'Re: Disabling JMX/Securing james'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       james-user
Subject:    Re: Disabling JMX/Securing james
From:       Ashton Holmes <root () scoopta ! ninja>
Date:       2018-07-12 9:13:32
Message-ID: 0e3d60b4-7913-e7bc-e9ce-444d13fab2a9 () scoopta ! ninja
[Download RAW message or body]

Ahhh yeah that's probably my problem then. Oh well. As I said I've 
addressed the issue outside of James


On 07/11/2018 07:06 PM, Benoit Tellier wrote:
> Hello Ashton Holmes,
>
> What Raphael did not tell you in his previous email is that this setting
> is Guice specific. It is not working with the Spring default binaries
> that you might be using.
>
> Cheers,
>
> Benoit Tellier
>
>
> Le 12/07/2018 à 02:03, Ashton Holmes a écrit :
>> That doesn't seem to work for me. The setting seems to get completely
>> ignored, however, I've come up with my own solution. I setup some
>> nftables firewall rules so that only certain users can open outbound
>> sockets on the JMX port and it's actually a more helpful solution
>> anyway because it means I can still admin the server without
>> restarting it and opening JMX to all users.
>>
>>
>> On 07/09/2018 06:10 AM, Raphael OUAZANA wrote:
>>> Hi,
>>>
>>> We (very) recently added an option to deactivate JMX, see:
>>> http://james.apache.org/server/config-system.html
>>>
>>> Regards,
>>> Raphaël Ouazana.
>>>
>>> Le 2018-07-09 07:21, Ashton Holmes a écrit :
>>>> Is there any way to completely disable JMX? I've changed the
>>>> com.sun.management.jmxremote property to false but james-cli is still
>>>> able to connect and interact with the server. If not then maybe I'm
>>>> asking the wrong question. This server has multiple users with shell
>>>> access and I am looking to make it so they can't just download a james
>>>> zip and use james-cli to change server settings. James is running as
>>>> its own user in a folder with the proper permissions so they can't
>>>> directly access the email data but because james-cli goes over the
>>>> network it makes it somewhat a mute point allowing anyone with shell
>>>> access to change passwords, create accounts, etc.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic