This comes with trust issues, we might end up enabling mail.smtp.ssl.trust as a wildcard, which is a security hole as well (but at least traffic will be encrypted). Note that GMail (which had been reported to reject James traffic [1]) might still need a valid SSL certificate as well. Finally, underlying such a choice, I want to bring people attention that we currently have no integration tests on RemoteDelivery SSL / startTls, and lack the dockerized SSL SMTP servers to add this to the James test suite. I proposed an issue related to this [3] (contribution welcolmed!). This should in my optinion be a pre-requisite for this proposal acceptance. [1] https://www.mail-archive.com/server-user@james.apache.org/msg16199.html [2] https://github.com/linagora/james-project/pull/2823 [3] https://issues.apache.org/jira/browse/JAMES-2969 Regards, Benoit --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org