JAMES Configuration

To use cryptography mailets, the required Bouncy Castle libraries must be installed in james/lib . It is recommended that the correct versions for the JVM are used.

Ensure that the org.apache.james.transport.mailets.smime package is available to load mailets and matchers. For example:

        
    <mailetpackages> 
      <mailetpackage>org.apache.james.transport.mailets</mailetpackage>
      <mailetpackage>org.apache.james.transport.mailets.smime</mailetpackage> 
    </mailetpackages>
    <matcherpackages> 
      <matcherpackage>org.apache.james.transport.matchers </matcherpackage>
      <matcherpackage>org.apache.james.transport.matchers.smime</matcherpackage> 
    </matcherpackages>
        

Example SMIME mailet configurations:

        
    <mailet match="IsSMIMEEncrypted" class="SMIMEDecrypt">
      <keyStoreType>pkcs12</keyStoreType>
      <keyStoreFileName>c:/path.pfx</keyStoreFileName>
      <keyStorePassword>myKeyStorePass</keyStorePassword>
      <keyAlias>myKeyAlias</keyAlias>
      <keyAliasPassword>myKeyPass</keyAliasPassword>
    </mailet>

    <mailet match="IsSMIMESigned" class="SMIMECheckSignature">
      <keyStoreType>pkcs12</keyStoreType>
      <keyStoreFileName>c:/path.pfx</keyStoreFileName>
      <keyStorePassword> myKeyStorePass
      </keyStorePassword> <strip>false</strip>
      <onlyTrusted>true</onlyTrusted> 
    </mailet>
        

Matcher example: messages signed by trusted users never are spam Messages with valid signatures will never be considered spam. This can be a valid policy *if* SMIMECheckSignature was invoked with true set
        
    <mailet
        match="HasMailAttribute=org.apache.james.SMIMECheckSignature"
        class="ToProcessor">
      <processor>transport</processor> 
    </mailet>
        

Signing example: Add a server-side signature to all mail.

        
    <mailet
        match="HasMailAttribute=org.apache.james.SMIMECheckSignature"
        class="SetMimeHeader"> 
      <name>X-WasSigned</name>
      <value>true</value> 
    </mailet> 
    
    <mailet match="All" class="SMIMESign" onMailetException="ignore">
      <keyStoreType>jks</keyStoreType>
      <keyStoreFileName>path.keystore</keyStoreFileName> 
      <keyStorePassword>myKeyStorePass</keyStorePassword>
      <keyAlias>myKeyAlias</keyAlias>
      <keyAliasPassword>myKeyPass</keyAliasPassword>
      <signerName>XXX Trusted Server</signerName>
      <rebuildFrom>true</rebuildFrom>
      <postmasterSigns>true</postmasterSigns>
      <debug>true</debug> 
    </mailet>