From 8b86dff8e658c7381538250ded084f0cd859d743 Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Mon, 6 May 2024 17:18:16 +0600
Subject: [PATCH] Fix inbox-server config for development

Signed-off-by: Tamal Saha <tamal@appscode.com>
---
 charts/inbox-server/configs/blob.properties   |   2 +-
 .../configs/cassandra-driver.conf             | 147 ++++++++++++++++++
 charts/inbox-server/configs/imapserver.xml    |  80 +++++++---
 charts/inbox-server/configs/jmap.properties   |   2 +-
 .../inbox-server/configs/mailetcontainer.xml  |  18 ++-
 charts/inbox-server/configs/smtpserver.xml    | 125 +++++++++++----
 .../inbox-server/configs/webadmin.properties  |   6 +
 charts/inbox-server/secrets.sample.yaml       |  15 ++
 .../inbox-server/templates/james/config.yaml  |   7 -
 .../templates/james/configmaps.yaml           |   7 +
 .../templates/james/deployment.yaml           |  56 +++----
 .../inbox-server/templates/james/secrets.yaml |   1 +
 .../inbox-server/templates/james/service.yaml |   6 +-
 charts/inbox-server/values.yaml               |   8 +-
 14 files changed, 385 insertions(+), 95 deletions(-)
 create mode 100644 charts/inbox-server/configs/cassandra-driver.conf
 delete mode 100644 charts/inbox-server/templates/james/config.yaml
 create mode 100644 charts/inbox-server/templates/james/configmaps.yaml

diff --git a/charts/inbox-server/configs/blob.properties b/charts/inbox-server/configs/blob.properties
index 31fe02a..beeaa8d 100644
--- a/charts/inbox-server/configs/blob.properties
+++ b/charts/inbox-server/configs/blob.properties
@@ -1,7 +1,7 @@
 # ============================================= BlobStore Implementation ==================================
 # Choose your BlobStore implementation
 # Mandatory, allowed values are: cassandra, s3
-implementation=s3
+implementation=cassandra
 
 # ========================================= ObjectStorage deduplication ========================================
 # If you choose to enable deduplication, the mails with the same content will be stored only once.
diff --git a/charts/inbox-server/configs/cassandra-driver.conf b/charts/inbox-server/configs/cassandra-driver.conf
new file mode 100644
index 0000000..af1ba36
--- /dev/null
+++ b/charts/inbox-server/configs/cassandra-driver.conf
@@ -0,0 +1,147 @@
+# James reference configuration for the DataStax Java driver for Apache Cassandra®.
+#
+# Unless you use a custom mechanism to load your configuration (see
+# SessionBuilder.withConfigLoader), all the values declared here will be used as defaults.
+#
+# See https://docs.datastax.com/en/developer/java-driver/4.13/manual/core/configuration/ for
+# available options.
+#
+# Please note that contact point and authentication needs to be set in cassandra.properties for now.
+datastax-java-driver {
+
+  basic.request {
+    timeout = 5 seconds
+
+    consistency = QUORUM
+
+    page-size = 5000
+
+    serial-consistency = SERIAL
+  }
+
+  advanced.connection {
+    connect-timeout = 5 seconds
+
+    init-query-timeout = 5 seconds
+
+    pool {
+      local.size = 2
+
+      remote.size = 2
+    }
+
+    max-requests-per-connection = 1024
+
+    max-orphan-requests = 256
+
+    warn-on-init-error = true
+  }
+
+  advanced.throttler {
+    // class = org.apache.james.backends.cassandra.utils.LockLessConcurrencyLimitingRequestThrottler
+    class = ConcurrencyLimitingRequestThrottler
+
+    max-queue-size = 10000
+
+    max-concurrent-requests = 192
+  }
+
+  advanced.reconnect-on-init = true
+
+  advanced.reconnection-policy {
+    class = ExponentialReconnectionPolicy
+
+    base-delay = 1 second
+    max-delay = 60 seconds
+  }
+
+  advanced.retry-policy {
+    class = DefaultRetryPolicy
+  }
+
+  advanced.ssl-engine-factory {
+    // class = DefaultSslEngineFactory
+
+    // hostname-validation = true
+
+    // truststore-path = /path/to/client.truststore
+    // truststore-password = password123
+    // keystore-path = /path/to/client.keystore
+    // keystore-password = password123
+  }
+
+  advanced.request-tracker {
+    logs {
+      slow {
+        threshold = 2 second
+
+        enabled = true
+      }
+
+      max-query-length = 500
+    }
+  }
+
+  advanced.metrics {
+    factory {
+      class = DefaultMetricsFactory
+    }
+
+    id-generator {
+      class = DefaultMetricIdGenerator
+      prefix = "cassandra"
+    }
+    session {
+      enabled = [
+        // bytes-sent,
+
+        // bytes-received
+
+        // connected-nodes,
+
+        // cql-requests,
+
+        // cql-client-timeouts,
+
+        // cql-prepared-cache-size,
+
+        // throttling.delay,
+
+        // throttling.queue-size,
+
+        // throttling.errors,
+
+      ]
+
+      cql-requests {
+        highest-latency = 10 seconds
+
+        lowest-latency = 1 millisecond
+
+        significant-digits = 3
+
+        refresh-interval = 5 minutes
+      }
+    }
+  }
+
+  profiles {
+    # Provides controls on Execution profiles used by James
+    LWT {
+      basic.request.consistency = SERIAL
+      basic.request.serial-consistency = SERIAL
+    }
+    CACHING {
+      basic.request.consistency = LOCAL_ONE
+      basic.request.serial-consistency = LOCAL_ONE
+      basic.request.timeout = 100 milliseconds
+    }
+    OPTIMISTIC_CONSISTENCY_LEVEL {
+      basic.request.consistency = LOCAL_ONE
+      basic.request.serial-consistency = LOCAL_ONE
+    }
+    BATCH {
+      basic.request.timeout = 1 hour
+    }
+  }
+}
diff --git a/charts/inbox-server/configs/imapserver.xml b/charts/inbox-server/configs/imapserver.xml
index a26062a..810e43a 100644
--- a/charts/inbox-server/configs/imapserver.xml
+++ b/charts/inbox-server/configs/imapserver.xml
@@ -19,26 +19,64 @@ specific language governing permissions and limitations
 under the License.
 -->
 
-<!--
-http://james.apache.org/server/config-imap4.html
--->
+<!-- Read https://james.apache.org/server/config-imap4.html for further details -->
+
 <imapservers>
-	<imapserver enabled="${env:JAMES_IMAP_SMTP_ENABLED}">
-		<jmxName>imapserver-ssl</jmxName>
-		<bind>0.0.0.0:993</bind>
-		<connectionBacklog>200</connectionBacklog>
-		<tls socketTLS="true" startTLS="false">
-                    <privateKey>file://secrets/tls.key</privateKey>
-                    <certificates>file://secrets/tls.crt</certificates>
-		</tls>
-		<connectionLimit>0</connectionLimit>
-		<connectionLimitPerIP>0</connectionLimitPerIP>
-		<inMemorySizeLimit>102400</inMemorySizeLimit>
-		<literalSizeLimit>${env:JAMES_MESSAGE_SIZE}</literalSizeLimit>
-		<connectionBacklog>9600</connectionBacklog>
-		<compress>true</compress>
-		<timeout>3600</timeout>
-		<connectiontimeout>3600</connectiontimeout>
-	</imapserver>
-</imapservers>
+    <imapserver enabled="true">
+        <jmxName>imapserver</jmxName>
+        <bind>0.0.0.0:143</bind>
+        <connectionBacklog>200</connectionBacklog>
+        <tls socketTLS="false" startTLS="true">
+            <!-- To create a new keystore execute:
+              keytool -genkey -alias james -keyalg RSA -storetype PKCS12 -keystore /path/to/james/conf/keystore
+             -->
+            <keystore>file://keystore</keystore>
+            <keystoreType>PKCS12</keystoreType>
+            <secret>james72laBalle</secret>
+            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
+
+            <!-- Alternatively TLS keys can be supplied via PEM files -->
+            <!-- <privateKey>file://conf/private.key</privateKey> -->
+            <!-- <certificates>file://conf/certs.self-signed.csr</certificates> -->
+            <!-- An optional secret might be specified for the private key -->
+            <!-- <secret>james72laBalle</secret> -->
+        </tls>
+        <connectionLimit>0</connectionLimit>
+        <connectionLimitPerIP>0</connectionLimitPerIP>
+        <idleTimeInterval>120</idleTimeInterval>
+        <idleTimeIntervalUnit>SECONDS</idleTimeIntervalUnit>
+        <enableIdle>true</enableIdle>
+        <plainAuthDisallowed>true</plainAuthDisallowed>
+        <auth>
+            <plainAuthEnabled>true</plainAuthEnabled>
+        </auth>
+    </imapserver>
+    <imapserver enabled="true">
+        <jmxName>imapserver-ssl</jmxName>
+        <bind>0.0.0.0:993</bind>
+        <connectionBacklog>200</connectionBacklog>
+        <tls socketTLS="true" startTLS="false">
+            <!-- To create a new keystore execute:
+              keytool -genkey -alias james -keyalg RSA -storetype PKCS12 -keystore /path/to/james/conf/keystore
+             -->
+            <keystore>file://keystore</keystore>
+            <keystoreType>PKCS12</keystoreType>
+            <secret>james72laBalle</secret>
+            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
 
+            <!-- Alternatively TLS keys can be supplied via PEM files -->
+            <!-- <privateKey>file://conf/private.key</privateKey> -->
+            <!-- <certificates>file://conf/certs.self-signed.csr</certificates> -->
+            <!-- An optional secret might be specified for the private key -->
+            <!-- <secret>james72laBalle</secret> -->
+        </tls>
+        <connectionLimit>0</connectionLimit>
+        <connectionLimitPerIP>0</connectionLimitPerIP>
+        <idleTimeInterval>120</idleTimeInterval>
+        <idleTimeIntervalUnit>SECONDS</idleTimeIntervalUnit>
+        <enableIdle>true</enableIdle>
+        <auth>
+            <plainAuthEnabled>true</plainAuthEnabled>
+        </auth>
+    </imapserver>
+</imapservers>
diff --git a/charts/inbox-server/configs/jmap.properties b/charts/inbox-server/configs/jmap.properties
index 70623ef..b9b8d71 100644
--- a/charts/inbox-server/configs/jmap.properties
+++ b/charts/inbox-server/configs/jmap.properties
@@ -1,7 +1,7 @@
 # Configuration file for JMAP
 
 enabled=${env:JAMES_JMAP_ENABLED}
-tls.keystoreURL=file://secrets-jwt/keystore
+tls.keystoreURL=file://keystore
 tls.secret=${env:JAMES_KEYSTORE_PASSWORD}
 
 #
diff --git a/charts/inbox-server/configs/mailetcontainer.xml b/charts/inbox-server/configs/mailetcontainer.xml
index bcd4a99..72aa306 100644
--- a/charts/inbox-server/configs/mailetcontainer.xml
+++ b/charts/inbox-server/configs/mailetcontainer.xml
@@ -37,11 +37,23 @@
     <processors>
         <processor state="root" enableJmx="true">
             <mailet match="All" class="PostmasterAlias"/>
-            <mailet match="RelayLimit=30" class="ToRepository">
-                <repositoryPath>cassandra://var/mail/relay-limit-exceeded/</repositoryPath>
+            <mailet match="RelayLimit=30" class="Null"/>
+            <mailet match="All" class="mailets.IgnoreSuffixOfPlusSign"/>
+            <mailet match="matchers.NotInBlackList" class="ToProcessor">
+                <processor>transport</processor>
             </mailet>
             <mailet match="All" class="ToProcessor">
-                <processor>transport</processor>
+                <processor>blacklisted</processor>
+            </mailet>
+        </processor>
+
+
+        <processor state="blacklisted" enableJmx="true">
+            <mailet match="All" class="MetricsMailet">
+                <metricName>blacklisted</metricName>
+            </mailet>
+            <mailet match="All" class="ToRepository">
+                <repositoryPath>cassandra://var/mail/blacklisted/</repositoryPath>
             </mailet>
         </processor>
 
diff --git a/charts/inbox-server/configs/smtpserver.xml b/charts/inbox-server/configs/smtpserver.xml
index 3ad644f..34e1a3f 100644
--- a/charts/inbox-server/configs/smtpserver.xml
+++ b/charts/inbox-server/configs/smtpserver.xml
@@ -19,75 +19,142 @@
   under the License.
  -->
 
+<!-- Read https://james.apache.org/server/config-smtp-lmtp.html#SMTP_Configuration for further details -->
+
 <smtpservers>
-    <smtpserver enabled="${env:JAMES_IMAP_SMTP_ENABLED}">
+    <smtpserver enabled="true">
         <jmxName>smtpserver-global</jmxName>
         <bind>0.0.0.0:25</bind>
         <connectionBacklog>200</connectionBacklog>
-        <tls socketTLS="true" startTLS="false">
-            <privateKey>file://secrets/tls.key</privateKey>
-            <certificates>file://secrets/tls.crt</certificates>
+        <tls socketTLS="false" startTLS="false">
+            <!-- To create a new keystore execute:
+              keytool -genkey -alias james -keyalg RSA -storetype PKCS12 -keystore /path/to/james/conf/keystore
+             -->
+            <keystore>file://keystore</keystore>
+            <keystoreType>PKCS12</keystoreType>
+            <secret>james72laBalle</secret>
+            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
+            <algorithm>SunX509</algorithm>
+
+            <!-- Alternatively TLS keys can be supplied via PEM files -->
+            <!-- <privateKey>file://conf/private.key</privateKey> -->
+            <!-- <certificates>file://conf/certs.self-signed.csr</certificates> -->
+            <!-- An optional secret might be specified for the private key -->
+            <!-- <secret>james72laBalle</secret> -->
         </tls>
-        <helloName autodetect="false">${env:JAMES_SMTP_HOSTNAME}</helloName>
         <connectiontimeout>360</connectiontimeout>
         <connectionLimit>0</connectionLimit>
         <connectionLimitPerIP>0</connectionLimitPerIP>
-        <authRequired>false</authRequired>
+        <auth>
+            <announce>never</announce>
+            <requireSSL>false</requireSSL>
+            <plainAuthEnabled>true</plainAuthEnabled>
+        </auth>
+        <authorizedAddresses>127.0.0.0/8</authorizedAddresses>
         <verifyIdentity>false</verifyIdentity>
-        <proxyRequired>false</proxyRequired>
-        <maxmessagesize>${env:JAMES_MESSAGE_SIZE}</maxmessagesize>
+        <maxmessagesize>0</maxmessagesize>
         <addressBracketsEnforcement>true</addressBracketsEnforcement>
-        <smtpGreeting>${env:JAMES_SMTP_MESSAGE}</smtpGreeting>
+        <smtpGreeting>Apache JAMES awesome SMTP Server</smtpGreeting>
         <handlerchain>
             <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
             <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
         </handlerchain>
     </smtpserver>
-    <smtpserver enabled="${env:JAMES_IMAP_SMTP_ENABLED}">
+    <smtpserver enabled="true">
         <jmxName>smtpserver-TLS</jmxName>
         <bind>0.0.0.0:465</bind>
         <connectionBacklog>200</connectionBacklog>
         <tls socketTLS="true" startTLS="false">
-            <privateKey>file://secrets/tls.key</privateKey>
-            <certificates>file://secrets/tls.crt</certificates>
+            <!-- To create a new keystore execute:
+              keytool -genkey -alias james -keyalg RSA -storetype PKCS12 -keystore /path/to/james/conf/keystore
+             -->
+            <keystore>file://keystore</keystore>
+            <keystoreType>PKCS12</keystoreType>
+            <secret>james72laBalle</secret>
+            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
+            <algorithm>SunX509</algorithm>
+
+            <!-- Alternatively TLS keys can be supplied via PEM files -->
+            <!-- <privateKey>file://conf/private.key</privateKey> -->
+            <!-- <certificates>file://conf/certs.self-signed.csr</certificates> -->
+            <!-- An optional secret might be specified for the private key -->
+            <!-- <secret>james72laBalle</secret> -->
         </tls>
-        <helloName autodetect="false">${env:JAMES_SMTP_HOSTNAME}</helloName>
         <connectiontimeout>360</connectiontimeout>
         <connectionLimit>0</connectionLimit>
         <connectionLimitPerIP>0</connectionLimitPerIP>
-        <authRequired>true</authRequired>
-        <verifyIdentity>true</verifyIdentity>
-        <proxyRequired>false</proxyRequired>
-        <maxmessagesize>${env:JAMES_MESSAGE_SIZE}</maxmessagesize>
+        <!--
+           Authorize only local users
+        -->
+        <auth>
+            <announce>forUnauthorizedAddresses</announce>
+            <requireSSL>true</requireSSL>
+            <plainAuthEnabled>true</plainAuthEnabled>
+            <!-- Sample OIDC configuration -->
+            <!--
+            <oidc>
+                <oidcConfigurationURL>https://changeme.org/auth/realms/upn/.well-known/openid-configuration</oidcConfigurationURL>
+                <jwksURL>https://changeme.org/auth/realms/upn/protocol/openid-connect/certs</jwksURL>
+                <claim>email</claim>
+                <scope>openid profile email</scope>
+            </oidc>
+            -->
+        </auth>
+        <authorizedAddresses>127.0.0.0/8</authorizedAddresses>
+        <verifyIdentity>false</verifyIdentity>
+        <maxmessagesize>0</maxmessagesize>
         <addressBracketsEnforcement>true</addressBracketsEnforcement>
-        <smtpGreeting>${env:JAMES_SMTP_MESSAGE}</smtpGreeting>
+        <smtpGreeting>Apache JAMES awesome SMTP Server</smtpGreeting>
         <handlerchain>
             <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
             <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
         </handlerchain>
     </smtpserver>
-    <smtpserver enabled="${env:JAMES_IMAP_SMTP_ENABLED}">
+    <smtpserver enabled="true">
         <jmxName>smtpserver-authenticated</jmxName>
         <bind>0.0.0.0:587</bind>
         <connectionBacklog>200</connectionBacklog>
         <tls socketTLS="false" startTLS="true">
-            <privateKey>file://secrets/tls.key</privateKey>
-            <certificates>file://secrets/tls.crt</certificates>
+            <!-- To create a new keystore execute:
+              keytool -genkey -alias james -keyalg RSA -storetype PKCS12 -keystore /path/to/james/conf/keystore
+             -->
+            <keystore>file://keystore</keystore>
+            <keystoreType>PKCS12</keystoreType>
+            <secret>james72laBalle</secret>
+            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
+            <algorithm>SunX509</algorithm>
+
+            <!-- Alternatively TLS keys can be supplied via PEM files -->
+            <!-- <privateKey>file://conf/private.key</privateKey> -->
+            <!-- <certificates>file://conf/certs.self-signed.csr</certificates> -->
+            <!-- An optional secret might be specified for the private key -->
+            <!-- <secret>james72laBalle</secret> -->
         </tls>
-        <helloName autodetect="false">${env:JAMES_SMTP_HOSTNAME}</helloName>
         <connectiontimeout>360</connectiontimeout>
         <connectionLimit>0</connectionLimit>
         <connectionLimitPerIP>0</connectionLimitPerIP>
-        <authRequired>true</authRequired>
-        <verifyIdentity>true</verifyIdentity>
-        <proxyRequired>false</proxyRequired>
-        <maxmessagesize>${env:JAMES_MESSAGE_SIZE}</maxmessagesize>
+        <auth>
+            <announce>forUnauthorizedAddresses</announce>
+            <requireSSL>true</requireSSL>
+            <plainAuthEnabled>true</plainAuthEnabled>
+            <!-- Sample OIDC configuration -->
+            <!--
+            <oidc>
+                <oidcConfigurationURL>https://changeme.org/auth/realms/upn/.well-known/openid-configuration</oidcConfigurationURL>
+                <jwksURL>https://changeme.org/auth/realms/upn/protocol/openid-connect/certs</jwksURL>
+                <claim>email</claim>
+                <scope>openid profile email</scope>
+            </oidc>
+            -->
+        </auth>
+        <authorizedAddresses>127.0.0.0/8</authorizedAddresses>
+        <verifyIdentity>false</verifyIdentity>
+        <maxmessagesize>0</maxmessagesize>
         <addressBracketsEnforcement>true</addressBracketsEnforcement>
-        <smtpGreeting>${env:JAMES_SMTP_MESSAGE}</smtpGreeting>
+        <smtpGreeting>Apache JAMES awesome SMTP Server</smtpGreeting>
         <handlerchain>
             <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
             <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
         </handlerchain>
     </smtpserver>
-</smtpservers>
-
+</smtpservers>
\ No newline at end of file
diff --git a/charts/inbox-server/configs/webadmin.properties b/charts/inbox-server/configs/webadmin.properties
index 71e4c38..478c9ae 100644
--- a/charts/inbox-server/configs/webadmin.properties
+++ b/charts/inbox-server/configs/webadmin.properties
@@ -3,4 +3,10 @@ port=8000
 cors.enable=true
 cors.origin=*
 jwt.enabled=true
+#
+## If you wish to use OAuth authentication, you should provide a valid JWT public key.
+## The following entry specify the link to the URL of the public key file,
+## which should be a PEM format file.
+##
+jwt.publickeypem.url=file://conf/admin_jwt_publickey
 extensions.routes=org.apache.james.webadmin.dropwizard.MetricsRoutes
diff --git a/charts/inbox-server/secrets.sample.yaml b/charts/inbox-server/secrets.sample.yaml
index 2003dcd..653d0b6 100644
--- a/charts/inbox-server/secrets.sample.yaml
+++ b/charts/inbox-server/secrets.sample.yaml
@@ -1,5 +1,20 @@
 james:
   secret:
+    adminJWTPublicKey: |-
+      -----BEGIN PUBLIC KEY-----
+      MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy+4NZ2Sp728kWtYuGf0w
+      87LyPg2mFAkvHRh/h7hMJ0QW0yRhN6DqsbfFif2klalMkeMwoi7BoqQIeySshSpr
+      FIMNMcNiypXYzowQMKpGoxZoyfWOrxeFqOrAwazyDtaHaAQN+/15737dTMLi3XNI
+      2EQmhoYcVWyeq88KzW2YQZE8DqzFwX4Ku7xdaM3jMarWdNhYFMAeyE+ZRbaBXIKs
+      M66QodoNr1mQRGTlI4q4MwsbVITtv2mcF4R+CHeNtv+ouLoQDYFsdcIzB4vNUilj
+      b2h93knamAkUZ6IuO9vGt1Phsr/X6shMyI1an1KZw+F6Ow5lWcp8KPWo2dPK10Is
+      qN3XfXEaIMb4qgDH/S0+ib/ZC0cJf/7KBkihbYN+Ijak5nWOo3DnvjZFbk3dyWYO
+      n2knL9IhDGkVv3q/ETlODyDwHCC/nXxNZWwYSoHRaofEXZCBhIVqxG0SfFM3wRtc
+      Xvjzdo+34XVFql6MK+VNIYUFt8jIEzBtM9z4Xg3AbZ7WujKFKIwEuYlD1kMj5y/2
+      VdTY3biwx8328eUQu2HlWhc7ESUU0j7EjxHc8EwYiImhhg4Aa+BLDn8TWKg3CZUw
+      o9Z6NNsUjKf0umIsSJUQvEwm9oJRuZZPmmgoVcbhLtU3/OL8/dzQqjjQEAFDsVLd
+      3VciFppd9DICczpVAnV4fI8CAwEAAQ==
+      -----END PUBLIC KEY-----
     jwtPublicKey: |-
       -----BEGIN PUBLIC KEY-----
       MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzE7w+TBpN1c5wvWtlvWE
diff --git a/charts/inbox-server/templates/james/config.yaml b/charts/inbox-server/templates/james/config.yaml
deleted file mode 100644
index 8f2c543..0000000
--- a/charts/inbox-server/templates/james/config.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "inbox-server.fullname" . }}-config
-  namespace: {{ .Release.Namespace }}
-data:
-{{ (.Files.Glob "configs/*").AsSecrets | indent 2 }}
diff --git a/charts/inbox-server/templates/james/configmaps.yaml b/charts/inbox-server/templates/james/configmaps.yaml
new file mode 100644
index 0000000..d67cb66
--- /dev/null
+++ b/charts/inbox-server/templates/james/configmaps.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "inbox-server.fullname" . }}-config
+data:
+{{ (.Files.Glob "configs/*").AsConfig | indent 2 }}
+
diff --git a/charts/inbox-server/templates/james/deployment.yaml b/charts/inbox-server/templates/james/deployment.yaml
index 041bbf6..4f55d63 100644
--- a/charts/inbox-server/templates/james/deployment.yaml
+++ b/charts/inbox-server/templates/james/deployment.yaml
@@ -42,18 +42,20 @@ spec:
       containers:
       - name: james-jmap
         image: {{ .Values.james.image }}
-        readinessProbe:
-          httpGet:
-            path: /healthcheck/checks/Guice%20application%20lifecycle
-            port: 8000
-          initialDelaySeconds: 60
-          periodSeconds: 10
-        livenessProbe:
-          httpGet:
-            path: /healthcheck/checks/Guice%20application%20lifecycle
-            port: 8000
-          initialDelaySeconds: 91
-          periodSeconds: 30
+        args:
+          - --generate-keystore
+        # readinessProbe:
+        #   httpGet:
+        #     path: /healthcheck/checks/Guice%20application%20lifecycle
+        #     port: 8000
+        #   initialDelaySeconds: 60
+        #   periodSeconds: 10
+        # livenessProbe:
+        #   httpGet:
+        #     path: /healthcheck/checks/Guice%20application%20lifecycle
+        #     port: 8000
+        #   initialDelaySeconds: 91
+        #   periodSeconds: 30
         envFrom:
           - secretRef:
               name: {{ include "inbox-server.fullname" . }}-s3-auth
@@ -180,7 +182,7 @@ spec:
       - name: all-in-one-config
         projected:
           sources:
-          - secret:
+          - configMap:
               name: {{ include "inbox-server.fullname" . }}-config
           - secret:
               name: {{ include "inbox-server.fullname" . }}-jwt-key
@@ -239,18 +241,20 @@ spec:
       containers:
       - name: james-imap-smtp
         image: {{ .Values.james.image }}
-        readinessProbe:
-          httpGet:
-            path: /healthcheck/checks/Guice%20application%20lifecycle
-            port: 8000
-          initialDelaySeconds: 60
-          periodSeconds: 10
-        livenessProbe:
-          httpGet:
-            path: /healthcheck/checks/Guice%20application%20lifecycle
-            port: 8000
-          initialDelaySeconds: 91
-          periodSeconds: 30
+        args:
+          - --generate-keystore
+        # readinessProbe:
+        #   httpGet:
+        #     path: /healthcheck/checks/Guice%20application%20lifecycle
+        #     port: 8000
+        #   initialDelaySeconds: 60
+        #   periodSeconds: 10
+        # livenessProbe:
+        #   httpGet:
+        #     path: /healthcheck/checks/Guice%20application%20lifecycle
+        #     port: 8000
+        #   initialDelaySeconds: 91
+        #   periodSeconds: 30
         envFrom:
           - secretRef:
               name: {{ include "inbox-server.fullname" . }}-s3-auth
@@ -380,7 +384,7 @@ spec:
       - name: all-in-one-config
         projected:
           sources:
-          - secret:
+          - configMap:
               name: {{ include "inbox-server.fullname" . }}-config
           - secret:
               name: {{ include "inbox-server.fullname" . }}-jwt-key
diff --git a/charts/inbox-server/templates/james/secrets.yaml b/charts/inbox-server/templates/james/secrets.yaml
index 5bfe2bb..f522c05 100644
--- a/charts/inbox-server/templates/james/secrets.yaml
+++ b/charts/inbox-server/templates/james/secrets.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 data:
   jwt_publickey: "{{ .Values.james.secret.jwtPublicKey | b64enc }}"
   jwt_privatekey: "{{ .Values.james.secret.jwtPrivateKey | b64enc }}"
+  admin_jwt_publickey: "{{ .Values.james.secret.adminJWTPublicKey | b64enc }}"
 kind: Secret
 type: Opaque
 metadata:
diff --git a/charts/inbox-server/templates/james/service.yaml b/charts/inbox-server/templates/james/service.yaml
index 9c86273..719f5eb 100644
--- a/charts/inbox-server/templates/james/service.yaml
+++ b/charts/inbox-server/templates/james/service.yaml
@@ -32,9 +32,9 @@ apiVersion: v1
 metadata:
   name: {{ include "inbox-server.fullname" . }}-admin
   namespace: {{ .Release.Namespace }}
-labels:
-  app.kubernetes.io/part-of: james
-  {{- include "inbox-server.labels" . | nindent 2 }}
+  labels:
+    app.kubernetes.io/part-of: james
+    {{- include "inbox-server.labels" . | nindent 4 }}
 spec:
   selector:
     app.kubernetes.io/part-of: james
diff --git a/charts/inbox-server/values.yaml b/charts/inbox-server/values.yaml
index a4cfb73..8f2feca 100644
--- a/charts/inbox-server/values.yaml
+++ b/charts/inbox-server/values.yaml
@@ -24,11 +24,11 @@ james:
     jamesEsNbReplica: 1
     jamesEsMailboxReadAlias: "read-mailbox"
     jamesEsMailboxWriteAlias: "write-mailbox"
-    jamesRabbitHost: "change-me"
+    jamesRabbitHost: "inbox-server-rabbitmq"
     jamesMessageSize: 25M
     jamesDkimSignSmtp: "dkimselector"
     jamesDkimSignDomain: "mail.example.com"
-    cassandraReplicationFactor: 3
+    cassandraReplicationFactor: 1
     jamesHELOMessage: "change-me"
     jvmOpts: "-Xms3g -Xmx3g"
     glowroot:
@@ -133,7 +133,7 @@ rabbitmq:
   # volumeMounts
 
 s3:
-  enabled: true
+  enabled: false
   image:
     repository: ghcr.io/appscode/cloudserver
     pullPolicy: IfNotPresent
@@ -148,7 +148,7 @@ s3:
   # volumeMounts
 
 tika:
-  enabled: true
+  enabled: false
   image:
     repository: apache/tika
     pullPolicy: IfNotPresent