Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3209

Auth Module to make James usable with Nginx mail proxy for TLS termination

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Later
    • None
    • None
    • None
    • None

    Description

      Apache James needs to be deployed with TLS encryption to ensure security of emails during transport.

      We could use Nginx as a mail proxy and use it for TLS termination.
      However we need to implement an HTTP auth service for that to work.
      This issue should cover work on making Nginx a valid mail proxy in front of Apache James.

      References:

      https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
      https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol

      == Context

      Unfortunately, Java has only the keystore for managing TLS certificates. This is makes deploying TLS certificates hard for Apache James since the internet does not use. keystore format.

      We could use Nginx as a amil proxy. Nginx supports the certificate format that all other tools use. (add format here - PKCS #XXX ). People know how to setup Nginx with LetsEncrypt and benefit from free TLS certificates with automatic renewal.

      However we need an integration piece: the nginx auth service. It's an http service that works only with headers. It should be simple to write and work integrate.

      Attachments

        1. docker-compose.yaml
          0.5 kB
          David Leangen
        2. nginx.conf
          2 kB
          David Leangen

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. JAMES-2330 Give ability to override AbstractConfigurableAsyncServer.buildSSLContext

        • Major - Major loss of function.
        • Closed

        Bug - A problem which impairs or prevents the functions of the product. JAMES-2631 TLS 1.2 problems with Certificate Request

        • Major - Major loss of function.
        • Closed

        Improvement - An improvement or enhancement to an existing feature or task. JAMES-3215 Update SSL support in James

        • Major - Major loss of function.
        • Reopened
        relates to

        Bug - A problem which impairs or prevents the functions of the product. JAMES-3206 Keystore Exception when running the "Basic" Server

        • Blocker - Blocks development and/or testing work, production could not run
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ieugen Ioan Eugen Stan
            ieugen Ioan Eugen Stan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment