Hello Felix > 1. All examples contain the setting `enableForwarding` but I do not find any >references to it. What's the purpose of the setting?
A quick code search shows no matches in code. This unmapped configuration property is likely a very old James 2.x legacy. I believe we can safely drop it in the ~8 files it appears in. Contribution welcomed. > 2. What is the difference between configuring password salting via the >`algorithm` or `hashingMode` setting (more below)? CF https://github.com/apache/james-project/blob/ddfef1e05403a46a9136023721807bc791f20431/upgrade-instructions.md?plain=1#L1097 The property "hashingMode" is solely here to prevent a breaking change. If you are not runnig a pre-2021 Jaems then safely ignore hashingMode > I would like to configure my james instance with postgres user backend to use >password salts. https://github.com/apache/james-project/blob/master/server/apps/postgres-app/sample-configuration/usersrepository.xml achieves this goal > It would be nice if the difference would be mentioned in the documentation. Contribution welcomed. -- Best regards, Benoit TELLIER General manager of Linagora VIETNAM. Product owner for Team-Mail product. Chairman of the Apache James project. Mail: [email protected] Tel: (0033) 6 77 26 04 58 (WhatsApp, Signal) On Oct 7, 2025 7:57 PM, from Felix Auringer <[email protected]>Good evening, I have two questions regarding the configuration in userrepository.xml. 1. All examples contain the setting `enableForwarding` but I do not find any references to it. What's the purpose of the setting? 2. What is the difference between configuring password salting via the `algorithm` or `hashingMode` setting (more below)? I would like to configure my james instance with postgres user backend to use password salts. For this, I have the following userrepository.xml: <usersrepository name="LocalUsers"> <algorithm>PBKDF2-SHA512</algorithm> <hashingMode>salted</hashingMode> <enableVirtualHosting>true</enableVirtualHosting> </usersrepository> Based on the documentation (docs/modules/servers/partials/configure/usersrepository.adoc), I would have expected the algorithm in the database to be `PBKDF2-SHA512/salted` but it is `PBKDF2-SHA512/plain`. When I use the following userrepository.xml, the algorithm in the database is `PBKDF2-SHA512/salted` as expected: <usersrepository name="LocalUsers"> <algorithm>PBKDF2-SHA512/salted</algorithm> <enableVirtualHosting>true</enableVirtualHosting> </usersrepository> If I understand the code path correctly, the hash mode is read from the config in server/data/data-postgres/src/main/java/org/apache/james/user/postgres/PostgresUsersRepositoryConfiguration.java. The algorithm and hashing mode are then used in server/data/data-postgres/src/main/java/org/apache/james/user/postgres/PostgresUsersDAO.java. However, the hashing mode is only used once as a fallback when retrieving a user and does not make it into the database. Still, in both configurations, the password is salted with the username. Best regards, Felix --- Gesellschaft für interkulturelles Zusammenleben gGmbH (GIZ) Felix Auringer IT Reformationsplatz 2 13597 Berlin Tel: 030/513 0100 00; Fax: 030/513 0100 09 giz.berlin; [email protected] Amtsgericht Charlottenburg HRB 200872 B Geschäftsführerin: Dr. Britta Marschke --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
