I am still working on my Groovy Mail Server. Security is a lot harder than I thought.
Not that I thought it would be easy. But just when I think I am getting somewhere, I realize I need to look at ANOTHER RFC.
I will have to look into the STARTTLS command, and try to get an SSL socket in my application.
Sometimes I wonder if I should keep up with this, or if I should drop it and move on to something else. Like Grails 3. Or Clojure.
Plus I have gone about security a bit wrong. I spent some time trying to get the hang of the Java SASL API to work with CRAM-MD5. Then I realized that I am storing the passwords in an SHA-512 hash. I am not a security expert, but I do not think there is a way to compare a password with two different one-way hashes. So I might try STARTTLS and use PLAIN auth. Or try storing the passwords with MD5.
Or just go on to Luminus and Grails 3.