[Building Sakai] james and checkResolvableHelo
Sobieralski, Damian Michael
dsobiera at indiana.edu
Wed Feb 27 13:38:18 PST 2013
Does anyone know if this is configurable? And if so, how? What I am trying to prevent is bob at madeupdomain.ugh<mailto:bob at madeupdomain.ugh>. Our security scan people said that we needed to lock the helo down to a verifiable domain.
http://xforce.iss.net/xforce/xfdb/1921
I might be doing this is a silly way. So feel free to correct me on my ignorance. But what I am doing is unzipping:
$SAKAI_HOME/mailarchive/james/src/webapp/apps/james.sar
I then am editing the extracted file:
conf/james-smtphandlerchain.xml
uncommmenting and setting this to true:
<handler command="HELO" class="org.apache.james.smtpserver.HeloCmdHandler">
<!-- If is set to true helo is only accepted if it can be resolved -->
<!-- WARNING: This check will reject on invalid HELO even if the user is authenticated-->
<checkResolvableHelo> true </checkResolvableHelo>
I then zip up the contents to make a new james.sar and place it where the old one was
$SAKAI_HOME/mailarchive/james/src/webapp/apps/james.sar
I compile, deploy and start tomcat up. But helo still allows me to stick in bob at madeupdomain.ugh<mailto:bob at madeupdomain.ugh>
Does anyone have any ideas? I tried this in both sakai 2.7.1 and 2.9.0.
- Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130227/a80b31ce/attachment.html
More information about the sakai-dev
mailing list