logo
JACMail Service Back to Home Page



Installing the service is a little more involved than installing JAMail2 itself, but it is required if you want to send encrypted messages. Since it has to be accessible to the recipients of your encrypted messages, it must run all the time and be remotely accessible. Running as a service makes it accessible whether you are logged into the computer or not. Once installed and setup, the Startup Type should be changed to Automatic, so the service starts every time the computer is booted. This is done through the Service Manager (services.msc).

In order for potential recipients to use this Service, they must be able to find it. This is done by attaching it to a domain and assigning it a fully qualified Domain Name (FQDN). For example, it could be attached to the domain "example.com" and given the FQDN of "JACMail.example.com". An "A" record with this name and the IP address of your server would then have to be added to the DNS server that is hosting the "example.com" domain. A DNS cache can be poisoned to point a user to different site than the intended one. For the truly paranoid security buff, the Key Server location can be programmed into the HOSTS file on the Client machine to protect against this. It also has the advantage of being much faster and allowing a server on a dynamically assigned IP address to be more easily adjusted for.

The Service actually consists of 2 programs that must be installed in the same directory. One is the actual service itself (JACMailSvc.exe), and a small program that is used to mangage the service (JMailCtrl.exe). The Service will access a small database that will be located in the "ProgramData" directory, and the Service program needs a few parameters in order to operate correctly. Those paramters are located in the Registry and are loaded by the Service Management program (JMailCtrl.exe). But the Service must be installed first in order to create the Primary Registry entries. Because those entries are located in the HKEY_LOCAL_MACHINE portion of the Registry, the Service Management program must be elevated to "Run As Administrator".

It all sounds complicated, but it really isn't that bad. Download the JACMailSvc zip file to a working location on your computer and unzip it. Run the "setup.exe" file and accept the installation defaults. The 2 programs will be installed in the "\Programs Files\JACMail\" directory ("\Programs Files (x86)\JACMail\" on 64 bit systems), and an icon created in the Start Menu (Apps Menu on win 8.1). After installation, right button click on the "JACMail2 Service" icon, and left button click on "Run as Administrator".

If you do not elevate the privileges, or do not have UAC disabled, the program will not run.

After starting the Service Management program (JMailCtrl.exe), the first thing to do is Install the Service. Next, run Setup. You will be asked to install the database. Choose "Yes". This is a blank database. Next you will be asked to enter the URL of the the server that the database is located on. This step is not essential, but it provides a record of the service location. Next, you will be asked to enter the "Port to Listen On". This should be port 24, and must be available to the Wide Area Network. That is to say that your firewall must allow outside access to this port. When using the Microsoft Firewall, you will not get a prompt to allow access with a service. To get around this problem, simply run the the executable (JACMailSvc.exe) directly. Because there is no visible interface with a service, you will have to reboot the system or use the Task Manager to get rid of it.

Next, you will be asked to enter the "Port to Update On". This port is normally port 16, and only needs to be accessible to the machines that are allowed to update the database. This would normally be your Local Area Network only and Wide Area Network access is not usually required. Next, you will be asked to enter the "Home IP Block". This one is important, as it controls who has anytime access to the database. It is entered in CIDR notation. That is to say, you will need to supply the starting point of the SubNet and the number of bits that will match that SubNet. For example, 192.168.1.0/24 says that only the first 24 bits of the 32 bit address must match.
192.168.1.0 in binary form is:
1100 0000.1010 1000.0000 0001.0000 0000
That means that 192.168.1.0 to 192.168.1.255 have access because the last 8 bits are not checked, and is equivalent to using a netmask of 255.255.255.0. That amount of access is usually excessive, and needs to be limited further. 192.168.1.2/32 would limit access to the one machine only, where 192.168.1.0/30 would limit access to 192.168.1.0, 192.168.1.1, 192.168.1.2, and 192.168.1.3.

Once you are satisfied with your setup, you should verify that it is accessible to the outside world. Using an Online Portscan, enter the FQDN (Fully Qualified Domain Name) that was added to your DNS server, and the port number "24". If the scan does not come back with a positive response, you either have a port forwarding problem with your Router, or your Firewall software is blocking access. If you do not use a registered Domain Name, and instead you enter the FQDN and your Private IP address in your HOSTS file, you will have to test accessibility using the Public IP address. And people receivng your encrypted email will also have to enter that FQDN and your IP Public IP address in their HOSTS file.

JACMail is capable of operating with both IPv4 and IPv6, but currently the service is only setup for IPv4. If you need IPv6 support, please let me know. It is not difficult to setup, but I have no way to test it.

Once the service is setup, it can be started. The Management Program can do that, but you can also use the Service Manager (services.msc). Once Installed, the service can be Uninstalled, providing the service is stopped first. Be forewarned that once the service is uninstalled, you will lose the parameter settings from the registry.

Back to Top


| Home Page


address