[
https://issues.apache.org/jira/browse/JAMES-4183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Tellier updated JAMES-4183:
----------------------------------
Description:
h3. Why?
Customer use case: then use SMTP ip whitelisting for sending emails from 3rd
party apps, which do not (easily) support authentication. (ahhhhh printers... )
The problem is that emails sent from these IP are able to send emails with any
sender which is freely accepted by the James server. My customer wishes a way
to limit the senders that could be used from those hosts.
h3. How?
Have a extra Mail SMTP hooks that allows configuring allowed senders for emails
originating from the IP whitelist.
Current proposal:
{code:java}
<smtpserver enabled="true">
<bind>0.0.0.0:25</bind>
<!-- ... -->
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
<!-- ... -->
<handlerchain>
<handler
class="org.apache.james.smtpserver.fastfail.AllowedUnauthenticatedSender">
<allowedSenders>
<allowedSender>[email protected]</allowedSender> <!--
allowed for all unauthenticated users sending from allowed Ips-->
<allowedSender
fromIps="172.34.56.0/24,172.34.53.123/32">[email protected]</allowedSender>
<!-- Ability to say which host can be used where -->
</allowedSenders>
</handler>
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
{code}
This hook would trigger if:
- Relaying is allowed
- No user is set
was:
h3. Why?
Customer use case: then use SMTP ip whitelisting for sending emails from 3rd
party apps, which do not (easily) support authentication. (ahhhhh printers... )
The problem is that emails sent from these IP are able to send emails with any
sender which is freely accepted by the James server. My customer wishes a way
to limit the senders that could be used from those hosts.
h3. How?
Have a extra Mail SMTP hooks that allows configuring allowed senders for emails
originating from the IP whitelist.
Current proposal:
{code:java}
<smtpserver enabled="true">
<bind>0.0.0.0:25</bind>
<!-- ... -->
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
<!-- ... -->
<handlerchain>
<handler
class="org.apache.james.smtpserver.AllowedUnauthenticatedSender">
<allowedSenders>
<allowedSender>[email protected]</allowedSender> <!--
allowed for all unauthenticated users sending from allowed Ips-->
<allowedSender
fromIps="172.34.56.0/24,172.34.53.123/32">[email protected]</allowedSender>
<!-- Ability to say which host can be used where -->
</allowedSenders>
</handler>
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
{code}
This hook would trigger if:
- Relaying is allowed
- No user is set
> SMTP ip whitelist: ability to limit senders
> -------------------------------------------
>
> Key: JAMES-4183
> URL: https://issues.apache.org/jira/browse/JAMES-4183
> Project: James Server
> Issue Type: Improvement
> Components: SMTPServer
> Reporter: Benoit Tellier
> Priority: Major
>
> h3. Why?
> Customer use case: then use SMTP ip whitelisting for sending emails from 3rd
> party apps, which do not (easily) support authentication. (ahhhhh printers...
> )
> The problem is that emails sent from these IP are able to send emails with
> any sender which is freely accepted by the James server. My customer wishes a
> way to limit the senders that could be used from those hosts.
> h3. How?
> Have a extra Mail SMTP hooks that allows configuring allowed senders for
> emails originating from the IP whitelist.
> Current proposal:
> {code:java}
> <smtpserver enabled="true">
> <bind>0.0.0.0:25</bind>
> <!-- ... -->
> <authorizedAddresses>127.0.0.0/8</authorizedAddresses>
> <!-- ... -->
> <handlerchain>
> <handler
> class="org.apache.james.smtpserver.fastfail.AllowedUnauthenticatedSender">
> <allowedSenders>
> <allowedSender>[email protected]</allowedSender> <!--
> allowed for all unauthenticated users sending from allowed Ips-->
> <allowedSender
> fromIps="172.34.56.0/24,172.34.53.123/32">[email protected]</allowedSender>
> <!-- Ability to say which host can be used where -->
> </allowedSenders>
> </handler>
> <handler
> class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
> </handlerchain>
> </smtpserver>
> {code}
> This hook would trigger if:
> - Relaying is allowed
> - No user is set
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
