| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width,initial-scale=1"> |
| <title>Distributed James Server — smtpserver.xml :: Apache James</title> |
| <meta name="generator" content="Antora 3.1.2"> |
| <link rel="stylesheet" href="../../../_/css/site.css"> |
| </head> |
| <body class="article"> |
| <header class="header"> |
| <nav class="navbar"> |
| <div class="navbar-brand"> |
| <a class="navbar-item" href="https://james.apache.org"><img src="/_/img/james.svg" alt="james logo"> Apache James</a> |
| <button class="navbar-burger" data-target="topbar-nav"> |
| <span></span> |
| <span></span> |
| <span></span> |
| </button> |
| </div> |
| <div id="topbar-nav" class="navbar-menu"> |
| <div class="navbar-end"> |
| <a class="navbar-item" href="#">Home</a> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Products</a> |
| <div class="navbar-dropdown"> |
| <div class="navbar-item"><strong>James server</strong></div> |
| <a class="navbar-item" href="https://github.com/apache/james-project">Repository</a> |
| <a class="navbar-item" href="https://issues.apache.org/jira/projects/JAMES/issues">Issue Tracker</a> |
| <hr class="navbar-divider"> |
| <a class="navbar-item" href="https://james.apache.org/mime4j/index.html">Mime4J</a> |
| <a class="navbar-item" href="https://james.apache.org/jsieve/index.html">jSieve</a> |
| <a class="navbar-item" href="https://james.apache.org/jspf/index.html">jSPF</a> |
| <a class="navbar-item" href="https://james.apache.org/jdkim/index.html">jDKIM</a> |
| <a class="navbar-item" href="https://james.apache.org/hupa/index.html">HUPA</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Community</a> |
| <div class="navbar-dropdown"> |
| <!-- Not ideal but dropping the version in the href requires tweaking james-projet docs module first --> |
| <a class="navbar-item" href="/james-project/3.6.0/community/mailing-lists.html">Mailing lists</a> |
| <a class="navbar-item" href="https://gitter.im/apache/james-project"><svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 32 32" class="logo-gitter-sign" data-v-44ebcb1a=""><rect x="15" y="5" width="2" height="10"></rect> <rect x="10" y="5" width="2" height="20"></rect> <rect x="5" y="5" width="2" height="20"></rect> <rect width="2" height="15"></rect></svg> Gitter</a> |
| <a class="navbar-item" href="https://twitter.com/ApacheJames"> |
| <span class="icon"> |
| <svg aria-hidden="true" data-icon="twitter" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"> |
| <path fill="#57aaee" d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"></path> |
| </svg> |
| </span> Twitter |
| </a> |
| <a class="navbar-item" href="#"> <svg class="octicon octicon-mark-github v-align-middle" viewBox="0 0 16 16" version="1.1" aria-hidden="true"><path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg> Github</a> |
| </div> |
| </div> |
| <!-- <div class="navbar-item"> |
| <span class="control"> |
| <a class="button is-primary" href="#">Download</a> |
| </span> |
| </div> --> |
| </div> |
| </div> |
| </nav> |
| </header> |
| <div class="body"> |
| <div class="nav-container" data-component="james-distributed-app" data-version="3.8.1"> |
| <aside class="nav"> |
| <div class="panels"> |
| <div class="nav-panel-menu is-active" data-panel="menu"> |
| <nav class="nav-menu"> |
| <button class="nav-menu-toggle" aria-label="Toggle expand/collapse all" style="display: none"></button> |
| <h3 class="title"><a href="../index.html">Apache James Distributed Server</a></h3> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../index.html">Distributed James Application</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../objectives.html">Objectives and motivation</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../architecture/index.html">Architecture</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../architecture/implemented-standards.html">Implemented standards</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../architecture/consistency-model.html">Consistency Model</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../architecture/specialized-instances.html">Specialized instances</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../run/index.html">Run</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../run/run-java.html">Run with Java</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../run/run-docker.html">Run with Docker</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../run/run-kubernetes.html">Run with Kubernetes</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../run/k8s-checklist.html">Deployment Checklist</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../run/k8s-logsMetrics.html">Logs & Metrics</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../run/k8s-values.html">values.yaml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../run/k8s-secrets.html">secrets.yaml</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="index.html">Configuration</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Protocols</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="imap.html">imapserver.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="jmap.html">jmap.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="jmx.html">jmx.properties</a> |
| </li> |
| <li class="nav-item is-current-page" data-depth="4"> |
| <a class="nav-link" href="smtp.html">smtpserver.xml & lmtpserver.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="smtp-hooks.html">Packaged SMTP hooks</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="pop3.html">pop3server.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="webadmin.html">webadmin.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="ssl.html">SSL & TLS</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="sieve.html">Sieve & ManageSieve</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Storage dependencies</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="blobstore.html">blobstore.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="cassandra.html">cassandra.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="opensearch.html">opensearch.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="rabbitmq.html">rabbitmq.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="redis.html">redis.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="tika.html">tika.properties</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Core components</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="batchsizes.html">batchsizes.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="dns.html">dnsservice.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="domainlist.html">domainlist.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="healthcheck.html">healthcheck.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="mailetcontainer.html">mailetcontainer.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="mailets.html">Packaged Mailets</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="matchers.html">Packaged Matchers</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="mailrepositorystore.html">mailrepositorystore.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="recipientrewritetable.html">recipientrewritetable.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="search.html">search.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="usersrepository.html">usersrepository.xml</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Extensions</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="vault.html">deletedMessageVault.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="extensions.html">extensions.properties</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="listeners.html">listeners.xml</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="spam.html">Anti-Spam setup</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="remote-delivery-error-handling.html">About RemoteDelivery error handling</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="collecting-contacts.html">Contact collection</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="collecting-events.html">Event collection</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="dsn.html">ESMTP DSN support</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../operate/index.html">Operate</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/guide.html">Operator guide</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/performanceChecklist.html">Performance checklist</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/logging.html">Logging</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/webadmin.html">WebAdmin REST administration API</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/metrics.html">Metrics</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/migrating.html">Migrating existing data</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/cli.html">Command Line Interface</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/cassandra-migration.html">Cassandra migration</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../operate/security.html">Security checklist</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../extending/index.html">Extending server behavior</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../extending/mail-processing.html">Custom mail processing components</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../extending/mailbox-listeners.html">Custom Mailbox Listeners</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../extending/smtp-hooks.html">Custom SMTP hooks</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../extending/webadmin-routes.html">Custom WebAdmin routes</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../extending/imap.html">Custom IMAP processing</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../benchmark/index.html">Performance benchmark</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../benchmark/db-benchmark.html">Database benchmarks</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../benchmark/james-benchmark.html">James benchmarks</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </nav> |
| </div> |
| <div class="nav-panel-explore" data-panel="explore"> |
| <div class="context"> |
| <span class="title">Apache James Distributed Server</span> |
| <span class="version">3.8.1 SNAPSHOT</span> |
| </div> |
| <ul class="components"> |
| <li class="component is-current"> |
| <div class="title"><a href="../index.html">Apache James Distributed Server</a></div> |
| <ul class="versions"> |
| <li class="version is-current is-latest"> |
| <a href="../index.html">3.8.1 SNAPSHOT</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <div class="title"><a href="../../../james-project/3.8.1/index.html">Apache James Server</a></div> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../../james-project/3.8.1/index.html">3.8.1 SNAPSHOT</a> |
| </li> |
| <li class="version"> |
| <a href="../../../james-project/3.6.0/index.html">3.6.0 Snapshot</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <div class="title"><a href="../../../james-site/latest/index.html">Apache James Site</a></div> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../../james-site/latest/index.html">latest</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </aside> |
| </div> |
| <main class="article"> |
| <div class="toolbar" role="navigation"> |
| <button class="nav-toggle"></button> |
| <a href="../../../james-site/latest/homepage.html" class="home-link"></a> |
| <nav class="breadcrumbs" aria-label="breadcrumbs"> |
| <ul> |
| <li><a href="../index.html">Apache James Distributed Server</a></li> |
| <li><a href="../index.html">Distributed James Application</a></li> |
| <li><a href="index.html">Configuration</a></li> |
| <li>Protocols</li> |
| <li><a href="smtp.html">smtpserver.xml & lmtpserver.xml</a></li> |
| </ul> |
| </nav> |
| <div class="edit-this-page"><a href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc">Edit this Page</a></div> |
| </div> |
| <div class="content"> |
| <aside class="toc sidebar" data-title="Contents" data-levels="2"> |
| <div class="toc-menu"></div> |
| </aside> |
| <article class="doc"> |
| <h1 class="page">Distributed James Server — smtpserver.xml</h1> |
| <div class="sect1"> |
| <h2 id="_incoming_smtp"><a class="anchor" href="#_incoming_smtp"></a>Incoming SMTP</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Consult this <a href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/sample-configuration/smtpserver.xml">example</a> |
| to get some examples and hints.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The SMTP service is controlled by a configuration block in the smptserver.xml. |
| The smtpserver tag defines the boundaries of the configuration block. It encloses |
| all the relevant configuration for the SMTP server. The behavior of the SMTP service is |
| controlled by the attributes and children of this tag.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This tag has an optional boolean attribute - <strong>enabled</strong> - that defines whether the service is active or not. The value defaults to "true" if |
| not present.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The standard children of the smtpserver tag are:</p> |
| </div> |
| <table class="tableblock frame-all grid-all stretch"> |
| <caption class="title">Table 1. smtpserver.xml content</caption> |
| <colgroup> |
| <col style="width: 50%;"> |
| <col style="width: 50%;"> |
| </colgroup> |
| <thead> |
| <tr> |
| <th class="tableblock halign-left valign-top">Property name</th> |
| <th class="tableblock halign-left valign-top">explanation</th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">bind</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">A list of address:port separed by comma - This is an optional value. If present, this value is a string describing |
| the IP address to which this service should be bound. If the tag or value is absent then the service |
| will bind to all network interfaces for the machine on port 25. Port 25 is the well-known/IANA registered port for SMTP. |
| Port 465 is the well-known/IANA registered port for SMTP over TLS.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">connectBacklog</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">The IP address (host name) the MBean Server will bind/listen to.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">tls</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Set to true to support STARTTLS or SSL for the Socket. |
| To use this you need to copy sunjce_provider.jar to /path/james/lib directory. To create a new keystore execute: |
| <code>keytool -genkey -alias james -keyalg RSA -storetype PKCS12 -keystore /path/to/james/conf/keystore</code>. |
| The algorithm is optional and only needs to be specified when using something other |
| than the Sun JCE provider - You could use IbmX509 with IBM Java runtime. |
| Please note that each SMTP/LMTP server exposed on different port can specify its own keystore, independently from any other |
| TLS based protocols.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">helloName</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This is a required tag with an optional body that defines the server name |
| used in the initial service greeting. The tag may have an optional attribute - <strong>autodetect</strong>. If |
| the autodetect attribute is present and true, the service will use the local hostname |
| returned by the Java libraries. If autodetect is absent or false, the body of the tag will be used. In |
| this case, if nobody is present, the value "localhost" will be used.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">connectionTimeout</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag with a non-negative integer body. Connection timeout in seconds.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">connectionLimit</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum simultaneous incoming connections for this service.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">connectionLimitPerIP</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum simultaneous incoming connections per IP for this service.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">proxyRequired</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Enables proxy support for this service for incoming connections. HAProxy’s protocol |
| (<a href="https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt" class="bare">https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt</a>) is used and might be compatible |
| with other proxies (e.g. traefik). If enabled, it is <strong>required</strong> to initiate the connection |
| using HAProxy’s proxy protocol.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">authRequired</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">(deprecated) use auth.announce instead.</p> |
| <p class="tableblock">This is an optional tag with a boolean body. If true, then the server will |
| announce authentication after HELO command. If this tag is absent, or the value |
| is false then the client will not be prompted for authentication. Only simple user/password authentication is |
| supported at this time. Supported values:</p> |
| <p class="tableblock"> * true: announced only to not authorizedAddresses</p> |
| <p class="tableblock"> * false: don’t announce AUTH. If absent, <strong>authorizedAddresses</strong> are set to a wildcard to accept all remote hosts.</p> |
| <p class="tableblock"> * announce: like true, but always announce AUTH capability to clients</p> |
| <p class="tableblock">Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network, |
| regardless of this option.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.announce</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag. Possible values are:</p> |
| <p class="tableblock">* never: Don’t announce auth.</p> |
| <p class="tableblock">* always: always announce AUTH capability to clients.</p> |
| <p class="tableblock">* forUnauthorizedAddresses: announced only to not authorizedAddresses</p> |
| <p class="tableblock">Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network, |
| regardless of this option.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.requireSSL</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag, defaults to true. If true, authentication is not advertised via capabilities on unencrypted |
| channels.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.plainAuthEnabled</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag, defaults to true. If false, AUTH PLAIN and AUTH LOGIN will not be exposed. This setting |
| can be used to enforce strong authentication mechanisms.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.oidcConfigurationURL</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Provide OIDC url address for information to user. Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.jwksURL</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Provide url to get OIDC’s JSON Web Key Set to validate user token. Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.claim</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Claim string uses to identify user. E.g: "email_address". Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.scope</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">An OAuth scope that is valid to access the service (RF: RFC7628). Only configure this when you want to authenticate SMTP server using a OIDC provider.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.introspection.url</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Optional. An OAuth introspection token URL will be called to validate the token (RF: RFC7662). |
| Only configure this when you want to validate the revocation token by the OIDC provider. |
| Note that James always verifies the signature of the token even whether this configuration is provided or not.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.introspection.auth</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Optional. Provide Authorization in header request when introspecting token. |
| Eg: <code>Basic xyz</code></p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">auth.oidc.userinfo.url</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Optional. An Userinfo URL will be called to validate the token (RF: OpenId.Core <a href="https://openid.net/specs/openid-connect-core-1_0.html" class="bare">https://openid.net/specs/openid-connect-core-1_0.html</a>). |
| Only configure this when you want to validate the revocation token by the OIDC provider. |
| Note that James always verifies the signature of the token even whether this configuration is provided or not. |
| James will ignore check token by userInfo if the <code>auth.oidc.introspection.url</code> is already configured</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">authorizedAddresses</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Authorize specific addresses/networks.</p> |
| <p class="tableblock">If you use SMTP AUTH, addresses that match those specified here will |
| be permitted to relay without SMTP AUTH. If you do not use SMTP |
| AUTH, and you specify addresses here, then only addresses that match |
| those specified will be permitted to relay.</p> |
| <p class="tableblock">Addresses may be specified as a IP address or domain name, with an |
| optional netmask, e.g.,</p> |
| <p class="tableblock">127.*, 127.0.0.0/8, 127.0.0.0/255.0.0.0, and localhost/8 are all the same</p> |
| <p class="tableblock">See also the RemoteAddrNotInNetwork matcher in the transport processor. |
| You would generally use one OR the other approach.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">verifyIdentity</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag with a boolean body. This option can only be used |
| if SMTP authentication is required. If the parameter is set to true then the sender address for the submitted message |
| will be verified against the authenticated subject. Verify sender addresses, ensuring that |
| the sender address matches the user who has authenticated. |
| It will verify that the sender address matches the address of the user or one of its alias (from user or domain aliases). |
| This prevents a user of your mail server from acting as someone else |
| If unspecified, default value is true.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">maxmessagesize</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This is an optional tag with a non-negative integer body. It specifies the maximum |
| size, in kbytes, of any message that will be transmitted by this SMTP server. It is a service-wide, as opposed to |
| a per user, limit. If the value is zero then there is no limit. If the tag isn’t specified, the service will |
| default to an unlimited message size. Must be a positive integer, optionally with a unit: B, K, M, G.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">heloEhloEnforcement</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This sets whether to enforce the use of HELO/EHLO salutation before a |
| MAIL command is accepted. If unspecified, the value defaults to true.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">smtpGreeting</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">This sets the SMTPGreeting which will be used when connect to the smtpserver |
| If none is specified a default is generated</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">handlerchain</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">The configuration handler chain. See <a href="smtp-hooks.html" class="xref page">this page</a> for configuring out-of the |
| box extra SMTP handlers and hooks.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">bossWorkerCount</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum count of boss threads. Boss threads are responsible for accepting incoming SMTP connections |
| and initializing associated resources. Optional integer, by default, boss threads are not used and this responsibility is being dealt with |
| by IO threads.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">ioWorkerCount</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum count of IO threads. IO threads are responsible for receiving incoming SMTP messages and framing them |
| (split line by line). IO threads also take care of compression and SSL encryption. Their tasks are short-lived and non-blocking. |
| Optional integer, defaults to 2 times the count of CPUs.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">maxExecutorCount</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Set the maximum count of worker threads. Worker threads takes care of potentially blocking tasks like executing SMTP commands. |
| Optional integer, defaults to 16.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">useEpoll</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">true or false - If true uses native EPOLL implementation for Netty otherwise uses NIO. Defaults to false.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">gracefulShutdown</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">true or false - If true attempts a graceful shutdown, which is safer but can take time. Defaults to true.</p></td> |
| </tr> |
| <tr> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">disabledFeatures</p></td> |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Extended SMTP features to hide in EHLO responses.</p></td> |
| </tr> |
| </tbody> |
| </table> |
| <div class="sect2"> |
| <h3 id="_oidc_setup"><a class="anchor" href="#_oidc_setup"></a>OIDC setup</h3> |
| <div class="paragraph"> |
| <p>James SMTP support XOAUTH2 authentication mechanism which allow authenticating against a OIDC providers. |
| Please configure <code>auth.oidc</code> part to use this.</p> |
| </div> |
| <div class="paragraph"> |
| <p>We do supply an <a href="https://github.com/apache/james-project/tree/master/examples/oidc">example</a> of such a setup. |
| It uses the Keycloak OIDC provider, but usage of similar technologies is definitely doable.</p> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="_about_open_relays"><a class="anchor" href="#_about_open_relays"></a>About open relays</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Authenticated SMTP is a method of securing your SMTP server. With SMTP AUTH enabled senders who wish to |
| relay mail through the SMTP server (that is, send mail that is eventually to be delivered to another SMTP |
| server) must authenticate themselves to Apache James Server before sending their message. Mail that is to be delivered |
| locally does not require authentication. This method ensures that spammers cannot use your SMTP server |
| to send unauthorized mail, while still enabling users who may not have fixed IP addresses to send their |
| messages.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Mail servers that allow spammers to send unauthorized email are known as open relays. So SMTP AUTH |
| is a mechanism for ensuring that your server is not an open relay.</p> |
| </div> |
| <div class="paragraph"> |
| <p>It is extremely important that your server not be configured as an open relay. Aside from potential |
| costs associated with usage by spammers, connections from servers that are determined to be open relays |
| are routinely rejected by SMTP servers. This can severely impede the ability of your mail server to |
| send mail.</p> |
| </div> |
| <div class="paragraph"> |
| <p>At this time Apache James Server only supports simple user name / password authentication.</p> |
| </div> |
| <div class="paragraph"> |
| <p>As mentioned above, SMTP AUTH requires that Apache James Server be able to distinguish between mail intended |
| for local delivery and mail intended for remote delivery. Apache James Server makes this determination by matching the |
| domain to which the mail was sent against the <strong>DomainList</strong> component, configured by |
| <a href="domainlist.html" class="xref page"><strong>domainlist.xml</strong></a>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Distributed Server is configured out of the box so as to not serve as an open relay for spammers. This is done |
| by relayed emails originate from a trusted source. This includes:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>Authenticated SMTP/JMAP users</p> |
| </li> |
| <li> |
| <p>Mails generated by the server (eg: bounces)</p> |
| </li> |
| <li> |
| <p>Mails originating from a trusted network as configured in <strong>smtpserver.xml</strong></p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>If you wish to ensure that authenticated users can only send email from their own account, you may |
| optionally set the verifyIdentity element of the smtpserver configuration block to "true".</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="_verification"><a class="anchor" href="#_verification"></a>Verification</h3> |
| <div class="paragraph"> |
| <p>Verify that you have not inadvertently configured your server as an open relay. This is most easily |
| accomplished by using the service provided at <a href="https://mxtoolbox.com/diagnostic.aspx">mxtoolbox.com</a>. mxtoolbox.com will |
| check your mail server and inform you if it is an open relay. This tool further more verifies additional properties like:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>Your DNS configuration, especially that you mail server IP has a valid reverse DNS entry</p> |
| </li> |
| <li> |
| <p>That your SMTP connection is secured</p> |
| </li> |
| <li> |
| <p>That you are not an OpenRelay</p> |
| </li> |
| <li> |
| <p>This website also allow a quick lookup to ensure your mail server is not in public blacklists.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>Of course it is also necessary to confirm that users and log in and send |
| mail through your server. This can be accomplished using any standard mail client (i.e. Thunderbird, Outlook, |
| Eudora, Evolution).</p> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="_lmtp_configuration"><a class="anchor" href="#_lmtp_configuration"></a>LMTP Configuration</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Consult this <a href="https://github.com/apache/james-project/blob/master/server/apps/distributed-app/sample-configuration/lmtpserver.xml">example</a> |
| to get some examples and hints.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The configuration is the same of for SMTP.</p> |
| </div> |
| <div class="paragraph"> |
| <p>By default, it is deactivated. You can activate it alongside SMTP and bind for example on port 24.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The default LMTP server stores directly emails in user mailboxes, without further treatment.</p> |
| </div> |
| <div class="paragraph"> |
| <p>However we do ship an alternative handler chain allowing to execute the mailet container, thus achieving a behaviour similar |
| to the default SMTP protocol. Here is how to achieve this:</p> |
| </div> |
| <div class="literalblock"> |
| <div class="content"> |
| <pre><lmtpservers> |
| <lmtpserver enabled="true"> |
| <jmxName>lmtpserver</jmxName> |
| <bind>0.0.0.0:24</bind> |
| <connectionBacklog>200</connectionBacklog> |
| <connectiontimeout>1200</connectiontimeout> |
| <connectionLimit>0</connectionLimit> |
| <connectionLimitPerIP>0</connectionLimitPerIP> |
| <maxmessagesize>0</maxmessagesize> |
| <handlerchain coreHandlersPackage="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"> |
| <handler class="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"/> |
| </handlerchain> |
| </lmtpserver> |
| </lmtpservers></pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Note that by default the mailet container is executed with all recipients at once and do not allow per recipient |
| error reporting. An option <code>splitExecution</code> allow to execute the mailet container for each recipient separately and mitigate this |
| limitation at the cost of performance.</p> |
| </div> |
| <div class="literalblock"> |
| <div class="content"> |
| <pre><lmtpservers> |
| <lmtpserver enabled="true"> |
| <jmxName>lmtpserver</jmxName> |
| <bind>0.0.0.0:24</bind> |
| <connectionBacklog>200</connectionBacklog> |
| <connectiontimeout>1200</connectiontimeout> |
| <connectionLimit>0</connectionLimit> |
| <connectionLimitPerIP>0</connectionLimitPerIP> |
| <maxmessagesize>0</maxmessagesize> |
| <handlerchain coreHandlersPackage="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"> |
| <handler class="org.apache.james.lmtpserver.MailetContainerCmdHandlerLoader"/> |
| <handler class="org.apache.james.lmtpserver.MailetContainerHandler"> |
| <splitExecution>true</splitExecution> |
| </handler> |
| </handlerchain> |
| </lmtpserver> |
| </lmtpservers></pre> |
| </div> |
| </div> |
| </div> |
| </div> |
| </article> |
| </div> |
| </main> |
| </div> |
| <footer class="footer"> |
| <p>This page was built using the Antora default UI.</p> |
| <p>The source code for this UI is licensed under the terms of the MPL-2.0 license.</p> |
| </footer> |
| <script id="site-script" src="../../../_/js/site.js" data-ui-root-path="../../../_"></script> |
| <script async src="../../../_/js/vendor/highlight.js"></script> |
| </body> |
| </html> |