2

When I send an email from my Apache JAMES SMTP server to my Gmail address, Gmail receives the email but apparently not via TLS encryption. Gmail shows the show red lock icon saying '[my server] did not encrypt this message.' The email headers also do not indicate receipt via TLS.

I have turned on TLS for my Apache JAMES SMTP server. Here is the relevant part from my smtpserver.xml:

<tls socketTLS="false" startTLS="true">
    <keystore>[my-jks-file]</keystore>
    <secret>[my-jks-password]</secret>
    <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
</tls>

I have also tried using

<tls socketTLS="true" startTLS="false">

instead but it did not fix the problem.

When I try testing my Apache JAMES email address using https://www.checktls.com/TestReceiver the report says everything (including TLS) passed. Testing my server domain using https://mxtoolbox.com/diagnostic.aspx also says TLS passed.

Why are the emails not being encrypted?

Ray Zhang
  • 1,411
  • 4
  • 18
  • 36
  • Are all those tests testing the incoming connections to your server? It's the outgoing connection from your server to Gmail that matters. (I don't know how to configure that in James.) – Bill Shannon Apr 05 '19 at 06:14

3 Answers3

1

I too am having the same problem, trying to get emails pushed from email clients through Apache James onto Gmail, and Gmail is reporting that they have not been securely received.

From what I understand looking at Apache James documentation and source code, it is the RemoteDelivery mailet that is in charge of sending out emails to recipent email servers. https://james.apache.org/server/3/dev-provided-mailets.html The doc and RemoteDelivery.java source code says RemoteDelivery contains the two properties:

  • startTLS: a Boolean (true/false) indicating whether the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Default is false.
  • sslEnable: a Boolean (true/false) indicating whether to use SSL to connect and use the SSL port unless explicitly overridden. Default is false.

startTLS seems like the key here, where when James is negotiating a connection to Gmail's servers it should try to upgrade an insecure connection to a secure one if Gmail allows it.

I'm running Apache James 2.3.2 and in the /path/to/James/apps/james/SAR.INF/conf.xml file, under the Remove delivery section:

<mailet match="All" class="RemoteDelivery">

I tried setting setting properties to true 

<startTLS>true</startTLS>
<sslEnable>true</sslEnable>

However James is still not sending secure emails to Gmail. So I'm out of ideas.

FYI in Apache James version 3.4 the RemoteDelivery configurations appears to be relocated to the conf/mailcontainer.xml file.

Mr Rowe
  • 141
  • 1
  • 11
  • According to Apache James mail list post https://www.mail-archive.com/server-user@james.apache.org/msg13456.html startTLS is the property that needs to be set to true for the RemoteDelivery mailet. Still trying to work out why Gmail isn't playing nice for me. – Mr Rowe Oct 18 '19 at 10:26
  • thanks email send successfully over tls when using below properties false true – Tanuj Verma May 21 '20 at 14:28
0

SocketTLS and startTLS only affect the encryption method of James inbound mail, and the encryption of mail sent from James, which affects the encryption of the gmail red lock, requires additional configuration. The test result mail is passed in Gmail: "security: Standard encryption (TLS)". My configuration(Apache James version:2.3.2) is like this:

<mail.smtp.port>25</mail.smtp.port>
<mail.smtp.starttls.enable>true</mail.smtp.starttls.enable>
<mail.smtp.auth>false</mail.smtp.auth>
<mail.smtps.auth>false</mail.smtps.auth>
<mail.smtp.socketFactory.port>25</mail.smtp.socketFactory.port>
<mail.smtp.socketFactory.fallback>false</mail.smtp.socketFactory.fallback>

<mail.smtps.ssl.protocols>TLSv1.2</mail.smtps.ssl.protocols>

<mail.transport.protocol>smtp</mail.transport.protocol>
<mail.smtps.port>465</mail.smtps.port>
<mail.smtps.ssl.enable>true</mail.smtps.ssl.enable>
<mail.smtps.starttls.enable>false</mail.smtps.starttls.enable>
<mail.smtps.socketFactory.port>465</mail.smtps.socketFactory.port>
<mail.smtps.socketFactory.class>javax.net.ssl.SSLSocketFactory</mail.smtps.socketFactory.class>
<mail.smtps.socketFactory.fallback>false</mail.smtps.socketFactory.fallback>

Just like setting properties in the java code in Christos's answer: Java mail cannot connect to smtp using tls or ssl.

Evan Chen
  • 1
  • 1
0

According to above answers and/or comments, if anyone gets this problem in Apache James 3.7.0, you can try to seach for RemoteDelivery in mailetcontainer.xml and add:

<startTLS>true</startTLS>

Additionally, I currently do not know if it is necessary to add <sslEnable>true</sslEnable> while outgoing emails are encrypted and Gmail knows this without this setting. If you know this should be set up, you can explain why for anyone who needs to know. I do not set up this now because sending emails with <sslEnable>true</sslEnable> seems to be slower than this setting is removed (I feel this).

Huy Van
  • 1
  • 2