[jira] [Commented] (JAMES-2969) RemoteDelivery should be tested against startTls/ssl

Wed, 09 Sep 2020 08:21:11 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-2969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17192939#comment-17192939
 ] 

Tolga Kaprol commented on JAMES-2969:
-------------------------------------

I found port setup on James test configurations, there is no special purpose 
for that. I also tried the following configuration but it's also failed. 


<mailet match="All" class="RemoteDelivery">
                <outgoingQueue>outgoing</outgoingQueue>
                <delayTime>5000, 100000, 500000</delayTime>
                <maxRetries>25</maxRetries>
                <maxDnsProblemRetries>0</maxDnsProblemRetries>
                <deliveryThreads>10</deliveryThreads>
                <sendpartial>true</sendpartial>
                <bounceProcessor>bounces</bounceProcessor>
                <startTLS>true</startTLS>
 
            </mailet>

> RemoteDelivery should be tested against startTls/ssl
> ----------------------------------------------------
>
>                 Key: JAMES-2969
>                 URL: https://issues.apache.org/jira/browse/JAMES-2969
>             Project: James Server
>          Issue Type: Improvement
>          Components: Remote Delivery, tests
>    Affects Versions: master
>            Reporter: Benoit Tellier
>            Priority: Major
>         Attachments: image-2020-09-09-17-58-56-676.png
>
>
> Many users reported issue configuring SSL/startTLS for RemoteDelivery 
> (JAMES-2961).
> While working on the topic arised the question of being more strict upon 
> RemoteDelivery regarding SSL/startTLS (see 
> https://github.com/linagora/james-project/pull/2823)
> Underlying such a choice, I want to bring people attention that we currently 
> have no integration tests on RemoteDelivery SSL / startTls, and lack the 
> dockerized SSL SMTP servers to add this to the James test suite.
> We should:
>  - Ensure that, when enabled, James uses startTls by default
>  - Ensure that, when not strict, and startTls fails, james still sends the 
> mail
>  - Ensure that, when strict, and startTls fails, james do not send the mail
>  - Ensure that, when enabled, James defaults to SSL
>  - Ensure that, when enabled and strict, James refuses to transfer a mail to 
> a mail server not supporting ssl.
> Tests regarding cypherSuites and protocols should be considered a bonus.
> Also, we need to check what happens when one does mix startTls with ssl 
> options.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to