[Building Sakai] EmailService, SSL, TLS

Mon Sep 21 14:41:53 PDT 2009

I wholeheartedly agree. One of our partner institutions uses Google 
Mail's SMTP server, over TLS; that's why I wrote the patch. I've never 
come across anybody encrypting email at the transport level before. I've 
always used Enigmail when I've occasionally wanted to encrypt something. 
As for SMTP authentication, again I've found that most institutions are 
happy with locking their SMTP server down by firewall.

I don't expect the patch to get a lot of use either, but at least we can 
say 'Sakai does secure mail' now :)

Cheers,

Adrian.

Carl F. Hall wrote:
> Changing smtpUseSSL to smtpUseTLS is the easiest way to resolve the current issue, but I think both options (SSL, TLS) should be in there to give better flexibility of the service.  SSL and TLS are off by default, so the probability of someone running into this issue is equal to the number of people that try to connect using SSL to their mail server which I think to be pretty low.
>
>
> ----- Original Message -----
> From: "Adrian Fish" <a.fish at lancaster.ac.uk>
> To: "David Horwitz" <david.horwitz at uct.ac.za>
> Cc: "carl hall" <carl.hall at gatech.edu>, "sakai-dev" <sakai-dev at collab.sakaiproject.org>
> Sent: Monday, September 21, 2009 4:50:39 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [Building Sakai] EmailService, SSL, TLS
>
> Hi David, Carl,
>
> Why not just change m_smtpUseSSL to m_smtpUseTLS as well as changing the 
> name of the sakai.properties prop to smtpUseTLS? smtpUseSSL was a bad 
> choice of parameter name; I hold my hand up :) It is off by default 
> though, isn't it? If the parameter is not specified, or is false, the 
> property is not set.
>
> Cheers,
>
> Adrian.
>
> David Horwitz wrote:
>   
>> Hi Carl,
>>
>> Quite right that should be off by default - will you jira and I'll fix it.
>>
>> D
>>
>> carl.hall at gatech.edu wrote:
>>   
>>     
>>> I happened to notice in the email service that the following exists:
>>>
>>> if(m_smtpUseSSL)
>>>   props.put("mail.smtp.starttls.enable", "true");
>>>
>>> I believe this is not quite right.  Using SSL takes a little more setup work and doesn't imply TLS.  I don't mind putting in a patch for this but wanted to make sure I'm not missing something here.  Can someone else confirm this, please?
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>>   
>>>     
>>>       
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>
>>   
>>     
>
>   

-- 
==================================
Adrian Fish
Software Engineer
Centre for e-Science
Bowland Tower South C Floor
Lancaster University
Lancaster
LA1 4YW
email: a.fish at lancaster.ac.uk

http://confluence.sakaiproject.org/display/YAFT/Yaft
http://confluence.sakaiproject.org/display/BLOG/Home
http://confluence.sakaiproject.org/display/AGORA/Home

-------------- next part --------------
A non-text attachment was scrubbed...
Name: a_fish.vcf
Type: text/x-vcard
Size: 299 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20090921/4cf1f36e/attachment.vcf 