James Configuration

To use cryptography mailets, the required Bouncy Castle libraries must be installed in james/lib . It is recommended that the correct versions for the JVM are used.

To use the mailets, the package org.apache.james.mailet.crypto.mailet must be available. To use the matchers, org.apache.james.mailet.crypto.matcher must be. For example:

                
                    <mailetpackages>
                    ...
                    <mailetpackage>org.apache.james.mailet.crypto.mailet</mailetpackage>
                    </mailetpackages>
                    <matcherpackages>
                    ...
                    <matcherpackage>org.apache.james.mailet.crypto.matcher</matcherpackage>
                    </matcherpackages>
                

Example SMIME mailet configurations:

                
                    <mailet match="IsSMIMEEncrypted" class="SMIMEDecrypt">
                    <keyStoreType>pkcs12</keyStoreType>
                    <keyStoreFileName>c:/path.pfx</keyStoreFileName>
                    <keyStorePassword>myKeyStorePass</keyStorePassword>
                    <keyAlias>myKeyAlias</keyAlias>
                    <keyAliasPassword>myKeyPass</keyAliasPassword>
                    </mailet>

                    <mailet match="IsSMIMESigned" class="SMIMECheckSignature">
                    <keyStoreType>pkcs12</keyStoreType>
                    <keyStoreFileName>c:/path.pfx</keyStoreFileName>
                    <keyStorePassword> myKeyStorePass
                    </keyStorePassword> <strip>false</strip>
                    <onlyTrusted>true</onlyTrusted>
                    </mailet>
                

Matcher example: messages signed by trusted users never are spam Messages with valid signatures will never be considered spam. This can be a valid policy *if* SMIMECheckSignature was invoked with true set
                
                    <mailet
                    match="HasMailAttribute=org.apache.james.SMIMECheckSignature"
                    class="ToProcessor">
                    <processor>transport</processor>
                    </mailet>
                

Signing example: Add a server-side signature to all mail.

                
                    <mailet
                    match="HasMailAttribute=org.apache.james.SMIMECheckSignature"
                    class="SetMimeHeader">
                    <name>X-WasSigned</name>
                    <value>true</value>
                    </mailet>

                    <mailet match="All" class="SMIMESign" onMailetException="ignore">
                    <keyStoreType>jks</keyStoreType>
                    <keyStoreFileName>path.keystore</keyStoreFileName>
                    <keyStorePassword>myKeyStorePass</keyStorePassword>
                    <keyAlias>myKeyAlias</keyAlias>
                    <keyAliasPassword>myKeyPass</keyAliasPassword>
                    <signerName>XXX Trusted Server</signerName>
                    <rebuildFrom>true</rebuildFrom>
                    <postmasterSigns>true</postmasterSigns>
                    <debug>true</debug>
                    </mailet>