[
https://issues.apache.org/jira/browse/JAMES-2969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17192920#comment-17192920
]
Tolga Kaprol commented on JAMES-2969:
-------------------------------------
Hello,
I tried to set all configuration options that I found so far however James can
not send e-mails over TLS. Here is parameters that I used so far:
<startTLS>true</startTLS>
<sslEnable>true</sslEnable>
<mail.smtp.ssl.enable>true</mail.smtp.ssl.enable>
<mail.smtp.ssl.checkserveridentity>true</mail.smtp.ssl.checkserveridentity>
<mail.smtp.port>465</mail.smtp.port>
<!--<mail.smtp.port>587</mail.smtp.port>-->
<mail.smtp.starttls.required>true</mail.smtp.starttls.required>
<mail.smtp.starttls.enable>true</mail.smtp.starttls.enable>
<mail.debug>true</mail.debug>
Currently Gmail marks all mails as insecure as shown below:
!image-2020-09-09-17-58-56-676.png!
Also CheckTLS.com tests are failing as well:
{code:java}
FAILED //email/test From:
Your email was sent, however it was NOT SENT SECURELY using TLS.
{code}
> RemoteDelivery should be tested against startTls/ssl
> ----------------------------------------------------
>
> Key: JAMES-2969
> URL: https://issues.apache.org/jira/browse/JAMES-2969
> Project: James Server
> Issue Type: Improvement
> Components: Remote Delivery, tests
> Affects Versions: master
> Reporter: Benoit Tellier
> Priority: Major
> Attachments: image-2020-09-09-17-58-56-676.png
>
>
> Many users reported issue configuring SSL/startTLS for RemoteDelivery
> (JAMES-2961).
> While working on the topic arised the question of being more strict upon
> RemoteDelivery regarding SSL/startTLS (see
> https://github.com/linagora/james-project/pull/2823)
> Underlying such a choice, I want to bring people attention that we currently
> have no integration tests on RemoteDelivery SSL / startTls, and lack the
> dockerized SSL SMTP servers to add this to the James test suite.
> We should:
> - Ensure that, when enabled, James uses startTls by default
> - Ensure that, when not strict, and startTls fails, james still sends the
> mail
> - Ensure that, when strict, and startTls fails, james do not send the mail
> - Ensure that, when enabled, James defaults to SSL
> - Ensure that, when enabled and strict, James refuses to transfer a mail to
> a mail server not supporting ssl.
> Tests regarding cypherSuites and protocols should be considered a bonus.
> Also, we need to check what happens when one does mix startTls with ssl
> options.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
