Documentation
2024.1 (Latest)
2024.0
10.3
10.2
10.1
10.0
9.10
9.9
9.8
9.7
9.6
9.5
9.4
9.3
9.2
9.1
9.0
8.2
8.1
8.0
7.6
Server
Administration
Security
Mail Security
Mail Security
If you did not enabled mail security for outgoing messages during the installation of RapdiMiner Server, or you want to change the security or authentication settings, you can do so by editing the standalone.xml
configuration file.
Preconditions
Edit the file standalone/configuration/standalone.xml
in the RapidMiner Server installation directory.
Locate the mail subsystem element, for example:
<subsystem xmlns="urn:jboss:domain:mail:1.2">
<mail-session jndi-name="java:/Mail" debug="false" from="user@localhost.com">
<custom-server name="smtp" outbound-socket-binding-ref="mail-smtp">
<login name="username" password="password"/>
</custom-server>
<!-- pop3-server outbound-socket-binding-ref="mail-pop3"/ -->
</mail-session>
</subsystem>
Configuration
A list of all possible options can be found here .
Options can be added with property tags.
<custom-server name="smtp" outbound-socket-binding-ref="mail-smtp">
<login name="username" password="password"/>
<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols " value="TLSv1.2"/>
<property name="mail.smtp.ssl.checkserveridentity" value="true"/>
<property name="mail.smtp.sasl.enable" value="true"/>
<property name="mail.smtp.sasl.mechanisms" value="CRAM-MD5"/>
</custom-server>
Connection Security
StartTLS
<property name="mail.smtp.starttls.enable" value="true"/>
Enforce StartTLS
<property name="mail.smtp.starttls.enable" value="true"/>
<property name="mail.smtp.starttls.required" value="true"/>
TLS
<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols" value="TLSv1 TLSv1.1 TLSv1.2"/>
TLS 1.2 + PFS
<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols" value="TLSv1.2"/>
<property name="mail.smtp.ssl.checkserveridentity" value="true"/>
<property name="mail.smtp.ssl.ciphersuites" value="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"/>
Supported Perfect Forward Secrecy Cipher Suites
Elliptic curve Diffie–Hellman
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256
_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256
_GCM_SHA384
The JVM system property jdk.tls.ephemeralDHKeySize
should be set to 2048
for Diffie–Hellman cipher suites* .
Diffie–Hellman
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256
_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256
_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256
_GCM_SHA384
Authentication
Enable & Enforce CRAM-MD5
<property name="mail.smtp.sasl.enable" value="true"/>
<property name="mail.smtp.sasl.mechanisms" value="CRAM-MD5"/>
<!--Also allow DIGEST-MD5 to prevent a SASL downgrade to PLAIN/LOGIN -->
<property name="mail.smtp.auth.mechanisms" value="DIGEST-MD5"/>
Enforce NTLM
<property name="mail.smtp.auth.mechanisms" value="NTLM"/>
Reserved Properties
These parameters are already covered by existing settings.
mail.smtp.user
Change the name attribute of the login tag instead.
<login name="username" password="password"/>
mail.smtp.host & mail.smtp.port
Configure the outbound-socket-binding referenced by the custom-server instead.
<outbound-socket-binding name="mail-smtp">
<remote-destination host="smtp.example.com" port="587"/>
</outbound-socket-binding>
mail.smtp.from
Change the from attribute of the mail-session tag instead.
<mail-session jndi-name="java:/Mail" debug="false" from="user@localhost.com">