Remote Completion Plugin
This topic describes how to install and configure the Release Remote completion plugin.
For more information, see Using the Remote completion plugin.
Install the Remote completion plugin
To install the Remote completion plugin:
- In the top navigation bar, click Plugins.
- Click Browse.
- Locate the Release Remote completion plugin, and click Install.
- Restart Release to enable the newly installed plugin.
Server configuration
SMTP server
Release sends remote completion requests to users of the system by email. for more information on how to set up an SMTP server, see Configure SMTP server.
The SMTP server page is only available to users with the Admin global permission.
To configure the email server that is used to send these requests:
- In the top navigation bar, click Settings.
- Click SMTP server.
- Fill in the required fields.
- Click Save.
IMAP server
Release receives remote completion emails sent by users that want to complete or fail a remote completion task.
To configure the email server that is used to receive the remote completion emails:
IMAP server settings are only available to users with the Admin global permission.
Release supports the use of one 1 IMAP server only.
Set up a new email account specifically for receiving remote completion emails. All emails are deleted from the inbox after they are processed by Release, including unrecognized and existing emails.
- From the navigation pane, under Configuration, click Connections.
- Locate IMAP server, and click
. - Fill in the required fields.
The following is a list of fields and descriptions:
- IMAP server host: the internet address of the mail server.
- IMAP server port: port where the server is listening on.
- Use TLS: used to secure the connection.
- IMAP from address: the email address of the IMAP server account; requests to remotely complete or fail a task are received from this email account.
- IMAP server login ID.
- IMAP server login password.
- Enable whitelisting: when enable whitelisting is checked, only emails to and from whitelisted domains are processed for remote completion.
- Domain whitelist: used for adding whitelisted domains.
- Secret for generating email signatures: generate an email signature that verifies the integrity of a received remote completion email. Notice that changing the secret will invalidate all previously send completion request emails.
- Click Save.
Settings in xl-release.conf
Advanced configuration settings can be specified inside the XL_RELEASE_SERVER_HOME/conf/xl-release.conf file. The advanced configuration is used by the email fetcher which processes incoming remote completion emails.
xl {
remote-completion {
sync-interval = 30 seconds
startup-delay = 30 seconds
}
}
sync-interval: specifies the interval time for the email fetcher. The default value is 30 seconds.startup-delay: specifies the initial startup delay of the mail fetcher. The default value is 30 seconds.
Mailbox auditing
Mailbox auditing can be enabled to log mailbox access by mailbox owners, delegates, and administrators. Contact your mailbox provider to set up mailbox auditing.
Troubleshooting
Release server
The Release server provides a mechanism for logging the application. By default, only the basic remote completion process is logged.
To enable detailed logging, you can add the following line into the XL_RELEASE_SERVER_HOME/conf/logback.xml file:
<logger name="com.xebialabs.xlrelease.plugins.remotecompletion" level="debug" />
Use the log level trace for more detailed logging.
JavaMail debugging
To turn on session debugging, add the following system property to the $JAVACMD inside the shell script that runs the Release server, located in bin\run.sh:
-Dmail.debug=true
Alternatively, to turn on session debugging, set the following flag to true in xlr-wrapper-linux.conf or xlr-wrapper-win.conf for Linux and Windows respectively.
wrapper.java.additional.<INDEX-NUMBER-HERE>=-Dmail.debug=true
This property enables printing of debugging information to the console, including a protocol trace.
Conneciton pool
The remote completion plugin uses a mail server connection pool to reuse the connections. The pool's default size is 1. In order to make mail processing parallel, consider increasing the pool size by setting the following flag (with size 5, for example) in xlr-wrapper-linux.conf or xlr-wrapper-win.conf for Linux and Windows respectively.
wrapper.java.additional.<INDEX-NUMBER-HERE>=-Dmail.imap.connectionpoolsize=5
Security recommendations
The Release remote completion feature uses emails sent by users to complete or fail any task. These are the risks associated with this feature:
Spamming and flooding attacks
Release processes each incoming email for the configured mailbox. To avoid receiving thousands of emails that can flood your mailbox, you can enable whitelisting. Only emails sent to and received from whitelisted domains are processed for remote completion. Use content filters, enable DNS-based blacklists (DNSBL), enable Spam URI Real-time Block Lists (SURBL), and maintain the local blacklists of IP addresses of spam senders. Configure the email relay parameter on the email server to prevent open relay.
Data leakage
Release sends and receives email from a task owner to take action on any task. To prevent any data leakage during this process, you must encrypt IMAP and SMTP protocols with SSL/TLS and set up SMTP authentication to control user access.
DoS and DDoS attack
To avoid DoS and DDoS attacks, limit the number of connection and authentication errors with your SMTP server.
Email abuse attack
The majority of the abusive email messages carry fake sender addresses. Activate Sender Policy Framework (SPF) to prevent spoofed sources. The SPF check ensures that the sending Message Transfer Agent (MTA) is allowed to send emails on behalf of the senders domain name. You must also activate Reverse DNS to block fake senders. After the Reverse DNS Lookup is activated, your SMTP verifies that the senders IP address matches both the host and domain names that were submitted by the SMTP client in the EHLO/HELO command.