Google Git
Sign in
apache / james-site / a92fa6ef34b4ad4bdd3caff9c602c28281ff6677 / . / content / server / 3 / config-smtp-lmtp.html
blob: 15596e5fe93f59ec93b760c08fbe143f6308372c [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Generated by Apache Maven Doxia at 2016-10-20 -->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache James Server 3.0 -
Apache James Server 3 - Configuring the SMTP and LMTP Service</title>
<style type="text/css" media="all">
@import url("./css/james.css");
@import url("./css/maven-base.css");
@import url("./css/maven-theme.css");
@import url("./css/site.css");
@import url("./js/jquery/css/custom-theme/jquery-ui-1.8.5.custom.css");
@import url("./js/jquery/css/print.css");
@import url("./js/fancybox/jquery.fancybox-1.3.4.css");
</style>
<script type="text/javascript" src="./js/jquery/js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="./js/jquery/js/jquery-ui-1.8.5.custom.min.js"></script>
<script type="text/javascript" src="./js/fancybox/jquery.fancybox-1.3.4.js"></script>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
<meta name="Date-Revision-yyyymmdd" content="20161020" />
<meta http-equiv="Content-Language" content="en" />
<link title="DOAP" rel="meta" type="application/rdf+xml" href="http://james.apache.org//doap_james-project.rdf"/>
<!-- Google Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-1384591-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script').item(0); s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body class="composite">
<div id="banner">
<a href="../index.html" id="bannerLeft" title="james-logo.png">
<img src="images/logos/james-logo.png" alt="Apache James Server 3.0" />
</a>
<a href="http://www.apache.org/index.html" id="bannerRight">
<img src="images/logos/asf_logo_small.png" alt="The Apache Software Foundation" />
</a>
<div class="clear">
<hr/>
</div>
</div>
<div id="breadcrumbs">
<div class="xleft">
<span id="publishDate">Last Published: 2016-10-20</span>
</div>
<div class="xright"> <a href="../../index.html" title="Home">Home</a>
|
<a href="../index.html" title="Server">Server</a>
|
<a href="../../hupa/index.html" title="Hupa">Hupa</a>
|
<a href="../../protocols/index.html" title="Protocols">Protocols</a>
|
<a href="../../mailet/index.html" title="Mailets">Mailets</a>
|
<a href="../../mailbox/index.html" title="Mailbox">Mailbox</a>
|
<a href="../../mime4j/index.html" title="Mime4J">Mime4J</a>
|
<a href="../../jsieve/index.html" title="jSieve">jSieve</a>
|
<a href="../../jspf/index.html" title="jSPF">jSPF</a>
|
<a href="../../jdkim/index.html" title="jDKIM">jDKIM</a>
|
<a href="../../mpt/index.html" title="MPT">MPT</a>
|
<a href="../../postage/index.html" title="Postage">Postage</a>
</div>
<div class="clear">
<hr/>
</div>
</div>
<div id="leftColumn">
<div id="navcolumn">
<h5>Overview</h5>
<ul>
<li class="none">
<a href="index.html" title="Introduction">Introduction</a>
</li>
<li class="none">
<a href="release-notes.html" title="Release Notes">Release Notes</a>
</li>
</ul>
<h5>Features</h5>
<ul>
<li class="none">
<a href="feature-mailetcontainer.html" title="Mailet Container">Mailet Container</a>
</li>
<li class="none">
<a href="feature-queue-priority.html" title="Queue Priority">Queue Priority</a>
</li>
<li class="none">
<a href="feature-persistence.html" title="Persistence">Persistence</a>
</li>
<li class="none">
<a href="feature-protocols.html" title="Protocols">Protocols</a>
</li>
<li class="none">
<a href="feature-smtp-hooks.html" title="SMTP Hooks">SMTP Hooks</a>
</li>
<li class="none">
<a href="feature-performance.html" title="Performance">Performance</a>
</li>
<li class="none">
<a href="feature-security.html" title="Security">Security</a>
</li>
</ul>
<h5>User Manual</h5>
<ul>
<li class="none">
<a href="quick-start.html" title="1. Quick Start">1. Quick Start</a>
</li>
<li class="none">
<a href="install.html" title="2. Install James">2. Install James</a>
</li>
<li class="expanded">
<a href="config.html" title="3. Configure James">3. Configure James</a>
<ul>
<li class="none">
<a href="config-system.html" title="System">System</a>
</li>
<li class="none">
<a href="config-domainlist.html" title="Domain List">Domain List</a>
</li>
<li class="none">
<a href="config-users.html" title="Users">Users</a>
</li>
<li class="none">
<a href="config-recipientrewritetable.html" title="Recipient Rewrite">Recipient Rewrite</a>
</li>
<li class="none">
<a href="config-mailbox.html" title="Mailbox">Mailbox</a>
</li>
<li class="none">
<a href="config-mailrepositorystore.html" title="Mail Repository Stores">Mail Repository Stores</a>
</li>
<li class="none">
<a href="config-dnsservice.html" title="DNS Service">DNS Service</a>
</li>
<li class="none">
<strong>SMTP LMTP</strong>
</li>
<li class="none">
<a href="config-pop3.html" title="POP3">POP3</a>
</li>
<li class="none">
<a href="config-imap4.html" title="IMAP4">IMAP4</a>
</li>
<li class="none">
<a href="config-mailetcontainer.html" title="Mailet Container">Mailet Container</a>
</li>
<li class="none">
<a href="config-fetchmail.html" title="FetchMail">FetchMail</a>
</li>
<li class="none">
<a href="config-ssl-tls.html" title="SSL/TLS">SSL/TLS</a>
</li>
<li class="none">
<a href="config-sieve.html" title="Sieve">Sieve</a>
</li>
<li class="none">
<a href="config-antispam.html" title="Anti Spam">Anti Spam</a>
</li>
</ul>
</li>
<li class="collapsed">
<a href="manage.html" title="4. Manage">4. Manage</a>
</li>
<li class="collapsed">
<a href="monitor.html" title="5. Monitor">5. Monitor</a>
</li>
<li class="collapsed">
<a href="upgrade.html" title="6. Upgrade">6. Upgrade</a>
</li>
</ul>
<h5>Developers Corner</h5>
<ul>
<li class="none">
<a href="dev.html" title="Architecture">Architecture</a>
</li>
<li class="none">
<a href="dev-build.html" title="Build from source">Build from source</a>
</li>
<li class="none">
<a href="dev-database-schema.html" title="Database Schema">Database Schema</a>
</li>
<li class="collapsed">
<a href="dev-extend.html" title="Develop Extensions">Develop Extensions</a>
</li>
<li class="collapsed">
<a href="dev-provided.html" title="Provided Extensions">Provided Extensions</a>
</li>
</ul>
<h5>References</h5>
<ul>
<li class="none">
<a href="apidocs/index.html" title="Javadoc">Javadoc</a>
</li>
<li class="none">
<a href="https://issues.apache.org/jira/browse/JAMES" title="Issue Tracker">Issue Tracker</a>
</li>
</ul>
<h5>About James</h5>
<ul>
<li class="none">
<a href="../../index.html" title="Overview">Overview</a>
</li>
<li class="none">
<a href="../../newsarchive.html" title="News">News</a>
</li>
<li class="none">
<a href="../../mail.html" title="Mailing Lists">Mailing Lists</a>
</li>
<li class="none">
<a href="../../contribute.html" title="Contributing">Contributing</a>
</li>
<li class="none">
<a href="../../guidelines.html" title="Guidelines">Guidelines</a>
</li>
<li class="none">
<a href="http://wiki.apache.org/james" title="Wiki">Wiki</a>
</li>
<li class="none">
<a href="../../team-list.html" title="Who We Are">Who We Are</a>
</li>
<li class="none">
<a href="../../license.html" title="License">License</a>
</li>
<li class="none">
<a href="../../thanks.html" title="Thanks">Thanks</a>
</li>
<li class="none">
<a href="../../support.html" title="Professional support">Professional support</a>
</li>
</ul>
<h5>Download</h5>
<ul>
<li class="none">
<a href="../../download.cgi" title="Releases">Releases</a>
</li>
</ul>
<h5>Apache Software Foundation</h5>
<ul>
<li>
<strong>
<a title="ASF" href="http://www.apache.org/">ASF</a>
</strong>
</li>
<li>
<a title="Get Involved" href="http://www.apache.org/foundation/getinvolved.html">Get Involved</a>
</li>
<li>
<a title="FAQ" href="http://www.apache.org/foundation/faq.html">FAQ</a>
</li>
<li>
<a title="License" href="http://www.apache.org/licenses/" >License</a>
</li>
<li>
<a title="Sponsorship" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
</li>
<li>
<a title="Thanks" href="http://www.apache.org/foundation/thanks.html">Thanks</a>
</li>
<li>
<a title="Security" href="http://www.apache.org/security/">Security</a>
</li>
</ul>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
<img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
</a>
</div>
</div>
<div id="bodyColumn">
<div id="contentBox">
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License. -->
<div class="section">
<h2>Incoming and outgoing SMTP<a name="Incoming_and_outgoing_SMTP"></a></h2>
<p>This page details the configuration for Incoming SMTP</p>
<p>The outgoing (remote delivery) is implemented in the RemoteDelivery mailets. The configuration details for
outgoing SMTP traffic can be read on <a href="dev-provided-mailets.html">this page</a> (section RemoteDelivery) and
shoud be update in the <a href="config-mailetcontainer.html">mailetcontainer</a>.</p>
</div>
<div class="section">
<h2>SMTP Configuration<a name="SMTP_Configuration"></a></h2>
<p>Consult <a class="externalLink" href="https://github.com/apache/james-project/tree/master/server/app/src/main/resources/smtpserver-template.xml">smtpserver-template.xml</a> in GIT to get some examples and hints.</p>
<p>The SMTP service is controlled by a configuration block in the smptserver.xml.
The smtpserver tag defines the boundaries of the configuration block. It encloses
all the relevant configuration for the SMTP server. The behavior of the SMTP service is
controlled by the attributes and children of this tag.</p>
<p>This tag has an optional boolean attribute - <b>enabled</b> - that defines whether the service is active or not. The value defaults to &quot;true&quot; if
not present.</p>
<p>The standard children of the smtpserver tag are:</p>
<dl>
<dt><b>bind</b></dt>
<dd>A list of address:port - This is an optional value. If present, this value is a string describing
the IP address to which this service should be bound. If the tag or value is absent then the service
will bind to all network interfaces for the machine on port 25. Port 25 is the well-known/IANA registered port for SMTP.
Port 465 is the well-known/IANA registered port for SMTP over TLS.</dd>
<dt><b>connectBacklog</b></dt>
<dd></dd>
<dt><b>tls</b></dt>
<dd>Set to true to support STARTTLS or SSL for the Socket.
To use this you need to copy sunjce_provider.jar to /path/james/lib directory. To create a new keystore execute:
keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore. The algorithm is optional and only needs to be specified when using something other
than the Sun JCE provider - You could use IbmX509 with IBM Java runtime.</dd>
<dt><b>handler.helloName</b></dt>
<dd>This is a required tag with an optional body that defines the server name
used in the initial service greeting. The tag may have an optional attribute - <b>autodetect</b>. If
the autodetect attribute is present and true, the service will use the local hostname
returned by the Java libraries. If autodetect is absent or false, the body of the tag will be used. In
this case, if no body is present, the value &quot;localhost&quot; will be used.</dd>
<dt><b>handler.connectionTimeout</b></dt>
<dd>This is an optional tag with a non-negative integer body. Connection timeout in secconds.</dd>
<dt><b>handler.connectionLimit</b></dt>
<dd>Set the maximum simultaneous incoming connections for this service.</dd>
<dt><b>handler.connectionLimitPerIP</b></dt>
<dd>Set the maximum simultaneous incoming connections per IP for this service.</dd>
<dt><b>handler.authRequired</b></dt>
<dd>This is an optional tag with a boolean body. If true, then the server will
require authentication before delivering mail to non-local email addresses. If this tag is absent, or the value
is false then the client will not be prompted for authentication. Only simple user/password authentication is
supported at this time. supported values:
true: required but announced only to not authorizedAddresses
false: don't use AUTH
announce: like true, but always announce AUTH capability to clients
The correct behaviour per RFC value would be false or announce
but we still support true for backward compatibility and because
some webmail client fails when AUTH is announced but no authentication
information has been provided</dd>
<dt><b>handler.authorizedAddresses</b></dt>
<dd>Authorize specific addresses/networks.
If you use SMTP AUTH, addresses that match those specified here will
be permitted to relay without SMTP AUTH. If you do not use SMTP
AUTH, and you specify addreses here, then only addresses that match
those specified will be permitted to relay.
Addresses may be specified as a an IP address or domain name, with an
optional netmask, e.g.,
127.*, 127.0.0.0/8, 127.0.0.0/255.0.0.0, and localhost/8 are all the same
See also the RemoteAddrNotInNetwork matcher in the transport processor.
You would generally use one OR the other approach.</dd>
<dt><b>handler.verifyIdentity</b></dt>
<dd>This is an optional tag with a boolean body. This option can only be used
if SMTP authentication is required. If the parameter is set to true then the sender address for the submitted message
will be verified against the authenticated subject. Verify sender addresses, ensuring that
the sender address matches the user who has authenticated.
This prevents a user of your mail server from acting as someone else
If unspecified, default value is true.</dd>
<dt><b>handler.maxmessagesize</b></dt>
<dd>This is an optional tag with a non-negative integer body. It specifies the maximum
size, in kbytes, of any message that will be transmitted by this SMTP server. It is a service-wide, as opposed to
a per user, limit. If the value is zero then there is no limit. If the tag isn't specified, the service will
default to an unlimited message size.</dd>
<dt><b>handler.heloEhloEnforcement</b></dt>
<dd>This sets wether to enforce the use of HELO/EHLO salutation before a
MAIL command is accepted. If unspecified, the value defaults to true.</dd>
<dt><b>handler.addressBracketsEnforcement</b></dt>
<dd>WARNING: This is Non-RFC compliant (default value: true)
See: http://wiki.apache.org/james/StandardsComplianceStatement</dd>
<dt><b>handler.smtpGreeting</b></dt>
<dd>This sets the SMTPGreeting which will be used when connect to the smtpserver
If none is specified a default is generated</dd>
<dt><b>handler.handlerchain</b></dt>
<dd></dd>
<dt><b>handler.handlerchain</b></dt>
<dd>The configuration handler chain</dd>
</dl>
<div class="section">
<h3>Configure Authenticated SMTP (SMTP AUTH)<a name="Configure_Authenticated_SMTP_SMTP_AUTH"></a></h3>
<p>Authenticated SMTP is a method of securing your SMTP server. With SMTP AUTH enabled senders who wish to
relay mail through the SMTP server (that is, send mail that is eventually to be delivered to another SMTP
server) must authenticate themselves to Apache James Server before sending their message. Mail that is to be delivered
locally does not require authentication. This method ensures that spammers cannot use your SMTP server
to send unauthorized mail, while still enabling users who may not have fixed IP addresses to send their
messages.</p>
<p>Mail servers that allow spammers to send unauthorized email are known as open relays. So SMTP AUTH
is a mechanism for ensuring that your server is not an open relay .</p>
<p>At this time Apache James Server only supports simple user name / password authentication.</p>
<p>Configuring Apache James Server for Authentication SMTP is a multi-step process. It requires several adjustments of
the smtpserver.xml. To enable SMTP AUTH, do the following:</p>
<ol style="list-style-type: decimal">
<li>As mentioned above, SMTP AUTH requires that Apache James Server be able to distinguish between mail intended
for local delivery and mail intended for remote delivery. Apache James Server makes this determination by matching the
domain to which the mail was sent against the &lt;servernames&gt; element of the Apache James Server configuration block. Any
local domains should be explicitly listed as &lt;servername&gt; elements in this section.</li>
<!-- Correct this.
<li>Apache James Server is configured out of the box so as to not serve as an open relay for spammers. This is done
by restricting the IP addresses from which mail will be accepted using the RemoteAddrNotInNetwork mailet. This
restriction must be lifted before users can send from arbitrary clients. To do this, comment out or remove the
mailet tag containing the class attribute "RemoteAddrNotInNetwork". This tag can be found in the spoolmanager
configuration block, in the root processor configuration.</li> -->
<li>set the authRequired element of the smtpserver configuration block to &quot;true&quot;.</li>
<li>if you wish to ensure that authenticated users can only send email from their own account, you may
optionally set the verifyIdentity element of the smtpserver configuration block to &quot;true&quot;.</li>
<li>Restart Apache James Server. This will pull in all of your configuration changes.</li>
</ol>
<p>Finally, you need to verify that your configuration was done correctly. This step is
<b>important</b> and should not be skipped.</p>
<p>Verify that you have not inadvertantly configured your server as an open relay. This is most easily
accomplished by using the service provided at <a class="externalLink" href="http://www.abuse.net/relay.html">abuse.net</a>. abuse.net will
check your mail server and inform you if it is an open relay.</p>
<p>It is extremely important that your server not be configured as an open relay. Aside from potential
costs associated with usage by spammers, connections from servers that are determined to be open relays
are routinely rejected by SMTP servers. This can severely impede the ability of your mail server to
send mail.</p>
<p>Of course it is also necessary to confirm that users and log in and send
mail through your server. This can be accomplished using any standard mail client (i.e. Thunderbird, Outlook,
Eudora, Evolution).</p>
</div>
<div class="section">
<h3>Configure multiple SMTP servers<a name="Configure_multiple_SMTP_servers"></a></h3>
<!-- <p>Read <a href="https://issues.apache.org/jira/browse/JAMES-1105">https://issues.apache.org/jira/browse/JAMES-1105</a>
for ideas to have multiple SMTP port open.</p> -->
</div>
</div>
<div class="section">
<h2>LMTP Configuration<a name="LMTP_Configuration"></a></h2>
<p>Consult <a class="externalLink" href="https://github.com/apache/james-project/tree/master/server/app/src/main/resources/lmtpserver-template.xml">lmtpserver-template.xml</a> in GIT to get some examples and hints.</p>
<p>The configuration is the same of for SMTP.</p>
<p>By default, it is desactivated. You can activate it with SMTP and bind for example on port 24.</p>
</div>
</div>
</div>
<div class="clear">
<hr/>
</div>
<div id="footer">
<div class="xright">Copyright &#169; 2002-2016
<a href="http://www.apache.org/">The Apache Software Foundation</a>.
All Rights Reserved.
</div>
<div class="clear">
<hr/>
</div>
</div>
</body>
</html>