content/server/2.3.2/smtp_auth.html - james-site - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


 <html>
   <head>
     <title>James Server -
   James 2.3 - Using Authenticated SMTP</title>
     <style type="text/css" media="all">
       @import url("./css/maven-base.css");
       @import url("./css/maven-theme.css");
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
         <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
       </head>
   <body class="composite">
     <div id="banner">
                   <a href="http://james.apache.org/index.html" id="bannerLeft">

                                             <img src="images/james-server-logo.gif" alt="" />

             </a>
                         <a href="http://www.apache.org/index.html" id="bannerRight">

                                             <img src="images/asf-logo-reduced.gif" alt="" />

             </a>
             <div class="clear">
         <hr/>
       </div>
     </div>
     <div id="breadcrumbs">


             <div class="xleft">
         Last Published: 09/02/2009
                       </div>
             <div class="xright">      <a href="../../index.html">JAMES Project</a>
           |
           <a href="../../server/index.html">Server</a>
           |
           <a href="../../mailet/index.html">Mailets</a>
           |
           <a href="../../jspf/index.html">jSPF</a>
           |
           <a href="../../mime4j/index.html">Mime4J</a>
           |
           <a href="../../jsieve/index.html">JSieve</a>
           |
           <a href="../../postage/index.html">Postage</a>


   </div>
       <div class="clear">
         <hr/>
       </div>
     </div>
     <div id="leftColumn">
       <div id="navcolumn">


                    <h5>James Server</h5>
         <ul>

     <li class="none">
               <a href="../index.html">Overview</a>
         </li>

     <li class="none">
               <a href="../design_objectives.html">Objectives</a>
         </li>


         <li class="expanded">
               <a href="../FAQ.html">James FAQ</a>
                 <ul>

     <li class="none">
               <a href="../james_and_sendmail.html">James and Sendmail</a>
         </li>
               </ul>
         </li>

     <li class="none">
               <a href="http://wiki.apache.org/james">Wiki</a>
         </li>

     <li class="none">
               <a href="../rfclist.html">Useful RFCs</a>
         </li>
           </ul>
           <h5>Overview</h5>
         <ul>

     <li class="none">
               <a href="index.html">Introduction</a>
         </li>

     <li class="none">
               <a href="release-notes.html">Release Notes</a>
         </li>
           </ul>
           <h5>Concepts</h5>
         <ul>

     <li class="none">
               <a href="summary.html">Summary</a>
         </li>

     <li class="none">
               <a href="spoolmanager.html">SpoolManager</a>
         </li>

     <li class="none">
               <a href="repositories.html">Repositories</a>
         </li>

     <li class="none">
               <a href="mailet_api.html">The Mailet API</a>
         </li>
           </ul>
           <h5>How to...</h5>
         <ul>

     <li class="none">
               <a href="build_instructions.html">Build James</a>
         </li>

     <li class="none">
               <a href="installation_instructions.html">Install James</a>
         </li>
           </ul>
           <h5>Configuration</h5>
         <ul>

     <li class="none">
               <a href="dns_configuration.html">DNS Server</a>
         </li>

     <li class="none">
               <a href="pop3_configuration.html">POP3 Server</a>
         </li>

     <li class="none">
               <a href="smtp_configuration.html">SMTP Server</a>
         </li>

     <li class="none">
               <a href="nntp_configuration.html">NNTP Server</a>
         </li>

     <li class="none">
               <a href="fetchmail_configuration.html">FetchMail</a>
         </li>

     <li class="none">
               <a href="remotemanager_configuration.html">RemoteManager</a>
         </li>

     <li class="none">
               <a href="spoolmanager_configuration.html">SpoolManager</a>
         </li>

     <li class="none">
               <a href="serverwide_configuration.html">Server-wide</a>
         </li>

     <li class="none">
               <a href="adding_users.html">Adding Users</a>
         </li>

     <li class="none">
               <a href="provided_matchers.html">Provided Matchers</a>
         </li>

     <li class="none">
               <a href="provided_mailets.html">Provided Mailets</a>
         </li>
           </ul>
           <h5>Common Configurations</h5>
         <ul>

     <li class="none">
               <strong>Using SMTP AUTH</strong>
         </li>

     <li class="none">
               <a href="using_database.html">Using a Database with James</a>
         </li>

     <li class="none">
               <a href="usingTLS.html">Using TLS/SSL</a>
         </li>

     <li class="none">
               <a href="mailing_lists.html">Creating Mailing Lists</a>
         </li>
           </ul>
           <h5>Customization</h5>
         <ul>

     <li class="none">
               <a href="custom_matcher.html">How to write a custom Matcher</a>
         </li>

     <li class="none">
               <a href="custom_mailet.html">How to write a custom Mailet</a>
         </li>
           </ul>
           <h5>Project</h5>
         <ul>

     <li class="none">
               <a href="changelog.html">Changelog</a>
         </li>
           </ul>
           <h5>Project Documentation</h5>
         <ul>


         <li class="collapsed">
               <a href="project-info.html">Project Information</a>
               </li>


         <li class="collapsed">
               <a href="project-reports.html">Project Reports</a>
               </li>
           </ul>
           <h5>Project</h5>
         <ul>

     <li class="none">
               <a href="http://issues.apache.org/jira/browse/JAMES">Bug Database</a>
         </li>

     <li class="none">
               <a href="http://svn.apache.org/viewvc/james/server/">Source Code</a>
         </li>

     <li class="none">
               <a href="../todo.html">TODO</a>
         </li>
           </ul>
           <h5>Downloads</h5>
         <ul>

     <li class="none">
               <a href="../../download.cgi">Stable releases</a>
         </li>

     <li class="none">
               <a href="../../downloadunstable.cgi">Unstable releases</a>
         </li>

     <li class="none">
               <a href="http://people.apache.org/builds/james/nightly/">Nightly builds</a>
         </li>
           </ul>
                                        <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy">
             <img alt="Built by Maven" src="./images/logos/maven-feather.png"></img>
           </a>


         </div>
     </div>
     <div id="bodyColumn">
       <div id="contentBox">


 <a name="Authenticated SMTP (SMTP AUTH)"></a><div class="section"><h2>Authenticated SMTP (SMTP AUTH)</h2>
 <p>Authenticated SMTP is a method of securing your SMTP server.  With SMTP AUTH enabled senders who wish to
 relay mail through the SMTP server (that is, send mail that is eventually to be delivered to another SMTP
 server) must authenticate themselves to James before sending their message.  Mail that is to be delivered
 locally does not require authentication.  This method ensures that spammers cannot use your SMTP server
 to send unauthorized mail, while still enabling users who may not have fixed IP addresses to send their
 messages.</p>
 <p>Mail servers that allow spammers to send unauthorized email are known as open relays.  So SMTP AUTH
 is a mechanism for ensuring that your server is not an open relay .</p>
 <p>At this time James only supports simple user name / password authentication.</p>
 <a name="Configuring James for Authenticated SMTP"></a><div class="section"><h3>Configuring James for Authenticated SMTP</h3>
 <p>Configuring James for Authentication SMTP is a multi-step process.  It requires several adjustments of
 the config.xml.  To enable SMTP AUTH, do the following:</p>
 <p>First, as mentioned above, SMTP AUTH requires that James be able to distinguish between mail intended
 for local delivery and mail intended for remote delivery.  James makes this determination by matching the
 domain to which the mail was sent against the &lt;servernames&gt; element of the James configuration block.  Any
 local domains should be explicitly listed as &lt;servername&gt; elements in this section.</p>
 <p>Second, James is configured out of the box so as to not serve as an open relay for spammers.  This is done
 by restricting the IP addresses from which mail will be accepted using the RemoteAddrNotInNetwork mailet.  This
 restriction must be lifted before users can send from arbitrary clients.  To do this, comment out or remove the
 mailet tag containing the class attribute &quot;RemoteAddrNotInNetwork&quot;.  This tag can be found in the spoolmanager
 configuration block, in the root processor configuration.</p>
 <p>Third, set the authRequired element of the smtpserver configuration block to &quot;true&quot;.</p>
 <p>Fourth, if you wish to ensure that authenticated users can only send email from their own account, you may
 optionally set the verifyIdentity element of the smtpserver configuration block to &quot;true&quot;.</p>
 <p>Fifth, restart James.  This will pull in all of your configuration changes.</p>
 </div>
 <a name="Verifying Your Configuration"></a><div class="section"><h3>Verifying Your Configuration</h3>
 <p>Finally, you need to verify that your configuration was done correctly.  This step is
 <strong>important</strong> and should not be skipped.</p>
 <p>Verify that you have not inadvertantly configured your server as an open relay. This is most easily
 accomplished by using the service provided at <a href="http://email-test.com/">email-test.com</a>.  Email-test.com will
 check your mail server and inform you if it is an open relay.</p>
 <p>It is extremely important that your server not be configured as an open relay.  Aside from potential
 costs associated with usage by spammers, connections from servers that are determined to be open relays
 are routinely rejected by SMTP servers.  This can severely impede the ability of your mail server to
 send mail.</p>
 <p>Of course it is also necessary to confirm that users and log in and send
 mail through your server.  This can be accomplished using any standard mail client (i.e. Outlook,
 Eudora, Evolution).</p>
 </div>
 </div>


       </div>
     </div>
     <div class="clear">
       <hr/>
     </div>
     <div id="footer">
       <div class="xright">&#169;
           2002-2009

           The Apache Software Foundation


   </div>
       <div class="clear">
         <hr/>
       </div>
     </div>
     <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
     </script>
     <script type="text/javascript">
       _uacct = "UA-1384591-1";
       urchinTracker();
     </script>
   </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">










	<html>
	<head>
	<title>James Server -
	James 2.3 - Using Authenticated SMTP</title>
	<style type="text/css" media="all">
	@import url("./css/maven-base.css");
	@import url("./css/maven-theme.css");
	@import url("./css/site.css");
	</style>
	<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
	</head>
	<body class="composite">
	<div id="banner">
	<a href="http://james.apache.org/index.html" id="bannerLeft">

	<img src="images/james-server-logo.gif" alt="" />

	</a>
	<a href="http://www.apache.org/index.html" id="bannerRight">

	<img src="images/asf-logo-reduced.gif" alt="" />

	</a>
	<div class="clear">
	<hr/>
	</div>
	</div>
	<div id="breadcrumbs">







	<div class="xleft">
	Last Published: 09/02/2009
	</div>
	<div class="xright"> <a href="../../index.html">JAMES Project</a>
	\|
	<a href="../../server/index.html">Server</a>
	\|
	<a href="../../mailet/index.html">Mailets</a>
	\|
	<a href="../../jspf/index.html">jSPF</a>
	\|
	<a href="../../mime4j/index.html">Mime4J</a>
	\|
	<a href="../../jsieve/index.html">JSieve</a>
	\|
	<a href="../../postage/index.html">Postage</a>







	</div>
	<div class="clear">
	<hr/>
	</div>
	</div>
	<div id="leftColumn">
	<div id="navcolumn">







	<h5>James Server</h5>
	<ul>

	<li class="none">
	<a href="../index.html">Overview</a>
	</li>

	<li class="none">
	<a href="../design_objectives.html">Objectives</a>
	</li>





	<li class="expanded">
	<a href="../FAQ.html">James FAQ</a>
	<ul>

	<li class="none">
	<a href="../james_and_sendmail.html">James and Sendmail</a>
	</li>
	</ul>
	</li>

	<li class="none">
	<a href="http://wiki.apache.org/james">Wiki</a>
	</li>

	<li class="none">
	<a href="../rfclist.html">Useful RFCs</a>
	</li>
	</ul>
	<h5>Overview</h5>
	<ul>

	<li class="none">
	<a href="index.html">Introduction</a>
	</li>

	<li class="none">
	<a href="release-notes.html">Release Notes</a>
	</li>
	</ul>
	<h5>Concepts</h5>
	<ul>

	<li class="none">
	<a href="summary.html">Summary</a>
	</li>

	<li class="none">
	<a href="spoolmanager.html">SpoolManager</a>
	</li>

	<li class="none">
	<a href="repositories.html">Repositories</a>
	</li>

	<li class="none">
	<a href="mailet_api.html">The Mailet API</a>
	</li>
	</ul>
	<h5>How to...</h5>
	<ul>

	<li class="none">
	<a href="build_instructions.html">Build James</a>
	</li>

	<li class="none">
	<a href="installation_instructions.html">Install James</a>
	</li>
	</ul>
	<h5>Configuration</h5>
	<ul>

	<li class="none">
	<a href="dns_configuration.html">DNS Server</a>
	</li>

	<li class="none">
	<a href="pop3_configuration.html">POP3 Server</a>
	</li>

	<li class="none">
	<a href="smtp_configuration.html">SMTP Server</a>
	</li>

	<li class="none">
	<a href="nntp_configuration.html">NNTP Server</a>
	</li>

	<li class="none">
	<a href="fetchmail_configuration.html">FetchMail</a>
	</li>

	<li class="none">
	<a href="remotemanager_configuration.html">RemoteManager</a>
	</li>

	<li class="none">
	<a href="spoolmanager_configuration.html">SpoolManager</a>
	</li>

	<li class="none">
	<a href="serverwide_configuration.html">Server-wide</a>
	</li>

	<li class="none">
	<a href="adding_users.html">Adding Users</a>
	</li>

	<li class="none">
	<a href="provided_matchers.html">Provided Matchers</a>
	</li>

	<li class="none">
	<a href="provided_mailets.html">Provided Mailets</a>
	</li>
	</ul>
	<h5>Common Configurations</h5>
	<ul>

	<li class="none">
	<strong>Using SMTP AUTH</strong>
	</li>

	<li class="none">
	<a href="using_database.html">Using a Database with James</a>
	</li>

	<li class="none">
	<a href="usingTLS.html">Using TLS/SSL</a>
	</li>

	<li class="none">
	<a href="mailing_lists.html">Creating Mailing Lists</a>
	</li>
	</ul>
	<h5>Customization</h5>
	<ul>

	<li class="none">
	<a href="custom_matcher.html">How to write a custom Matcher</a>
	</li>

	<li class="none">
	<a href="custom_mailet.html">How to write a custom Mailet</a>
	</li>
	</ul>
	<h5>Project</h5>
	<ul>

	<li class="none">
	<a href="changelog.html">Changelog</a>
	</li>
	</ul>
	<h5>Project Documentation</h5>
	<ul>























	<li class="collapsed">
	<a href="project-info.html">Project Information</a>
	</li>













	<li class="collapsed">
	<a href="project-reports.html">Project Reports</a>
	</li>
	</ul>
	<h5>Project</h5>
	<ul>

	<li class="none">
	<a href="http://issues.apache.org/jira/browse/JAMES">Bug Database</a>
	</li>

	<li class="none">
	<a href="http://svn.apache.org/viewvc/james/server/">Source Code</a>
	</li>

	<li class="none">
	<a href="../todo.html">TODO</a>
	</li>
	</ul>
	<h5>Downloads</h5>
	<ul>

	<li class="none">
	<a href="../../download.cgi">Stable releases</a>
	</li>

	<li class="none">
	<a href="../../downloadunstable.cgi">Unstable releases</a>
	</li>

	<li class="none">
	<a href="http://people.apache.org/builds/james/nightly/">Nightly builds</a>
	</li>
	</ul>
	<a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy">
	<img alt="Built by Maven" src="./images/logos/maven-feather.png"></img>
	</a>







	</div>
	</div>
	<div id="bodyColumn">
	<div id="contentBox">





	<a name="Authenticated SMTP (SMTP AUTH)"></a><div class="section"><h2>Authenticated SMTP (SMTP AUTH)</h2>
	<p>Authenticated SMTP is a method of securing your SMTP server. With SMTP AUTH enabled senders who wish to
	relay mail through the SMTP server (that is, send mail that is eventually to be delivered to another SMTP
	server) must authenticate themselves to James before sending their message. Mail that is to be delivered
	locally does not require authentication. This method ensures that spammers cannot use your SMTP server
	to send unauthorized mail, while still enabling users who may not have fixed IP addresses to send their
	messages.</p>
	<p>Mail servers that allow spammers to send unauthorized email are known as open relays. So SMTP AUTH
	is a mechanism for ensuring that your server is not an open relay .</p>
	<p>At this time James only supports simple user name / password authentication.</p>
	<a name="Configuring James for Authenticated SMTP"></a><div class="section"><h3>Configuring James for Authenticated SMTP</h3>
	<p>Configuring James for Authentication SMTP is a multi-step process. It requires several adjustments of
	the config.xml. To enable SMTP AUTH, do the following:</p>
	<p>First, as mentioned above, SMTP AUTH requires that James be able to distinguish between mail intended
	for local delivery and mail intended for remote delivery. James makes this determination by matching the
	domain to which the mail was sent against the <servernames> element of the James configuration block. Any
	local domains should be explicitly listed as <servername> elements in this section.</p>
	<p>Second, James is configured out of the box so as to not serve as an open relay for spammers. This is done
	by restricting the IP addresses from which mail will be accepted using the RemoteAddrNotInNetwork mailet. This
	restriction must be lifted before users can send from arbitrary clients. To do this, comment out or remove the
	mailet tag containing the class attribute "RemoteAddrNotInNetwork". This tag can be found in the spoolmanager
	configuration block, in the root processor configuration.</p>
	<p>Third, set the authRequired element of the smtpserver configuration block to "true".</p>
	<p>Fourth, if you wish to ensure that authenticated users can only send email from their own account, you may
	optionally set the verifyIdentity element of the smtpserver configuration block to "true".</p>
	<p>Fifth, restart James. This will pull in all of your configuration changes.</p>
	</div>
	<a name="Verifying Your Configuration"></a><div class="section"><h3>Verifying Your Configuration</h3>
	<p>Finally, you need to verify that your configuration was done correctly. This step is
	<strong>important</strong> and should not be skipped.</p>
	<p>Verify that you have not inadvertantly configured your server as an open relay. This is most easily
	accomplished by using the service provided at <a href="http://email-test.com/">email-test.com</a>. Email-test.com will
	check your mail server and inform you if it is an open relay.</p>
	<p>It is extremely important that your server not be configured as an open relay. Aside from potential
	costs associated with usage by spammers, connections from servers that are determined to be open relays
	are routinely rejected by SMTP servers. This can severely impede the ability of your mail server to
	send mail.</p>
	<p>Of course it is also necessary to confirm that users and log in and send
	mail through your server. This can be accomplished using any standard mail client (i.e. Outlook,
	Eudora, Evolution).</p>
	</div>
	</div>


	</div>
	</div>
	<div class="clear">
	<hr/>
	</div>
	<div id="footer">
	<div class="xright">©
	2002-2009

	The Apache Software Foundation







	</div>
	<div class="clear">
	<hr/>
	</div>
	</div>
	<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
	</script>
	<script type="text/javascript">
	_uacct = "UA-1384591-1";
	urchinTracker();
	</script>
	</body>
	</html>