This is an automated email from the ASF dual-hosted git repository. rcordier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 1d65acc9134b49018df5a0b6b6af8775332e7742 Author: Benoit Tellier <[email protected]> AuthorDate: Mon Dec 6 17:33:58 2021 +0700 JAMES-3680 smtpserver.xml authRequired -> auth.announce The goal is to better describe the feature from its name. --- .../james/protocols/lmtp/LMTPConfiguration.java | 2 +- .../james/protocols/smtp/SMTPConfiguration.java | 2 +- .../protocols/smtp/SMTPConfigurationImpl.java | 2 +- .../apache/james/protocols/smtp/SMTPSession.java | 2 +- .../james/protocols/smtp/SMTPSessionImpl.java | 4 +- .../core/AbstractAuthRequiredToRelayRcptHook.java | 2 +- .../protocols/smtp/core/esmtp/AuthCmdHandler.java | 2 +- .../smtp/core/fastfail/DNSRBLHandlerTest.java | 2 +- .../fastfail/ResolvableEhloHeloHandlerTest.java | 2 +- .../protocols/smtp/utils/BaseFakeSMTPSession.java | 2 +- .../sample-configuration/smtpserver.xml | 12 +++- .../src/test/resources/smtpserver.xml | 12 +++- .../docs/modules/ROOT/pages/configure/smtp.adoc | 37 ++++++++---- .../sample-configuration/smtpserver.xml | 12 +++- .../src/test/resources/smtpserver.xml | 18 +++--- .../sample-configuration/smtpserver.xml | 12 +++- .../src/test/resources/smtpserver.xml | 18 +++--- .../jpa-app/sample-configuration/smtpserver.xml | 12 +++- .../apps/jpa-app/src/test/resources/smtpserver.xml | 18 +++--- .../sample-configuration/smtpserver.xml | 12 +++- .../jpa-smtp-app/src/test/resources/smtpserver.xml | 18 +++--- .../memory-app/sample-configuration/smtpserver.xml | 12 +++- .../memory-app/src/test/resources/smtpserver.xml | 18 +++--- .../spring-app/src/main/resources/smtpserver.xml | 16 +++--- .../spring-app/src/test/resources/smtpserver.xml | 4 +- .../james/modules/protocols/SmtpGuiceProbe.java | 4 +- .../src/test/resources/smtpserver.xml | 4 +- .../src/test/resources/smtpserver.xml | 18 +++--- .../src/test/resources/smtpserver.xml | 4 +- .../src/test/resources/smtpserver.xml | 4 +- .../apache/james/smtpserver/netty/SMTPServer.java | 65 ++++++++++++++-------- .../src/test/resources/smtpserver-dsn.xml | 4 +- .../src/test/resources/smtpserver.xml | 4 +- .../src/test/resources/smtpserver.xml | 18 +++--- src/site/xdoc/server/config-smtp-lmtp.xml | 35 ++++++++---- 35 files changed, 256 insertions(+), 157 deletions(-) diff --git a/protocols/lmtp/src/main/java/org/apache/james/protocols/lmtp/LMTPConfiguration.java b/protocols/lmtp/src/main/java/org/apache/james/protocols/lmtp/LMTPConfiguration.java index 92022aa..29e94cb 100644 --- a/protocols/lmtp/src/main/java/org/apache/james/protocols/lmtp/LMTPConfiguration.java +++ b/protocols/lmtp/src/main/java/org/apache/james/protocols/lmtp/LMTPConfiguration.java @@ -37,7 +37,7 @@ public abstract class LMTPConfiguration extends ProtocolConfigurationImpl implem } @Override - public boolean isAuthRequired(String remoteIP) { + public boolean isAuthAnnounced(String remoteIP) { return false; } diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfiguration.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfiguration.java index 08b3f5f..71cf7c3 100644 --- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfiguration.java +++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfiguration.java @@ -53,7 +53,7 @@ public interface SMTPConfiguration extends ProtocolConfiguration { * @param remoteIP the remote IP address in String form * @return whether SMTP authentication is on */ - boolean isAuthRequired(String remoteIP); + boolean isAuthAnnounced(String remoteIP); /** * Returns whether the remote server needs to send a HELO/EHLO diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfigurationImpl.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfigurationImpl.java index 012a31c..14fa4f2 100644 --- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfigurationImpl.java +++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPConfigurationImpl.java @@ -54,7 +54,7 @@ public class SMTPConfigurationImpl extends ProtocolConfigurationImpl implements * Return <code>false</code> */ @Override - public boolean isAuthRequired(String remoteIP) { + public boolean isAuthAnnounced(String remoteIP) { return false; } diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSession.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSession.java index 82ed979..0be25fb 100644 --- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSession.java +++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSession.java @@ -68,7 +68,7 @@ public interface SMTPSession extends ProtocolSession { * * @return authentication required or not */ - boolean isAuthSupported(); + boolean isAuthAnnounced(); /** diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSessionImpl.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSessionImpl.java index 5890081..3535d34 100644 --- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSessionImpl.java +++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/SMTPSessionImpl.java @@ -65,8 +65,8 @@ public class SMTPSessionImpl extends ProtocolSessionImpl implements SMTPSession } @Override - public boolean isAuthSupported() { - return getConfiguration().isAuthRequired(getRemoteAddress().getAddress().getHostAddress()); + public boolean isAuthAnnounced() { + return getConfiguration().isAuthAnnounced(getRemoteAddress().getAddress().getHostAddress()); } @Override diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/AbstractAuthRequiredToRelayRcptHook.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/AbstractAuthRequiredToRelayRcptHook.java index 2911e6a..8d08ca9 100644 --- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/AbstractAuthRequiredToRelayRcptHook.java +++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/AbstractAuthRequiredToRelayRcptHook.java @@ -53,7 +53,7 @@ public abstract class AbstractAuthRequiredToRelayRcptHook implements RcptHook { if (!session.isRelayingAllowed()) { Domain toDomain = rcpt.getDomain(); if (!isLocalDomain(toDomain)) { - if (session.isAuthSupported()) { + if (session.isAuthAnnounced()) { return AUTH_REQUIRED; } else { return RELAYING_DENIED; diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java index a56f3e1..c9e0ace 100644 --- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java +++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java @@ -466,7 +466,7 @@ public class AuthCmdHandler @Override public List<String> getImplementedEsmtpFeatures(SMTPSession session) { - if (session.isAuthSupported()) { + if (session.isAuthAnnounced()) { return ESMTP_FEATURES; } else { return Collections.emptyList(); diff --git a/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/DNSRBLHandlerTest.java b/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/DNSRBLHandlerTest.java index a0b48b6..3f88d4f 100644 --- a/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/DNSRBLHandlerTest.java +++ b/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/DNSRBLHandlerTest.java @@ -138,7 +138,7 @@ public class DNSRBLHandlerTest { } @Override - public boolean isAuthSupported() { + public boolean isAuthAnnounced() { return false; } diff --git a/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/ResolvableEhloHeloHandlerTest.java b/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/ResolvableEhloHeloHandlerTest.java index c53184a..0486c19 100644 --- a/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/ResolvableEhloHeloHandlerTest.java +++ b/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/core/fastfail/ResolvableEhloHeloHandlerTest.java @@ -55,7 +55,7 @@ public class ResolvableEhloHeloHandlerTest { HashMap<AttachmentKey<?>, Object> map = new HashMap<>(); @Override - public boolean isAuthSupported() { + public boolean isAuthAnnounced() { return authRequired; } diff --git a/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/utils/BaseFakeSMTPSession.java b/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/utils/BaseFakeSMTPSession.java index 3013f5f..e8c5b06 100644 --- a/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/utils/BaseFakeSMTPSession.java +++ b/protocols/smtp/src/test/java/org/apache/james/protocols/smtp/utils/BaseFakeSMTPSession.java @@ -78,7 +78,7 @@ public class BaseFakeSMTPSession implements SMTPSession { } @Override - public boolean isAuthSupported() { + public boolean isAuthAnnounced() { throw new UnsupportedOperationException("Unimplemented Stub Method"); } diff --git a/server/apps/cassandra-app/sample-configuration/smtpserver.xml b/server/apps/cassandra-app/sample-configuration/smtpserver.xml index 6018420..d02ddd5 100644 --- a/server/apps/cassandra-app/sample-configuration/smtpserver.xml +++ b/server/apps/cassandra-app/sample-configuration/smtpserver.xml @@ -45,7 +45,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -82,7 +84,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> @@ -120,7 +124,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> diff --git a/server/apps/cassandra-app/src/test/resources/smtpserver.xml b/server/apps/cassandra-app/src/test/resources/smtpserver.xml index dba8fcb..66c56eb 100644 --- a/server/apps/cassandra-app/src/test/resources/smtpserver.xml +++ b/server/apps/cassandra-app/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> @@ -59,7 +61,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -86,7 +90,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc b/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc index e6ead39..4de5611 100644 --- a/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc +++ b/server/apps/distributed-app/docs/modules/ROOT/pages/configure/smtp.adoc @@ -54,20 +54,35 @@ this case, if no body is present, the value "localhost" will be used. | connectionLimitPerIP | Set the maximum simultaneous incoming connections per IP for this service. -| handler.authRequired -| This is an optional tag with a boolean body. If true, then the server will -require authentication before delivering mail to non-local email addresses. If this tag is absent, or the value +| authRequired +| (deprecated) use auth.announce instead. + +This is an optional tag with a boolean body. If true, then the server will +announce authentication after HELO command. If this tag is absent, or the value is false then the client will not be prompted for authentication. Only simple user/password authentication is -supported at this time. supported values: +supported at this time. Supported values: + + * true: announced only to not authorizedAddresses + + * false: don't announce AUTH. If absent, *authorizedAddresses* are set to a wilcard to accept all remote hosts. + + * announce: like true, but always announce AUTH capability to clients + +Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network, +regardless of this option. + +| auth.announce +| This is an optional tag. Possible values are: + +* never: Don't announce auth. If absent, *authorizedAddresses* are set to a wilcard to accept all remote hosts. +This is the default behaviour. + +* always: always announce AUTH capability to clients. -* true: required but announced only to not authorizedAddresses -* false: don't use AUTH -* announce: like true, but always announce AUTH capability to clients +* forUnauthorizedAddresses: announced only to not authorizedAddresses -The correct behaviour per RFC value would be false or announce -but we still support true for backward compatibility and because -some webmail client fails when AUTH is announced but no authentication -information has been provided +Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network, +regardless of this option. | authorizedAddresses | Authorize specific addresses/networks. diff --git a/server/apps/distributed-app/sample-configuration/smtpserver.xml b/server/apps/distributed-app/sample-configuration/smtpserver.xml index 6018420..d02ddd5 100644 --- a/server/apps/distributed-app/sample-configuration/smtpserver.xml +++ b/server/apps/distributed-app/sample-configuration/smtpserver.xml @@ -45,7 +45,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -82,7 +84,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> @@ -120,7 +124,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> diff --git a/server/apps/distributed-app/src/test/resources/smtpserver.xml b/server/apps/distributed-app/src/test/resources/smtpserver.xml index dba8fcb..a4e1bcf 100644 --- a/server/apps/distributed-app/src/test/resources/smtpserver.xml +++ b/server/apps/distributed-app/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> @@ -56,10 +58,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -83,10 +84,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/apps/distributed-pop3-app/sample-configuration/smtpserver.xml b/server/apps/distributed-pop3-app/sample-configuration/smtpserver.xml index 9200f23..514a403 100644 --- a/server/apps/distributed-pop3-app/sample-configuration/smtpserver.xml +++ b/server/apps/distributed-pop3-app/sample-configuration/smtpserver.xml @@ -35,7 +35,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -62,7 +64,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> @@ -90,7 +94,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> diff --git a/server/apps/distributed-pop3-app/src/test/resources/smtpserver.xml b/server/apps/distributed-pop3-app/src/test/resources/smtpserver.xml index dba8fcb..a4e1bcf 100644 --- a/server/apps/distributed-pop3-app/src/test/resources/smtpserver.xml +++ b/server/apps/distributed-pop3-app/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> @@ -56,10 +58,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -83,10 +84,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/apps/jpa-app/sample-configuration/smtpserver.xml b/server/apps/jpa-app/sample-configuration/smtpserver.xml index 6018420..d02ddd5 100644 --- a/server/apps/jpa-app/sample-configuration/smtpserver.xml +++ b/server/apps/jpa-app/sample-configuration/smtpserver.xml @@ -45,7 +45,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -82,7 +84,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> @@ -120,7 +124,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> diff --git a/server/apps/jpa-app/src/test/resources/smtpserver.xml b/server/apps/jpa-app/src/test/resources/smtpserver.xml index dba8fcb..a4e1bcf 100644 --- a/server/apps/jpa-app/src/test/resources/smtpserver.xml +++ b/server/apps/jpa-app/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> @@ -56,10 +58,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -83,10 +84,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/apps/jpa-smtp-app/sample-configuration/smtpserver.xml b/server/apps/jpa-smtp-app/sample-configuration/smtpserver.xml index 6018420..d02ddd5 100644 --- a/server/apps/jpa-smtp-app/sample-configuration/smtpserver.xml +++ b/server/apps/jpa-smtp-app/sample-configuration/smtpserver.xml @@ -45,7 +45,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -82,7 +84,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> @@ -120,7 +124,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> diff --git a/server/apps/jpa-smtp-app/src/test/resources/smtpserver.xml b/server/apps/jpa-smtp-app/src/test/resources/smtpserver.xml index dba8fcb..a4e1bcf 100644 --- a/server/apps/jpa-smtp-app/src/test/resources/smtpserver.xml +++ b/server/apps/jpa-smtp-app/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> @@ -56,10 +58,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -83,10 +84,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/apps/memory-app/sample-configuration/smtpserver.xml b/server/apps/memory-app/sample-configuration/smtpserver.xml index 6018420..d02ddd5 100644 --- a/server/apps/memory-app/sample-configuration/smtpserver.xml +++ b/server/apps/memory-app/sample-configuration/smtpserver.xml @@ -45,7 +45,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -82,7 +84,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> @@ -120,7 +124,9 @@ <!-- Authorize only local users --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> diff --git a/server/apps/memory-app/src/test/resources/smtpserver.xml b/server/apps/memory-app/src/test/resources/smtpserver.xml index dba8fcb..a4e1bcf 100644 --- a/server/apps/memory-app/src/test/resources/smtpserver.xml +++ b/server/apps/memory-app/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> @@ -56,10 +58,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -83,10 +84,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/apps/spring-app/src/main/resources/smtpserver.xml b/server/apps/spring-app/src/main/resources/smtpserver.xml index 8c12ca1..3267cd0 100644 --- a/server/apps/spring-app/src/main/resources/smtpserver.xml +++ b/server/apps/spring-app/src/main/resources/smtpserver.xml @@ -83,22 +83,22 @@ <!-- Set the maximum simultaneous incoming connections per IP for this service --> <connectionLimitPerIP>0</connectionLimitPerIP> - - <!-- Uncomment this if you want to require SMTP authentication. + + <auth> + <!-- Uncomment this if you want to require SMTP authentication. supported values: - true: required but announced only to not authorizedAddresses - false: don't use AUTH - announce: like true, but always announce AUTH capability to clients + forUnauthorizedAddresses: announced only to not authorizedAddresses + never: don't announce AUTH + always: always announce AUTH capability to clients The correct behaviour per RFC value would be false or announce but we still support true for backward compatibility and because some webmail client fails when AUTH is announced but no authentication information has been provided --> - <!-- - <authRequired>true</authRequired> - --> + <!-- <announce>forUnauthorizedAddresses</announce> --> + </auth> <!-- CHECKME! --> <!-- Uncomment this if you want to authorize specific addresses/networks. diff --git a/server/apps/spring-app/src/test/resources/smtpserver.xml b/server/apps/spring-app/src/test/resources/smtpserver.xml index 0307dc2..abc6145 100644 --- a/server/apps/spring-app/src/test/resources/smtpserver.xml +++ b/server/apps/spring-app/src/test/resources/smtpserver.xml @@ -36,7 +36,9 @@ <connectionLimit> 0 </connectionLimit> <connectionLimitPerIP> 0 </connectionLimitPerIP> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <verifyIdentity>true</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> diff --git a/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SmtpGuiceProbe.java b/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SmtpGuiceProbe.java index 5c38a77..4c8ebaf 100644 --- a/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SmtpGuiceProbe.java +++ b/server/container/guice/protocols/smtp/src/main/java/org/apache/james/modules/protocols/SmtpGuiceProbe.java @@ -18,7 +18,7 @@ ****************************************************************/ package org.apache.james.modules.protocols; -import static org.apache.james.smtpserver.netty.SMTPServer.AuthenticationRequired.REQUIRED; +import static org.apache.james.smtpserver.netty.SMTPServer.AuthenticationAnnounceMode.FOR_UNAUTHORIZED_ADDRESSES; import java.net.InetSocketAddress; import java.util.function.Function; @@ -65,7 +65,7 @@ public class SmtpGuiceProbe implements GuiceProbe { } public Port getSmtpAuthRequiredPort() { - return getPort(server -> ((SMTPServer) server).getAuthRequired().equals(REQUIRED)); + return getPort(server -> ((SMTPServer) server).getAuthRequired().equals(FOR_UNAUTHORIZED_ADDRESSES)); } private Port getPort(Predicate<? super AbstractConfigurableAsyncServer> filter) { diff --git a/server/protocols/jmap-draft-integration-testing/memory-jmap-draft-integration-testing/src/test/resources/smtpserver.xml b/server/protocols/jmap-draft-integration-testing/memory-jmap-draft-integration-testing/src/test/resources/smtpserver.xml index d62267a..3a0a35f 100644 --- a/server/protocols/jmap-draft-integration-testing/memory-jmap-draft-integration-testing/src/test/resources/smtpserver.xml +++ b/server/protocols/jmap-draft-integration-testing/memory-jmap-draft-integration-testing/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> diff --git a/server/protocols/jmap-draft-integration-testing/rabbitmq-jmap-draft-integration-testing/src/test/resources/smtpserver.xml b/server/protocols/jmap-draft-integration-testing/rabbitmq-jmap-draft-integration-testing/src/test/resources/smtpserver.xml index dba8fcb..a4e1bcf 100644 --- a/server/protocols/jmap-draft-integration-testing/rabbitmq-jmap-draft-integration-testing/src/test/resources/smtpserver.xml +++ b/server/protocols/jmap-draft-integration-testing/rabbitmq-jmap-draft-integration-testing/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> @@ -56,10 +58,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -83,10 +84,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/protocols/jmap-rfc-8621-integration-tests/distributed-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml b/server/protocols/jmap-rfc-8621-integration-tests/distributed-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml index d62267a..3a0a35f 100644 --- a/server/protocols/jmap-rfc-8621-integration-tests/distributed-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml +++ b/server/protocols/jmap-rfc-8621-integration-tests/distributed-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> diff --git a/server/protocols/jmap-rfc-8621-integration-tests/memory-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml b/server/protocols/jmap-rfc-8621-integration-tests/memory-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml index d62267a..c030905 100644 --- a/server/protocols/jmap-rfc-8621-integration-tests/memory-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml +++ b/server/protocols/jmap-rfc-8621-integration-tests/memory-jmap-rfc-8621-integration-tests/src/test/resources/smtpserver.xml @@ -34,7 +34,9 @@ <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> <authRequired>false</authRequired> - <verifyIdentity>false</verifyIdentity> + <auth> + <announce>never</announce> + </auth> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> <smtpGreeting>Apache JAMES awesome SMTP Server</smtpGreeting> diff --git a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java index 56d15f3..824460d 100644 --- a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java +++ b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java @@ -18,10 +18,11 @@ ****************************************************************/ package org.apache.james.smtpserver.netty; -import static org.apache.james.smtpserver.netty.SMTPServer.AuthenticationRequired.ANNOUNCE; -import static org.apache.james.smtpserver.netty.SMTPServer.AuthenticationRequired.DISABLED; +import static org.apache.james.smtpserver.netty.SMTPServer.AuthenticationAnnounceMode.ALWAYS; +import static org.apache.james.smtpserver.netty.SMTPServer.AuthenticationAnnounceMode.NEVER; import java.util.Locale; +import java.util.Optional; import javax.inject.Inject; @@ -53,18 +54,33 @@ import org.slf4j.LoggerFactory; public class SMTPServer extends AbstractProtocolAsyncServer implements SMTPServerMBean { private static final Logger LOGGER = LoggerFactory.getLogger(AbstractProtocolAsyncServer.class); - public enum AuthenticationRequired { - DISABLED, - REQUIRED, - ANNOUNCE; - - public static AuthenticationRequired parse(String authRequiredString) { - if (authRequiredString.equals("true")) { - return REQUIRED; - } else if (authRequiredString.equals("announce")) { - return ANNOUNCE; + public enum AuthenticationAnnounceMode { + NEVER, + FOR_UNAUTHORIZED_ADDRESSES, + ALWAYS; + + public static AuthenticationAnnounceMode parseFallback(String authRequiredString) { + String sanitized = authRequiredString.trim().toLowerCase(Locale.US); + if (sanitized.equals("true")) { + return FOR_UNAUTHORIZED_ADDRESSES; + } else if (sanitized.equals("announce")) { + return ALWAYS; } else { - return DISABLED; + return NEVER; + } + } + + public static AuthenticationAnnounceMode parse(String authRequiredString) { + String sanitized = authRequiredString.trim().toLowerCase(Locale.US); + switch (sanitized) { + case "forUnauthorizedAddresses": + return FOR_UNAUTHORIZED_ADDRESSES; + case "always": + return ALWAYS; + case "neven": + return NEVER; + default: + throw new RuntimeException("Unknown value for 'auth.announce': " + authRequiredString + ". Should be one of always, never, forUnauthorizedAddresses"); } } } @@ -72,7 +88,7 @@ public class SMTPServer extends AbstractProtocolAsyncServer implements SMTPServe /** * Whether authentication is required to use this SMTP server. */ - private AuthenticationRequired authRequired = DISABLED; + private AuthenticationAnnounceMode authRequired = NEVER; /** * Whether the server needs helo to be send first @@ -147,16 +163,19 @@ public class SMTPServer extends AbstractProtocolAsyncServer implements SMTPServe public void doConfigure(HierarchicalConfiguration<ImmutableNode> configuration) throws ConfigurationException { super.doConfigure(configuration); if (isEnabled()) { - String authRequiredString = configuration.getString("authRequired", "false").trim().toLowerCase(Locale.US); - authRequired = AuthenticationRequired.parse(authRequiredString); - if (authRequired != DISABLED) { + authRequired = Optional.ofNullable(configuration.configurationAt("auth")) + .flatMap(authConfiguration -> Optional.ofNullable(configuration.getString("auth.announce", null))) + .map(AuthenticationAnnounceMode::parse) + .orElseGet(() -> AuthenticationAnnounceMode.parseFallback(configuration.getString("authRequired", "false"))); + + if (authRequired != NEVER) { LOGGER.info("This SMTP server requires authentication."); } else { LOGGER.info("This SMTP server does not require authentication."); } authorizedAddresses = configuration.getString("authorizedAddresses", null); - if (authRequired == DISABLED && authorizedAddresses == null) { + if (authRequired == NEVER && authorizedAddresses == null) { /* * if SMTP AUTH is not required then we will use * authorizedAddresses to determine whether or not to relay @@ -197,7 +216,7 @@ public class SMTPServer extends AbstractProtocolAsyncServer implements SMTPServe verifyIdentity = configuration.getBoolean("verifyIdentity", false); - if (authRequired == DISABLED && verifyIdentity) { + if (authRequired == NEVER && verifyIdentity) { throw new ConfigurationException( "SMTP configuration: 'verifyIdentity' can't be set to true if 'authRequired' is set to false."); } @@ -252,11 +271,11 @@ public class SMTPServer extends AbstractProtocolAsyncServer implements SMTPServe } @Override - public boolean isAuthRequired(String remoteIP) { - if (SMTPServer.this.authRequired == ANNOUNCE) { + public boolean isAuthAnnounced(String remoteIP) { + if (SMTPServer.this.authRequired == ALWAYS) { return true; } - if (SMTPServer.this.authRequired == DISABLED) { + if (SMTPServer.this.authRequired == NEVER) { return false; } return !SMTPServer.this.authorizedNetworks.matchInetNetwork(remoteIP); @@ -342,7 +361,7 @@ public class SMTPServer extends AbstractProtocolAsyncServer implements SMTPServe return new AllButStartTlsLineChannelHandlerFactory("starttls", AbstractChannelPipelineFactory.MAX_LINE_LENGTH); } - public AuthenticationRequired getAuthRequired() { + public AuthenticationAnnounceMode getAuthRequired() { return authRequired; } } diff --git a/server/protocols/protocols-smtp/src/test/resources/smtpserver-dsn.xml b/server/protocols/protocols-smtp/src/test/resources/smtpserver-dsn.xml index d6b548e..25f7929 100644 --- a/server/protocols/protocols-smtp/src/test/resources/smtpserver-dsn.xml +++ b/server/protocols/protocols-smtp/src/test/resources/smtpserver-dsn.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <verifyIdentity>true</verifyIdentity> <maxmessagesize>0</maxmessagesize> <addressBracketsEnforcement>true</addressBracketsEnforcement> diff --git a/server/protocols/webadmin-integration-test/distributed-webadmin-integration-test/src/test/resources/smtpserver.xml b/server/protocols/webadmin-integration-test/distributed-webadmin-integration-test/src/test/resources/smtpserver.xml index bbad9a8..2ffd9aa 100644 --- a/server/protocols/webadmin-integration-test/distributed-webadmin-integration-test/src/test/resources/smtpserver.xml +++ b/server/protocols/webadmin-integration-test/distributed-webadmin-integration-test/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>0.0.0.0/0</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> diff --git a/server/protocols/webadmin-integration-test/memory-webadmin-integration-test/src/test/resources/smtpserver.xml b/server/protocols/webadmin-integration-test/memory-webadmin-integration-test/src/test/resources/smtpserver.xml index 61429fe..965bb6b 100644 --- a/server/protocols/webadmin-integration-test/memory-webadmin-integration-test/src/test/resources/smtpserver.xml +++ b/server/protocols/webadmin-integration-test/memory-webadmin-integration-test/src/test/resources/smtpserver.xml @@ -33,7 +33,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <authRequired>false</authRequired> + <auth> + <announce>never</announce> + </auth> <authorizedAddresses>0.0.0.0/0</authorizedAddresses> <verifyIdentity>false</verifyIdentity> <maxmessagesize>0</maxmessagesize> @@ -57,10 +59,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>0.0.0.0/0</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> @@ -85,10 +86,9 @@ <connectiontimeout>360</connectiontimeout> <connectionLimit>0</connectionLimit> <connectionLimitPerIP>0</connectionLimitPerIP> - <!-- - Authorize only local users - --> - <authRequired>true</authRequired> + <auth> + <announce>forUnauthorizedAddresses</announce> + </auth> <authorizedAddresses>0.0.0.0/0</authorizedAddresses> <!-- Trust authenticated users --> <verifyIdentity>false</verifyIdentity> diff --git a/src/site/xdoc/server/config-smtp-lmtp.xml b/src/site/xdoc/server/config-smtp-lmtp.xml index 6016442..6adcaf8 100644 --- a/src/site/xdoc/server/config-smtp-lmtp.xml +++ b/src/site/xdoc/server/config-smtp-lmtp.xml @@ -76,19 +76,30 @@ <dd>Set the maximum simultaneous incoming connections for this service.</dd> <dt><strong>handler.connectionLimitPerIP</strong></dt> <dd>Set the maximum simultaneous incoming connections per IP for this service.</dd> - <dt><strong>handler.authRequired</strong></dt> - <dd>This is an optional tag with a boolean body. If true, then the server will - require authentication before delivering mail to non-local email addresses. If this tag is absent, or the value - is false then the client will not be prompted for authentication. Only simple user/password authentication is - supported at this time. supported values: - true: required but announced only to not authorizedAddresses - false: don't use AUTH - announce: like true, but always announce AUTH capability to clients + <dt><strong>authRequired</strong></dt> + <dd>(deprecated) use auth.announce instead. + This is an optional tag with a boolean body. If true, then the server will + announce authentication. If this tag is absent, or the value + is false then the client will not be prompted for authentication. Only simple user/password authentication is + supported at this time. supported values: + true: announced only to not authorizedAddresses + false: don't announce AUTH. If absent, *authorizedAddresses* are set to a wilcard to accept all remote hosts. + announce: like true, but always announce AUTH capability to clients - The correct behaviour per RFC value would be false or announce - but we still support true for backward compatibility and because - some webmail client fails when AUTH is announced but no authentication - information has been provided</dd> + Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network, + regardless of this option.</dd> + <dt><strong>auth.announce</strong></dt> + <dd>This is an optional tag. Possible values are:<br/> + + * never: Don't announce auth. If absent, *authorizedAddresses* are set to a wilcard to accept all remote hosts. + This is the default behaviour.<br/> + + * always: always announce AUTH capability to clients.<br/> + + * forUnauthorizedAddresses: announced only to not authorizedAddresses<br/> + + Please note that emails are only relayed if, and only if, the user did authenticate, or is in an authorized network, + regardless of this option.</dd> <dt><strong>handler.authorizedAddresses</strong></dt> <dd>Authorize specific addresses/networks. If you use SMTP AUTH, addresses that match those specified here will --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
