Hi Johnny
Something I've hacked together to suite my needs, yet to test the
following approach but from looking over the code the following appears
to be possible.
Make the lines member variable declared in AbstractResponse available
via a method, classes requiring a change:
api/src/main/java/org/apache/james/protocols/api/Response.java
api/src/main/java/org/apache/james/protocols/api/AbstractResponse.java
And to require STARTTLS command if authenticating, change the onCommand
method so that if command issued is ehlo, TLS supported and TLS not
started then exclude auth lines from response, class requiring a change:
smtp/src/main/java/org/apache/james/protocols/smtp/core/AbstractHookableCmdHandler.java
Similar approach should be applicable for IMAP but haven't looked at the
IMAP code.
And if you want, implement an AuthHook that doesn't allow authentication
if TLS supported and TLS not started... of course this doesn't stop the
username and password from being sent over the wire unencrypted.
Phillip
On 7/28/13 6:00 PM, Johnny Minty wrote:
Hi Eric,
This will provide basic support however doesn't provide a facility to enforce
STARTLS for a connecting client.
Here's an example of the desired outcome running under postfix:
client: ehlo test.domain.com
server: 250-outbound-postfix.one.govt.nzserver: 250-PIPELININGserver: 250-SIZE
2048000000server: 250-VRFYserver: 250-ETRNserver: 250-STARTTLSserver:
250-ENHANCEDSTATUSCODESserver: 250-8BITMIMEserver: 250 DSN
client: mail from: <[email protected]>
server: 530 5.7.0 Must issue a STARTTLS command first
ATTN Phillip: Thanks I will review JIRA and keep you posted.
Regards,
Johnny Minty
Date: Sun, 28 Jul 2013 17:31:33 +0200
From: [email protected]
To: [email protected]
Subject: Re: Require TLS
Why this wouldn't work for you?
<bind>0.0.0.0:25</bind>
<tls socketTLS="true" startTLS="true">
On 2013-07-26 16:47, Phillip Odam wrote:
Hi Johnny
I've wanted much the same, seems to require a code change though.
Use cases 14 and 17 in Jira JAMES-886 discuss the issues and approaches
to solve this. See https://issues.apache.org/jira/browse/JAMES-886
Thanks
Phillip
On 7/26/13 8:23 AM, Johnny Minty wrote:
Hi Eric,
The requirement is for TLS over port 25(starttls) not TLS on port 465.
Kind regards,
Johnny Minty
Sent from my Windows Phone
________________________________
From: Eric Charles<mailto:[email protected]>
Sent: 26/07/2013 11:31 p.m.
To: James Users List<mailto:[email protected]>
Subject: Re: Require TLS
Can't you disable the non-secure port in smtp-server.xml?
On 25/07/2013 22:29, Johnny Minty wrote:
Hi Guys,
I have a requirement to require TLS on all incoming and outgoing
connections from specific servers (IP addresses). I managed to
satisfy the outgoing requirement for TLS by leveraging the
SMTPTransport class in the RemoteDelivery Mailet however I'm stuck
on a solution for incoming connections. At the moment it looks like I
will need to write my own SMTP hook to ensure the STARTTLS command is
received during the SMTP transaction, do you think this is the right
approach?
Thanks for your help,
Johnny Minty
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
