Google Git
Sign in
apache / james-site / a15da97d6f43d2450183d8ff4b8722aa4ad8b24d / . / james-distributed-app / 3.8.0 / configure / smtp.html
blob: 6ac704e8240f1d483a853e9f3674fdbb07d38f1e [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Distributed James Server &mdash; smtpserver.xml :: Apache James</title>
<meta name="generator" content="Antora 3.1.2">
<link rel="stylesheet" href="../../../_/css/site.css">
</head>
<body class="article">
<header class="header">
<nav class="navbar">
<div class="navbar-brand">
<a class="navbar-item" href="https://james.apache.org"><img src="/_/img/james.svg" alt="james logo"> Apache James</a>
<button class="navbar-burger" data-target="topbar-nav">
<span></span>
<span></span>
<span></span>
</button>
</div>
<div id="topbar-nav" class="navbar-menu">
<div class="navbar-end">
<a class="navbar-item" href="#">Home</a>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Products</a>
<div class="navbar-dropdown">
<div class="navbar-item"><strong>James server</strong></div>
<a class="navbar-item" href="https://github.com/apache/james-project">Repository</a>
<a class="navbar-item" href="https://issues.apache.org/jira/projects/JAMES/issues">Issue Tracker</a>
<hr class="navbar-divider">
<a class="navbar-item" href="https://james.apache.org/mime4j/index.html">Mime4J</a>
<a class="navbar-item" href="https://james.apache.org/jsieve/index.html">jSieve</a>
<a class="navbar-item" href="https://james.apache.org/jspf/index.html">jSPF</a>
<a class="navbar-item" href="https://james.apache.org/jdkim/index.html">jDKIM</a>
<a class="navbar-item" href="https://james.apache.org/hupa/index.html">HUPA</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Community</a>
<div class="navbar-dropdown">
<!-- Not ideal but dropping the version in the href requires tweaking james-projet docs module first -->
<a class="navbar-item" href="/james-project/3.6.0/community/mailing-lists.html">Mailing lists</a>
<a class="navbar-item" href="https://gitter.im/apache/james-project"><svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 32 32" class="logo-gitter-sign" data-v-44ebcb1a=""><rect x="15" y="5" width="2" height="10"></rect> <rect x="10" y="5" width="2" height="20"></rect> <rect x="5" y="5" width="2" height="20"></rect> <rect width="2" height="15"></rect></svg> Gitter</a>
<a class="navbar-item" href="https://twitter.com/ApacheJames">
<span class="icon">
<svg aria-hidden="true" data-icon="twitter" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<path fill="#57aaee" d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"></path>
</svg>
</span> Twitter
</a>
<a class="navbar-item" href="#"> <svg class="octicon octicon-mark-github v-align-middle" viewBox="0 0 16 16" version="1.1" aria-hidden="true"><path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg> Github</a>
</div>
</div>
<!-- <div class="navbar-item">
<span class="control">
<a class="button is-primary" href="#">Download</a>
</span>
</div> -->
</div>
</div>
</nav>
</header>
<div class="body">
<div class="nav-container" data-component="james-distributed-app" data-version="3.8.0">
<aside class="nav">
<div class="panels">
<div class="nav-panel-menu is-active" data-panel="menu">
<nav class="nav-menu">
<button class="nav-menu-toggle" aria-label="Toggle expand/collapse all" style="display: none"></button>
<h3 class="title"><a href="../index.html">Apache James Distributed Server</a></h3>
<ul class="nav-list">
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../index.html">Distributed James Application</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../objectives.html">Objectives and motivation</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../architecture/index.html">Architecture</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../architecture/implemented-standards.html">Implemented standards</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../architecture/consistency-model.html">Consistency Model</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../architecture/specialized-instances.html">Specialized instances</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../run/index.html">Run</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../run/run-java.html">Run with Java</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../run/run-docker.html">Run with Docker</a>
</li>
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../run/run-kubernetes.html">Run with Kubernetes</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../run/k8s-checklist.html">Deployment Checklist</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../run/k8s-logsMetrics.html">Logs &amp; Metrics</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../run/k8s-values.html">values.yaml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../run/k8s-secrets.html">secrets.yaml</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="index.html">Configuration</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<span class="nav-text">Protocols</span>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="imap.html">imapserver.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="jmap.html">jmap.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="jmx.html">jmx.properties</a>
</li>
<li class="nav-item is-current-page" data-depth="4">
<a class="nav-link" href="smtp.html">smtpserver.xml &amp; lmtpserver.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="smtp-hooks.html">Packaged SMTP hooks</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="pop3.html">pop3server.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="webadmin.html">webadmin.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="ssl.html">SSL &amp; TLS</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="sieve.html">Sieve &amp; ManageSieve</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<span class="nav-text">Storage dependencies</span>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="blobstore.html">blobstore.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="cassandra.html">cassandra.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="opensearch.html">opensearch.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="rabbitmq.html">rabbitmq.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="redis.html">redis.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="tika.html">tika.properties</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<span class="nav-text">Core components</span>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="batchsizes.html">batchsizes.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="dns.html">dnsservice.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="domainlist.html">domainlist.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="healthcheck.html">healthcheck.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="mailetcontainer.html">mailetcontainer.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="mailets.html">Packaged Mailets</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="matchers.html">Packaged Matchers</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="mailrepositorystore.html">mailrepositorystore.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="recipientrewritetable.html">recipientrewritetable.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="search.html">search.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="usersrepository.html">usersrepository.xml</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<span class="nav-text">Extensions</span>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="vault.html">deletedMessageVault.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="extensions.html">extensions.properties</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="listeners.html">listeners.xml</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="spam.html">Anti-Spam setup</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="remote-delivery-error-handling.html">About RemoteDelivery error handling</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="collecting-contacts.html">Contact collection</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="collecting-events.html">Event collection</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="dsn.html">ESMTP DSN support</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../operate/index.html">Operate</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/guide.html">Operator guide</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/performanceChecklist.html">Performance checklist</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/logging.html">Logging</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/webadmin.html">WebAdmin REST administration API</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/metrics.html">Metrics</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/migrating.html">Migrating existing data</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/cli.html">Command Line Interface</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/cassandra-migration.html">Cassandra migration</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../operate/security.html">Security checklist</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../extending/index.html">Extending server behavior</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../extending/mail-processing.html">Custom mail processing components</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../extending/mailbox-listeners.html">Custom Mailbox Listeners</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../extending/smtp-hooks.html">Custom SMTP hooks</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../extending/webadmin-routes.html">Custom WebAdmin routes</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../extending/imap.html">Custom IMAP processing</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../benchmark/index.html">Performance benchmark</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../benchmark/db-benchmark.html">Database benchmarks</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../benchmark/james-benchmark.html">James benchmarks</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<div class="nav-panel-explore" data-panel="explore">
<div class="context">
<span class="title">Apache James Distributed Server</span>
<span class="version">3.8.0 SNAPSHOT</span>
</div>
<ul class="components">
<li class="component is-current">
<div class="title"><a href="../index.html">Apache James Distributed Server</a></div>
<ul class="versions">
<li class="version is-current is-latest">
<a href="../index.html">3.8.0 SNAPSHOT</a>
</li>
</ul>
</li>
<li class="component">
<div class="title"><a href="../../../james-project/3.8.0/index.html">Apache James Server</a></div>
<ul class="versions">
<li class="version is-latest">
<a href="../../../james-project/3.8.0/index.html">3.8.0 SNAPSHOT</a>
</li>
<li class="version">
<a href="../../../james-project/3.6.0/index.html">3.6.0 Snapshot</a>
</li>
</ul>
</li>
<li class="component">
<div class="title"><a href="../../../james-site/latest/index.html">Apache James Site</a></div>
<ul class="versions">
<li class="version is-latest">
<a href="../../../james-site/latest/index.html">latest</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</aside>
</div>
<main class="article">
<div class="toolbar" role="navigation">
<button class="nav-toggle"></button>
<a href="../../../james-site/latest/homepage.html" class="home-link"></a>
<nav class="breadcrumbs" aria-label="breadcrumbs">
<ul>
<li><a href="../index.html">Apache James Distributed Server</a></li>
<li><a href="../index.html">Distributed James Application</a></li>
<li><a href="index.html">Configuration</a></li>
<li>Protocols</li>
<li><a href="smtp.html">smtpserver.xml &amp; lmtpserver.xml</a></li>
</ul>
</nav>
<div class="edit-this-page"><a href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc">Edit this Page</a></div>
</div>
<div class="content">
<aside class="toc sidebar" data-title="Contents" data-levels="2">
<div class="toc-menu"></div>
</aside>
<article class="doc">
<h1 class="page">Distributed James Server &mdash; smtpserver.xml</h1>
<div class="sect1">
<h2 id="_incoming_smtp"><a class="anchor" href="#_incoming_smtp"></a>Incoming SMTP</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Consult this <a href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/sample-configuration/smtpserver.xml">example</a>
to get some examples and hints.</p>
</div>
<div class="paragraph">
<p>The SMTP service is controlled by a configuration block in the smptserver.xml.
The smtpserver tag defines the boundaries of the configuration block. It encloses
all the relevant configuration for the SMTP server. The behavior of the SMTP service is
controlled by the attributes and children of this tag.</p>
</div>
<div class="paragraph">
<p>This tag has an optional boolean attribute - <strong>enabled</strong> - that defines whether the service is active or not. The value defaults to "true" if
not present.</p>
</div>
<div class="paragraph">
<p>The standard children of the smtpserver tag are:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 1. smtpserver.xml content</caption>
<colgroup>
<col style="width: 50%;">
<col style="width: 50%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Property name</th>
<th class="tableblock halign-left valign-top">explanation</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">bind</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">A list of address:port separed by comma - This is an optional value. If present, this value is a string describing
the IP address to which this service should be bound. If the tag or value is absent then the service
will bind to all network interfaces for the machine on port 25. Port 25 is the well-known/IANA registered port for SMTP.
Port 465 is the well-known/IANA registered port for SMTP over TLS.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">connectBacklog</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">The IP address (host name) the MBean Server will bind/listen to.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tls</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set to true to support STARTTLS or SSL for the Socket.
To use this you need to copy sunjce_provider.jar to /path/james/lib directory. To create a new keystore execute:
<code>keytool -genkey -alias james -keyalg RSA -storetype PKCS12 -keystore /path/to/james/conf/keystore</code>.
The algorithm is optional and only needs to be specified when using something other
than the Sun JCE provider - You could use IbmX509 with IBM Java runtime.
Please note that each SMTP/LMTP server exposed on different port can specify its own keystore, independently from any other
TLS based protocols.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">helloName</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This is a required tag with an optional body that defines the server name
used in the initial service greeting. The tag may have an optional attribute - <strong>autodetect</strong>. If
the autodetect attribute is present and true, the service will use the local hostname
returned by the Java libraries. If autodetect is absent or false, the body of the tag will be used. In
this case, if nobody is present, the value "localhost" will be used.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">connectionTimeout</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag with a non-negative integer body. Connection timeout in seconds.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">connectionLimit</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum simultaneous incoming connections for this service.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">connectionLimitPerIP</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum simultaneous incoming connections per IP for this service.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">proxyRequired</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Enables proxy support for this service for incoming connections. HAProxy&#8217;s protocol
(<a href="https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt" class="bare">https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt</a>) is used and might be compatible
with other proxies (e.g. traefik). If enabled, it is <strong>required</strong> to initiate the connection
using HAProxy&#8217;s proxy protocol.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">authRequired</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">(deprecated) use auth.announce instead.</p>
<p class="tableblock">This is an optional tag with a boolean body. If true, then the server will
announce authentication after HELO command. If this tag is absent, or the value
is false then the client will not be prompted for authentication. Only simple user/password authentication is
supported at this time. Supported values:</p>
<p class="tableblock"> * true: announced only to not authorizedAddresses</p>
<p class="tableblock"> * false: don&#8217;t announce AUTH. If absent, <strong>authorizedAddresses</strong> are set to a wildcard to accept all remote hosts.</p>
<p class="tableblock"> * announce: like true, but always announce AUTH capability to clients</p>
<p class="tableblock">Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network,
regardless of this option.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.announce</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag. Possible values are:</p>
<p class="tableblock">* never: Don&#8217;t announce auth.</p>
<p class="tableblock">* always: always announce AUTH capability to clients.</p>
<p class="tableblock">* forUnauthorizedAddresses: announced only to not authorizedAddresses</p>
<p class="tableblock">Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network,
regardless of this option.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.requireSSL</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag, defaults to true. If true, authentication is not advertised via capabilities on unencrypted
channels.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.plainAuthEnabled</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag, defaults to true. If false, AUTH PLAIN and AUTH LOGIN will not be exposed. This setting
can be used to enforce strong authentication mechanisms.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.oidcConfigurationURL</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Provide OIDC url address for information to user. Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.jwksURL</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Provide url to get OIDC&#8217;s JSON Web Key Set to validate user token. Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.claim</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Claim string uses to identify user. E.g: "email_address". Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.scope</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">An OAuth scope that is valid to access the service (RF: RFC7628). Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.introspection.url</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Optional. An OAuth introspection token URL will be called to validate the token (RF: RFC7662).
Only configure this when you want to validate the revocation token by the OIDC provider.
Note that James always verifies the signature of the token even whether this configuration is provided or not.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.introspection.auth</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Optional. Provide Authorization in header request when introspecting token.
Eg: <code>Basic xyz</code></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.userinfo.url</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Optional. An Userinfo URL will be called to validate the token (RF: OpenId.Core <a href="https://openid.net/specs/openid-connect-core-1_0.html" class="bare">https://openid.net/specs/openid-connect-core-1_0.html</a>).
Only configure this when you want to validate the revocation token by the OIDC provider.
Note that James always verifies the signature of the token even whether this configuration is provided or not.
James will ignore check token by userInfo if the <code>auth.oidc.introspection.url</code> is already configured</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">authorizedAddresses</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Authorize specific addresses/networks.</p>
<p class="tableblock">If you use SMTP AUTH, addresses that match those specified here will
be permitted to relay without SMTP AUTH. If you do not use SMTP
AUTH, and you specify addresses here, then only addresses that match
those specified will be permitted to relay.</p>
<p class="tableblock">Addresses may be specified as a IP address or domain name, with an
optional netmask, e.g.,</p>
<p class="tableblock">127.*, 127.0.0.0/8, 127.0.0.0/255.0.0.0, and localhost/8 are all the same</p>
<p class="tableblock">See also the RemoteAddrNotInNetwork matcher in the transport processor.
You would generally use one OR the other approach.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">verifyIdentity</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag with a boolean body. This option can only be used
if SMTP authentication is required. If the parameter is set to true then the sender address for the submitted message
will be verified against the authenticated subject. Verify sender addresses, ensuring that
the sender address matches the user who has authenticated.
It will verify that the sender address matches the address of the user or one of its alias (from user or domain aliases).
This prevents a user of your mail server from acting as someone else
If unspecified, default value is true.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">maxmessagesize</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag with a non-negative integer body. It specifies the maximum
size, in kbytes, of any message that will be transmitted by this SMTP server. It is a service-wide, as opposed to
a per user, limit. If the value is zero then there is no limit. If the tag isn&#8217;t specified, the service will
default to an unlimited message size. Must be a positive integer, optionally with a unit: B, K, M, G.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">heloEhloEnforcement</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This sets whether to enforce the use of HELO/EHLO salutation before a
MAIL command is accepted. If unspecified, the value defaults to true.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">smtpGreeting</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">This sets the SMTPGreeting which will be used when connect to the smtpserver
If none is specified a default is generated</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">handlerchain</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">The configuration handler chain. See <a href="smtp-hooks.html" class="xref page">this page</a> for configuring out-of the
box extra SMTP handlers and hooks.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">bossWorkerCount</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum count of boss threads. Boss threads are responsible for accepting incoming SMTP connections
and initializing associated resources. Optional integer, by default, boss threads are not used and this responsibility is being dealt with
by IO threads.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ioWorkerCount</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum count of IO threads. IO threads are responsible for receiving incoming SMTP messages and framing them
(split line by line). IO threads also take care of compression and SSL encryption. Their tasks are short-lived and non-blocking.
Optional integer, defaults to 2 times the count of CPUs.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">maxExecutorCount</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum count of worker threads. Worker threads takes care of potentially blocking tasks like executing SMTP commands.
Optional integer, defaults to 16.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">disabledFeatures</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Extended SMTP features to hide in EHLO responses.</p></td>
</tr>
</tbody>
</table>
<div class="sect2">
<h3 id="_oidc_setup"><a class="anchor" href="#_oidc_setup"></a>OIDC setup</h3>
<div class="paragraph">
<p>James SMTP support XOAUTH2 authentication mechanism which allow authenticating against a OIDC providers.
Please configure <code>auth.oidc</code> part to use this.</p>
</div>
<div class="paragraph">
<p>We do supply an <a href="https://github.com/apache/james-project/tree/master/examples/oidc">example</a> of such a setup.
It uses the Keycloak OIDC provider, but usage of similar technologies is definitely doable.</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_about_open_relays"><a class="anchor" href="#_about_open_relays"></a>About open relays</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Authenticated SMTP is a method of securing your SMTP server. With SMTP AUTH enabled senders who wish to
relay mail through the SMTP server (that is, send mail that is eventually to be delivered to another SMTP
server) must authenticate themselves to Apache James Server before sending their message. Mail that is to be delivered
locally does not require authentication. This method ensures that spammers cannot use your SMTP server
to send unauthorized mail, while still enabling users who may not have fixed IP addresses to send their
messages.</p>
</div>
<div class="paragraph">
<p>Mail servers that allow spammers to send unauthorized email are known as open relays. So SMTP AUTH
is a mechanism for ensuring that your server is not an open relay.</p>
</div>
<div class="paragraph">
<p>It is extremely important that your server not be configured as an open relay. Aside from potential
costs associated with usage by spammers, connections from servers that are determined to be open relays
are routinely rejected by SMTP servers. This can severely impede the ability of your mail server to
send mail.</p>
</div>
<div class="paragraph">
<p>At this time Apache James Server only supports simple user name / password authentication.</p>
</div>
<div class="paragraph">
<p>As mentioned above, SMTP AUTH requires that Apache James Server be able to distinguish between mail intended
for local delivery and mail intended for remote delivery. Apache James Server makes this determination by matching the
domain to which the mail was sent against the <strong>DomainList</strong> component, configured by
<a href="domainlist.html" class="xref page"><strong>domainlist.xml</strong></a>.</p>
</div>
<div class="paragraph">
<p>The Distributed Server is configured out of the box so as to not serve as an open relay for spammers. This is done
by relayed emails originate from a trusted source. This includes:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Authenticated SMTP/JMAP users</p>
</li>
<li>
<p>Mails generated by the server (eg: bounces)</p>
</li>
<li>
<p>Mails originating from a trusted network as configured in <strong>smtpserver.xml</strong></p>
</li>
</ul>
</div>
<div class="paragraph">
<p>If you wish to ensure that authenticated users can only send email from their own account, you may
optionally set the verifyIdentity element of the smtpserver configuration block to "true".</p>
</div>
<div class="sect2">
<h3 id="_verification"><a class="anchor" href="#_verification"></a>Verification</h3>
<div class="paragraph">
<p>Verify that you have not inadvertently configured your server as an open relay. This is most easily
accomplished by using the service provided at <a href="https://mxtoolbox.com/diagnostic.aspx">mxtoolbox.com</a>. mxtoolbox.com will
check your mail server and inform you if it is an open relay. This tool further more verifies additional properties like:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Your DNS configuration, especially that you mail server IP has a valid reverse DNS entry</p>
</li>
<li>
<p>That your SMTP connection is secured</p>
</li>
<li>
<p>That you are not an OpenRelay</p>
</li>
<li>
<p>This website also allow a quick lookup to ensure your mail server is not in public blacklists.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Of course it is also necessary to confirm that users and log in and send
mail through your server. This can be accomplished using any standard mail client (i.e. Thunderbird, Outlook,
Eudora, Evolution).</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_lmtp_configuration"><a class="anchor" href="#_lmtp_configuration"></a>LMTP Configuration</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Consult this <a href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/sample-configuration/lmtpserver.xml">example</a>
to get some examples and hints.</p>
</div>
<div class="paragraph">
<p>The configuration is the same of for SMTP.</p>
</div>
<div class="paragraph">
<p>By default, it is deactivated. You can activate it alongside SMTP and bind for example on port 24.</p>
</div>
<div class="paragraph">
<p>The default LMTP server stores directly emails in user mailboxes, without further treatment.</p>
</div>
<div class="paragraph">
<p>However we do ship an alternative handler chain allowing to execute the mailet container, thus achieving a behaviour similar
to the default SMTP protocol. Here is how to achieve this:</p>
</div>
<div class="literalblock">
<div class="content">
<pre>&lt;lmtpservers&gt;
&lt;lmtpserver enabled="true"&gt;
&lt;jmxName&gt;lmtpserver&lt;/jmxName&gt;
&lt;bind&gt;0.0.0.0:24&lt;/bind&gt;
&lt;connectionBacklog&gt;200&lt;/connectionBacklog&gt;
&lt;connectiontimeout&gt;1200&lt;/connectiontimeout&gt;
&lt;connectionLimit&gt;0&lt;/connectionLimit&gt;
&lt;connectionLimitPerIP&gt;0&lt;/connectionLimitPerIP&gt;
&lt;maxmessagesize&gt;0&lt;/maxmessagesize&gt;
&lt;handlerchain coreHandlersPackage="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"&gt;
&lt;handler class="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"/&gt;
&lt;/handlerchain&gt;
&lt;/lmtpserver&gt;
&lt;/lmtpservers&gt;</pre>
</div>
</div>
<div class="paragraph">
<p>Note that by default the mailet container is executed with all recipients at once and do not allow per recipient
error reporting. An option &lt;code&gt;splitExecution&lt;/code&gt; allow to execute the mailet container for each recipient separately and mitigate this
limitation at the cost of performance.</p>
</div>
<div class="literalblock">
<div class="content">
<pre>&lt;lmtpservers&gt;
&lt;lmtpserver enabled="true"&gt;
&lt;jmxName&gt;lmtpserver&lt;/jmxName&gt;
&lt;bind&gt;0.0.0.0:24&lt;/bind&gt;
&lt;connectionBacklog&gt;200&lt;/connectionBacklog&gt;
&lt;connectiontimeout&gt;1200&lt;/connectiontimeout&gt;
&lt;connectionLimit&gt;0&lt;/connectionLimit&gt;
&lt;connectionLimitPerIP&gt;0&lt;/connectionLimitPerIP&gt;
&lt;maxmessagesize&gt;0&lt;/maxmessagesize&gt;
&lt;handlerchain coreHandlersPackage="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"&gt;
&lt;handler class="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"/&gt;
&lt;handler class="org.apache.james.lmtpserver.MailetContainerHandler"&gt;
&lt;splitExecution&gt;true&lt;/splitExecution&gt;
&lt;/handler&gt;
&lt;/handlerchain&gt;
&lt;/lmtpserver&gt;
&lt;/lmtpservers&gt;</pre>
</div>
</div>
</div>
</div>
</article>
</div>
</main>
</div>
<footer class="footer">
<p>This page was built using the Antora default UI.</p>
<p>The source code for this UI is licensed under the terms of the MPL-2.0 license.</p>
</footer>
<script id="site-script" src="../../../_/js/site.js" data-ui-root-path="../../../_"></script>
<script async src="../../../_/js/vendor/highlight.js"></script>
</body>
</html>