Hello Felix, 1. I lack knowledge over how the Apple mail application is working, and especially how it works regarding self signed certificates. If they reject your self signed certificates, and do not offer a way to bypass security checks, then yes you might need to disable TLS in your testing environment as you describes it.
2. Impersonation though the use of IMAP AUTHENTICATE plain is supported (requires client support though). See this protocol example: https://github.com/apache/james-project/blob/e7e2c912d9ca59c6f4cc6c8b75ce4994038c08f7/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/AuthenticatePlain.test#L99 The interface you want to override in your custom setup to control this: https://github.com/apache/james-project/blob/master/mailbox/api/src/main/java/org/apache/james/mailbox/Authorizator.java Best regards, Benoit TELLIER On 27/12/2021 00:19, Felix Ingram wrote: > Hello all, > > Thanks to some pointers from Benoit, I’ve been able to build a custom version > of the example single-node Cassandra app. I’ve implemented a custom > domainlist module, as I need to accept wildcard domains, and I’ve written a > Mailet that creates users on the fly (which is also required). > > I have a couple of questions, however: > > 1. I can’t seem to authenticate to the IMAP server running on localhost using > Apple Mail, unless I disable TLS and allow PLAIN authentication. I also can’t > connect with Himalaya (https://github.com/soywod/himalaya > <https://github.com/soywod/himalaya>) at all, though that may well be an > issue on their end. I have my custom server running on docker on my MacBook - > can anyone think of a reason why auth isn’t working? > > 2. For my production server, I will have the requirement for multiple users > to access the same mailbox - is there a recommended way to do this? I was > thinking that something like API keys would be appropriate and I suppose this > is equivalent to users having multiple valid passwords. Would I need to > implement my own custom UsersDAO class for this? I would want this to work > with IMAP, JMAP and SMTP auth. The other option is to defer to LDAP instead > and handle auth elsewhere. Any tips gratefully received. > > Thanks again to Benoit. > > Many thanks, > > Felix --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
