RE: About database Clustering on james server
Hey Matt, Sorry for the long response time, I was in a nick of deadline and didn’t notice the email. I also don’t know if james generate the ID or not, but lately I’ve been able to apply Percona Xtradb Cluster to my database. With some configuration, percona already automatically sync-up the databases in all my 3 nodes server with just some configuration. Turns out Percona was just an “extension” for a database to be able to sync with other database. Although I cant say much how im gonna handle the creation of ID, but for now its answer my question, I guess it would be for future answer. If I can learn how the ID of the mail was made I would surely try to implement your UNIX timestamp idea, seems like a good method also. Again, thank you for the feedback. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Saturday, August 3, 2019 12:00 PM To: server-user@james.apache.org Subject: RE: About database Clustering on james server Hey Jason, I thought again about the database sync and ID conflicts: I don't know if james generates the id or if the database does, but no matter where the id is generated it should be possible to modify it to be a unix timestamp instead of a counter. Reason: it's very unlikely that two instance in a master-slave config (that's a primary server with a backup) have a id generated at the same timestamp. This way not only a replication from master down two slave is possible but also from slave back up to the master. It would need a bit of rewrite some lines of source and the database queries - but should be doable. If I'm correct the current unix timestamp may fit in a signed integer - but long would be better. Matt Jason Tjankilisan schrieb >Hiya matt, > >Sorry for the delay reply, > >Thank you for the idea. As for the workaround for the ID Conflict, that;s why >I want to use Percona / Galera cluster, co-worker said that they have >automated system about the conflict ID. But for starter, I will try to >implement that master-slave sync to james. For the ID- Problem, some people >said that : each server (example 2 server) can only create specific number of >sequence, Server 1 can only create ID 1,3,5 and so on while Server 2 can only >create ID 2,4,6 and so on to avoid conflict. > >How things coded and how it works , detect if my server back up online and >syncing up everything is still unknown to me. But at least I have an idea how >things work. But im guessing firstly I have to create a custom Mailet and >using javamail to send the “unsynchronized” message to all server when its >back online. > >Thank you for the suggestion / Idea , sorry for any wrong word . > >Sincerely, Jason > >Sent from Mail for Windows 10 > >From: cryptearth >Sent: Friday, July 19, 2019 4:50 PM >To: server-user@james.apache.org >Subject: Re: About database Clustering on james server > >Hey Jason, > >it's not clustering in the multi-directional way but I use master-slave >sync for my setup: On my root-server my main instance run - and at home >my backup instance sync each night. There's this one main issue: When >mails get delivered to my backup at home they don't sync back up to the >main - and may can get lost when mails on the root already taken IDs >wich my backup assigned to other mails. So it's not the best to use in >production as ID-conflicts can happen wich only can be handled by James >itself. The other idea I can come up with would be to use IMAP to sync >the mails instead of sync the databases cause as said James has to >handel possible ID conflicts wich could occur when try to sync multiple >instances. > >Matt > >Am 19.07.2019 um 06:46 schrieb Jason Tjankilisan: >> Halo, >> Im curios if james can be modified to have Database Clustering. Since James >> can use MariaDB and Mysql.Assuming it can, is it better to choose Mysql >> Percona XtraDB Cluster, or MariaDB Galera Cluster? we already have 3 James >> server ready to be synchronized for database clustering. >> Our team agree to implement Percona Extradb Cluster since many people said >> has better perfomance than MariaDB Galera Cluster,but i did want to know >> which suit better for james? Also considering the statement that mysql been >> bought by Sun and changing the license so redistributing it wouldn't be easy >> as before (might have to read more about this) Re: Applying JDKIM and SPF to >> the Mailets >> After some reading on server-user archive, Clustering isnt available on >> james last time, is it available now? there's many different opinion and >> thought, can anybody shed some light? >> Re: Clustering James 2.3 -> Im not really sure if this was clustering >> Does james-ha work well? -> using one database on mutiple james server, so >> i guess its the oposite of clustering >> Does james support cluster in order to build a mail delivery cluster? -> i >> want to believe the answer but there;s no further explanation >> https://www.mail-archive.com/
RE: About database Clustering on james server
Hey Matt, Sorry for the long response time, I was in a nick of deadline and didn’t notice the email. I also don’t know if james generate the ID or not, but lately I’ve been able to apply Percona Xtradb Cluster to my database. With some configuration, percona already automatically sync-up the databases in all my 3 nodes server with just some configuration. Turns out Percona was just an “extension” for a database to be able to sync with other database. Although I cant say much how im gonna handle the creation of ID, but for now its answer my question, I guess it would be for future answer. If I can learn how the ID of the mail was made I would surely try to implement your UNIX timestamp idea, seems like a good method also. Again, thank you for the feedback. Sincerely, Jason Sent from Mail for Windows 10 From: cryptearth Sent: Saturday, August 3, 2019 12:00 PM To: server-user@james.apache.org Subject: RE: About database Clustering on james server Hey Jason, I thought again about the database sync and ID conflicts: I don't know if james generates the id or if the database does, but no matter where the id is generated it should be possible to modify it to be a unix timestamp instead of a counter. Reason: it's very unlikely that two instance in a master-slave config (that's a primary server with a backup) have a id generated at the same timestamp. This way not only a replication from master down two slave is possible but also from slave back up to the master. It would need a bit of rewrite some lines of source and the database queries - but should be doable. If I'm correct the current unix timestamp may fit in a signed integer - but long would be better. Matt Jason Tjankilisan schrieb >Hiya matt, > >Sorry for the delay reply, > >Thank you for the idea. As for the workaround for the ID Conflict, that;s why >I want to use Percona / Galera cluster, co-worker said that they have >automated system about the conflict ID. But for starter, I will try to >implement that master-slave sync to james. For the ID- Problem, some people >said that : each server (example 2 server) can only create specific number of >sequence, Server 1 can only create ID 1,3,5 and so on while Server 2 can only >create ID 2,4,6 and so on to avoid conflict. > >How things coded and how it works , detect if my server back up online and >syncing up everything is still unknown to me. But at least I have an idea how >things work. But im guessing firstly I have to create a custom Mailet and >using javamail to send the “unsynchronized” message to all server when its >back online. > >Thank you for the suggestion / Idea , sorry for any wrong word . > >Sincerely, Jason > >Sent from Mail for Windows 10 > >From: cryptearth >Sent: Friday, July 19, 2019 4:50 PM >To: server-user@james.apache.org >Subject: Re: About database Clustering on james server > >Hey Jason, > >it's not clustering in the multi-directional way but I use master-slave >sync for my setup: On my root-server my main instance run - and at home >my backup instance sync each night. There's this one main issue: When >mails get delivered to my backup at home they don't sync back up to the >main - and may can get lost when mails on the root already taken IDs >wich my backup assigned to other mails. So it's not the best to use in >production as ID-conflicts can happen wich only can be handled by James >itself. The other idea I can come up with would be to use IMAP to sync >the mails instead of sync the databases cause as said James has to >handel possible ID conflicts wich could occur when try to sync multiple >instances. > >Matt > >Am 19.07.2019 um 06:46 schrieb Jason Tjankilisan: >> Halo, >> Im curios if james can be modified to have Database Clustering. Since James >> can use MariaDB and Mysql.Assuming it can, is it better to choose Mysql >> Percona XtraDB Cluster, or MariaDB Galera Cluster? we already have 3 James >> server ready to be synchronized for database clustering. >> Our team agree to implement Percona Extradb Cluster since many people said >> has better perfomance than MariaDB Galera Cluster,but i did want to know >> which suit better for james? Also considering the statement that mysql been >> bought by Sun and changing the license so redistributing it wouldn't be easy >> as before (might have to read more about this) Re: Applying JDKIM and SPF to >> the Mailets >> After some reading on server-user archive, Clustering isnt available on >> james last time, is it available now? there's many different opinion and >> thought, can anybody shed some light? >> Re: Clustering James 2.3 -> Im not really sure if this was clustering >> Does james-ha work well? -> using one database on mutiple james server, so >> i guess its the oposite of clustering >> Does james support cluster in order to build a mail delivery cluster? -> i >> want to believe the answer but there;s no further explanation >> https://www.mail-archive.com/
Re: Seeking clarification of behaviour with authRequired set to false
Hey Matt, I can't tell if setting authRequired = false does what you want. As far from what the docs in smtpserver.xml and mailetcontainer.xml say: You would generally use one (authorizedAddresses in smtpserver.xml) OR the other (RemoteAddrNotInNetwork in mailetcontainer.xml) approach, but I can't tell wich is preferred neither. Matt Am 05.08.2019 um 19:08 schrieb Matt Pryor: Hi Matt, thanks very much for the reply and the useful information. It's not possible to close port 25 as we do accept inbound mail for our domain, but only want to relay mail to the outside world if it's generated by our own servers inside the firewall (from the IPs specified in the authorizedAddresses tag). If setting authRequired to false does the job of preventing AUTH LOGIN relay from outside and only allowing relay from our IPs then that will do what I need, but I just wanted confirmation that's how it works. I will also take your advice and start blocking IPs on our firewall! Many thanks Matt On Mon, 5 Aug 2019 at 16:14, cryptearth wrote: Hey Matt, I have to ask as it isn't clear: Do you use James also to receive mails from outside, so TCP/25 has to be open to the world, or is it possible to just close TCP/25 to the public and make it only accible inside your net/vpn? Also: If you experience attacks, that's daily work for the admin: check logs and block access from each unwanted source. Here's a list I have so far: 5.188.52.254 37.49.230.135 37.49.224.149 45.13.39.56 45.13.39.19 45.125.65.77 45.125.65.84 45.125.65.91 45.125.65.96 60.249.1.169 61.2.214.38 80.82.70.118 92.118.161.33 100.2.39.101 103.231.139.3 103.231.139.130 112.213.99.105 113.160.132.15 116.92.233.140 141.98.9.2 141.98.10.41 141.98.10.42 141.98.10.52 141.98.10.53 177.53.107.131 185.36.81.40 185.36.81.55 185.36.81.58 185.36.81.61 185.36.81.64 185.36.81.145 185.36.81.164 185.36.81.165 185.36.81.166 185.36.81.168 185.36.81.169 185.36.81.173 185.36.81.175 185.36.81.176 185.36.81.180 185.36.81.182 185.137.111.22 185.137.111.77 185.137.111.96 185.137.111.123 185.137.111.125 185.137.111.129 185.137.111.136 185.137.111.188 185.222.209.97 185.222.209.99 185.234.216.144 185.234.216.153 185.234.216.164 185.234.216.189 185.234.216.220 185.234.218.120 185.234.218.129 185.234.218.237 185.234.218.238 185.234.218.251 185.234.219.101 190.119.186.57 190.223.51.130 193.56.28.33 193.169.252.212 202.158.27.51 So, each day I check the logs for those failed auth lines and add them to the block list. How to do this depends on your firewall. iptables on linux for example works with a "match first" way: you have to add an IP to block before the overall accept any. That's just how iptables work. On my windows systems I use kaspersky - it works in a "most specific" way: So if I add a rule for a specific IP or IP-block it overrides any less specific, but is overridden by any more specific. Like: 5.0.0.0/8 overrides the 0.0.0.0/0 but is overridden by any more specific 5.x.0.0/16. That's how kaspersky firewall works. If you don't know how to use the firewall installed on your server, look up manual. I can't tell about Windows firewall as I never used it since its added back in XP SP2. And of course: have strong passwords should be obvious. There is a reason why mail provider in specific require and enforce strict rules about password security. The main accounts like webmaster, postmaster, admin, root, abuse, etc should be secured by high secure passwords as those are main attack targets. All other lower priority are mostly dictonary attacks. In addtion, auto block filters like fail2ban are helpful as most of attacking servers try more than one time - and as a real user mostly use a MUA and sets the password instead of directly connect to a smtp server with telnet it's unlikely a legit user tries to login with a wrong password multiple times. In addition most attacks run on servers - legit users mostly come from dail-up ranges. So it's also easy to scan for connections from specific blocks. Sure, users of VPN services are also come from those IPs, but as a admin you should know your users and how they use your mail server. Matt Am 05.08.2019 um 15:54 schrieb Matt Pryor: Hi there In our smtpserver.xml config we have relaying to outside domains restricted to two IP addresses with the authorizedAddresses tag. The authRequired tag is still commented out as per the default, which from reading the comments means that it's set to true (I think). Last week someone managed to guess the password for one of our mail accounts on James (admittedly the password wasn't very secure, so lesson learned there). After that they were able to use our mail server to relay thousands and thousands of spam emails. Reinstalling everything and setting the password to something more secure has stopped this for the time being but it's not a long term solution. I wanted to check before going ahead that if I explicitly set authRequired to false, will this prevent anyone from logging
Re: Seeking clarification of behaviour with authRequired set to false
Hi Matt, thanks very much for the reply and the useful information. It's not possible to close port 25 as we do accept inbound mail for our domain, but only want to relay mail to the outside world if it's generated by our own servers inside the firewall (from the IPs specified in the authorizedAddresses tag). If setting authRequired to false does the job of preventing AUTH LOGIN relay from outside and only allowing relay from our IPs then that will do what I need, but I just wanted confirmation that's how it works. I will also take your advice and start blocking IPs on our firewall! Many thanks Matt On Mon, 5 Aug 2019 at 16:14, cryptearth wrote: > Hey Matt, > > I have to ask as it isn't clear: Do you use James also to receive mails > from outside, so TCP/25 has to be open to the world, or is it possible > to just close TCP/25 to the public and make it only accible inside your > net/vpn? > Also: If you experience attacks, that's daily work for the admin: check > logs and block access from each unwanted source. Here's a list I have so > far: > > 5.188.52.254 > 37.49.230.135 > 37.49.224.149 > 45.13.39.56 > 45.13.39.19 > 45.125.65.77 > 45.125.65.84 > 45.125.65.91 > 45.125.65.96 > 60.249.1.169 > 61.2.214.38 > 80.82.70.118 > 92.118.161.33 > 100.2.39.101 > 103.231.139.3 > 103.231.139.130 > 112.213.99.105 > 113.160.132.15 > 116.92.233.140 > 141.98.9.2 > 141.98.10.41 > 141.98.10.42 > 141.98.10.52 > 141.98.10.53 > 177.53.107.131 > 185.36.81.40 > 185.36.81.55 > 185.36.81.58 > 185.36.81.61 > 185.36.81.64 > 185.36.81.145 > 185.36.81.164 > 185.36.81.165 > 185.36.81.166 > 185.36.81.168 > 185.36.81.169 > 185.36.81.173 > 185.36.81.175 > 185.36.81.176 > 185.36.81.180 > 185.36.81.182 > 185.137.111.22 > 185.137.111.77 > 185.137.111.96 > 185.137.111.123 > 185.137.111.125 > 185.137.111.129 > 185.137.111.136 > 185.137.111.188 > 185.222.209.97 > 185.222.209.99 > 185.234.216.144 > 185.234.216.153 > 185.234.216.164 > 185.234.216.189 > 185.234.216.220 > 185.234.218.120 > 185.234.218.129 > 185.234.218.237 > 185.234.218.238 > 185.234.218.251 > 185.234.219.101 > 190.119.186.57 > 190.223.51.130 > 193.56.28.33 > 193.169.252.212 > 202.158.27.51 > > So, each day I check the logs for those failed auth lines and add them > to the block list. How to do this depends on your firewall. iptables on > linux for example works with a "match first" way: you have to add an IP > to block before the overall accept any. That's just how iptables work. > On my windows systems I use kaspersky - it works in a "most specific" > way: So if I add a rule for a specific IP or IP-block it overrides any > less specific, but is overridden by any more specific. Like: 5.0.0.0/8 > overrides the 0.0.0.0/0 but is overridden by any more specific > 5.x.0.0/16. That's how kaspersky firewall works. If you don't know how > to use the firewall installed on your server, look up manual. I can't > tell about Windows firewall as I never used it since its added back in > XP SP2. > > And of course: have strong passwords should be obvious. There is a > reason why mail provider in specific require and enforce strict rules > about password security. The main accounts like webmaster, postmaster, > admin, root, abuse, etc should be secured by high secure passwords as > those are main attack targets. All other lower priority are mostly > dictonary attacks. > > In addtion, auto block filters like fail2ban are helpful as most of > attacking servers try more than one time - and as a real user mostly use > a MUA and sets the password instead of directly connect to a smtp server > with telnet it's unlikely a legit user tries to login with a wrong > password multiple times. In addition most attacks run on servers - legit > users mostly come from dail-up ranges. So it's also easy to scan for > connections from specific blocks. Sure, users of VPN services are also > come from those IPs, but as a admin you should know your users and how > they use your mail server. > > Matt > > Am 05.08.2019 um 15:54 schrieb Matt Pryor: > > Hi there > > > > In our smtpserver.xml config we have relaying to outside domains > restricted > > to two IP addresses with the authorizedAddresses tag. The authRequired > tag > > is still commented out as per the default, which from reading the > comments > > means that it's set to true (I think). > > > > Last week someone managed to guess the password for one of our mail > > accounts on James (admittedly the password wasn't very secure, so lesson > > learned there). After that they were able to use our mail server to relay > > thousands and thousands of spam emails. Reinstalling everything and > setting > > the password to something more secure has stopped this for the time being > > but it's not a long term solution. > > > > I wanted to check before going ahead that if I explicitly set > authRequired > > to false, will this prevent anyone from logging in using AUTH LOGIN? I am > > hoping this will mean that only the IPs specified in authorizedAddresses > > will be
Re: James with AWS SES mail receiving
I'm looking at moving off of my dedicated server to AWS, which means moving JAMES. Interesting concepts in this thread below from a year or so ago about using SES. But all I want to do is get JAMES up and running in an AWS EC2 with an RDS with as little rip up and effort as possible. Assuming I copy my current JAMES build to EC2, set up the RDS, install SpamAssassin, and open the appropriate ports, are there any gotchas lurking that I need to be aware of? (Still just getting my feet wet with AWS). Somewhat off topic... what size EC2 is recommended? Do I simply start small and creep up until the EC2 no longer pegs the meter? Anybody have an experience with what size EC2 to select? Thanks. Jerry On 6/11/2018 8:16 AM, Jeremy T. Bouse wrote: Benoit, Yes it can send to a SMTP endpoint but the FROM address has to be an approved email address/domain for SES to be able to send it which means having to modify the envelope headers. Further to that I'm looking at the possibility of running James in containers on AWS ECS which would be on a private subnet so it wouldn't be reachable directly without going through a load-balancer. On 6/11/2018 12:44 AM, Benoit Tellier wrote: Hi Jeremy, Can't AWS SES send these messages to a SMTP endpoint? This way it will work without any further development. That being said, I consider the feature you propose extremely interesting, as it will provide alternatives to SMTP for applications sending emails. In my opinion, you would need to implement a new component in James listening on AWS SNS, upon messages retrieving the mails, and then enqueue them in James internal MailQueue. Cheers, Benoit Tellier Le 11/06/2018 à 01:53, Jeremy T. Bouse a écrit : Has anyone thought about how to possibly make use of AWS SES email receiving to accept inbound email and get it passed along into James? With AWS SES email receiving you can have it save the actual message to an S3 bucket and then fire off an SNS topic or Lambda function so the question would really be how to trigger James to be able to process the alert and ingest the message from S3. I've been thinking about it as a possible email solution for myself and it seems like it should be possible but I've not yet been able to determine if there's already an easy method to do so or if it'll take some development to make it work. Wanted to see if anyone else had thought about it. - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Seeking clarification of behaviour with authRequired set to false
Hey Matt, I have to ask as it isn't clear: Do you use James also to receive mails from outside, so TCP/25 has to be open to the world, or is it possible to just close TCP/25 to the public and make it only accible inside your net/vpn? Also: If you experience attacks, that's daily work for the admin: check logs and block access from each unwanted source. Here's a list I have so far: 5.188.52.254 37.49.230.135 37.49.224.149 45.13.39.56 45.13.39.19 45.125.65.77 45.125.65.84 45.125.65.91 45.125.65.96 60.249.1.169 61.2.214.38 80.82.70.118 92.118.161.33 100.2.39.101 103.231.139.3 103.231.139.130 112.213.99.105 113.160.132.15 116.92.233.140 141.98.9.2 141.98.10.41 141.98.10.42 141.98.10.52 141.98.10.53 177.53.107.131 185.36.81.40 185.36.81.55 185.36.81.58 185.36.81.61 185.36.81.64 185.36.81.145 185.36.81.164 185.36.81.165 185.36.81.166 185.36.81.168 185.36.81.169 185.36.81.173 185.36.81.175 185.36.81.176 185.36.81.180 185.36.81.182 185.137.111.22 185.137.111.77 185.137.111.96 185.137.111.123 185.137.111.125 185.137.111.129 185.137.111.136 185.137.111.188 185.222.209.97 185.222.209.99 185.234.216.144 185.234.216.153 185.234.216.164 185.234.216.189 185.234.216.220 185.234.218.120 185.234.218.129 185.234.218.237 185.234.218.238 185.234.218.251 185.234.219.101 190.119.186.57 190.223.51.130 193.56.28.33 193.169.252.212 202.158.27.51 So, each day I check the logs for those failed auth lines and add them to the block list. How to do this depends on your firewall. iptables on linux for example works with a "match first" way: you have to add an IP to block before the overall accept any. That's just how iptables work. On my windows systems I use kaspersky - it works in a "most specific" way: So if I add a rule for a specific IP or IP-block it overrides any less specific, but is overridden by any more specific. Like: 5.0.0.0/8 overrides the 0.0.0.0/0 but is overridden by any more specific 5.x.0.0/16. That's how kaspersky firewall works. If you don't know how to use the firewall installed on your server, look up manual. I can't tell about Windows firewall as I never used it since its added back in XP SP2. And of course: have strong passwords should be obvious. There is a reason why mail provider in specific require and enforce strict rules about password security. The main accounts like webmaster, postmaster, admin, root, abuse, etc should be secured by high secure passwords as those are main attack targets. All other lower priority are mostly dictonary attacks. In addtion, auto block filters like fail2ban are helpful as most of attacking servers try more than one time - and as a real user mostly use a MUA and sets the password instead of directly connect to a smtp server with telnet it's unlikely a legit user tries to login with a wrong password multiple times. In addition most attacks run on servers - legit users mostly come from dail-up ranges. So it's also easy to scan for connections from specific blocks. Sure, users of VPN services are also come from those IPs, but as a admin you should know your users and how they use your mail server. Matt Am 05.08.2019 um 15:54 schrieb Matt Pryor: Hi there In our smtpserver.xml config we have relaying to outside domains restricted to two IP addresses with the authorizedAddresses tag. The authRequired tag is still commented out as per the default, which from reading the comments means that it's set to true (I think). Last week someone managed to guess the password for one of our mail accounts on James (admittedly the password wasn't very secure, so lesson learned there). After that they were able to use our mail server to relay thousands and thousands of spam emails. Reinstalling everything and setting the password to something more secure has stopped this for the time being but it's not a long term solution. I wanted to check before going ahead that if I explicitly set authRequired to false, will this prevent anyone from logging in using AUTH LOGIN? I am hoping this will mean that only the IPs specified in authorizedAddresses will be able to relay to the outside world and AUTH LOGIN will always fail - I noticed that if I set it to false it still sends the prompt for a username so wanted to check. A bit more explanation of how these two work together would be really great. It would also be nice to find a way to get rid of these persistent attempts to log in: Id='-1423500801' User='' AUTH method LOGIN failed from bi...@xx.com@ 92.118.38.50 (We get these about every 4 seconds, always from different IP addresses and always trying different usernames). Thanks in advance! Matt - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Seeking clarification of behaviour with authRequired set to false
Hi there In our smtpserver.xml config we have relaying to outside domains restricted to two IP addresses with the authorizedAddresses tag. The authRequired tag is still commented out as per the default, which from reading the comments means that it's set to true (I think). Last week someone managed to guess the password for one of our mail accounts on James (admittedly the password wasn't very secure, so lesson learned there). After that they were able to use our mail server to relay thousands and thousands of spam emails. Reinstalling everything and setting the password to something more secure has stopped this for the time being but it's not a long term solution. I wanted to check before going ahead that if I explicitly set authRequired to false, will this prevent anyone from logging in using AUTH LOGIN? I am hoping this will mean that only the IPs specified in authorizedAddresses will be able to relay to the outside world and AUTH LOGIN will always fail - I noticed that if I set it to false it still sends the prompt for a username so wanted to check. A bit more explanation of how these two work together would be really great. It would also be nice to find a way to get rid of these persistent attempts to log in: Id='-1423500801' User='' AUTH method LOGIN failed from bi...@xx.com@ 92.118.38.50 (We get these about every 4 seconds, always from different IP addresses and always trying different usernames). Thanks in advance! Matt -- Matt Pryor Software Developer The International Presence Group of Companies EMAIL: pr...@presencebpm.com URL: www.International-presence.com
Re: Error in wrapper logs after upgrading to James 3.3
Hi Garry, thanks for the reply.
Sorry I didn't specify, the upgrade was from 3.0.1.
I unzipped 3.3.0 into a new folder, deleted the old Windows service, and
copied the config .xml files across from 3.0.1.
All seemed to work okay, except for this error filling up the logs when
attempting to send email to James from the outside.
For the time being I've revered to 3.0.1 until I can get to the bottom of
the issue.
Best wishes
Matt
On Mon, 5 Aug 2019 at 13:10, Garry Hurley wrote:
> Matt, what did you upgrade from? If you jumped from 2.3.2 to 3.3 and have
> custom mailets, you MAY have to recompile your custom mailets. I suggest
> using at least James 3.2.0 in your maven build file James versions, if not
> 3.3.0. That might mitigate some of the problems (of course, it will take
> some surgery as there are deprecated classes in use from 2.3.2 that have
> not beencarried into the 3.x chain).
>
> Sent from my iPhone
>
> > On Aug 5, 2019, at 5:51 AM, Matt Pryor
> wrote:
> >
> > Here is the method going bang, with the problematic line highlighted in
> > yellow - I guess mmis object must be null.
> >
> >public Response onLine(SMTPSession session, ByteBuffer lineByteBuffer,
> > LineHandler next) {
> >
> >byte[] line = new byte[lineByteBuffer.remaining()];
> >lineByteBuffer.get(line, 0, line.length);
> >
> >MimeMessageInputStreamSource mmiss =
> (MimeMessageInputStreamSource)
> > session.getAttachment(SMTPConstants.DATA_MIMEMESSAGE_STREAMSOURCE,
> > State.Transaction);
> >
> >try {
> >OutputStream out = mmiss.getWritableOutputStream();
> >
> >// 46 is "."
> >// Stream terminated
> >if (line.length == 3 && line[0] == 46) {
> >out.flush();
> >out.close();
> >
> >@SuppressWarnings("unchecked")
> >List recipientCollection =
> (List)
> > session.getAttachment(SMTPSession.RCPT_LIST, State.Transaction);
> >MaybeSender sender = (MaybeSender)
> > session.getAttachment(SMTPSession.SENDER, State.Transaction);
> >
> >MailImpl mail = new MailImpl(MailImpl.getId(),
> > Optional.ofNullable(sender).flatMap(MaybeSender::asOptional),
> > recipientCollection);
> >
> >// store mail in the session so we can be sure it get
> > disposed later
> >session.setAttachment(SMTPConstants.MAIL, mail,
> > State.Transaction);
> >
> >MimeMessageCopyOnWriteProxy mimeMessageCopyOnWriteProxy =
> > null;
> >try {
> >mimeMessageCopyOnWriteProxy = new
> > MimeMessageCopyOnWriteProxy(mmiss);
> >mail.setMessage(mimeMessageCopyOnWriteProxy);
> >
> >Response response = processExtensions(session, mail);
> >
> >session.popLineHandler();
> >return response;
> >
> >} catch (MessagingException e) {
> >// TODO probably return a temporary problem
> >LOGGER.info("Unexpected error handling DATA stream",
> e);
> >return new SMTPResponse(SMTPRetCode.LOCAL_ERROR,
> > "Unexpected error handling DATA stream.");
> >} finally {
> >LifecycleUtil.dispose(mimeMessageCopyOnWriteProxy);
> >LifecycleUtil.dispose(mmiss);
> >LifecycleUtil.dispose(mail);
> >}
> >
> >// DotStuffing.
> >} else if (line[0] == 46 && line[1] == 46) {
> >out.write(line, 1, line.length - 1);
> >// Standard write
> >} else {
> >// TODO: maybe we should handle the Header/Body
> recognition
> > here
> >// and if needed let a filter to cache the headers to
> apply
> > some
> >// transformation before writing them to output.
> >out.write(line);
> >}
> >} catch (IOException e) {
> >LifecycleUtil.dispose(mmiss);
> >SMTPResponse response = new
> > SMTPResponse(SMTPRetCode.LOCAL_ERROR,
> > DSNStatus.getStatus(DSNStatus.TRANSIENT, DSNStatus.UNDEFINED_STATUS) + "
> > Error processing message: " + e.getMessage());
> >LOGGER.error("Unknown error occurred while processing DATA.",
> > e);
> >return response;
> >}
> >return null;
> >}
> >
> > On Mon, 5 Aug 2019 at 10:40, Matt Pryor <
> pr...@international-presence.com>
> > wrote:
> >
> >> Hi there
> >>
> >> I'm seeing the below NullPointerException when attempting to send email
> to
> >> James. This stacktrace / error is repeated many times in the
> wrapper.log.
> >> It appears that the message was received okay however.
> >>
> >> I'm about to delve into the source to look for clues, but wondered if
> this
> >> rings any bells.
> >>
> >> INFO | jvm 1| 2019/08/05 10:27:08 | ERROR 10:27:08,949 |
> >> org.apache.james.protocols.netty.BasicCha
Re: Error in wrapper logs after upgrading to James 3.3
Matt, what did you upgrade from? If you jumped from 2.3.2 to 3.3 and have
custom mailets, you MAY have to recompile your custom mailets. I suggest using
at least James 3.2.0 in your maven build file James versions, if not 3.3.0.
That might mitigate some of the problems (of course, it will take some surgery
as there are deprecated classes in use from 2.3.2 that have not beencarried
into the 3.x chain).
Sent from my iPhone
> On Aug 5, 2019, at 5:51 AM, Matt Pryor
> wrote:
>
> Here is the method going bang, with the problematic line highlighted in
> yellow - I guess mmis object must be null.
>
>public Response onLine(SMTPSession session, ByteBuffer lineByteBuffer,
> LineHandler next) {
>
>byte[] line = new byte[lineByteBuffer.remaining()];
>lineByteBuffer.get(line, 0, line.length);
>
>MimeMessageInputStreamSource mmiss = (MimeMessageInputStreamSource)
> session.getAttachment(SMTPConstants.DATA_MIMEMESSAGE_STREAMSOURCE,
> State.Transaction);
>
>try {
>OutputStream out = mmiss.getWritableOutputStream();
>
>// 46 is "."
>// Stream terminated
>if (line.length == 3 && line[0] == 46) {
>out.flush();
>out.close();
>
>@SuppressWarnings("unchecked")
>List recipientCollection = (List)
> session.getAttachment(SMTPSession.RCPT_LIST, State.Transaction);
>MaybeSender sender = (MaybeSender)
> session.getAttachment(SMTPSession.SENDER, State.Transaction);
>
>MailImpl mail = new MailImpl(MailImpl.getId(),
> Optional.ofNullable(sender).flatMap(MaybeSender::asOptional),
> recipientCollection);
>
>// store mail in the session so we can be sure it get
> disposed later
>session.setAttachment(SMTPConstants.MAIL, mail,
> State.Transaction);
>
>MimeMessageCopyOnWriteProxy mimeMessageCopyOnWriteProxy =
> null;
>try {
>mimeMessageCopyOnWriteProxy = new
> MimeMessageCopyOnWriteProxy(mmiss);
>mail.setMessage(mimeMessageCopyOnWriteProxy);
>
>Response response = processExtensions(session, mail);
>
>session.popLineHandler();
>return response;
>
>} catch (MessagingException e) {
>// TODO probably return a temporary problem
>LOGGER.info("Unexpected error handling DATA stream", e);
>return new SMTPResponse(SMTPRetCode.LOCAL_ERROR,
> "Unexpected error handling DATA stream.");
>} finally {
>LifecycleUtil.dispose(mimeMessageCopyOnWriteProxy);
>LifecycleUtil.dispose(mmiss);
>LifecycleUtil.dispose(mail);
>}
>
>// DotStuffing.
>} else if (line[0] == 46 && line[1] == 46) {
>out.write(line, 1, line.length - 1);
>// Standard write
>} else {
>// TODO: maybe we should handle the Header/Body recognition
> here
>// and if needed let a filter to cache the headers to apply
> some
>// transformation before writing them to output.
>out.write(line);
>}
>} catch (IOException e) {
>LifecycleUtil.dispose(mmiss);
>SMTPResponse response = new
> SMTPResponse(SMTPRetCode.LOCAL_ERROR,
> DSNStatus.getStatus(DSNStatus.TRANSIENT, DSNStatus.UNDEFINED_STATUS) + "
> Error processing message: " + e.getMessage());
>LOGGER.error("Unknown error occurred while processing DATA.",
> e);
>return response;
>}
>return null;
>}
>
> On Mon, 5 Aug 2019 at 10:40, Matt Pryor
> wrote:
>
>> Hi there
>>
>> I'm seeing the below NullPointerException when attempting to send email to
>> James. This stacktrace / error is repeated many times in the wrapper.log.
>> It appears that the message was received okay however.
>>
>> I'm about to delve into the source to look for clues, but wondered if this
>> rings any bells.
>>
>> INFO | jvm 1| 2019/08/05 10:27:08 | ERROR 10:27:08,949 |
>> org.apache.james.protocols.netty.BasicChannelUpstreamHandler | Unable to
>> process request
>> INFO | jvm 1| 2019/08/05 10:27:08 | java.lang.NullPointerException
>> INFO | jvm 1| 2019/08/05 10:27:08 | at
>> org.apache.james.smtpserver.DataLineJamesMessageHookHandler.onLine(DataLineJamesMessageHookHandler.java:93)
>> INFO | jvm 1| 2019/08/05 10:27:08 | at
>> org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:101)
>> INFO | jvm 1| 2019/08/05 10:27:08 | at
>> org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:88)
>> INFO | jvm 1| 2019/08/05 10:27:08 | at
>> org.apache.james.protocols.smtp.core.SeparatingDataLineFilter.onHeadersLine(Separati
Re: Error in wrapper logs after upgrading to James 3.3
Here is the method going bang, with the problematic line highlighted in
yellow - I guess mmis object must be null.
public Response onLine(SMTPSession session, ByteBuffer lineByteBuffer,
LineHandler next) {
byte[] line = new byte[lineByteBuffer.remaining()];
lineByteBuffer.get(line, 0, line.length);
MimeMessageInputStreamSource mmiss = (MimeMessageInputStreamSource)
session.getAttachment(SMTPConstants.DATA_MIMEMESSAGE_STREAMSOURCE,
State.Transaction);
try {
OutputStream out = mmiss.getWritableOutputStream();
// 46 is "."
// Stream terminated
if (line.length == 3 && line[0] == 46) {
out.flush();
out.close();
@SuppressWarnings("unchecked")
List recipientCollection = (List)
session.getAttachment(SMTPSession.RCPT_LIST, State.Transaction);
MaybeSender sender = (MaybeSender)
session.getAttachment(SMTPSession.SENDER, State.Transaction);
MailImpl mail = new MailImpl(MailImpl.getId(),
Optional.ofNullable(sender).flatMap(MaybeSender::asOptional),
recipientCollection);
// store mail in the session so we can be sure it get
disposed later
session.setAttachment(SMTPConstants.MAIL, mail,
State.Transaction);
MimeMessageCopyOnWriteProxy mimeMessageCopyOnWriteProxy =
null;
try {
mimeMessageCopyOnWriteProxy = new
MimeMessageCopyOnWriteProxy(mmiss);
mail.setMessage(mimeMessageCopyOnWriteProxy);
Response response = processExtensions(session, mail);
session.popLineHandler();
return response;
} catch (MessagingException e) {
// TODO probably return a temporary problem
LOGGER.info("Unexpected error handling DATA stream", e);
return new SMTPResponse(SMTPRetCode.LOCAL_ERROR,
"Unexpected error handling DATA stream.");
} finally {
LifecycleUtil.dispose(mimeMessageCopyOnWriteProxy);
LifecycleUtil.dispose(mmiss);
LifecycleUtil.dispose(mail);
}
// DotStuffing.
} else if (line[0] == 46 && line[1] == 46) {
out.write(line, 1, line.length - 1);
// Standard write
} else {
// TODO: maybe we should handle the Header/Body recognition
here
// and if needed let a filter to cache the headers to apply
some
// transformation before writing them to output.
out.write(line);
}
} catch (IOException e) {
LifecycleUtil.dispose(mmiss);
SMTPResponse response = new
SMTPResponse(SMTPRetCode.LOCAL_ERROR,
DSNStatus.getStatus(DSNStatus.TRANSIENT, DSNStatus.UNDEFINED_STATUS) + "
Error processing message: " + e.getMessage());
LOGGER.error("Unknown error occurred while processing DATA.",
e);
return response;
}
return null;
}
On Mon, 5 Aug 2019 at 10:40, Matt Pryor
wrote:
> Hi there
>
> I'm seeing the below NullPointerException when attempting to send email to
> James. This stacktrace / error is repeated many times in the wrapper.log.
> It appears that the message was received okay however.
>
> I'm about to delve into the source to look for clues, but wondered if this
> rings any bells.
>
> INFO | jvm 1| 2019/08/05 10:27:08 | ERROR 10:27:08,949 |
> org.apache.james.protocols.netty.BasicChannelUpstreamHandler | Unable to
> process request
> INFO | jvm 1| 2019/08/05 10:27:08 | java.lang.NullPointerException
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.smtpserver.DataLineJamesMessageHookHandler.onLine(DataLineJamesMessageHookHandler.java:93)
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:101)
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:88)
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.protocols.smtp.core.SeparatingDataLineFilter.onHeadersLine(SeparatingDataLineFilter.java:94)
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.protocols.smtp.core.AbstractAddHeadersFilter.onHeadersLine(AbstractAddHeadersFilter.java:73)
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.protocols.smtp.core.SeparatingDataLineFilter.onLine(SeparatingDataLineFilter.java:63)
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:101)
> INFO | jvm 1| 2019/08/05 10:27:08 | at
> org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.
Error in wrapper logs after upgrading to James 3.3
Hi there I'm seeing the below NullPointerException when attempting to send email to James. This stacktrace / error is repeated many times in the wrapper.log. It appears that the message was received okay however. I'm about to delve into the source to look for clues, but wondered if this rings any bells. INFO | jvm 1| 2019/08/05 10:27:08 | ERROR 10:27:08,949 | org.apache.james.protocols.netty.BasicChannelUpstreamHandler | Unable to process request INFO | jvm 1| 2019/08/05 10:27:08 | java.lang.NullPointerException INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.smtpserver.DataLineJamesMessageHookHandler.onLine(DataLineJamesMessageHookHandler.java:93) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:101) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:88) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.SeparatingDataLineFilter.onHeadersLine(SeparatingDataLineFilter.java:94) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.AbstractAddHeadersFilter.onHeadersLine(AbstractAddHeadersFilter.java:73) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.SeparatingDataLineFilter.onLine(SeparatingDataLineFilter.java:63) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:101) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:88) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.esmtp.MailSizeEsmtpExtension.onLine(MailSizeEsmtpExtension.java:187) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:101) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.smtp.core.DataCmdHandler$DataLineFilterWrapper.onLine(DataCmdHandler.java:88) INFO | jvm 1| 2019/08/05 10:27:08 | at org.apache.james.protocols.netty.LineHandlerUpstreamHandler.messageReceived(LineHandlerUpstreamHandler.java:50) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.channel.SimpleChannelUpstreamHandler.messageReceived(SimpleChannelUpstreamHandler.java:124) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.handler.execution.ChannelUpstreamEventRunnable.doRun(ChannelUpstreamEventRunnable.java:43) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.handler.execution.ChannelEventRunnable.run(ChannelEventRunnable.java:67) INFO | jvm 1| 2019/08/05 10:27:08 | at org.jboss.netty.handler.execution.OrderedMemoryAwareThreadPoolExecutor$ChildExecutor.run(OrderedMemoryAwareThreadPoolExecutor.java:314) INFO | jvm 1| 2019/08/05 10:27:08 | at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) INFO | jvm 1| 2019/08/05 10:27:08 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) INFO | jvm 1| 2019/08/05 10:27:08 | at java.lang.Thread.run(Unknown Source) Many thanks Mattt -- Matt Pryor Software Developer The International Presence Group of Companies EMAIL: pr...@presencebpm.com URL: www.International-presence.com
