I am still working on my Groovy Mail Server. Security is a lot harder than I thought.
Not that I thought it would be easy. But just when I think I am getting somewhere, I realize I need to look at ANOTHER RFC.
I will have to look into the STARTTLS command, and try to get an SSL socket in my application.
Sometimes I wonder if I should keep up with this, or if I should drop it and move on to something else. Like Grails 3. Or Clojure.
Plus I have gone about security a bit wrong. I spent some time trying to get the hang of the Java SASL API to work with CRAM-MD5. Then I realized that I am storing the passwords in an SHA-512 hash. I am not a security expert, but I do not think there is a way to compare a password with two different one-way hashes. So I might try STARTTLS and use PLAIN auth. Or try storing the passwords with MD5.
Or just go on to Luminus and Grails 3.
Image from the Trier Gospels, an 8th Century manuscript housed in the Cathedral of Trier. Image from Wikimedia, assumed allowed under Fair Use.