anonymizing james a bit

[Timothy Prepscius <ti...@gmail.com>]

Few notes:

http://james.apache.org/server/3/config-tls.html
off of: http://james.apache.org/server/3/config.html
says:  Not Found



I am planning on making a few changes in James.  
I thought I would check to make sure these have not been done and I just need to modify a configuration file.


1. I want to remove all plain-text e-mail addresses.

Basically, an e-mail arrives, James hashes the xxx@mydomain.xxx for all recipients of valid domains, and then uses the hash from then on.
I want to make james so that it is not possible to view the user list.  You can still modify user lists, but you must do it through hashes.


2.  I want to modify the message queue to pre-encrypt with a RSA Public Key of the intended recipient.  After encryption, I should have the hash of the recipient, and an encrypted byte stream.


3.  I want to force ClientServer SSL handshakes.  I want to remove the ability to SSL Proxy.  I want to create a special log for all refusals written to network stream to another computer.  (I figure log4j has the logging functionality)


Have any of these been done before?  I will do them next week.   Do you want the code changes?


Thanks,

-tim
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: anonymizing james a bit

[Eric Charles <er...@apache.org>]

On 06/20/2012 10:53 PM, Timothy Prepscius wrote:
> Few notes:
>
> http://james.apache.org/server/3/config-tls.html
> off of: http://james.apache.org/server/3/config.html
> says:  Not Found

Broken link is fixed.
Thx for the report.

>
>
>
> I am planning on making a few changes in James.
> I thought I would check to make sure these have not been done and I just need to modify a configuration file.
>
>
> 1. I want to remove all plain-text e-mail addresses.
>
> Basically, an e-mail arrives, James hashes the xxx@mydomain.xxx for all recipients of valid domains, and then uses the hash from then on.
> I want to make james so that it is not possible to view the user list.  You can still modify user lists, but you must do it through hashes.
>

You could achieve this with a mailet.

>
> 2.  I want to modify the message queue to pre-encrypt with a RSA Public Key of the intended recipient.  After encryption, I should have the hash of the recipient, and an encrypted byte stream.
>

Also possible via mailet, but you the server will need to have at its 
disposal the public key of the recipient.

>
> 3.  I want to force ClientServer SSL handshakes.  I want to remove the ability to SSL Proxy.  I want to create a special log for all refusals written to network stream to another computer.  (I figure log4j has the logging functionality)
>

SSL is available (see http://james.apache.org/server/3/config-ssl-tls.html).

To log to another computer, you will need to define an ad-hoc log4j 
appender that fulfills your needs, and also check in the source code 
that the needed information is logged in case of SSL failure.

>
> Have any of these been done before?  I will do them next week.   Do you want the code changes?
>

Sure, we love contributions.

>
> Thanks,
>
> -tim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>

-- 
eric | http://about.echarles.net | @echarles

---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org