You are viewing the RapidMiner Server documentation for version 8.1 - Check here for latest version
Mail Security
If you did not enabled mail security for outgoing messages during the installation of RapdiMiner Server, or you want to change the security or authentication settings, you can do so by editing the standalone.xml configuration file.
Preconditions
Edit the file
standalone/configuration/standalone.xmlin the RapidMiner Server installation directory.Locate the mail subsystem element, for example:
<subsystem xmlns="urn:jboss:domain:mail:1.2">
<mail-session jndi-name="java:/Mail" debug="false" from="[email protected]">
<custom-server name="smtp" outbound-socket-binding-ref="mail-smtp">
<login name="username" password="password"/>
</custom-server>
<!-- pop3-server outbound-socket-binding-ref="mail-pop3"/ -->
</mail-session>
</subsystem>
Configuration
A list of all possible options can be found here.
Options can be added with property tags.
<custom-server name="smtp" outbound-socket-binding-ref="mail-smtp">
<login name="username" password="password"/>
<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols " value="TLSv1.2"/>
<property name="mail.smtp.ssl.checkserveridentity" value="true"/>
<property name="mail.smtp.sasl.enable" value="true"/>
<property name="mail.smtp.sasl.mechanisms" value="CRAM-MD5"/>
</custom-server>
Connection Security
StartTLS
<property name="mail.smtp.starttls.enable" value="true"/>
Enforce StartTLS
<property name="mail.smtp.starttls.enable" value="true"/>
<property name="mail.smtp.starttls.required" value="true"/>
TLS
<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols" value="TLSv1 TLSv1.1 TLSv1.2"/>
TLS 1.2 + PFS
<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols" value="TLSv1.2"/>
<property name="mail.smtp.ssl.checkserveridentity" value="true"/>
<property name="mail.smtp.ssl.ciphersuites" value="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"/>
Supported Perfect Forward Secrecy Cipher Suites
The unlimited strength jurisdiction policy files are required for AES_256 cipher suites.
| Elliptic curve Diffie–Hellman |
|---|
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
The JVM system property jdk.tls.ephemeralDHKeySize should be set to 2048 for Diffie–Hellman cipher suites*.
| Diffie–Hellman |
|---|
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
| TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
Authentication
Enable & Enforce CRAM-MD5
<property name="mail.smtp.sasl.enable" value="true"/>
<property name="mail.smtp.sasl.mechanisms" value="CRAM-MD5"/>
<!--Also allow DIGEST-MD5 to prevent a SASL downgrade to PLAIN/LOGIN -->
<property name="mail.smtp.auth.mechanisms" value="DIGEST-MD5"/>
Enforce NTLM
<property name="mail.smtp.auth.mechanisms" value="NTLM"/>
Reserved Properties
These parameters are already covered by existing settings.
mail.smtp.user
Change the name attribute of the login tag instead.
<login name="username" password="password"/>
mail.smtp.host & mail.smtp.port
Configure the outbound-socket-binding referenced by the custom-server instead.
<outbound-socket-binding name="mail-smtp">
<remote-destination host="smtp.example.com" port="587"/>
</outbound-socket-binding>
mail.smtp.from
Change the from attribute of the mail-session tag instead.
<mail-session jndi-name="java:/Mail" debug="false" from="[email protected]">