-
Notifications
You must be signed in to change notification settings - Fork 36
OpaqueMail Proxy Tutorial
It's easy to get started with the OpaqueMail Proxy.
- Signing outbound messages
- Encrypting outbound messages
- Removing S/MIME from proxied outgoing messages
- Filtering outbound messages to certain IP addresses
- Overriding the sender value for outbound messages
- Adding recipients to outbound messages
- Adding signatures to outbound messages
- Authenticating SMTP connections
- Redirecting email ports
- Debugging email development
- Exporting all outbound messages to .eml files
- Filtering incoming messages to certain IP addresses
- Importing S/MIME certificates from incoming messages
- Overriding authentication
- Redirecting email ports
- Debugging email development
- Exporting all inbound messages to .eml files
- Filtering incoming messages to certain IP addresses
- Importing S/MIME certificates from incoming messages
- Overriding authentication
- Redirecting email ports
- Debugging email development
- Exporting all inbound messages to .eml files
The latest release of the OpaqueMail Proxy is always available on GitHub from https://github.com/bertjohnson/OpaqueMail/zipball/master.
For added security, the file's MD5 and SHA1 checksums can be verified on the OpaqueMail.org homepage.
The OpaqueMail Proxy requires Microsoft .NET 4.5.
The OpaqueMail Proxy runs as a Windows service and is configured through an XML file called "OpaqueMail.Proxy.xml". This file can be edited manually or through the settings client below.
The OpaqueMail Proxy settings client (named OpaqueMail.ProxySettings.exe) is used to install the Windows service and create the initial proxy settings file (OpaqueMail.Proxy.xml).
Upon launching, the "OpaqueMail Proxy" Windows service will automatically be installed and started.
The settings client is divided into four tabs, with a "Save Settings" button on the bottom. Clicking "Save Settings" will overwrite OpaqueMail.Proxy.xml with the chosen settings. Hitting the "F5" key will reload the settings client to reflect any changes made.
####A. View the "About OpaqueMail Proxy" tab
The first tab of the OpaqueMail Proxy settings tab covers an overview of what the proxy does and how to manage its settings, similar to this page.
####B. Select email accounts to protect via the "Accounts" tab
The "Select E-mail Accounts" tab is used to select which local accounts should be updated to use this OpaqueMail Proxy installation. Upon loading or hitting "F5", the settings client automatically scans for accounts from the following locations:
Microsoft Outlook
Settings are found in the Windows registry under "Software\Microsoft\Office[VERSION]\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676", where "[VERSION]" is a value between 8.0 and 15.0 depending on which version of Office you run.
Mozilla Thunderbird
Settings are found by looking at "prefs.js" files in the "ROAMINGAPPDATA\Thunderbird\Profiles" folder.
Opera Mail
Settings are found by looking at "LOCALAPPDATA\Opera Mail\Opera Mail\mail\accounts.ini".
Windows Live Mail
Settings are found by looking at files with the ".oeaccount" extension in the "LOCALAPPDATA\Microsoft\Windows Live Mail" folder.
####C. Choose S/MIME and certificate options under the "Certificates" tab##
The "Certificates" tab provides an overview of how certificates can be obtained and used, as well as selections for controlling S/MIME behavior.
The "S/MIME operations" drop-down provides choices for "Apply no S/MIME protection", "Sign messages only", "Encrypt messages only", and "Sign and encrypt messages (Recommended)". The "S/MIME protection mode" drop-down provides the choices of "Best effort: try to protect, but allow unprotected mail" and "Require exact settings".
####D. Review the "Other Options" tab
The final tab provides firewall and signature options. By default, the OpaqueMail Proxy only accepts connection from the localhost (e.g. an IP on the current machine or the loopback address 127.0.0.1).
The following code block shows all available settings for the OpaqueMail proxy. One SMTP proxy, one IMAP proxy, and one POP3 proxy are included. Additional proxies could be defined by changing the ServiceCount property and adding additional Service blocks.
<?xml version="1.0" encoding="utf-8" ?>
<Settings>
<SMTP>
<!-- The number of SMTP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- IP addresses to accept connections from. Delete or set value to "*" to accept connections from any IP. -->
<!-- Individual IPs can be specified, separated by commas, or ranges can be specified. The "*" wildcard character is supported. -->
<!-- By default, connections are only accepted from the localhost. -->
<AcceptedIPs>0.0.0.0</AcceptedIPs>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>587</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote SMTP server hostname to connect to. Common values: smtp.gmail.com, smtp.live.com, smtp.mail.yahoo.com -->
<RemoteServerHostName>smtp.gmail.com</RemoteServerHostName>
<!-- Remote SMTP server port to connect to. 587 is recommended, but 465 or 25 may be required. -->
<RemoteServerPort>587</RemoteServerPort>
<!-- Whether the remote SMTP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- (Optional) Username used when authenticating to the remote SMTP server. When supplied, it will override any values sent from the client. -->
<RemoteServerUsername></RemoteServerUsername>
<!-- (Optional) Password used when authenticating to the remote SMTP server. When supplied, it will override any values sent from the client. -->
<RemoteServerPassword></RemoteServerPassword>
<!-- (Optional) "From" address for all sent messages. When supplied, it will override any values sent from the client. -->
<From></From>
<!-- (Optional) "To" address for all sent messages. When supplied, it will add the recipient(s) to any included with the original message. -->
<To></To>
<!-- (Optional) "CC" address for all sent messages. When supplied, it will add the recipient(s) to any included with the original message. -->
<CC></CC>
<!-- (Optional) "BCC" address for all sent messages. When supplied, it will add the recipient(s) to any included with the original message. -->
<BCC></BCC>
<!-- (Optional) Signature to add to the end of each sent message. -->
<Signature></Signature>
<!-- Send e-mail reminders when a signing certificate is due to expire within 30 days. -->
<SendCertificateReminders>True</SendCertificateReminders>
<!-- Whether all outgoing messages require the S/MIME settings specified below. -->
<!-- When set to "RequireExactSettings", any messages that can't be signed or encrypted will be dropped, unsent. -->
<!-- When set to "BestEffort", OpaqueMail Proxy will attempt to sign and/or encrypt messages but still forward any that can't be. -->
<SMIMESettingsMode>BestEffort</SMIMESettingsMode>
<!-- Whether to sign the e-mail. When true, signing is the first S/MIME operation. -->
<SMIMESign>True</SMIMESign>
<!-- Whether to encrypt the e-mail's envelope. When SmimeSign is true, encryption is the second S/MIME operation. -->
<SMIMEEncrypt>True</SMIMEEncrypt>
<!-- Triple-wrap the e-mail by signing, then encrypting the envelope, then signing the encrypted envelope. -->
<SMIMETripleWrap>True</SMIMETripleWrap>
<!-- Remove envelope encryption and signatures from passed-in messages. If true and SmimeSigned or SmimeEncryptEnvelope is also true, new S/MIME operations will be applied. -->
<SMIMERemovePreviousOperations>True</SMIMERemovePreviousOperations>
<!-- (Optional) Location where all outbound messages are saved as EML files. -->
<ExportDirectory></ExportDirectory>
<!-- Where log files should be stored, if any. Leave blank to avoid logging. -->
<!-- Date and instance variables can be encased in angle braces. For example, "Logs\SMTPProxy{#}-{yyyy-MM-dd}.log". -->
<LogFile>Logs\SMTPProxy{#}-{yyyy-MM-dd}.log</LogFile>
<!-- Proxy logging level, determining how much information is logged. Possible values: None, Critical, Error, Warning, Information, Verbose, Raw -->
<LogLevel>Verbose</LogLevel>
</Service1>
</SMTP>
<IMAP>
<!-- The number of IMAP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- IP addresses to accept connections from. Delete or set value to "*" to accept connections from any IP. -->
<!-- Individual IPs can be specified, separated by commas, or ranges can be specified. The "*" wildcard character is supported. -->
<!-- By default, connections are only accepted from the localhost. -->
<AcceptedIPs>0.0.0.0</AcceptedIPs>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>993</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote IMAP server hostname to connect to. Common values: imap.gmail.com, imap.mail.yahoo.com -->
<RemoteServerHostName>imap.gmail.com</RemoteServerHostName>
<!-- Remote IMAP server port to connect to. 993 is recommended, but 143 may be required. -->
<RemoteServerPort>993</RemoteServerPort>
<!-- Whether the remote IMAP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- (Optional) Username used when authenticating to the remote IMAP server. When supplied, it will override any values sent from the client. -->
<RemoteServerUsername></RemoteServerUsername>
<!-- (Optional) Password used when authenticating to the remote IMAP server. When supplied, it will override any values sent from the client. -->
<RemoteServerPassword></RemoteServerPassword>
<!-- (Optional) Location where all incoming messages are saved as EML files. -->
<ExportDirectory></ExportDirectory>
<!-- Where log files should be stored, if any. Leave blank to avoid logging. -->
<!-- Date and instance variables can be encased in angle braces. For example, "Logs\IMAPProxy{#}-{yyyy-MM-dd}.log". -->
<LogFile>Logs\IMAPProxy{#}-{yyyy-MM-dd}.log</LogFile>
<!-- Proxy logging level, determining how much information is logged. Possible values: None, Critical, Error, Warning, Information, Verbose, Raw -->
<LogLevel>Verbose</LogLevel>
</Service1>
</IMAP>
<POP3>
<!-- The number of POP3 proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- IP addresses to accept connections from. Delete or set value to "*" to accept connections from any IP. -->
<!-- Individual IPs can be specified, separated by commas, or ranges can be specified. The "*" wildcard character is supported. -->
<!-- By default, connections are only accepted from the localhost. -->
<AcceptedIPs>0.0.0.0</AcceptedIPs>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>995</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote POP3 server hostname to connect to. Common values: pop.gmail.com, pop3.live.com, pop.mail.yahoo.com -->
<RemoteServerHostName>pop.gmail.com</RemoteServerHostName>
<!-- Remote POP3 server port to connect to. 995 is recommended, but 110 may be required. -->
<RemoteServerPort>995</RemoteServerPort>
<!-- Whether the remote POP3 server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- (Optional) Username used when authenticating to the remote POP3 server. When supplied, it will override any values sent from the client. -->
<RemoteServerUsername></RemoteServerUsername>
<!-- (Optional) Password used when authenticating to the remote POP3 server. When supplied, it will override any values sent from the client. -->
<RemoteServerPassword></RemoteServerPassword>
<!-- (Optional) Location where all incoming messages are saved as EML files. -->
<ExportDirectory></ExportDirectory>
<!-- Where log files should be stored, if any. Leave blank to avoid logging. -->
<!-- Date and instance variables can be encased in angle braces. For example, "Logs\POP3Proxy{#}-{yyyy-MM-dd}.log". -->
<LogFile>Logs\POP3Proxy{#}-{yyyy-MM-dd}.log</LogFile>
<!-- Proxy logging level, determining how much information is logged. Possible values: None, Critical, Error, Warning, Information, Verbose, Raw -->
<LogLevel>Verbose</LogLevel>
</Service1>
</POP3>
</Settings>##Proxying SMTP:
The Simple Mail Transfer Protocol (SMTP) is the ubiquitous standard for sending email. The OpaqueMail Proxy offers myriad options to make SMTP more flexible, from simply adding authentication to adding encryption and logging.
###1. Signing outbound messages
The first steps in ensuring integrity and non-repudiation of messages is signing outbound email. Setting up S/MIME signing with the OpaqueMail Proxy is easy. The proxy can either use existing certificates or generate its own self-signed certificates.
To install your own certificates, import them into the Windows "Local Machine" store. In order to be used for S/MIME operations, private keys will need to be imported. The OpaqueMail Proxy attempts to match certificates based on their subject names, either starting with "E=" or CN=".
If the proxy is configured to sign outbound messages via the <SMIMESign/> property, but a sender's certificate can't be found, a new certificate will automatically be generated and stored in the Windows certificate store.
If the <SendCertificateReminders/> element is set to "True", the OpaqueMail Proxy will email notifications 30 days before a used signing certificate is set to expire.
Sample configuration file for a simple SMTP proxy that listens locally and forwards messages to Gmail with S/MIME signatures:
<?xml version="1.0" encoding="utf-8" ?>
<Settings>
<SMTP>
<!-- The number of SMTP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>587</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote SMTP server hostname to connect to. Common values: smtp.gmail.com, smtp.live.com, smtp.mail.yahoo.com -->
<RemoteServerHostName>smtp.gmail.com</RemoteServerHostName>
<!-- Remote SMTP server port to connect to. 587 is recommended, but 465 or 25 may be required. -->
<RemoteServerPort>587</RemoteServerPort>
<!-- Whether the remote SMTP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- Send e-mail reminders when a signing certificate is due to expire within 30 days. -->
<SendCertificateReminders>True</SendCertificateReminders>
<!-- Whether to sign the e-mail. When true, signing is the first S/MIME operation. -->
<SMIMESign>True</SMIMESign>
</Service1>
</SMTP>
</Settings>###2. Encrypting outbound messages
When using S/MIME, messages are usually encrypted in addition to being signed.
In order to encrypt a message, you must know the public key of each recipient. Most email clients require manual installation of other users' public keys, which can be cumbersome. To assist with that, the OpaqueMail Proxy's IMAP and POP3 configurations support automatically importing all received public keys.
To specify outbound messages should be encrypted, the <SMIMEEncrypt/> value is set to "True", similar to <SMIMESign/>. For added protection, messages can be "triple-wrapped", meaning they're first digitally signed, then encrypted, and finally signed again as authentication. To configure triple-wrapping, set the <SMIMETriplWrap/> property.
Because we can't encrypt messages to recipients who don't have public keys (or who have unknown public keys), we need to determine what to do in that situation. The <SMIMESettingsMode/> property has two values to determine proxy behavior. When set to "BestEffort", OpaqueMail Proxy will attempt to encrypt messages but still forward any that can't be encrypted. When set to "RequireExactSettings", encrypted messages will be allowed through while anything insecure will be blocked.
Sample configuration file for a simple SMTP proxy that listens locally and forwards messages to Gmail with S/MIME signing and encryption:
<?xml version="1.0" encoding="utf-8" ?>
<Settings>
<SMTP>
<!-- The number of SMTP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>587</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote SMTP server hostname to connect to. Common values: smtp.gmail.com, smtp.live.com, smtp.mail.yahoo.com -->
<RemoteServerHostName>smtp.gmail.com</RemoteServerHostName>
<!-- Remote SMTP server port to connect to. 587 is recommended, but 465 or 25 may be required. -->
<RemoteServerPort>587</RemoteServerPort>
<!-- Whether the remote SMTP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- Send e-mail reminders when a signing certificate is due to expire within 30 days. -->
<SendCertificateReminders>True</SendCertificateReminders>
<!-- Whether all outgoing messages require the S/MIME settings specified below. -->
<!-- When set to "RequireExactSettings", any messages that can't be signed or encrypted will be dropped, unsent. -->
<!-- When set to "BestEffort", OpaqueMail Proxy will attempt to sign and/or encrypt messages but still forward any that can't be. -->
<SMIMESettingsMode>BestEffort</SMIMESettingsMode>
<!-- Whether to sign the e-mail. When true, signing is the first S/MIME operation. -->
<SMIMESign>True</SMIMESign>
<!-- Whether to encrypt the e-mail's envelope. When SmimeSign is true, encryption is the second S/MIME operation. -->
<SMIMEEncrypt>False</SMIMEEncrypt>
<!-- Triple-wrap the e-mail by signing, then encrypting the envelope, then signing the encrypted envelope. -->
<SMIMETripleWrap>False</SMIMETripleWrap>
</Service1>
</SMTP>
</Settings>###3. Removing S/MIME from proxied outgoing messages
Some email clients fail to implement S/MIME properly, so it may be useful to have the OpaqueMail Proxy "undo" S/MIME operations and then optionally re-apply them correctly. For example, certain versions of Microsoft Outlook don't perform "detached signatures", meaning that the authenticity of sent messages can't be verified. It may be better to remove the signature Outlook attaches and override it with the OpaqueMail Proxy's signature.
To remove S/MIME operations from outgoing messages, set the <SMIMERemovePreviousOperations/> value to "True". If the <SMIMESign/> and <SMIMEEncrypt/> values are omitted, the forwarded message will then be sent in plaintext.
Sample configuration file for a simple SMTP proxy that listens locally and forwards messages to Gmail, replacing any previous S/MIME signatures or encryption with new versions performed by OpaqueMail Proxy:
<?xml version="1.0" encoding="utf-8" ?>
<Settings>
<SMTP>
<!-- The number of SMTP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>587</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote SMTP server hostname to connect to. Common values: smtp.gmail.com, smtp.live.com, smtp.mail.yahoo.com -->
<RemoteServerHostName>smtp.gmail.com</RemoteServerHostName>
<!-- Remote SMTP server port to connect to. 587 is recommended, but 465 or 25 may be required. -->
<RemoteServerPort>587</RemoteServerPort>
<!-- Whether the remote SMTP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- Whether all outgoing messages require the S/MIME settings specified below. -->
<!-- When set to "RequireExactSettings", any messages that can't be signed or encrypted will be dropped, unsent. -->
<!-- When set to "BestEffort", OpaqueMail Proxy will attempt to sign and/or encrypt messages but still forward any that can't be. -->
<SMIMESettingsMode>BestEffort</SMIMESettingsMode>
<!-- Whether to sign the e-mail. When true, signing is the first S/MIME operation. -->
<SMIMESign>True</SMIMESign>
<!-- Whether to encrypt the e-mail's envelope. When SmimeSign is true, encryption is the second S/MIME operation. -->
<SMIMEEncrypt>True</SMIMEEncrypt>
<!-- Triple-wrap the e-mail by signing, then encrypting the envelope, then signing the encrypted envelope. -->
<SMIMETripleWrap>True</SMIMETripleWrap>
<!-- Remove envelope encryption and signatures from passed-in messages. If true and SmimeSigned or SmimeEncryptEnvelope is also true, new S/MIME operations will be applied. -->
<SMIMERemovePreviousOperations>True</SMIMERemovePreviousOperations>
</Service1>
</SMTP>
</Settings>###4. Filtering incoming messages to certain IP addresses
SMTP traffic can be filtered via the OpaqueMail Proxy's <AcceptedIPs/> value. It serves as a whitelist, restricting traffic to local machine connections by default.
Accepted IP values can be added in a comma-separated list and the asterisk ("*") can be used as a wildcard character.
Sample configuration file for a simple SMTP proxy that listens locally and forwards messages to Gmail, limiting connections to the 10.1.* address space or 192.168.1.101:
<?xml version="1.0" encoding="utf-8" ?>
<Settings>
<SMTP>
<!-- The number of SMTP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- IP addresses to accept connections from. Delete or set value to "*" to accept connections from any IP. -->
<!-- Individual IPs can be specified, separated by commas, or ranges can be specified. The "*" wildcard character is supported. -->
<!-- By default, connections are only accepted from the localhost. -->
<AcceptedIPs>10.1.*,192.168.1.101</AcceptedIPs>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>587</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote SMTP server hostname to connect to. Common values: smtp.gmail.com, smtp.live.com, smtp.mail.yahoo.com -->
<RemoteServerHostName>smtp.gmail.com</RemoteServerHostName>
<!-- Remote SMTP server port to connect to. 587 is recommended, but 465 or 25 may be required. -->
<RemoteServerPort>587</RemoteServerPort>
<!-- Whether the remote SMTP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
</Service1>
</SMTP>
</Settings>###5. Overriding the sender value for outbound messages
It's sometimes necessary to override the sender's name or e-mail address for outbound messages. This can be performed with the OpaqueMail Proxy's <From/> property.
Sample configuration file for a simple SMTP proxy that listens locally and forwards messages to Gmail, specifying all messages come from "[email protected]":
<?xml version="1.0" encoding="utf-8" ?>
<Settings>
<SMTP>
<!-- The number of SMTP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>587</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote SMTP server hostname to connect to. Common values: smtp.gmail.com, smtp.live.com, smtp.mail.yahoo.com -->
<RemoteServerHostName>smtp.gmail.com</RemoteServerHostName>
<!-- Remote SMTP server port to connect to. 587 is recommended, but 465 or 25 may be required. -->
<RemoteServerPort>587</RemoteServerPort>
<!-- Whether the remote SMTP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- (Optional) "From" address for all sent messages. When supplied, it will override any values sent from the client. -->
<From>"Example Dispatch" <[email protected]></From>
</Service1>
</SMTP>
</Settings>###6. Adding recipients to outbound messages
One or more recipients can be added to all outbound messages. These can be done as visible "To" and "CC" addresses or as hidden "BCC" addresses. This can be useful for augmenting hard-coded email address values or copying all messages to an archive.
Addresses are specifed via the <To/>, <CC/>, and <BCC/> properties. Values should be semicolon delimited.
Sample configuration file for a simple SMTP proxy that listens locally and forwards messages to Gmail, copying "[email protected]" on every message:
<?xml version="1.0" encoding="utf-8" ?>
<Settings>
<SMTP>
<!-- The number of SMTP proxy services to run. Each proxy's settings will be outlined in subsequent Service blocks. -->
<ServiceCount>1</ServiceCount>
<Service1>
<!-- Local IP address to listen on. "Any" means listen on all IPs. -->
<LocalIPAddress>Any</LocalIPAddress>
<!-- Local port to listen on. -->
<LocalPort>587</LocalPort>
<!-- Whether local connections support TLS/SSL protection. -->
<LocalEnableSSL>True</LocalEnableSSL>
<!-- Remote SMTP server hostname to connect to. Common values: smtp.gmail.com, smtp.live.com, smtp.mail.yahoo.com -->
<RemoteServerHostName>smtp.gmail.com</RemoteServerHostName>
<!-- Remote SMTP server port to connect to. 587 is recommended, but 465 or 25 may be required. -->
<RemoteServerPort>587</RemoteServerPort>
<!-- Whether the remote SMTP server supports TLS/SSL protection. -->
<RemoteServerEnableSSL>True</RemoteServerEnableSSL>
<!-- (Optional) "To" address for all sent messages. When supplied, it will add the recipient(s) to any included with the original message. -->
<To></To>
<!-- (Optional) "CC" address for all sent messages. When supplied, it will add the recipient(s) to any included with the original message. -->
<CC></CC>
<!-- (Optional) "BCC" address for all sent messages. When supplied, it will add the recipient(s) to any included with the original message. -->
<BCC>[email protected]</BCC>
</Service1>
</SMTP>
</Settings>###7. Adding signatures to outbound messages
The OpaqueMail Proxy can be used to add static signatures to all outbound messages using the <Signature/> element. In text/html messages, signatures will be inserted before the closing