Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3209

Auth Module to make James usable with Nginx mail proxy for TLS termination

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Later
    • None
    • None
    • None
    • None

    Description

      Apache James needs to be deployed with TLS encryption to ensure security of emails during transport.

      We could use Nginx as a mail proxy and use it for TLS termination.
      However we need to implement an HTTP auth service for that to work.
      This issue should cover work on making Nginx a valid mail proxy in front of Apache James.

      References:

      https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
      https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol

      == Context

      Unfortunately, Java has only the keystore for managing TLS certificates. This is makes deploying TLS certificates hard for Apache James since the internet does not use. keystore format.

      We could use Nginx as a amil proxy. Nginx supports the certificate format that all other tools use. (add format here - PKCS #XXX ). People know how to setup Nginx with LetsEncrypt and benefit from free TLS certificates with automatic renewal.

      However we need an integration piece: the nginx auth service. It's an http service that works only with headers. It should be simple to write and work integrate.

      Attachments

        1. docker-compose.yaml
          0.5 kB
          David Leangen
        2. nginx.conf
          2 kB
          David Leangen

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JAMES-2330 Give ability to override AbstractConfigurableAsyncServer.buildSSLContext

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JAMES-2631 TLS 1.2 problems with Certificate Request

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. JAMES-3215 Update SSL support in James

          • Major - Major loss of function.
          • Reopened
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JAMES-3206 Keystore Exception when running the "Basic" Server

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              ieugen Ioan Eugen Stan
              ieugen Ioan Eugen Stan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: