You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by Tellier Benoit <bt...@apache.org> on 2019/11/06 04:42:32 UTC
Require SSL for remote SMTP delivery by default ?
Hi,
Within [2] I do work on documenting how to secure remote delivery with
SSL and startTls.
Matthieu Baechler asks wether we should require encrypted delivery
(startTls / ssl) by default in shipped configuration.
This comes with trust issues, we might end up enabling
mail.smtp.ssl.trust as a wildcard, which is a security hole as well (but
at least traffic will be encrypted).
Note that GMail (which had been reported to reject James traffic [1])
might still need a valid SSL certificate as well.
Finally, underlying such a choice, I want to bring people attention that
we currently have no integration tests on RemoteDelivery SSL / startTls,
and lack the dockerized SSL SMTP servers to add this to the James test
suite. I proposed an issue related to this [3] (contribution
welcolmed!). This should in my optinion be a pre-requisite for this
proposal acceptance.
[1] https://www.mail-archive.com/server-user@james.apache.org/msg16199.html
[2] https://github.com/linagora/james-project/pull/2823
[3] https://issues.apache.org/jira/browse/JAMES-2969
Regards,
Benoit
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org