[
https://issues.apache.org/jira/browse/JAMES-4171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057645#comment-18057645
]
Jean Helou commented on JAMES-4171:
-----------------------------------
>auth section applies for a specific port.
> In some customer environment we run different auth mecanisms on different
> ports.
auth section applies for a specific port but no differentiating the type of
port in the configuration would make it possible to write
{code}
<smtpserver enabled="true">
<bind>0.0.0.0:25</bind>
<connectionBacklog>200</connectionBacklog>
<auth>
<required>true</required>
<plainAuthEnabled>true</plainAuthEnabled>
</auth>
...
{code}
This would be a very easy mistake to make and would render the server
completely unable to act as an MX
ideally the configuration would differentiate smtpserver and submissionserver
{code}
<smtpserver enabled="true">
<bind>0.0.0.0:25</bind>
<connectionBacklog>200</connectionBacklog>
<auth>
<!-- <required>true</required> cannot be written because not
possible when configuring a smtpserver -->
<plainAuthEnabled>true</plainAuthEnabled>
</auth>
</smtpserver>
<submissionserver enabled="true">
<bind>0.0.0.0:587</bind>
<connectionBacklog>200</connectionBacklog>
<auth>
<!-- <required>true</required> cannot be written because not
possible to have a value different from true -->
<plainAuthEnabled>true</plainAuthEnabled>
</auth>
</submissionserver>
{code}
with regards to SMTP layer already preventing unauthenticated relaying :
- can you point me to the corresponding code please ? I had no idea that the
mailetcontainer stuff was effectively useless T_T
- why do we keep all the config in all the mailetcontainer samples this is
very misleading :/
> Submission only server
> ----------------------
>
> Key: JAMES-4171
> URL: https://issues.apache.org/jira/browse/JAMES-4171
> Project: James Server
> Issue Type: Improvement
> Components: SMTPServer
> Reporter: Benoit Tellier
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> h3. Context
> I end up having to provide a submission only server for one of my customer.
> Problem: James bundles together the MX and submission role thus always accept
> email of remote users addressed to local users.
> This unorthodox behaviour is not a problem when combining both roles (though
> surprising!) however not being able to say "only authenticated users here"
> prevents implementing the aformentionned use case
> h3. Proposal
> Add auth.required configuration option in SMTP
> If true, then discard unauthenticated senders.
> This shall be the documented + recommended value however for
> retro-compatibility I propose to keep the legacy value as a default value.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
