| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <!-- Generated by Apache Maven Doxia at 2016-10-20 --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> |
| <title>Apache James Server 3.0 - |
| Apache James Server 3 - Configuring the SMTP and LMTP Service</title> |
| <style type="text/css" media="all"> |
| @import url("./css/james.css"); |
| @import url("./css/maven-base.css"); |
| @import url("./css/maven-theme.css"); |
| @import url("./css/site.css"); |
| @import url("./js/jquery/css/custom-theme/jquery-ui-1.8.5.custom.css"); |
| @import url("./js/jquery/css/print.css"); |
| @import url("./js/fancybox/jquery.fancybox-1.3.4.css"); |
| </style> |
| <script type="text/javascript" src="./js/jquery/js/jquery-1.4.2.min.js"></script> |
| <script type="text/javascript" src="./js/jquery/js/jquery-ui-1.8.5.custom.min.js"></script> |
| <script type="text/javascript" src="./js/fancybox/jquery.fancybox-1.3.4.js"></script> |
| <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> |
| <meta name="Date-Revision-yyyymmdd" content="20161020" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| |
| <link title="DOAP" rel="meta" type="application/rdf+xml" href="http://james.apache.org//doap_james-project.rdf"/> |
| |
| <!-- Google Analytics --> |
| <script type="text/javascript"> |
| |
| var _gaq = _gaq || []; |
| _gaq.push(['_setAccount', 'UA-1384591-1']); |
| _gaq.push(['_trackPageview']); |
| |
| (function() { |
| var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; |
| ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; |
| var s = document.getElementsByTagName('script').item(0); s.parentNode.insertBefore(ga, s); |
| })(); |
| |
| </script> |
| </head> |
| <body class="composite"> |
| <div id="banner"> |
| <a href="../index.html" id="bannerLeft" title="james-logo.png"> |
| |
| |
| <img src="images/logos/james-logo.png" alt="Apache James Server 3.0" /> |
| </a> |
| <a href="http://www.apache.org/index.html" id="bannerRight"> |
| |
| |
| <img src="images/logos/asf_logo_small.png" alt="The Apache Software Foundation" /> |
| </a> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="breadcrumbs"> |
| |
| |
| <div class="xleft"> |
| <span id="publishDate">Last Published: 2016-10-20</span> |
| </div> |
| <div class="xright"> <a href="../../index.html" title="Home">Home</a> |
| | |
| <a href="../index.html" title="Server">Server</a> |
| | |
| <a href="../../hupa/index.html" title="Hupa">Hupa</a> |
| | |
| <a href="../../protocols/index.html" title="Protocols">Protocols</a> |
| | |
| <a href="../../mailet/index.html" title="Mailets">Mailets</a> |
| | |
| <a href="../../mailbox/index.html" title="Mailbox">Mailbox</a> |
| | |
| <a href="../../mime4j/index.html" title="Mime4J">Mime4J</a> |
| | |
| <a href="../../jsieve/index.html" title="jSieve">jSieve</a> |
| | |
| <a href="../../jspf/index.html" title="jSPF">jSPF</a> |
| | |
| <a href="../../jdkim/index.html" title="jDKIM">jDKIM</a> |
| | |
| <a href="../../mpt/index.html" title="MPT">MPT</a> |
| | |
| <a href="../../postage/index.html" title="Postage">Postage</a> |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="leftColumn"> |
| <div id="navcolumn"> |
| |
| |
| <h5>Overview</h5> |
| <ul> |
| <li class="none"> |
| <a href="index.html" title="Introduction">Introduction</a> |
| </li> |
| <li class="none"> |
| <a href="release-notes.html" title="Release Notes">Release Notes</a> |
| </li> |
| </ul> |
| <h5>Features</h5> |
| <ul> |
| <li class="none"> |
| <a href="feature-mailetcontainer.html" title="Mailet Container">Mailet Container</a> |
| </li> |
| <li class="none"> |
| <a href="feature-queue-priority.html" title="Queue Priority">Queue Priority</a> |
| </li> |
| <li class="none"> |
| <a href="feature-persistence.html" title="Persistence">Persistence</a> |
| </li> |
| <li class="none"> |
| <a href="feature-protocols.html" title="Protocols">Protocols</a> |
| </li> |
| <li class="none"> |
| <a href="feature-smtp-hooks.html" title="SMTP Hooks">SMTP Hooks</a> |
| </li> |
| <li class="none"> |
| <a href="feature-performance.html" title="Performance">Performance</a> |
| </li> |
| <li class="none"> |
| <a href="feature-security.html" title="Security">Security</a> |
| </li> |
| </ul> |
| <h5>User Manual</h5> |
| <ul> |
| <li class="none"> |
| <a href="quick-start.html" title="1. Quick Start">1. Quick Start</a> |
| </li> |
| <li class="none"> |
| <a href="install.html" title="2. Install James">2. Install James</a> |
| </li> |
| <li class="expanded"> |
| <a href="config.html" title="3. Configure James">3. Configure James</a> |
| <ul> |
| <li class="none"> |
| <a href="config-system.html" title="System">System</a> |
| </li> |
| <li class="none"> |
| <a href="config-domainlist.html" title="Domain List">Domain List</a> |
| </li> |
| <li class="none"> |
| <a href="config-users.html" title="Users">Users</a> |
| </li> |
| <li class="none"> |
| <a href="config-recipientrewritetable.html" title="Recipient Rewrite">Recipient Rewrite</a> |
| </li> |
| <li class="none"> |
| <a href="config-mailbox.html" title="Mailbox">Mailbox</a> |
| </li> |
| <li class="none"> |
| <a href="config-mailrepositorystore.html" title="Mail Repository Stores">Mail Repository Stores</a> |
| </li> |
| <li class="none"> |
| <a href="config-dnsservice.html" title="DNS Service">DNS Service</a> |
| </li> |
| <li class="none"> |
| <strong>SMTP LMTP</strong> |
| </li> |
| <li class="none"> |
| <a href="config-pop3.html" title="POP3">POP3</a> |
| </li> |
| <li class="none"> |
| <a href="config-imap4.html" title="IMAP4">IMAP4</a> |
| </li> |
| <li class="none"> |
| <a href="config-mailetcontainer.html" title="Mailet Container">Mailet Container</a> |
| </li> |
| <li class="none"> |
| <a href="config-fetchmail.html" title="FetchMail">FetchMail</a> |
| </li> |
| <li class="none"> |
| <a href="config-ssl-tls.html" title="SSL/TLS">SSL/TLS</a> |
| </li> |
| <li class="none"> |
| <a href="config-sieve.html" title="Sieve">Sieve</a> |
| </li> |
| <li class="none"> |
| <a href="config-antispam.html" title="Anti Spam">Anti Spam</a> |
| </li> |
| </ul> |
| </li> |
| <li class="collapsed"> |
| <a href="manage.html" title="4. Manage">4. Manage</a> |
| </li> |
| <li class="collapsed"> |
| <a href="monitor.html" title="5. Monitor">5. Monitor</a> |
| </li> |
| <li class="collapsed"> |
| <a href="upgrade.html" title="6. Upgrade">6. Upgrade</a> |
| </li> |
| </ul> |
| <h5>Developers Corner</h5> |
| <ul> |
| <li class="none"> |
| <a href="dev.html" title="Architecture">Architecture</a> |
| </li> |
| <li class="none"> |
| <a href="dev-build.html" title="Build from source">Build from source</a> |
| </li> |
| <li class="none"> |
| <a href="dev-database-schema.html" title="Database Schema">Database Schema</a> |
| </li> |
| <li class="collapsed"> |
| <a href="dev-extend.html" title="Develop Extensions">Develop Extensions</a> |
| </li> |
| <li class="collapsed"> |
| <a href="dev-provided.html" title="Provided Extensions">Provided Extensions</a> |
| </li> |
| </ul> |
| <h5>References</h5> |
| <ul> |
| <li class="none"> |
| <a href="apidocs/index.html" title="Javadoc">Javadoc</a> |
| </li> |
| <li class="none"> |
| <a href="https://issues.apache.org/jira/browse/JAMES" title="Issue Tracker">Issue Tracker</a> |
| </li> |
| </ul> |
| <h5>About James</h5> |
| <ul> |
| <li class="none"> |
| <a href="../../index.html" title="Overview">Overview</a> |
| </li> |
| <li class="none"> |
| <a href="../../newsarchive.html" title="News">News</a> |
| </li> |
| <li class="none"> |
| <a href="../../mail.html" title="Mailing Lists">Mailing Lists</a> |
| </li> |
| <li class="none"> |
| <a href="../../contribute.html" title="Contributing">Contributing</a> |
| </li> |
| <li class="none"> |
| <a href="../../guidelines.html" title="Guidelines">Guidelines</a> |
| </li> |
| <li class="none"> |
| <a href="http://wiki.apache.org/james" title="Wiki">Wiki</a> |
| </li> |
| <li class="none"> |
| <a href="../../team-list.html" title="Who We Are">Who We Are</a> |
| </li> |
| <li class="none"> |
| <a href="../../license.html" title="License">License</a> |
| </li> |
| <li class="none"> |
| <a href="../../thanks.html" title="Thanks">Thanks</a> |
| </li> |
| <li class="none"> |
| <a href="../../support.html" title="Professional support">Professional support</a> |
| </li> |
| </ul> |
| <h5>Download</h5> |
| <ul> |
| <li class="none"> |
| <a href="../../download.cgi" title="Releases">Releases</a> |
| </li> |
| </ul> |
| <h5>Apache Software Foundation</h5> |
| <ul> |
| <li> |
| <strong> |
| <a title="ASF" href="http://www.apache.org/">ASF</a> |
| </strong> |
| </li> |
| <li> |
| <a title="Get Involved" href="http://www.apache.org/foundation/getinvolved.html">Get Involved</a> |
| </li> |
| <li> |
| <a title="FAQ" href="http://www.apache.org/foundation/faq.html">FAQ</a> |
| </li> |
| <li> |
| <a title="License" href="http://www.apache.org/licenses/" >License</a> |
| </li> |
| <li> |
| <a title="Sponsorship" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a> |
| </li> |
| <li> |
| <a title="Thanks" href="http://www.apache.org/foundation/thanks.html">Thanks</a> |
| </li> |
| <li> |
| <a title="Security" href="http://www.apache.org/security/">Security</a> |
| </li> |
| </ul> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"> |
| <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /> |
| </a> |
| |
| |
| </div> |
| </div> |
| <div id="bodyColumn"> |
| <div id="contentBox"> |
| <!-- Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. --> |
| |
| |
| |
| <div class="section"> |
| <h2>Incoming and outgoing SMTP<a name="Incoming_and_outgoing_SMTP"></a></h2> |
| |
| |
| <p>This page details the configuration for Incoming SMTP</p> |
| |
| |
| <p>The outgoing (remote delivery) is implemented in the RemoteDelivery mailets. The configuration details for |
| outgoing SMTP traffic can be read on <a href="dev-provided-mailets.html">this page</a> (section RemoteDelivery) and |
| shoud be update in the <a href="config-mailetcontainer.html">mailetcontainer</a>.</p> |
| |
| </div> |
| |
| |
| <div class="section"> |
| <h2>SMTP Configuration<a name="SMTP_Configuration"></a></h2> |
| |
| |
| <p>Consult <a class="externalLink" href="https://github.com/apache/james-project/tree/master/server/app/src/main/resources/smtpserver-template.xml">smtpserver-template.xml</a> in GIT to get some examples and hints.</p> |
| |
| |
| <p>The SMTP service is controlled by a configuration block in the smptserver.xml. |
| The smtpserver tag defines the boundaries of the configuration block. It encloses |
| all the relevant configuration for the SMTP server. The behavior of the SMTP service is |
| controlled by the attributes and children of this tag.</p> |
| |
| |
| <p>This tag has an optional boolean attribute - <b>enabled</b> - that defines whether the service is active or not. The value defaults to "true" if |
| not present.</p> |
| |
| |
| <p>The standard children of the smtpserver tag are:</p> |
| |
| |
| <dl> |
| |
| <dt><b>bind</b></dt> |
| |
| <dd>A list of address:port - This is an optional value. If present, this value is a string describing |
| the IP address to which this service should be bound. If the tag or value is absent then the service |
| will bind to all network interfaces for the machine on port 25. Port 25 is the well-known/IANA registered port for SMTP. |
| Port 465 is the well-known/IANA registered port for SMTP over TLS.</dd> |
| |
| <dt><b>connectBacklog</b></dt> |
| |
| <dd></dd> |
| |
| <dt><b>tls</b></dt> |
| |
| <dd>Set to true to support STARTTLS or SSL for the Socket. |
| To use this you need to copy sunjce_provider.jar to /path/james/lib directory. To create a new keystore execute: |
| keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore. The algorithm is optional and only needs to be specified when using something other |
| than the Sun JCE provider - You could use IbmX509 with IBM Java runtime.</dd> |
| |
| <dt><b>handler.helloName</b></dt> |
| |
| <dd>This is a required tag with an optional body that defines the server name |
| used in the initial service greeting. The tag may have an optional attribute - <b>autodetect</b>. If |
| the autodetect attribute is present and true, the service will use the local hostname |
| returned by the Java libraries. If autodetect is absent or false, the body of the tag will be used. In |
| this case, if no body is present, the value "localhost" will be used.</dd> |
| |
| <dt><b>handler.connectionTimeout</b></dt> |
| |
| <dd>This is an optional tag with a non-negative integer body. Connection timeout in secconds.</dd> |
| |
| <dt><b>handler.connectionLimit</b></dt> |
| |
| <dd>Set the maximum simultaneous incoming connections for this service.</dd> |
| |
| <dt><b>handler.connectionLimitPerIP</b></dt> |
| |
| <dd>Set the maximum simultaneous incoming connections per IP for this service.</dd> |
| |
| <dt><b>handler.authRequired</b></dt> |
| |
| <dd>This is an optional tag with a boolean body. If true, then the server will |
| require authentication before delivering mail to non-local email addresses. If this tag is absent, or the value |
| is false then the client will not be prompted for authentication. Only simple user/password authentication is |
| supported at this time. supported values: |
| true: required but announced only to not authorizedAddresses |
| false: don't use AUTH |
| announce: like true, but always announce AUTH capability to clients |
| |
| The correct behaviour per RFC value would be false or announce |
| but we still support true for backward compatibility and because |
| some webmail client fails when AUTH is announced but no authentication |
| information has been provided</dd> |
| |
| <dt><b>handler.authorizedAddresses</b></dt> |
| |
| <dd>Authorize specific addresses/networks. |
| If you use SMTP AUTH, addresses that match those specified here will |
| be permitted to relay without SMTP AUTH. If you do not use SMTP |
| AUTH, and you specify addreses here, then only addresses that match |
| those specified will be permitted to relay. |
| |
| Addresses may be specified as a an IP address or domain name, with an |
| optional netmask, e.g., |
| |
| 127.*, 127.0.0.0/8, 127.0.0.0/255.0.0.0, and localhost/8 are all the same |
| |
| See also the RemoteAddrNotInNetwork matcher in the transport processor. |
| You would generally use one OR the other approach.</dd> |
| |
| <dt><b>handler.verifyIdentity</b></dt> |
| |
| <dd>This is an optional tag with a boolean body. This option can only be used |
| if SMTP authentication is required. If the parameter is set to true then the sender address for the submitted message |
| will be verified against the authenticated subject. Verify sender addresses, ensuring that |
| the sender address matches the user who has authenticated. |
| This prevents a user of your mail server from acting as someone else |
| If unspecified, default value is true.</dd> |
| |
| <dt><b>handler.maxmessagesize</b></dt> |
| |
| <dd>This is an optional tag with a non-negative integer body. It specifies the maximum |
| size, in kbytes, of any message that will be transmitted by this SMTP server. It is a service-wide, as opposed to |
| a per user, limit. If the value is zero then there is no limit. If the tag isn't specified, the service will |
| default to an unlimited message size.</dd> |
| |
| <dt><b>handler.heloEhloEnforcement</b></dt> |
| |
| <dd>This sets wether to enforce the use of HELO/EHLO salutation before a |
| MAIL command is accepted. If unspecified, the value defaults to true.</dd> |
| |
| <dt><b>handler.addressBracketsEnforcement</b></dt> |
| |
| <dd>WARNING: This is Non-RFC compliant (default value: true) |
| See: http://wiki.apache.org/james/StandardsComplianceStatement</dd> |
| |
| <dt><b>handler.smtpGreeting</b></dt> |
| |
| <dd>This sets the SMTPGreeting which will be used when connect to the smtpserver |
| If none is specified a default is generated</dd> |
| |
| <dt><b>handler.handlerchain</b></dt> |
| |
| <dd></dd> |
| |
| <dt><b>handler.handlerchain</b></dt> |
| |
| <dd>The configuration handler chain</dd> |
| </dl> |
| |
| |
| <div class="section"> |
| <h3>Configure Authenticated SMTP (SMTP AUTH)<a name="Configure_Authenticated_SMTP_SMTP_AUTH"></a></h3> |
| |
| |
| <p>Authenticated SMTP is a method of securing your SMTP server. With SMTP AUTH enabled senders who wish to |
| relay mail through the SMTP server (that is, send mail that is eventually to be delivered to another SMTP |
| server) must authenticate themselves to Apache James Server before sending their message. Mail that is to be delivered |
| locally does not require authentication. This method ensures that spammers cannot use your SMTP server |
| to send unauthorized mail, while still enabling users who may not have fixed IP addresses to send their |
| messages.</p> |
| |
| |
| <p>Mail servers that allow spammers to send unauthorized email are known as open relays. So SMTP AUTH |
| is a mechanism for ensuring that your server is not an open relay .</p> |
| |
| |
| <p>At this time Apache James Server only supports simple user name / password authentication.</p> |
| |
| |
| <p>Configuring Apache James Server for Authentication SMTP is a multi-step process. It requires several adjustments of |
| the smtpserver.xml. To enable SMTP AUTH, do the following:</p> |
| |
| |
| <ol style="list-style-type: decimal"> |
| |
| |
| <li>As mentioned above, SMTP AUTH requires that Apache James Server be able to distinguish between mail intended |
| for local delivery and mail intended for remote delivery. Apache James Server makes this determination by matching the |
| domain to which the mail was sent against the <servernames> element of the Apache James Server configuration block. Any |
| local domains should be explicitly listed as <servername> elements in this section.</li> |
| <!-- Correct this. |
| <li>Apache James Server is configured out of the box so as to not serve as an open relay for spammers. This is done |
| by restricting the IP addresses from which mail will be accepted using the RemoteAddrNotInNetwork mailet. This |
| restriction must be lifted before users can send from arbitrary clients. To do this, comment out or remove the |
| mailet tag containing the class attribute "RemoteAddrNotInNetwork". This tag can be found in the spoolmanager |
| configuration block, in the root processor configuration.</li> --> |
| |
| <li>set the authRequired element of the smtpserver configuration block to "true".</li> |
| |
| |
| <li>if you wish to ensure that authenticated users can only send email from their own account, you may |
| optionally set the verifyIdentity element of the smtpserver configuration block to "true".</li> |
| |
| |
| <li>Restart Apache James Server. This will pull in all of your configuration changes.</li> |
| |
| </ol> |
| |
| |
| <p>Finally, you need to verify that your configuration was done correctly. This step is |
| <b>important</b> and should not be skipped.</p> |
| |
| |
| <p>Verify that you have not inadvertantly configured your server as an open relay. This is most easily |
| accomplished by using the service provided at <a class="externalLink" href="http://www.abuse.net/relay.html">abuse.net</a>. abuse.net will |
| check your mail server and inform you if it is an open relay.</p> |
| |
| |
| <p>It is extremely important that your server not be configured as an open relay. Aside from potential |
| costs associated with usage by spammers, connections from servers that are determined to be open relays |
| are routinely rejected by SMTP servers. This can severely impede the ability of your mail server to |
| send mail.</p> |
| |
| |
| <p>Of course it is also necessary to confirm that users and log in and send |
| mail through your server. This can be accomplished using any standard mail client (i.e. Thunderbird, Outlook, |
| Eudora, Evolution).</p> |
| |
| </div> |
| |
| |
| <div class="section"> |
| <h3>Configure multiple SMTP servers<a name="Configure_multiple_SMTP_servers"></a></h3> |
| <!-- <p>Read <a href="https://issues.apache.org/jira/browse/JAMES-1105">https://issues.apache.org/jira/browse/JAMES-1105</a> |
| for ideas to have multiple SMTP port open.</p> --> |
| </div> |
| |
| </div> |
| |
| |
| <div class="section"> |
| <h2>LMTP Configuration<a name="LMTP_Configuration"></a></h2> |
| |
| |
| <p>Consult <a class="externalLink" href="https://github.com/apache/james-project/tree/master/server/app/src/main/resources/lmtpserver-template.xml">lmtpserver-template.xml</a> in GIT to get some examples and hints.</p> |
| |
| |
| <p>The configuration is the same of for SMTP.</p> |
| |
| |
| <p>By default, it is desactivated. You can activate it with SMTP and bind for example on port 24.</p> |
| |
| </div> |
| |
| |
| |
| |
| </div> |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| <div id="footer"> |
| <div class="xright">Copyright © 2002-2016 |
| <a href="http://www.apache.org/">The Apache Software Foundation</a>. |
| All Rights Reserved. |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| </body> |
| </html> |