You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Bernd Waibel <BW...@intarsys.de> on 2016/05/04 10:24:34 UTC
AW: James as a mail proxy for a SaaS service [unsigned]
Hello Stephan,
I think that are 2 questions:
- Using proxy
- Usign auth
First: Yes, you could use James as an Proxy.
We are doing exactly that. We do not have mailboxes, and do use James as a MTA (Mail Transfer Agent) or Mail Proxy. The Smarthost configuration describes the possible scenarios, so it is for you...
Btw., we are using James 2.3.2 as MTA, inside our SMG product and also in our productive mail system.
So, yes, I am sure it works.
You should have a straight look at your configuration, to not be used as an open proxy.
This is nothing special for James, it is the same for all mail servers: If your mail servers acts as an proxy, you may be used as an "open proxy" for sending spams (or sending non-delivery reports as spam).
In James 2.3.2 this is mostly handly by "RemoteAddrNotInNetwork".
Because your mail server at the front-end does not have mailboxes, all mails will be accepted per default.
So Spam and Virus checks are mostly recommended.
Easyly used in james on linux. Spamassassin and ClamAV.
About the (second) question doing "auth": I suppose doing "auth" means "doing authentication".
If you will only accept mails received during authentication, you need to configure James.
This is possible. But this means: only accept mails from special senders, not all mails.
But if that's what you want, this is possible.
But everyone who knows the authentication credentials could send to your server.
There is no "list of servernames" or database of servers which are allowed to use auth.
But you could configure james to act like this:
You accept all authenticated mails, and in the next step in your configuration (matcher/mailet) you do not route mails from unknown senders or unknown ip addresses.
But maybe this is just something a firewall should do for you?
Greetings
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Dienstag, 3. Mai 2016 17:25
An: server-user@james.apache.org
Betreff: James as a mail proxy for a SaaS service
Hello,
I'm looking for James to use for a SaaS service. I've
read http://wiki.apache.org/james/SmartOrSecondaryHost
but not sure this is for me.
For me this means James should act as a proxy. It should take mails
from other mails servers with auth, for all sender domains.
Alternatively from a list of domains (hundreds of sender
domains) from a database.
It should then do something to the email and send it to
another fixed server, e.g. Mailgun.
No local storage, mailboxes, users etc.
Is this possible with James?
Thanks
Stephan
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
AW: AW: AW: James as a mail proxy for a SaaS service [unsigned]
Posted by Bernd Waibel <BW...@intarsys.de>.
Hi
org.apache.james.core.MailImpl is inside the „james-2.3.2.jar“.
The james-2.3.2.jar is inside
/var/james-2.3.2/apps/james/SAR-INF/lib/james-2.3.2.jar
Btw. The james-2.3.2jar may reference:
avalon-framework-api-4.3.jar
avalon-framework-impl-4.3.jar
Best regards
Bernd Waibel
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Mittwoch, 4. Mai 2016 13:55
An: James Users List <se...@james.apache.org>; Bernd Waibel <BW...@intarsys.de>
Betreff: Re: AW: AW: James as a mail proxy for a SaaS service [unsigned]
Hello Bernd,
thought about NGINX because I have some
knowledge and I can easily plugin with Lua,
I have no clue how to tie a SQL database into
a firewall for authentication of SMTP.
Got the Mailet working,
now can’t find e.g. MailImpl in a 2.3.x artefact.
Best
Stephan
On 4 May 2016 at 13:49:32, Bernd Waibel (bwaibel@intarsys.de<ma...@intarsys.de>) wrote:
Hello Stephen,
talking about firewall I thought more something like "Watchguard", or "Sophos/Astaro", but, ok, NGINX may do it.....
We do not use Maven or something like that, we use other build tools.
So I could not tell you about maven artifacts....
If you just want to write a Mailet, your class needs to extend org.apache.mailet.base.GenericMailet.
Deploy the jar file, any way you like, and put it in the james directory (/var/james-2.3.2/apps/james/SAR-INF/lib/).
Then you could reference the mailet in your config.xml
<mailet match="All" class="MyOwnMailet">
</mailet>
There is only one method, service(Mail), which need to be implemented.
Best regards
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Mittwoch, 4. Mai 2016 13:27
An: James Users List <se...@james.apache.org>>
Betreff: Re: AW: James as a mail proxy for a SaaS service [unsigned]
Hello Bernd,
thanks a lot for the input, really appreciated,
this will take me some steps further.
I would give out individual credentials to
each sender domain, so yes perhaps
thats easier done elsewhere, do you think?
(perhaps NGINX SMTP proxy in front of James)
Minor thing:
When developing Mailets for 2.3.2, do you have a tip which maven artefact
to include for development?
Best
Stephan
On 4 May 2016 at 12:24:46, Bernd Waibel (bwaibel@intarsys.de<ma...@intarsys.de>) wrote:
Hello Stephan,
I think that are 2 questions:
- Using proxy
- Usign auth
First: Yes, you could use James as an Proxy.
We are doing exactly that. We do not have mailboxes, and do use James as a MTA (Mail Transfer Agent) or Mail Proxy. The Smarthost configuration describes the possible scenarios, so it is for you...
Btw., we are using James 2.3.2 as MTA, inside our SMG product and also in our productive mail system.
So, yes, I am sure it works.
You should have a straight look at your configuration, to not be used as an open proxy.
This is nothing special for James, it is the same for all mail servers: If your mail servers acts as an proxy, you may be used as an "open proxy" for sending spams (or sending non-delivery reports as spam).
In James 2.3.2 this is mostly handly by "RemoteAddrNotInNetwork".
Because your mail server at the front-end does not have mailboxes, all mails will be accepted per default.
So Spam and Virus checks are mostly recommended.
Easyly used in james on linux. Spamassassin and ClamAV.
About the (second) question doing "auth": I suppose doing "auth" means "doing authentication".
If you will only accept mails received during authentication, you need to configure James.
This is possible. But this means: only accept mails from special senders, not all mails.
But if that's what you want, this is possible.
But everyone who knows the authentication credentials could send to your server.
There is no "list of servernames" or database of servers which are allowed to use auth.
But you could configure james to act like this:
You accept all authenticated mails, and in the next step in your configuration (matcher/mailet) you do not route mails from unknown senders or unknown ip addresses.
But maybe this is just something a firewall should do for you?
Greetings
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Dienstag, 3. Mai 2016 17:25
An: server-user@james.apache.org<ma...@james.apache.org>
Betreff: James as a mail proxy for a SaaS service
Hello,
I'm looking for James to use for a SaaS service. I've
read http://wiki.apache.org/james/SmartOrSecondaryHost
but not sure this is for me.
For me this means James should act as a proxy. It should take mails
from other mails servers with auth, for all sender domains.
Alternatively from a list of domains (hundreds of sender
domains) from a database.
It should then do something to the email and send it to
another fixed server, e.g. Mailgun.
No local storage, mailboxes, users etc.
Is this possible with James?
Thanks
Stephan
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org<ma...@james.apache.org>
For additional commands, e-mail: server-user-help@james.apache.org<ma...@james.apache.org>
Re: AW: AW: James as a mail proxy for a SaaS service [unsigned]
Posted by Stephan Schmidt <st...@gmail.com>.
Hello Bernd,
thought about NGINX because I have some
knowledge and I can easily plugin with Lua,
I have no clue how to tie a SQL database into
a firewall for authentication of SMTP.
Got the Mailet working,
now can’t find e.g. MailImpl in a 2.3.x artefact.
Best
Stephan
On 4 May 2016 at 13:49:32, Bernd Waibel (bwaibel@intarsys.de) wrote:
Hello Stephen,
talking about firewall I thought more something like "Watchguard", or "Sophos/Astaro", but, ok, NGINX may do it.....
We do not use Maven or something like that, we use other build tools.
So I could not tell you about maven artifacts....
If you just want to write a Mailet, your class needs to extend org.apache.mailet.base.GenericMailet.
Deploy the jar file, any way you like, and put it in the james directory (/var/james-2.3.2/apps/james/SAR-INF/lib/).
Then you could reference the mailet in your config.xml
<mailet match="All" class="MyOwnMailet">
</mailet>
There is only one method, service(Mail), which need to be implemented.
Best regards
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Mittwoch, 4. Mai 2016 13:27
An: James Users List <se...@james.apache.org>
Betreff: Re: AW: James as a mail proxy for a SaaS service [unsigned]
Hello Bernd,
thanks a lot for the input, really appreciated,
this will take me some steps further.
I would give out individual credentials to
each sender domain, so yes perhaps
thats easier done elsewhere, do you think?
(perhaps NGINX SMTP proxy in front of James)
Minor thing:
When developing Mailets for 2.3.2, do you have a tip which maven artefact
to include for development?
Best
Stephan
On 4 May 2016 at 12:24:46, Bernd Waibel (bwaibel@intarsys.de) wrote:
Hello Stephan,
I think that are 2 questions:
- Using proxy
- Usign auth
First: Yes, you could use James as an Proxy.
We are doing exactly that. We do not have mailboxes, and do use James as a MTA (Mail Transfer Agent) or Mail Proxy. The Smarthost configuration describes the possible scenarios, so it is for you...
Btw., we are using James 2.3.2 as MTA, inside our SMG product and also in our productive mail system.
So, yes, I am sure it works.
You should have a straight look at your configuration, to not be used as an open proxy.
This is nothing special for James, it is the same for all mail servers: If your mail servers acts as an proxy, you may be used as an "open proxy" for sending spams (or sending non-delivery reports as spam).
In James 2.3.2 this is mostly handly by "RemoteAddrNotInNetwork".
Because your mail server at the front-end does not have mailboxes, all mails will be accepted per default.
So Spam and Virus checks are mostly recommended.
Easyly used in james on linux. Spamassassin and ClamAV.
About the (second) question doing "auth": I suppose doing "auth" means "doing authentication".
If you will only accept mails received during authentication, you need to configure James.
This is possible. But this means: only accept mails from special senders, not all mails.
But if that's what you want, this is possible.
But everyone who knows the authentication credentials could send to your server.
There is no "list of servernames" or database of servers which are allowed to use auth.
But you could configure james to act like this:
You accept all authenticated mails, and in the next step in your configuration (matcher/mailet) you do not route mails from unknown senders or unknown ip addresses.
But maybe this is just something a firewall should do for you?
Greetings
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Dienstag, 3. Mai 2016 17:25
An: server-user@james.apache.org
Betreff: James as a mail proxy for a SaaS service
Hello,
I'm looking for James to use for a SaaS service. I've
read http://wiki.apache.org/james/SmartOrSecondaryHost
but not sure this is for me.
For me this means James should act as a proxy. It should take mails
from other mails servers with auth, for all sender domains.
Alternatively from a list of domains (hundreds of sender
domains) from a database.
It should then do something to the email and send it to
another fixed server, e.g. Mailgun.
No local storage, mailboxes, users etc.
Is this possible with James?
Thanks
Stephan
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
AW: AW: James as a mail proxy for a SaaS service [unsigned]
Posted by Bernd Waibel <BW...@intarsys.de>.
Hello Stephen,
talking about firewall I thought more something like "Watchguard", or "Sophos/Astaro", but, ok, NGINX may do it.....
We do not use Maven or something like that, we use other build tools.
So I could not tell you about maven artifacts....
If you just want to write a Mailet, your class needs to extend org.apache.mailet.base.GenericMailet.
Deploy the jar file, any way you like, and put it in the james directory (/var/james-2.3.2/apps/james/SAR-INF/lib/).
Then you could reference the mailet in your config.xml
<mailet match="All" class="MyOwnMailet">
</mailet>
There is only one method, service(Mail), which need to be implemented.
Best regards
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Mittwoch, 4. Mai 2016 13:27
An: James Users List <se...@james.apache.org>
Betreff: Re: AW: James as a mail proxy for a SaaS service [unsigned]
Hello Bernd,
thanks a lot for the input, really appreciated,
this will take me some steps further.
I would give out individual credentials to
each sender domain, so yes perhaps
thats easier done elsewhere, do you think?
(perhaps NGINX SMTP proxy in front of James)
Minor thing:
When developing Mailets for 2.3.2, do you have a tip which maven artefact
to include for development?
Best
Stephan
On 4 May 2016 at 12:24:46, Bernd Waibel (bwaibel@intarsys.de) wrote:
Hello Stephan,
I think that are 2 questions:
- Using proxy
- Usign auth
First: Yes, you could use James as an Proxy.
We are doing exactly that. We do not have mailboxes, and do use James as a MTA (Mail Transfer Agent) or Mail Proxy. The Smarthost configuration describes the possible scenarios, so it is for you...
Btw., we are using James 2.3.2 as MTA, inside our SMG product and also in our productive mail system.
So, yes, I am sure it works.
You should have a straight look at your configuration, to not be used as an open proxy.
This is nothing special for James, it is the same for all mail servers: If your mail servers acts as an proxy, you may be used as an "open proxy" for sending spams (or sending non-delivery reports as spam).
In James 2.3.2 this is mostly handly by "RemoteAddrNotInNetwork".
Because your mail server at the front-end does not have mailboxes, all mails will be accepted per default.
So Spam and Virus checks are mostly recommended.
Easyly used in james on linux. Spamassassin and ClamAV.
About the (second) question doing "auth": I suppose doing "auth" means "doing authentication".
If you will only accept mails received during authentication, you need to configure James.
This is possible. But this means: only accept mails from special senders, not all mails.
But if that's what you want, this is possible.
But everyone who knows the authentication credentials could send to your server.
There is no "list of servernames" or database of servers which are allowed to use auth.
But you could configure james to act like this:
You accept all authenticated mails, and in the next step in your configuration (matcher/mailet) you do not route mails from unknown senders or unknown ip addresses.
But maybe this is just something a firewall should do for you?
Greetings
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Dienstag, 3. Mai 2016 17:25
An: server-user@james.apache.org
Betreff: James as a mail proxy for a SaaS service
Hello,
I'm looking for James to use for a SaaS service. I've
read http://wiki.apache.org/james/SmartOrSecondaryHost
but not sure this is for me.
For me this means James should act as a proxy. It should take mails
from other mails servers with auth, for all sender domains.
Alternatively from a list of domains (hundreds of sender
domains) from a database.
It should then do something to the email and send it to
another fixed server, e.g. Mailgun.
No local storage, mailboxes, users etc.
Is this possible with James?
Thanks
Stephan
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: AW: James as a mail proxy for a SaaS service [unsigned]
Posted by Stephan Schmidt <st...@gmail.com>.
Hello Bernd,
thanks a lot for the input, really appreciated,
this will take me some steps further.
I would give out individual credentials to
each sender domain, so yes perhaps
thats easier done elsewhere, do you think?
(perhaps NGINX SMTP proxy in front of James)
Minor thing:
When developing Mailets for 2.3.2, do you have a tip which maven artefact
to include for development?
Best
Stephan
On 4 May 2016 at 12:24:46, Bernd Waibel (bwaibel@intarsys.de) wrote:
Hello Stephan,
I think that are 2 questions:
- Using proxy
- Usign auth
First: Yes, you could use James as an Proxy.
We are doing exactly that. We do not have mailboxes, and do use James as a MTA (Mail Transfer Agent) or Mail Proxy. The Smarthost configuration describes the possible scenarios, so it is for you...
Btw., we are using James 2.3.2 as MTA, inside our SMG product and also in our productive mail system.
So, yes, I am sure it works.
You should have a straight look at your configuration, to not be used as an open proxy.
This is nothing special for James, it is the same for all mail servers: If your mail servers acts as an proxy, you may be used as an "open proxy" for sending spams (or sending non-delivery reports as spam).
In James 2.3.2 this is mostly handly by "RemoteAddrNotInNetwork".
Because your mail server at the front-end does not have mailboxes, all mails will be accepted per default.
So Spam and Virus checks are mostly recommended.
Easyly used in james on linux. Spamassassin and ClamAV.
About the (second) question doing "auth": I suppose doing "auth" means "doing authentication".
If you will only accept mails received during authentication, you need to configure James.
This is possible. But this means: only accept mails from special senders, not all mails.
But if that's what you want, this is possible.
But everyone who knows the authentication credentials could send to your server.
There is no "list of servernames" or database of servers which are allowed to use auth.
But you could configure james to act like this:
You accept all authenticated mails, and in the next step in your configuration (matcher/mailet) you do not route mails from unknown senders or unknown ip addresses.
But maybe this is just something a firewall should do for you?
Greetings
Bernd.
-----Ursprüngliche Nachricht-----
Von: Stephan Schmidt [mailto:stephan.schmidt@gmail.com]
Gesendet: Dienstag, 3. Mai 2016 17:25
An: server-user@james.apache.org
Betreff: James as a mail proxy for a SaaS service
Hello,
I'm looking for James to use for a SaaS service. I've
read http://wiki.apache.org/james/SmartOrSecondaryHost
but not sure this is for me.
For me this means James should act as a proxy. It should take mails
from other mails servers with auth, for all sender domains.
Alternatively from a list of domains (hundreds of sender
domains) from a database.
It should then do something to the email and send it to
another fixed server, e.g. Mailgun.
No local storage, mailboxes, users etc.
Is this possible with James?
Thanks
Stephan
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org