no protocol level rejection?

i have been playing with james (2.1) and am wondering if i have misconfigured my server because i don't see protocol level reject of [open] relay requests, but rather it forwards such requests to the spam folder after accepting them (250). i am concerned about this since most automated open rel

Re: no protocol level rejection?

None of the major open relay tests do that, in fact. James is far from alone in this regard. My James server has been checked numerous times by open relay testers, and passed each time. --- Noel interesting. so the behavior described is then normal and i can assume there isn't a misconfigur

Re: Reply-To and out-of-office messages

not to be pessimistic (i can't help myself :o), but the other problem i think you are going to run into is multiple [James] MXs servicing a single site. unless they all share a common database the 'state' information may not be available upon receipt of a bounce. the problem with a common datab

Re: Reply-To and out-of-office messages

Yes, I think it's a well-established practice to use a common database as a store in a distributed system. provided that the database can handle the volume. since mail is well suited to load balancing across many, simple systems it is easy to envision an implementation whereby you do not have t

james and SMART_HOST (DH)

i have been trying to setup james as a mail exchange similar to some existing sendmail servers i have running. in a nutshell, i am looking for the equivalent of sendmail's 'SMART_HOST' capabilities ('forward all incoming mail to host X'). since i don't see anything that would indicate a way to do t

Re: james and SMART_HOST (DH)

great, thanks. b Serge Knystautas wrote: http://james.apache.org/provided_mailets_2_1.html Check out the RemoteDelivery mailet... you add the optional parameter. -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: james and SMART_HOST (DH)

i have been trying to setup james as a mail exchange similar to some existing sendmail servers i have running. in a nutshell, i am looking for the equivalent of sendmail's 'SMART_HOST' capabilities ('forward all incoming mail to host X'). since i don't see anything that would indicate a way t

Re: james and SMART_HOST (DH)

Serge Knystautas wrote: This sounds like just a case of configuring two instances of RemoteDelivery (one that does gateway to the other box) and one that sends using standard MX record lookups. Then just put the appropriate matchers in front of them so the right emails use the appropriate remo

Re: james and SMART_HOST (DH)

well, this is sorta working so i think that i have an 'order' issue to resolve. per your suggestion i have the following configuration: file://var/mail/outgoing/ 2160 2160 5 1 file://var/mail/outgoing/ 2160 5 1 internal.myfoo.com 25 i can s

Re: james and SMART_HOST (DH)

ok, after much doinking around i believe that i have a workable config that allows a james server to act as a bidirectional MX (receives mail on behalf of internal servers and relays mail out for same) without being a spam ho. i figured that i would post this for reference should another noob h

Re: james and SMART_HOST (DH)

: bill parducci [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 11:03 To: James Users List Subject: Re: james and SMART_HOST (DH) ok, after much doinking around i believe that i have a workable config that allows a james server to act as a bidirectional MX (receives mail on behalf of

interesting queueing behavior

whilst watching the gobs of spam fly by on my james server i noticed some queuing behavior that i found odd. at first i thought that it was just me, but i have seen some posts ('why is this taking so long to deliver?' kinda stuff) that indicates that maybe it is something worth asking about. basi

Re: interesting queueing behavior

that would explain it. sorry, i didn't even notice the thread count in the RemoteDelivery config (the rest of the thread settings seem to be bunched up at the bottom of the config file). still, might be worth a noob note for those seeing 'long delivery' issues. thanks b Noel J. Bergman wrote:

Re: james and SMART_HOST (DH)

ok, i'll give it a shot. b Noel J. Bergman wrote: no problemo... now, what is the wiki site? :o) See my other message. :-) I've given you a head start on the Smart Host / Secondary MX page by pretty much copying your message, and doing some minor edits with the Wiki's text formatting rules.

Re: james and SMART_HOST (DH)

ok, i polished it up a little, lemme know what you think. b Noel J. Bergman wrote: I've given you a head start on the Smart Host / Secondary MX page by pretty much copying your message, and doing some minor edits with the Wiki's text formatting rules. See: http://nagoya.apache.org/wiki/apache

Re: james and SMART_HOST (DH)

perhaps the term 'downstream' would be better suited to our purposes than 'internal'? i was just using this since it is a common installation configuration. there are many ways we can expand on the implementational issues if, as below, you wish to include dns entries. in that situation i would

Re: james and SMART_HOST (DH)

i'll start with a few simple graphics and we can go from there. i'll try to get something out tonight. Noel J. Bergman wrote: > Note about load balancing. James doesn't have to refuse connections to cause load balancing to occur. By setting up a number of MX records with the same priority, the

Re: relay deny

if you are referring to protocol level rejection, the answer is that james doesn't work that way; it accepts all messages and then processes them via the mailets (match="RemoteAddrNotInNetwork=[]" determines which host will be allowed to relay). in the default config relayed mail is dumped in t

Re: james and SMART_HOST (DH)

attached are the first swacks at the graphics. thoughts? b Noel J. Bergman wrote: Bill, If you are willing to do the graphics, and keep them relatively small, I don't see any reason why we wouldn't add them to the site. Right now we are doing the collaborative editing in the Wiki, but eventual

Re: i need help!!!!

Other mail servers will send their emails to james(not only james but other mail servers) by finding it's hostname? yes. there is a type of DNS record called an MX record. this tells other mail servers which hosts accept mail for a particular domain. not to get into too much detail, but these r

Re: External Emails

Danny Angus wrote: > Quite clearly.. > [...] > > Your mail is being rejected by Bradford uni because it thinks you are using a fake IP address. > > Check config.xml and don't let it auto-detect servernames and IP > addresses, its probably not that though, more likely there's NAT going > on some

Re: Open Relay

the problem with that approach is that it requires 'two phase' authorization: (1) are addresses ok? (2) is content ok? i had this same initial concern, but upon reflection (and integration with a policy engine) i realized that the current implementation is not only more efficient in terms of p

Re: Open Relay

unless someone figures out how to spoof 127.0.0.1 :o) b Noel J. Bergman wrote: Bryan, Is james configured correctly/securely out of the box? It should be, yes. We don't know what changes he made in the first place, nor which one he found that he had to make to correct his configuration.

OT: avalon http proxy

anyone know what happened to the avalon http proxy stuff? i went to the dirs to pull down the code and they are empty. from the description it sounded like there was *something* going on as late as last summer. has it been abondoned? thanks b -

Re: avalon http proxy

doh! didn't even think to look there. thanks! (wonder why not accessible form website -- or links not removed?) b Steve Short wrote: Not sure, but I found it in CVS at http://cvs.apache.org/viewcvs.cgi/avalon-apps/ Steve - T

Re: A safe "SenderIsLocal" matcher?

i belive there may be a solution to this by adding the concept of 'direction' to the mail flow analysis. this only works if your mail server is in a protected area where IP spoofing is not possible (you cannot trust your ISP to check for spoofing, but a well configured firewall or router does t

Re: A safe "SenderIsLocal" matcher?

yes indeed. there are potential holes in the solution (as with all possible solutions). it really comes down to the level of certainty you wish to achieve. since e-mail is just about the most unsecure method of communication in the universe :o) this has been sufficient for most of the stuff i h

Re: A safe "SenderIsLocal" matcher?

yes, but i use the concept of direction for other things when i evaluate mail against my policies (branched logic: "if external, do X; if internal do Y"), so this is a natural extension of my setup. b Noel J. Bergman wrote: 1. you define those ip addresses that are considered 'internal'. in my

Re: service under linux

testing tidbit: for those who want to keep the console running, but don't want to stay logged in i would suggest considering screen. not only does this keep the session alive after you detach but it allows you to fire up numerous 'screens' where one can observe various log files, edit configs,

Re: outgoing mail routing

take a look at this: http://nagoya.apache.org/wiki/apachewiki.cgi?James/SmartOrSecondaryHost b Greg Steuck wrote: Hello, could someone suggest the best/easiest way to configure James to have it send most of the mail out using ordinary MX lookups but send mail for a particular domain (say @nest

Re: updating my james version

along those lines, what did you use to accomplish this: /* - view color coded difference (good tools help) */ diff is a bit rough :o) b Noel J. Bergman wrote: Mike, Merging the config.xml changes and moving the apps/james/ directory tree takes care of both. File system repositories are under a

Re: updating my james version

cool, thanks. BTW: i was dorking around with gvim and found that it does colorized diff in split pane windows. b I use Epsilon's visual-diff, but there is a free, online, color difference tool located at http://tachyon.perlmonk.org/scripts/color_coded_diff.htm. If you use that online tool, I r

Re: Spam Honeypot

Noel J. Bergman wrote: I was going to say that same thing to him. In fact, I had written it in my note, but then I saw his comment about sending the mail to null, so I think that he knows not to actually be an open relay. --- Noel i saw the same. however, how is he going to be an 'open relay' (to

Re: Spam Honeypot

unless the spammer is only looking at the SMTP codes (not going into *that* discussion again :o) the machine is going to have to actually *deliver* the note. at that point it will be an open relay and will be part of the problem. also, any spammer worth a darn will have a handful of 'feedback' acco

Re: Spam Honeypot

a good place to start is to post an 'uninteresting' note to a variety of USENET lists using a 'clean' e-mail address. (alt.sex is one i have used in the past, but the more you spread around the more likely you are going to get hits). this gets the real bottom feeders since anyone using that address

Re: Spam Honeypot

You don't need to do anything to attract spammers; they just show up. You don't need to do anything to be probed for being an open relay other than have an available SMTP port on the internet. Your IP will be probed. I recently installed a computer on broadband for my uncle. Within 5 minutes of

Re: Spam Honeypot

i have witnessed that first hand, but unfortunately it is almost impossible to have any concrete proof. the only possibility that i can think of is trying to unsubscribe using a 3rd [clean!] address that is not yet on their list. if they are legit they should come back and say that it wasn't found,

Re: Spam Honeypot

yep, which is kinda how the whole rbl thing works (via dns lookups)... b [EMAIL PROTECTED] wrote: If it were possible to create addresses that were known to receive only spam, then you could set up these servers in a bunch of domains and have them all update a central database with info on they c

Re: Spam Honeypot

TECTED] wrote: whole rbl thing? bill parducci To: James Users List <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> c

Re: Spam Honeypot

One thing, though. It seems to me as a Java programmer that I could put together a mailet that contained much more sophisticated analysis than just a reverse-dns lookup. If I were to write a mailet that could reliably figure out spam based on more than just the sending host then it seems like there

Re: Spam Honeypot

as much as i would like to go undercover :o), the problem is that open relays are really a small part of the spam that is sent. true, they represent some of the lower forms of life, but in terms of being an annoyance to end users they are but a fraction of the overall volume. here are some mail sta

Re: Spam Honeypot

James currently touts a Bayesian mailet, but employs only an overall data source and is not concerned with individual preference; to be an effective SPAM blocker, a relationship needs to be established between a specific user and her [sic] Bayesian lists. and of course the necessary functionality t

Re: Spam Honeypot

can you expand upon what you consider "pattern data"? b alan.gerhard wrote: back up a bit - my point differs in that the pattern data collected is individual and i do not see too much need for sharing. other than that, the outstanding issue is, as a james user, how to go about setting up and mai

Re: Spam Honeypot

alan.gerhard wrote: This boils down to a collection of 'good mail' and a collection of 'bad mail', that in my opinion needs to reflect the users' interests, therefore I am a bit leery in 'sharing' this data, but am not dismissing it's potential. collection of 'bad mail'? as in sending out a list

Re: Spam Honeypot

ok, i think we are both talking in two different directions, because you are still seem to be taking sample sharing and i am still taking analysis mechanism. at this point i wish you well and bow out of the discussion (on list). b alan.gerhard wrote: I must have been unclear - A bayesian spam fil

Re: Sendmail Buffer Overflow

not directly. completely different code base. b Gary L. Harris wrote: Is James affected by this? CERT® Advisory CA-2003-07 Remote Buffer Overflow in Sendmail Gary Harris wvinternet.com - To unsubscribe, e-mail: [EMAIL PROTECTED

Re: Password encryption algorithm.

doesn't md5 use a salt? b Javier Storni wrote: Hi Vincenzo, I've exported my Linux passwords to James, setting pwdAlgorithm to MD5. But doesn't works If anyone did that (export Linux passwords to James user table (JDBC)), cand send me some hints ? Thanks in advance. Javier Storni ---

Re: Password encryption algorithm.

[EMAIL PROTECTED] wrote: Does Linux use a salt? I don't know. If the answer is yes, then there is no solution to Javier's problem: which is what i was angling at. it kinda looks like it to me: echo md5("password4me"); yields: 9a74675cc48f209ef0f90d9a2d6f6e7a # grub-md5-crypt Password: <> $1$V

Re: James for multiple domains

Matthew Schuyler Peck wrote: I've seen a repeated objection that no single solution has presented itself as "the best". I submit that "the best" solution, for now, is the solution that other mail servers use, since it works and is widespread and James continues to lack its own solution to this impo

Re: James for multiple domains

One suggestion to James is that they break the RFC rules (I'm not sure if it's due to some RFC conformity) and break up the "[EMAIL PROTECTED]" into two "user" and "domain" parts. Once this is done, virtual hosting would be pretty neat. Mailets can then choose to ignore the domain, or take them in

Re: sending mails using james

it may be a delivery problem (dns records perhaps?) have you checked to see if it queued up to be delivered? b Mark Goking wrote: Hi, we have james set up in another pc in our network. it's being used by one of our systems here and im creating a lil program and using the james (found in the other

Re: James for multiple domains

Danny Angus wrote: actually, james wouldn't have to 'break' the rfc. passing the rcpto (mailfrom while you're at it :o) information to mailets as they are invoked it is passed as the Mail.recipients, how do you think we manage to send mail onwards??! kinda what i thought (but i don't write m

Re: Running James 2.1.2 as a daemon

it seems like this would make more sense in the phoenix tree since you are technically starting and stopping phoenix, correct? (which is why i think that there is always confusion as to how one 'stops' james). b Danny Angus wrote: Is there any reason why this can't replace run.sh ? having one

v2.2.0a4 housecleaning

been playing with the latest [binary] build. you might want to kill this file: /opt/james/apps/dummy.txt since james.sar is in that dir. b - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PRO

Re: Apache Wiki: JamesQuickstart

for starters, i would suggest a '2b' for *IX users: /* 2. Extra the gz or zip file to a local directory. 2b. (IX users) Make run.sh and phoenix.sh executable (`chmod +x ruh.sh phoneix.sh`) 3. Start bin/run.sh (unix) or bin\run.bat (windows) You will see something like the following: */ also --

Re: Apache Wiki: JamesQuickstart

Ok, I can tell them to check that locally this resolution matches. Usually the problem seemed to be the outside world not having problems, but I would like to catch as many of these as possible. I guess if you have NAT-issues you could have problems because that external result won't match your

Re: SMTP

this may sound kinda dumb, but aren't we just talking about a webmail client for what you want to do here? is the need to have a local client a requirement or a preference? b Serge Knystautas wrote: David Schwartz wrote: Unless you have some fancy authentication happening with your email, W