BlobStore Configuration

BlobStore is the dedicated component to store blobs, non-indexable content. James uses the BlobStore for storing blobs which are usually mail contents, attachments, deleted mails... You can choose the underlying implementation of BlobStore to fit with your James setup. It could be the implementation on top of Cassandra or file storage service like Openstack Swift, AWS S3. This configuration is only applicable with Guice products.

Consult in GIT to get some examples and hints.

Blobs storing configuration

cassandra: use cassandra based BlobStore
s3: use AWS S3 based BlobStore
WARNING: JAMES-3591 Cassandra is not made to store large binary content, its use will be suboptimal compared to alternatives (namely S3 compatible BlobStores backed by for instance S3, MinIO or Ozone)
The generated startup warning log can be deactivated via the environment variable being positioned to false.
Mandatory. Supported value: true and false.
If you choose to enable deduplication, the mails with the same content will be stored only once.
Warning: Once this feature is enabled, there is no turning back as turning it off will lead to the deletion of all
the mails sharing the same content once one is deleted.
This feature also requires a garbage collector mechanism to effectively drop blobs. A first implementation based on bloom filters can be used and triggered using the WebAdmin REST API. See Running blob garbage collection. In order to avoid concurrency issues upon garbage collection, we slice the blobs in generation, the two more recent generations are not garbage collected.
Allow controlling the duration of one generation. Longer implies better deduplication but deleted blobs will live longer. Duration, defaults on 30 days, the default unit is in days.
Every time the duration is changed, this integer counter must be incremented to avoid conflicts. Defaults to 1.
Upgrade note: If you are upgrading from James 3.5 or older, the deduplication was enabled.

Cassandra BlobStore Cache

A Cassandra cache can be enabled to reduce latency when reading small blobs frequently. A dedicated keyspace with a replication factor of one is then used. Cache eviction policy is TTL based. Only blobs below a given threshold will be stored. To be noted that blobs are stored within a single Cassandra row, hence a low threshold should be used.

DEFAULT: false, optional, must be a boolean. Whether the cache should be enabled.
DEFAULT: 7 days, optional, must be a duration. Cache eviction policy is TTL based.
DEFAULT: 8192, optional, must be a positive integer. Unit: bytes. Supported units: bytes, Kib, MiB, GiB, TiB Maximum size of stored objects expressed in bytes.

Encryption choice

Data can be optionally encrypted with a symmetric key using AES before being stored in the blobStore. As many user relies on third party for object storage, a compromised third party will not escalate to a data disclosure. Of course, a performance price have to be paid, as encryption takes resources.

Optional boolean, defaults to false

If AES encryption is enabled, then the following properties MUST be present:

Hexadecimal string.

If AES encryption is enabled, then the following properties COULD be present:

String, defaulting to PBKDF2WithHmacSHA512. Previously was PBKDF2WithHmacSHA1.

WARNING: Once chosen this choice can not be reverted, all the data is either clear or encrypted. Mixed encryption is not supported.

Here is an example of how you can generate the above values (be mindful to customize the byte lengths in order to add enough entropy.

# Password generation
openssl rand -base64 64

# Salt generation
generate salt with : openssl rand -hex 16

ObjectStorage BlobStore Buckets Configuration

Bucket is an concept in James and similar to Containers in Swift or Buckets in AWS S3. BucketPrefix is the prefix of bucket names in James BlobStore
BlobStore default bucket name. Most of blobs storing in BlobStore are inside the default bucket. Unless a special case like storing blobs of deleted messages.

ObjectStorage Underlying Service Configuration

ObjectStorage AWS S3 Configuration

S3 service endpoint
S3 region
S3 access key id
S3 access key secret
Allow setting the number of concurrent HTTP requests allowed by the Netty driver.
optional: Verify the S3 server certificate against this trust store file.
optional: Specify the type of the trust store, e.g. JKS, PKCS12
optional: Use this secret/password to access the trust store; default none
optional: Use this specific trust store algorithm; default SunX509
optional: HTTP read timeout. duration, default value being second. Leaving it empty relies on S3 driver defaults.
optional: HTTP write timeout. duration, default value being second. Leaving it empty relies on S3 driver defaults.
optional: HTTP connection timeout. duration, default value being second. Leaving it empty relies on S3 driver defaults.
optional: Object read in memory will be rejected if they exceed the size limit exposed here. Size, exemple `100M`. Supported units: K, M, G, defaults to B if no unit is specified. If unspecified, big object won't be prevented from being loaded in memory. This settings complements protocol limits.