Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3209

Auth Module to make James usable with Nginx mail proxy for TLS termination

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Later
    • None
    • None
    • None
    • None

    Description

      Apache James needs to be deployed with TLS encryption to ensure security of emails during transport.

      We could use Nginx as a mail proxy and use it for TLS termination.
      However we need to implement an HTTP auth service for that to work.
      This issue should cover work on making Nginx a valid mail proxy in front of Apache James.

      References:

      https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
      https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol

      == Context

      Unfortunately, Java has only the keystore for managing TLS certificates. This is makes deploying TLS certificates hard for Apache James since the internet does not use. keystore format.

      We could use Nginx as a amil proxy. Nginx supports the certificate format that all other tools use. (add format here - PKCS #XXX ). People know how to setup Nginx with LetsEncrypt and benefit from free TLS certificates with automatic renewal.

      However we need an integration piece: the nginx auth service. It's an http service that works only with headers. It should be simple to write and work integrate.

      Attachments

        1. docker-compose.yaml
          0.5 kB
          David Leangen
        2. nginx.conf
          2 kB
          David Leangen

        Issue Links

          Activity

            People

              ieugen Ioan Eugen Stan
              ieugen Ioan Eugen Stan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: