Google Git
Sign in
apache / james-site / refs/heads/asf-site / . / content / howTo / imap-server.html
blob: a116e04536faa6116b91a0d7e3834f0046ebfe41 [file] [log] [blame]
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Apache James</title>
<link rel="stylesheet" type="text/css" href="/assets/css/main.css">
<link rel="stylesheet" type="text/css" href="/assets/css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="/assets/css/ie8.css">
<link rel="stylesheet" type="text/css" href="/assets/css/ie9.css">
<link rel="shortcut icon" href="/images/james-logo.png">
</head>
<body>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<div id="wrapper">
<div class="apache_ref">
<a href="https://www.apache.org" alt="apache foundation link"><img src="https://www.apache.org/foundation/press/kit/asf_logo.svg" title="apache foundation logo"/></a>
</div>
<div class="apache_ref_mobile">
<a href="https://www.apache.org" alt="apache foundation link">The Apache Software Foundation</a>
</div>
<div class="apache_ref_left">
<a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a>
</div>
<div class="apache_ref_left_mobile">
<a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a>
</div>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<header id="header" class="alt">
<div class="logo"><a href="/index.html" alt="Apache James"><img src="/images/james.svg" alt="james logo"/></a></div>
<h1 class="hidden">James Enterprise Mail Server</h1>
<h2>Emails at the heart of your business logic</h2>
</header>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!-- Main -->
<div id="main">
<!-- Introduction -->
<section id="intro" class="main special">
<div class="">
<div class="content align-left">
<header class="major">
<h1><b>Setting up an IMAP server</b></h1>
</header>
<p>
This document will present how to set up a James server in order to serve as a personal IMAP + SMTP
server. We will cover:
</p>
<ul>
<li>DNS resolution and essential DNS records for mail delivery</li>
<li>Server components description</li>
<li>Generation of a custom keystore</li>
<li>Starting James</li>
<li>Basic James administration</li>
<li>Additional features one might want to enable...</li>
</ul>
<p>
This guide rely on the JPA Guice Docker image. To run it, one need to have docker installed.
</p>
<header class="major">
<h2><b>DNS resolution</b></h2>
</header>
<p>
For a public facing mail server to send and receive mail properly,
it is necessary to configure your public DNS records so that other mailservers can find and send mail to your users,
and for other mailservers to trust and receive your mail.
</p>
<header class="major">
<h2><b>MX Record</b></h2>
</header>
<p>
Someone willing to send you an email will first have to discover which IP your mail server has.
The way this is achieved is through MX (means Mail eXchange) DNS record.
</p>
<p>
Imagine bob@domain.org sends a mail to alice@company.com. Bob will:
</p>
<ol>
<li>Ask <code>company.com</code> DNS server its MX entries</li>
<li><code>company.com</code> respond that it is <code>mx.company.com</code></li>
<li>Bob resolves <code>mx.company.com</code> ip address...</li>
<li>...and can establish a connection to <code>mx.company.com</code> to send an email to Alice</li>
</ol>
<p>All you need is to create a MX Record in your Domain Control Panel and point it to the IP of your James server.</p>
<header class="major">
<h2><b>PTR Record</b></h2>
</header>
<p>
So you want to send an email to friends in another domain.
Their mailserver will not trust mail coming from your server unless they can do a reverse DNS lookup.
</p>
<p>That is what PTR Record do - A reverse lookup which maps the mailserver IP address to domain name.</p>
<p>PTR Record can only be created by your ISP - So don't hesitate to ask them to create it for you.</p>
<p>
For Security and Spam Protection, please check our other documents <a href="spf.html">SPF Record</a> and <a href="dkim.html">DKIM Record</a>.
</p>
<p>
For testing and checking vulnerabilities, send an email to <a href="https://www.mail-tester.com/">mail-tester</a>.
It's a free tool that analyze your message, mail server, sending IP... and show you a detailed report of what's configured properly and what's not.
</p>
<header class="major">
<h2><b>JAMES architecture</b></h2>
</header>
<p>JPA guice docker image relies on an embedded Derby database for storing data. Note that Apache Lucene library
is used for email search. A mail queue is implemented on top of an embedded Apache ActiveMQ. Hence James do not need
any external service for being running.
</p>
<img src="/images/guice-jpa-architecture-overview.png">
<p>
JPA guice offers the following protocols:
</p>
<ul class="no-padding">
<li><b>SMTP</b> For receiving emails</li>
<li><b>IMAP</b> For reading emails</li>
<li><b><a href="http://james.apache.org/server/manage-webadmin.html">WebAdmin</a></b> is a REST API allowing you to manage Apache JAMES</li>
</ul>
<p>The following protocols are also available:</p>
<ul class="no-padding">
<li><b>LMTP</b> local version of SMTP</li>
<li><b>POP3</b> For reading emails. Lacks tests</li>
<li><b>JMX</b> is used by a <a href="http://james.apache.org/server/manage-cli.html">command line</a> for administrating Apache James</li>
<li>And <a href="http://james.apache.org/server/feature-protocols.html">more</a>...</li>
</ul>
<header class="major">
<h2><b>Generation of a custom keystore</b></h2>
</header>
<p>In order to maintain a good level of privacy and security, James is relying on TLS cryptography
for securing exchanges. We thus need to generate our own personal keystore. Note that this guide do not
cover generating a keystore from SSL certificates. A security exception might be configured on the Mail
User Agent.</p>
<p>In order to create a keystore, please run: <code>keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore</code>.
James is configured with a default password <code>james72laBalle</code> (used to read the keystore). However, we will be overriding the
configuration of the docker image, so you can be defining your own.</p>
<header class="major">
<h2><b>Starting james</b></h2>
</header>
<p>We want to override the configuration of the docker image with a volume.</p>
<p>First let's retrieve a valid configuration:</p>
<pre><code>$ git clone https://github.com/apache/james-project
$ cp -rf james-project/server/apps/jpa-app/sample-configuration conf
$ mv keystore conf/keystore</code></pre>
<p>Modify all protocol configuration files to match your keystore password (imapserver.xml, lmtpserver.xml, managesieveserver.xml, pop3server.xml, smtpserver.xml).</p>
<p>We will create a local folder for holding data out of the container:</p>
<pre><code>mkdir var</code></pre>
<p>Then, let's start James:</p>
<pre><code>docker run \
--name james_run \
-p "25:25" -p "465:465" -p "587:587" \
-p "143:143" -p "993:993" \
--volume "$PWD/conf:/root/conf/" \
--volume "$PWD/var:/root/var/" \
apache/james:jpa-latest</code></pre>
<header class="major">
<h2><b>Administrating James</b></h2>
</header>
<p>We now have a running James server. We just need to tell him which users and domains it should be handling mails for.
We will, in order to do this, use the command line:</p>
<pre><code>docker exec james_run java -jar /root/james-cli.jar AddDomain domain.tld
docker exec james_run java -jar /root/james-cli.jar AddUser user@domain.tld secretPassword</code></pre>
<p>The command line client can be used for several other purposes like managing quota, setting addresses redirections, etc.</p>
<header class="major">
<h2><b>Configuring thunderbird</b></h2>
</header>
<p>Given that the domain <b>james.local</b> is created and that user <b>user01@james.local</b> have password <b>1234</b>
(which is the setup of the demo image), we will configure thunderbird (here version 78.11.0).</p>
<p>First go to the <i>Account setting</i> page and click on <i>Add mail account</i>.</p> <br/>
<img src="/images/tb1.png"/>
<p>Then document the IP, and ports, username credentials and account name, through the advanced configuration. Note that
the username should include the domain. We recommend using SSL ports for IMAP and SMTP.</p>
<img src="/images/tb2.png"/>
<p>Review your accounting settings, especially be careful to pick the right outgoing server...</p>
<img src="/images/tb3-5.png">
<p>If you are relying on self signed certificate, you might be prompted to confirm a security exception. Accept.</p>
<img src="/images/tb3.png">
<p>You can then enjoy this Thunderbird account!</p>
<img src="/images/tb4.png">
<header class="major">
<h2><b>Additional features</b></h2>
</header>
<p>Check this example on <a href="https://github.com/apache/james-project/tree/master/examples/imap-autoconf">Mail user agents autoconfiguration</a>.</p>
<p>James is a large project with many features. You can go further and complete your installation with
an <a href="http://james.apache.org/server/config-antispam.html">AntiSpam system</a>, or set up
<a href="http://james.apache.org/server/metrics.html">metric display</a>, collect logs in ElasticSearch for a display in Kibana,
and much more!</p>
<p>Also, James offers support for <a href="spf.html">SPF</a>
and <a href="dkim.html">DKIM</a> standards, which increase the trust external people can get in your mail system.</p>
</div>
<footer class="major">
<ul class="actions align-center">
<li><a href="index.html" class="button">go back to other how-tos</a></li>
</ul>
</footer>
</div>
</section>
</div>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<footer id="footer" class="major">
<section>
<h2>James</h2>
<ul class="no-padding">
<li class="no-padding"><a href="https://james.apache.org/#intro" class="active">About</a></li>
<li class="no-padding"><a href="https://james.apache.org/#first">Get Started</a></li>
<li class="no-padding"><a href="https://james.apache.org/#posts">Last Posts</a></li>
<li class="no-padding"><a href="https://james.apache.org/#second">Community</a></li>
<li class="no-padding"><a href="https://james.apache.org/#third">Contribute</a></li>
<li class="no-padding"><a href="https://james.apache.org/"><span class="fa fa-external-link"></span> Documentation</a></li>
</ul>
</section>
<section>
<h2>Connect</h2>
<ul class="icons">
<li><a href="https://james.apache.org/mail.html" class="icon fa-envelope-o alt"><span class="label">Mailing-list</span></a></li>
<li><a href="https://gitter.im/apache/james-project" class="icon fa-wechat alt"><span class="label">Gitter</span></a></li>
<li><a href="https://github.com/apache/james-project" class="icon fa-github alt"><span class="label">GitHub</span></a></li>
<li><a href="https://twitter.com/ApacheJames" class="icon fa-twitter alt"><span class="label">Twitter</span></a></li>
<li><a href="https://james.apache.org/support.html" class="icon fa-briefcase alt"><span class="label">Support</span></a></li>
<li><a href="http://www.apache.org/events/current-event" class="icon fa-calendar alt"><span class="label">Apache Foundation events</span></a></li>
</ul>
</section>
<section class="legal-section">
<h2>Copyright</h2>
Apache James and related projects are trademarks of the Apache Software Foundation.<br/>
<a href="https://www.apache.org/">Copyright 2006-2021 The Apache Software Foundation. All Rights Reserved.</a><br/>
<a href="https://www.apache.org/licenses/">License</a><br/>
<a href="https://www.apache.org/foundation/sponsorship.html">Donate</a> to support the Apache Foundation<br/>
<a href="https://www.apache.org/foundation/thanks.html">Thanks</a><br/>
Design: <a href="https://html5up.net">HTML5 UP</a><br/>
Thanks to <a href="http://www.neoma-interactive.com/">Neoma by Linagora</a> for the website design
</section>
</footer>
</div>
</body>
</html>