You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Benoit TELLIER <bt...@linagora.com> on 2022/01/04 02:23:50 UTC

Re: Authentication issue and question

Hello Felix,

1. I lack knowledge over how the Apple mail application is working, and
especially how it works regarding self signed certificates. If they
reject your self signed certificates, and do not offer a way to bypass
security checks, then yes you might need to disable TLS in your testing
environment as you describes it.

2. Impersonation though the use of IMAP AUTHENTICATE plain is supported
(requires client support though). See this protocol example:
https://github.com/apache/james-project/blob/e7e2c912d9ca59c6f4cc6c8b75ce4994038c08f7/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/AuthenticatePlain.test#L99


The interface you want to override in your custom setup to control this:

https://github.com/apache/james-project/blob/master/mailbox/api/src/main/java/org/apache/james/mailbox/Authorizator.java

Best regards,

Benoit TELLIER

On 27/12/2021 00:19, Felix Ingram wrote:
> Hello all,
>
> Thanks to some pointers from Benoit, I’ve been able to build a custom version of the example single-node Cassandra app. I’ve implemented a custom domainlist module, as I need to accept wildcard domains, and I’ve written a Mailet that creates users on the fly (which is also required).
>
> I have a couple of questions, however:
>
> 1. I can’t seem to authenticate to the IMAP server running on localhost using Apple Mail, unless I disable TLS and allow PLAIN authentication. I also can’t connect with Himalaya (https://github.com/soywod/himalaya <https://github.com/soywod/himalaya>) at all, though that may well be an issue on their end. I have my custom server running on docker on my MacBook - can anyone think of a reason why auth isn’t working?
>
> 2. For my production server, I will have the requirement for multiple users to access the same mailbox - is there a recommended way to do this? I was thinking that something like API keys would be appropriate and I suppose this is equivalent to users having multiple valid passwords. Would I need to implement my own custom UsersDAO class for this? I would want this to work with IMAP, JMAP and SMTP auth. The other option is to defer to LDAP instead and handle auth elsewhere. Any tips gratefully received.
>
> Thanks again to Benoit.
>
> Many thanks,
>
> Felix	

---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org