A single instance of James should be able to accept connections on multiple ports for each protocol. As an example, I want to have the following SMTP connections:
port 25: no authorization, no relaying
port 465: STARTTLS, AUTH required, relaying allowed
port 587: SMTP/TLS, AUTH required, relaying allowed.
I can set up the relaying decision with a mailet/matcher, but having multiple port configurations per protocol allow me to deploy James as a primary multi-domain mail server.
The config files might look something like:
<!-- The SMTP server is enabled by default -->
<!-- Disabling blocks will stop them from listening, -->
<!-- but does not free as many resources as removing them would -->
Port 25 is the well-known/IANA registered port for SMTP.
Port 465 is the well-known/IANA registered port for SMTP over TLS.
<!-- Uncomment this if you want to bind this port to a specific inetaddress -->
<!-- Please NOTE: you should add this IP also to your RemoteAddrNotInNetwork -->
<!-- in order to avoid relay check for locallly generated bounces -->
<!-- Set to true to support STARTTLS or TLS for the Socket.
To use this you need to copy sunjce_provider.jar to /path/james/lib directory.
<tls socketTLS="false" startTLS="true">
<!-- To create a new keystore execute:
keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore
<!-- Uncomment this if you want to require SMTP authentication.
true: required but announced only to not authorizedAddresses
false: don't use AUTH
announce: like true, but always announce AUTH capability to clients
The correct behaviour per RFC value would be false or announce
but we still support true for backward compatibility and because
some webmail client fails when AUTH is announced but no authentication
information has been provided
<!-- Uncomment this if you want to authorize specific addresses/networks.
If you use SMTP AUTH, addresses that match those specified here will
be permitted to relay without SMTP AUTH. If you do not use SMTP
AUTH, and you specify addreses here, then only addresses that match
those specified will be permitted to relay.
Addresses may be specified as a an IP address or domain name, with an
optional netmask, e.g.,
127.*, 127.0.0.0/8, 127.0.0.0/255.0.0.0, and localhost/8 are all the same
See also the RemoteAddrNotInNetwork matcher in the transport processor.
You would generally use one OR the other approach.
<!-- Uncomment this if you want to verify sender addresses, ensuring that -->
<!-- the sender address matches the user who has authenticated. -->
<!-- This prevents a user of your mail server from acting as someone else -->
<!-- If unspecified, default value is true -->