Thanks! I'm reading the Matcher/Mailet documentation. Does this Matcher process occur before the entire message has been read I wonder? I wonder if the code which traverses the Matchers asking for matches, could be reworked to ask a generic, "give me the appropriate handler for this recipient."
I'll try to sum up more clearly what I'm thinking: Instead of having James read an entire message stream, then matcher it, and instantiate a mailet - James would read just the minimum amount of information to find out who the mail is destined for, and then redirect the stream to an appropriate handler. So: 1. mail header comes in, James sees "To: John" 2. Mechanism which usually reads rest of stream and instantiates a Mailet, instead immediately requests from the "system" the appropriate handler for all of "John's" mail. 3. System responds with custom user handler "John" has provided previously. 4. John's user handler reads/interprets the stream and encrypts it to an external data store. The extra about ssl stuff is: I would like John's handler to be able to re-form the ssl connection. This would provide at least minimum protection of MITM. But I don't see a nice way to do this unless mail can be redirected to a certain port of a certain ip, (not just an ip). And even if this is the case, there is nothing stopping the original handler (me) from reading the entire message anyway, before redirecting? -tim On May 1, 2012, at 6:30 AM, Eric Charles wrote: > Hi Timothy, > See answers in line. > Thx, Eric > > On 04/29/2012 08:04 PM, Timothy Prepscius wrote: >> Hello, >> >> I've been researching whether an idea I have is technically feasible. >> I think it might be, if the 551 User not local; please try<forward-path> is >> implemented generally. >> > > Can you give more details on what you are asking? > >> But I thought I would ask the experts :-) >> >> ----------- >> >> Here is my technical question: >> >> >> I want to set up a mail server that: >> >> 1. waits for an incoming mail. >> 2. on RCPT TO: >> A. starts a single servlet listening on a specific-ip, which will >> accept a single message, write it to disk. >> B. specifies to the sender to forward to a specific >> [email protected]_domain.net. >> > > James uses mailets to process mails. It will not start any servlet. Rather, > you have to implement the logic in your own mailet. > > See http://james.apache.org/server/3/dev-extend-mailet.html > >> Would this raise problems? Forwarding all messages? >> >> Another solution I can see, might be if I can tell an ssl connection to >> "re-verify, re-initiate, re-set" it self somehow. >> I haven't figured out how to do this, or if there is a way. >> > > You should not hook in the SSL protocol? Why do you need this? > >> >> ------ >> >> >> Here is the larger problem I'm trying to solve: >> > > Sorry, I'm lost here... > >> I would like to set up a gmail type service. >> Except each user would own the "data-store," and as well, own the "receiver" >> of the their messages. >> >> >> So I would run an email service. >> Each user would give me a receiver java class. (or just pick the default) >> Each user would give me a data store to write to. (s3.amazon most likely) >> >> >> I would sit waiting for an email, I get a header for John. >> >> I *do not* read the contents of the email. >> Instead I load John's receiver java class and tell the sender to re-initiate >> the transfer using (I would like a specific port, but I don't see any >> references to ports in the smtp docs) a specific IP. >> >> John's script will load and bind to that ip, receive the email, encrypt it >> with a public key. >> I write the encrypted email to the data store specified by john. >> >> John owns all of his data, I am merely the "router." >> >> >> -- >> >> The reason I want to re-initiate the connection between the sender and the >> receiver, is John considers me "untrusted." >> >> Unfortunately, I can't see any way of convincing John that I don't become a >> MITM in the final SSL exchange. >> (I could accept the entire message, and then synthesize the connection to >> John's "receiver.") >> >> I sort of wonder whether I should keep the same connection, but have John >> issue the "DATA" request. >> But then I could observe the connection. MITM would simple as pie. >> >> Of course, even with a separate connection, if I am using the JVM I can >> observe anything he does anyway. >> Even if I were to separate the process, I could observe the state of the JVM >> machine. >> Even if there were no JVM, I could still inspect his process. >> >> Hmm... >> >> I wish there were some way that I could create a "secure JVM process" with >> an "execution time limit." >> >> Oh well. >> >> ------- >> >> Any thoughts? >> >> Even if I am not able to assure no MITM I would like to implement the "pass >> a ssl connection" to a "user provided receiver class" and have that >> "receiver class" write to a "pipe" which I then write to s3. >> >> Do able with James? >> >> >> Thanks for your time, >> >> >> -tim >> >> >> >> >> >> >> >> > > -- > eric | http://about.echarles.net | @echarles > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
