[PR] Use io.netty.tryReflectionSetAccessible=true JVM option [james-project]
chibenwa opened a new pull request, #1996: URL: https://github.com/apache/james-project/pull/1996 On Java >= 9 Netty requires the io.netty.tryReflectionSetAccessible system property to be set to true to enable This setting was taken from Cassandra jvm11-server.option -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
(james-project) branch io.netty.tryReflectionSetAccessible created (now 76881a8787)
This is an automated email from the ASF dual-hosted git repository. btellier pushed a change to branch io.netty.tryReflectionSetAccessible in repository https://gitbox.apache.org/repos/asf/james-project.git at 76881a8787 Use io.netty.tryReflectionSetAccessible=true JVM option This branch includes the following new commits: new 76881a8787 Use io.netty.tryReflectionSetAccessible=true JVM option The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
(james-project) 01/01: Use io.netty.tryReflectionSetAccessible=true JVM option
This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch io.netty.tryReflectionSetAccessible in repository https://gitbox.apache.org/repos/asf/james-project.git commit 76881a878742b9a7706cce64bd686894948b327a Author: Benoit TELLIER AuthorDate: Tue Feb 13 00:20:03 2024 +0100 Use io.netty.tryReflectionSetAccessible=true JVM option On Java >= 9 Netty requires the io.netty.tryReflectionSetAccessible system property to be set to true to enable This setting was taken from Cassandra jvm11-server.option --- server/apps/cassandra-app/sample-configuration/jvm.properties | 6 +- server/apps/distributed-app/sample-configuration/jvm.properties | 4 .../apps/distributed-pop3-app/sample-configuration/jvm.properties | 4 server/apps/jpa-app/sample-configuration/jvm.properties | 6 +- server/apps/jpa-smtp-app/sample-configuration/jvm.properties| 6 +- server/apps/memory-app/sample-configuration/jvm.properties | 6 +- server/apps/scaling-pulsar-smtp/sample-configuration/jvm.properties | 4 server/apps/spring-app/pom.xml | 3 ++- 8 files changed, 34 insertions(+), 5 deletions(-) diff --git a/server/apps/cassandra-app/sample-configuration/jvm.properties b/server/apps/cassandra-app/sample-configuration/jvm.properties index 6f7e598d17..405391a790 100644 --- a/server/apps/cassandra-app/sample-configuration/jvm.properties +++ b/server/apps/cassandra-app/sample-configuration/jvm.properties @@ -58,4 +58,8 @@ jmx.remote.x.mlet.allow.getMBeansFromURL=false # Defaults to true, meaning James will use JMAP filters event source increments, thus transparently and significantly # improving JMAP filter storage efficiency. Snapshots enable to only build the aggregate from the last few events. # james.jmap.filters.eventsource.increments.enabled=true -# james.jmap.filters.eventsource.snapshots.enabled=true \ No newline at end of file +# james.jmap.filters.eventsource.snapshots.enabled=true + +# On Java >= 9 Netty requires the io.netty.tryReflectionSetAccessible system property to be set to true to enable +# This setting was taken from Cassandra jvm11-server.option +io.netty.tryReflectionSetAccessible=true \ No newline at end of file diff --git a/server/apps/distributed-app/sample-configuration/jvm.properties b/server/apps/distributed-app/sample-configuration/jvm.properties index 8cf160fce6..9ac53a5293 100644 --- a/server/apps/distributed-app/sample-configuration/jvm.properties +++ b/server/apps/distributed-app/sample-configuration/jvm.properties @@ -62,3 +62,7 @@ jmx.remote.x.mlet.allow.getMBeansFromURL=false # Default charset to use in JMAP to present text body parts # james.jmap.default.charset=US-ASCII + +# On Java >= 9 Netty requires the io.netty.tryReflectionSetAccessible system property to be set to true to enable +# This setting was taken from Cassandra jvm11-server.option +io.netty.tryReflectionSetAccessible=true diff --git a/server/apps/distributed-pop3-app/sample-configuration/jvm.properties b/server/apps/distributed-pop3-app/sample-configuration/jvm.properties index 3676aa5c89..53c0429406 100644 --- a/server/apps/distributed-pop3-app/sample-configuration/jvm.properties +++ b/server/apps/distributed-pop3-app/sample-configuration/jvm.properties @@ -53,3 +53,7 @@ james.jmx.credential.generation=true # Disable Remote Code Execution feature from JMX # CF https://github.com/AdoptOpenJDK/openjdk-jdk11/blob/19fb8f93c59dfd791f62d41f332db9e306bc1422/src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java#L646 jmx.remote.x.mlet.allow.getMBeansFromURL=false + +# On Java >= 9 Netty requires the io.netty.tryReflectionSetAccessible system property to be set to true to enable +# This setting was taken from Cassandra jvm11-server.option +io.netty.tryReflectionSetAccessible=true diff --git a/server/apps/jpa-app/sample-configuration/jvm.properties b/server/apps/jpa-app/sample-configuration/jvm.properties index 7154210df7..8a6619c130 100644 --- a/server/apps/jpa-app/sample-configuration/jvm.properties +++ b/server/apps/jpa-app/sample-configuration/jvm.properties @@ -50,4 +50,8 @@ james.jmx.credential.generation=true # Disable Remote Code Execution feature from JMX # CF https://github.com/AdoptOpenJDK/openjdk-jdk11/blob/19fb8f93c59dfd791f62d41f332db9e306bc1422/src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java#L646 jmx.remote.x.mlet.allow.getMBeansFromURL=false -openjpa.Multithreaded=true \ No newline at end of file +openjpa.Multithreaded=true + +# On Java >= 9 Netty requires the io.netty.tryReflectionSetAccessible system property to be set to true to enable +# This setting was taken from Cassandra jvm11-server.option +io.netty.tryReflectionSetAccessible=true \ No newline at end of file diff --git a/server/apps/jpa-smtp-app/sample-configuration/jvm.properties
Re: [PR] JAMES-3986 AttachmentFileNameIs should be decently tested [james-project]
chibenwa commented on PR #1991: URL: https://github.com/apache/james-project/pull/1991#issuecomment-1939500668 Thanks Jean! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
Re: [PR] JAMES-3986 AttachmentFileNameIs should be decently tested [james-project]
chibenwa commented on code in PR #1991: URL: https://github.com/apache/james-project/pull/1991#discussion_r1486721633 ## mailet/standard/src/test/java/org/apache/james/transport/matchers/AttachmentFileNameIsTest.java: ## @@ -0,0 +1,586 @@ +/ + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information* + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the* + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the* + * specific language governing permissions and limitations * + * under the License. * + / + +package org.apache.james.transport.matchers; + +import static org.apache.mailet.base.MailAddressFixture.ANY_AT_JAMES; +import static org.assertj.core.api.Assertions.assertThat; + +import org.apache.james.core.builder.MimeMessageBuilder; +import org.apache.james.util.ClassLoaderUtils; +import org.apache.mailet.Mail; +import org.apache.mailet.base.test.FakeMail; +import org.apache.mailet.base.test.FakeMatcherConfig; +import org.junit.jupiter.api.Test; + +class AttachmentFileNameIsTest { +@Test +void shouldMatchWhenMultipartMixedAndRightFileName() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setMultipartWithBodyParts( +MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip"))) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("xxx.zip") +.build()); + +assertThat(testee.match(mail)) +.containsOnly(ANY_AT_JAMES); +} + +@Test +void shouldNotMatchWhenMultipartMixedAndWrongFileName() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setMultipartWithBodyParts( +MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip"))) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("yyy.zip") +.build()); + +assertThat(testee.match(mail)) +.isNull(); +} + +@Test +void shouldMatchRecursively() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setContent(MimeMessageBuilder.multipartBuilder() +.addBodies(MimeMessageBuilder.bodyPartBuilder() +.data(MimeMessageBuilder.multipartBuilder() +.addBody(MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip")) +.build() +))) +.build()) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("xxx.zip") +.build()); + +assertThat(testee.match(mail)) +.containsOnly(ANY_AT_JAMES); +} + +@Test +void shouldIgnoreMultipartAlternative() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setContent(MimeMessageBuilder.multipartBuilder() +.subType("alternative") +
(james-project) branch master updated: JAMES-3986 AttachmentFileNameIs should be decently tested (#1991)
This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git The following commit(s) were added to refs/heads/master by this push: new 1edda804a8 JAMES-3986 AttachmentFileNameIs should be decently tested (#1991) 1edda804a8 is described below commit 1edda804a896951d4a20fcbcb1b17f0fd89c1de4 Author: Benoit TELLIER AuthorDate: Mon Feb 12 21:13:57 2024 +0100 JAMES-3986 AttachmentFileNameIs should be decently tested (#1991) This changeset contributes a decent test suite with a coverage of 82% (remains logging and error handling). It decodes file names if needed. As such remove experimental marking. Co-authored-by: Jean Helou --- .../transport/matchers/AttachmentFileNameIs.java | 18 +- .../matchers/AttachmentFileNameIsTest.java | 586 + mailet/standard/src/test/resources/nested.zip | Bin 0 -> 613 bytes mailet/standard/src/test/resources/sonde.zip | Bin 0 -> 487 bytes 4 files changed, 595 insertions(+), 9 deletions(-) diff --git a/mailet/standard/src/main/java/org/apache/james/transport/matchers/AttachmentFileNameIs.java b/mailet/standard/src/main/java/org/apache/james/transport/matchers/AttachmentFileNameIs.java index f0987cf620..57ee6337f3 100755 --- a/mailet/standard/src/main/java/org/apache/james/transport/matchers/AttachmentFileNameIs.java +++ b/mailet/standard/src/main/java/org/apache/james/transport/matchers/AttachmentFileNameIs.java @@ -36,12 +36,14 @@ import javax.mail.Part; import javax.mail.internet.MimeMessage; import org.apache.james.core.MailAddress; -import org.apache.mailet.Experimental; +import org.apache.james.mime4j.codec.DecodeMonitor; +import org.apache.james.mime4j.codec.DecoderUtil; import org.apache.mailet.Mail; import org.apache.mailet.base.GenericMatcher; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.common.annotations.VisibleForTesting; /** * Checks if at least one attachment has a file name which matches any @@ -57,7 +59,6 @@ import org.slf4j.LoggerFactory; * @version CVS $Revision$ $Date$ * @since 2.2.0 */ -@Experimental public class AttachmentFileNameIs extends GenericMatcher { private static final Logger LOGGER = LoggerFactory.getLogger(AttachmentFileNameIs.class); @@ -84,13 +85,15 @@ public class AttachmentFileNameIs extends GenericMatcher { /** * Controls certain log messages. */ -protected boolean isDebug = false; +@VisibleForTesting +boolean isDebug = false; /** contains ParsedMask instances, setup by init */ private Mask[] masks = null; /** True if unzip is requested. */ -protected boolean unzipIsRequested; +@VisibleForTesting +boolean unzipIsRequested; @Override @@ -129,7 +132,6 @@ public class AttachmentFileNameIs extends GenericMatcher { /** * Either every recipient is matching or neither of them. - * @param mail * @throws MessagingException if no matching attachment is found and at least one exception was thrown */ @Override @@ -245,7 +247,6 @@ public class AttachmentFileNameIs extends GenericMatcher { *@param part */ protected boolean matchFoundInZip(Part part) throws MessagingException, IOException { - try (ZipInputStream zis = new ZipInputStream(part.getInputStream())) { while (true) { ZipEntry zipEntry = zis.getNextEntry(); @@ -266,11 +267,10 @@ public class AttachmentFileNameIs extends GenericMatcher { /** * Transforms fileName in a trimmed lowercase string usable for matching agains the masks. - * - * @param fileName + * Also decode encoded words. */ protected String cleanFileName(String fileName) { -return fileName.toLowerCase(Locale.US).trim(); +return DecoderUtil.decodeEncodedWords(fileName.toLowerCase(Locale.US).trim(), DecodeMonitor.SILENT); } } diff --git a/mailet/standard/src/test/java/org/apache/james/transport/matchers/AttachmentFileNameIsTest.java b/mailet/standard/src/test/java/org/apache/james/transport/matchers/AttachmentFileNameIsTest.java new file mode 100644 index 00..7261bb9260 --- /dev/null +++ b/mailet/standard/src/test/java/org/apache/james/transport/matchers/AttachmentFileNameIsTest.java @@ -0,0 +1,586 @@ +/ + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information* + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the* + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the
Re: [PR] JAMES-3986 AttachmentFileNameIs should be decently tested [james-project]
chibenwa merged PR #1991: URL: https://github.com/apache/james-project/pull/1991 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
[PR] [FIX] Email/set should allow creating an email with attachment of a d… [james-project]
chibenwa opened a new pull request, #1995: URL: https://github.com/apache/james-project/pull/1995 …estroyed message Twake mail relies on this for updating a draft message -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
(james-project) 01/02: [JAMES-3897] implements a crowdsec based SMTP connect handler
This is an automated email from the ASF dual-hosted git repository. jhelou pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git commit 07c3a4ba5a316bf6f1230e7097b7afc562ed9b53 Author: Jean Helou AuthorDate: Wed Jan 17 18:31:51 2024 +0100 [JAMES-3897] implements a crowdsec based SMTP connect handler EHLO is not required before sending AUTH, therefore blocking on EHLO does't work very well against bruteforce attempts This commit introduces a hard connection close when a banned ip attempts to connect again to james. --- third-party/crowdsec/README.md | 10 +++ .../james/crowdsec/CrowdsecSMTPConnectHandler.java | 88 ++ .../org/apache/james/crowdsec/CrowdsecService.java | 69 + .../apache/james/crowdsec/CrowdsecExtension.java | 4 + .../crowdsec/CrowdsecSMTPConnectHandlerTest.java | 46 +++ .../apache/james/crowdsec/CrowdsecServiceTest.java | 82 6 files changed, 299 insertions(+) diff --git a/third-party/crowdsec/README.md b/third-party/crowdsec/README.md index 8371413403..db23dc62c9 100644 --- a/third-party/crowdsec/README.md +++ b/third-party/crowdsec/README.md @@ -27,6 +27,16 @@ guice.extension.module=org.apache.james.crowdsec.module.CrowdsecModule ``` +or +``` + + + + + +``` + +The EHLO hook will block banned clients with `554 Email rejected` whereas the connect handler will terminate the connection even before the SMTP greeting. ### CrowdSec support for IMAP - Declare the `CrowdsecImapConnectionCheck` in `imapserver.xml`. Eg: diff --git a/third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecSMTPConnectHandler.java b/third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecSMTPConnectHandler.java new file mode 100644 index 00..0cc3436ee1 --- /dev/null +++ b/third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecSMTPConnectHandler.java @@ -0,0 +1,88 @@ +/ + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information* + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the* + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the* + * specific language governing permissions and limitations * + * under the License. * + / + +package org.apache.james.crowdsec; + +import java.util.Collections; +import java.util.List; + +import javax.inject.Inject; + +import org.apache.james.crowdsec.model.CrowdsecDecision; +import org.apache.james.protocols.api.Response; +import org.apache.james.protocols.api.handler.ConnectHandler; +import org.apache.james.protocols.smtp.SMTPSession; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class CrowdsecSMTPConnectHandler implements ConnectHandler { +private static final Logger LOGGER = LoggerFactory.getLogger(CrowdsecSMTPConnectHandler.class); + +public static final Response NOOP = new Response() { + +@Override +public String getRetCode() { +return ""; +} + +@Override +public List getLines() { +return Collections.emptyList(); +} + +@Override +public boolean isEndSession() { +return false; +} + +}; + +private final CrowdsecService crowdsecService; + +@Inject +public CrowdsecSMTPConnectHandler(CrowdsecService service) { +this.crowdsecService = service; +} + +@Override +public Response onConnect(SMTPSession session) { +String ip = session.getRemoteAddress().getAddress().getHostAddress(); +return crowdsecService.findBanDecisions(session.getRemoteAddress()) +.map(decisions -> { +if (!decisions.isEmpty()) { +decisions.forEach(d -> logBanned(d, ip)); +return Response.DISCONNECT; +} else { +return NOOP; +} +}).block(); +} + +private boolean logBanned(CrowdsecDecision
(james-project) branch master updated (ba70de1fad -> a6617039ab)
This is an automated email from the ASF dual-hosted git repository. jhelou pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git from ba70de1fad [JAMES-3978] adds some tags to build scans new 07c3a4ba5a [JAMES-3897] implements a crowdsec based SMTP connect handler new a6617039ab [JAMES-3897] refactors ehlo hook to use crowdsec service The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: third-party/crowdsec/README.md | 10 +++ .../apache/james/crowdsec/CrowdsecEhloHook.java| 16 ++-- .../james/crowdsec/CrowdsecSMTPConnectHandler.java | 88 ++ ...{CrowdsecEhloHook.java => CrowdsecService.java} | 46 ++- .../james/crowdsec/CrowdsecEhloHookTest.java | 2 +- .../apache/james/crowdsec/CrowdsecExtension.java | 4 + .../crowdsec/CrowdsecSMTPConnectHandlerTest.java | 46 +++ ...cEhloHookTest.java => CrowdsecServiceTest.java} | 45 ++- 8 files changed, 206 insertions(+), 51 deletions(-) create mode 100644 third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecSMTPConnectHandler.java copy third-party/crowdsec/src/main/java/org/apache/james/crowdsec/{CrowdsecEhloHook.java => CrowdsecService.java} (58%) create mode 100644 third-party/crowdsec/src/test/java/org/apache/james/crowdsec/CrowdsecSMTPConnectHandlerTest.java copy third-party/crowdsec/src/test/java/org/apache/james/crowdsec/{CrowdsecEhloHookTest.java => CrowdsecServiceTest.java} (70%) - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
(james-project) 02/02: [JAMES-3897] refactors ehlo hook to use crowdsec service
This is an automated email from the ASF dual-hosted git repository. jhelou pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git commit a6617039ab154058ada7d21a6e31367b3078547e Author: Jean Helou AuthorDate: Sun Feb 11 22:34:38 2024 +0100 [JAMES-3897] refactors ehlo hook to use crowdsec service --- .../java/org/apache/james/crowdsec/CrowdsecEhloHook.java | 16 ++-- .../org/apache/james/crowdsec/CrowdsecEhloHookTest.java | 2 +- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecEhloHook.java b/third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecEhloHook.java index a04e35b14a..d8c856d2ec 100644 --- a/third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecEhloHook.java +++ b/third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecEhloHook.java @@ -19,37 +19,33 @@ package org.apache.james.crowdsec; -import static org.apache.james.crowdsec.CrowdsecUtils.isBanned; - import java.util.List; import javax.inject.Inject; import org.apache.james.crowdsec.client.CrowdsecClientConfiguration; -import org.apache.james.crowdsec.client.CrowdsecHttpClient; import org.apache.james.crowdsec.model.CrowdsecDecision; import org.apache.james.protocols.smtp.SMTPSession; import org.apache.james.protocols.smtp.hook.HeloHook; import org.apache.james.protocols.smtp.hook.HookResult; public class CrowdsecEhloHook implements HeloHook { -private final CrowdsecHttpClient crowdsecHttpClient; +private final CrowdsecService crowdsecService; @Inject public CrowdsecEhloHook(CrowdsecClientConfiguration configuration) { -this.crowdsecHttpClient = new CrowdsecHttpClient(configuration); +this.crowdsecService = new CrowdsecService(configuration); } @Override public HookResult doHelo(SMTPSession session, String helo) { -String ip = session.getRemoteAddress().getAddress().getHostAddress(); -return crowdsecHttpClient.getCrowdsecDecisions() -.map(decisions -> apply(decisions, ip)).block(); +return crowdsecService.findBanDecisions(session.getRemoteAddress()) +.map(this::apply) +.block(); } -private HookResult apply(List decisions, String ip) { +private HookResult apply(List decisions) { return decisions.stream() -.filter(decision -> isBanned(decision, ip)) .findFirst() .map(banned -> HookResult.DENY) .orElse(HookResult.DECLINED); diff --git a/third-party/crowdsec/src/test/java/org/apache/james/crowdsec/CrowdsecEhloHookTest.java b/third-party/crowdsec/src/test/java/org/apache/james/crowdsec/CrowdsecEhloHookTest.java index 4033d240a0..d0041d0e9f 100644 --- a/third-party/crowdsec/src/test/java/org/apache/james/crowdsec/CrowdsecEhloHookTest.java +++ b/third-party/crowdsec/src/test/java/org/apache/james/crowdsec/CrowdsecEhloHookTest.java @@ -78,6 +78,6 @@ class CrowdsecEhloHookTest { } private static void banIP(String type, String value) throws IOException, InterruptedException { -crowdsecExtension.getCrowdsecContainer().execInContainer("cscli", "decision", "add", type, value); +crowdsecExtension.banIP(type, value); } } - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
Re: [PR] [JAMES-3897] Crowdsec SMTP connect hook [james-project]
jeantil merged PR #1994: URL: https://github.com/apache/james-project/pull/1994 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
Re: [PR] [JAMES-3897] Crowdsec SMTP connect hook [james-project]
jeantil commented on PR #1994: URL: https://github.com/apache/james-project/pull/1994#issuecomment-1939324269 There was a green build before I rebased to include the readme fix. master has not changed since then so I will consider this as flakyness in the test suite -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
Re: [PR] JAMES-3986 AttachmentFileNameIs should be decently tested [james-project]
jeantil commented on code in PR #1991: URL: https://github.com/apache/james-project/pull/1991#discussion_r1486567849 ## mailet/standard/src/main/java/org/apache/james/transport/matchers/AttachmentFileNameIs.java: ## @@ -266,11 +267,10 @@ protected boolean matchFoundInZip(Part part) throws MessagingException, IOExcept /** * Transforms fileName in a trimmed lowercase string usable for matching agains the masks. - * - * @param fileName + * Also decode encoded words. */ protected String cleanFileName(String fileName) { -return fileName.toLowerCase(Locale.US).trim(); +return DecoderUtil.decodeEncodedWords(fileName.toLowerCase(Locale.US).trim(), DecodeMonitor.SILENT); Review Comment: This seems to be the core of the change -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
Re: [PR] JAMES-3986 AttachmentFileNameIs should be decently tested [james-project]
jeantil commented on code in PR #1991: URL: https://github.com/apache/james-project/pull/1991#discussion_r1486564158 ## mailet/standard/src/test/java/org/apache/james/transport/matchers/AttachmentFileNameIsTest.java: ## @@ -0,0 +1,586 @@ +/ + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information* + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the* + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the* + * specific language governing permissions and limitations * + * under the License. * + / + +package org.apache.james.transport.matchers; + +import static org.apache.mailet.base.MailAddressFixture.ANY_AT_JAMES; +import static org.assertj.core.api.Assertions.assertThat; + +import org.apache.james.core.builder.MimeMessageBuilder; +import org.apache.james.util.ClassLoaderUtils; +import org.apache.mailet.Mail; +import org.apache.mailet.base.test.FakeMail; +import org.apache.mailet.base.test.FakeMatcherConfig; +import org.junit.jupiter.api.Test; + +class AttachmentFileNameIsTest { +@Test +void shouldMatchWhenMultipartMixedAndRightFileName() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setMultipartWithBodyParts( +MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip"))) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("xxx.zip") +.build()); + +assertThat(testee.match(mail)) +.containsOnly(ANY_AT_JAMES); +} + +@Test +void shouldNotMatchWhenMultipartMixedAndWrongFileName() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setMultipartWithBodyParts( +MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip"))) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("yyy.zip") +.build()); + +assertThat(testee.match(mail)) +.isNull(); +} + +@Test +void shouldMatchRecursively() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setContent(MimeMessageBuilder.multipartBuilder() +.addBodies(MimeMessageBuilder.bodyPartBuilder() +.data(MimeMessageBuilder.multipartBuilder() +.addBody(MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip")) +.build() +))) +.build()) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("xxx.zip") +.build()); + +assertThat(testee.match(mail)) +.containsOnly(ANY_AT_JAMES); +} + +@Test +void shouldIgnoreMultipartAlternative() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setContent(MimeMessageBuilder.multipartBuilder() +.subType("alternative") +
Re: [PR] JAMES-3986 AttachmentFileNameIs should be decently tested [james-project]
jeantil commented on code in PR #1991: URL: https://github.com/apache/james-project/pull/1991#discussion_r1486563305 ## mailet/standard/src/test/java/org/apache/james/transport/matchers/AttachmentFileNameIsTest.java: ## @@ -0,0 +1,586 @@ +/ + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information* + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the* + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the* + * specific language governing permissions and limitations * + * under the License. * + / + +package org.apache.james.transport.matchers; + +import static org.apache.mailet.base.MailAddressFixture.ANY_AT_JAMES; +import static org.assertj.core.api.Assertions.assertThat; + +import org.apache.james.core.builder.MimeMessageBuilder; +import org.apache.james.util.ClassLoaderUtils; +import org.apache.mailet.Mail; +import org.apache.mailet.base.test.FakeMail; +import org.apache.mailet.base.test.FakeMatcherConfig; +import org.junit.jupiter.api.Test; + +class AttachmentFileNameIsTest { +@Test +void shouldMatchWhenMultipartMixedAndRightFileName() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setMultipartWithBodyParts( +MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip"))) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("xxx.zip") +.build()); + +assertThat(testee.match(mail)) +.containsOnly(ANY_AT_JAMES); +} + +@Test +void shouldNotMatchWhenMultipartMixedAndWrongFileName() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setMultipartWithBodyParts( +MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip"))) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("yyy.zip") +.build()); + +assertThat(testee.match(mail)) +.isNull(); +} + +@Test +void shouldMatchRecursively() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setContent(MimeMessageBuilder.multipartBuilder() +.addBodies(MimeMessageBuilder.bodyPartBuilder() +.data(MimeMessageBuilder.multipartBuilder() +.addBody(MimeMessageBuilder.bodyPartBuilder() +.disposition("attachment") +.filename("xxx.zip")) +.build() +))) +.build()) +.build(); + +AttachmentFileNameIs testee = new AttachmentFileNameIs(); + +testee.init(FakeMatcherConfig.builder() +.matcherName("AttachmentFileNameIs") +.condition("xxx.zip") +.build()); + +assertThat(testee.match(mail)) +.containsOnly(ANY_AT_JAMES); +} + +@Test +void shouldIgnoreMultipartAlternative() throws Exception { +Mail mail = FakeMail.builder() +.name("mail") +.recipient(ANY_AT_JAMES) +.mimeMessage(MimeMessageBuilder.mimeMessageBuilder() +.setContent(MimeMessageBuilder.multipartBuilder() +.subType("alternative") +
Re: [PR] [JAMES-3897] Crowdsec SMTP connect hook [james-project]
jeantil commented on code in PR #1994: URL: https://github.com/apache/james-project/pull/1994#discussion_r1485914858 ## third-party/crowdsec/src/main/java/org/apache/james/crowdsec/CrowdsecSMTPConnectHandler.java: ## @@ -0,0 +1,88 @@ +/ + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information* + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the* + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the* + * specific language governing permissions and limitations * + * under the License. * + / + +package org.apache.james.crowdsec; + +import java.util.Collections; +import java.util.List; + +import javax.inject.Inject; + +import org.apache.james.crowdsec.model.CrowdsecDecision; +import org.apache.james.protocols.api.Response; +import org.apache.james.protocols.api.handler.ConnectHandler; +import org.apache.james.protocols.smtp.SMTPSession; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class CrowdsecSMTPConnectHandler implements ConnectHandler { Review Comment: You are right, I added a small blurb in the crowdsec module README -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
Re: [PR] JAMES-3986 AttachmentFileNameIs should be decently tested [james-project]
chibenwa commented on PR #1991: URL: https://github.com/apache/james-project/pull/1991#issuecomment-1938202035 @jeantil maybe? (VN coworkers are off for the Tet) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org