Categories

Versions

You are viewing the RapidMiner Server documentation for version 9.7 - Check here for latest version

Mail Security

If you did not enable mail security for outgoing messages during the installation of RapidMiner Server, or you want to change the security or authentication settings, you can do so by editing the standalone.xml configuration file.

Preconditions

  1. Edit the file <home directory>/configuration/standalone.xml in your RapidMiner Server home directory.

  2. Locate the mail subsystem element, for example:

<subsystem xmlns="urn:jboss:domain:mail:1.2">
    <mail-session jndi-name="java:/Mail" debug="false" from="user@localhost.com">
       <custom-server name="smtp" outbound-socket-binding-ref="mail-smtp">
            <login name="username" password="password"/>
        </custom-server>
        <!-- pop3-server outbound-socket-binding-ref="mail-pop3"/ -->
    </mail-session>
</subsystem>

Configuration

A list of all possible options can be found here.

Options can be added with property tags.

<custom-server name="smtp" outbound-socket-binding-ref="mail-smtp">
    <login name="username" password="password"/>
    <property name="mail.smtp.ssl.enable" value="true"/>
    <property name="mail.smtp.ssl.protocols " value="TLSv1.2"/>
    <property name="mail.smtp.ssl.checkserveridentity" value="true"/>
    <property name="mail.smtp.sasl.enable" value="true"/>
    <property name="mail.smtp.sasl.mechanisms" value="CRAM-MD5"/>
</custom-server>

Connection Security

StartTLS

<property name="mail.smtp.starttls.enable" value="true"/>

Enforce StartTLS

<property name="mail.smtp.starttls.enable" value="true"/>
<property name="mail.smtp.starttls.required" value="true"/>

TLS

<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols" value="TLSv1 TLSv1.1 TLSv1.2"/>

TLS 1.2 + PFS

<property name="mail.smtp.ssl.enable" value="true"/>
<property name="mail.smtp.ssl.protocols" value="TLSv1.2"/>
<property name="mail.smtp.ssl.checkserveridentity" value="true"/>
<property name="mail.smtp.ssl.ciphersuites" value="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"/>

Supported Perfect Forward Secrecy Cipher Suites

The unlimited strength jurisdiction policy files are required for AES_256 cipher suites.

Elliptic curve Diffie–Hellman
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

The JVM system property jdk.tls.ephemeralDHKeySize should be set to 2048 for Diffie–Hellman cipher suites*.

Diffie–Hellman
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Authentication

Enable & Enforce CRAM-MD5

<property name="mail.smtp.sasl.enable" value="true"/>
<property name="mail.smtp.sasl.mechanisms" value="CRAM-MD5"/>
<!--Also allow DIGEST-MD5 to prevent a SASL downgrade to PLAIN/LOGIN -->
<property name="mail.smtp.auth.mechanisms" value="DIGEST-MD5"/>

Enforce NTLM

<property name="mail.smtp.auth.mechanisms" value="NTLM"/>

Reserved Properties

These parameters are already covered by existing settings.

mail.smtp.user

Change the name attribute of the login tag instead.

<login name="username" password="password"/>

mail.smtp.host & mail.smtp.port

Configure the outbound-socket-binding referenced by the custom-server instead.

<outbound-socket-binding name="mail-smtp">
    <remote-destination host="smtp.example.com" port="587"/>
</outbound-socket-binding>

mail.smtp.from

Change the from attribute of the mail-session tag instead.

<mail-session jndi-name="java:/Mail" debug="false" from="user@localhost.com">