Re: Setting "administratorid"?
Yes, I will definitely contribute to this. A whole section on how to use delegation will be very helpful to other users. On 11/4/2019 3:38 AM, Tellier Benoit wrote: I just created an issue regarding this. https://issues.apache.org/jira/browse/JAMES-2963 Jerry, would you have time to contribute this missing documentation? Regards, Benoit On 04/11/2019 16:27, Tellier Benoit wrote: Answers inlined, Regards, Benoit On 30/10/2019 11:37, Jerry Malcolm wrote: "enableVirtualHosting" is another config parameter that's set in this same method. So I decided to search around and see where that is set. I found it, and just taking a wild guess, is this correct? Maybe we need to further explain this. When virtual hosting is enabled, usernames are composed of a local part and a domain part. al...@domain.tld and al...@company.org are two distinct users, with different login and distinct mailboxes. Creating a user without domain part is forbidden. When virtual hosting is turned of, usernames are only composed of a local part. All domains handled by James (check domain list) can be used as domain part of their mail address. al...@domain.tld and al...@company.org are two mail address belonging to a same "alice" user, with same login and mailboxes. Creating users with domain parts is forbidden. I will add the following indication within the documentation as it might get really useful to understand this. Thanks for highlighting this weak point! MD5 Try more secure algorithms, you should give a go to SHA-512. We should update default configuration accordingly as MD5 hashing is not acceptable. true ad...@myhost.com This took a whole lot of digging to figure out. I really think the default usersrepository.xml should have at least commented-out lines defining where/how to set the administrator id. I would be glad to have you contribute this! I'll add it to my list if this is indeed the correct implementation. Jerry On 10/29/2019 11:27 PM, Jerry Malcolm wrote: I see in AbstractUsersRepository where "adminstratorid" is pulled from somewhere in the configuration: administratorId = Optional.ofNullable(configuration.getString("administratorId")); But I can't find any place to set it in the shipped configuration files. Where is the administrator id supposed to be defined, and what is the correct syntax to define it? Thx Jerry - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: AdministratorId Documentation
This is a followup to an earlier discussion. I have a very large number of imap utilities that I use to maintain my clients' accounts and mailboxes. They were all written using javax.mail's version of the IMAP interface. Your code reference below was very helpful. But I realized I would have to change all of my javax.mail code to commons.net. It was going to be worth it if I could get the delegate function. But I still was dreading the amount of migration/testing work. So I did a bit of playing around looking at what was really happening to send the admin id, admin pw, and target account in the login. Turns out in the javax.mail package, if you use: store.connect(host, port, user + "\0" + adminId, adminPW); it logs in correctly with delegation. So as much as I appreciate your code :-), a one-line change to my javax.mail login code won out over almost a full rewrite of all my utilities. Jerry On 9/12/2019 11:01 PM, Tellier Benoit wrote: If you are using commons-net, I succeeded to write: https://gist.github.com/chibenwa/abd12fd6c0b06cadd1de591e3ac792b9 That should be helping you! On 13/09/2019 10:40, Tellier Benoit wrote: Wich library are you using? On 13/09/2019 10:33, Jerry Malcolm wrote: Thanks for the info, Tellier. I kinda lost you on the mpt tests... I was looking for how to change the following code to include an administrator id. I only have one field in the store.connect() method for a user id, but I have an administrator id and the userid for the target mailbox. How do I pass in both? try { session = Session.getInstance(props, null); session.setDebug(debug); store = session.getStore(protocol); store.connect(host, port, user, password); } catch( Exception e) { log( "IMAPClient.connect() exception: " + e ); throw(e); } On 9/12/2019 10:10 PM, Tellier Benoit wrote: Hello Jerry, With the `administratorId`, you are able to use IMAP impersonation. IE to log in as another user. You should define it within usersrepository.xml. To see related "reading config" code: AbstractUsersRepository is the way to go. Agree that this needs example and documentation. I will do it straight away. For your IMAP call, MPT tests are going to be a gold mine, presenting you the exact syntax. mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/AuthenticatePlain.test Contains: C: 0007 AUTHENTICATE "PLAIN" {36+} # delegate\0imapuser\0password C: ZGVsZWdhdGUAaW1hcHVzZXIAcGFzc3dvcmQ= S: 0007 OK AUTHENTICATE completed. # Ensure we are delegate C: 0008 SELECT delegate SUB { S: \* FLAGS .* S: \* .* EXISTS S: \* .* RECENT S: \* OK \[UIDVALIDITY .*\] UIDs valid S: \* OK \[PERMANENTFLAGS .*\] Limited S: \* OK \[HIGHESTMODSEQ .*\] Highest S: \* OK \[UIDNEXT .*\] Predicted next UID } S: 0008 OK \[READ-WRITE\] SELECT completed\. Regarding your development issues, I'm really sorry. My environment is based on IntelliJ, and I encounter no issue. To be able to compile, I use maven 3.6.2 with JDK 11. Best regards, Benoit Tellier On 13/09/2019 09:53, Jerry Malcolm wrote: Since it appears I'm not going to be able to build James 3.3.0 in the foreseeable future, I'm now moving to plan d, e, f, or whatever... .I've lost count. My goal now is to assess my possibilities of using James 3.3.0 binaries as-is and discarding the functionality I had hoped to re-add to 3.3.0 from 30b5 or moving the functionality to mailets that I can compile outside of doing a full James build. One thing I had added to beta5 was the ability to have a super-user, master-key id that could be used in my custom external imap mailbox maintenance utilities. I've spent several hours digging through the 3.3.0 source code, and I see code referencing "administratorId". From what I can deduce from the code, the Authenticator and Authorizator classes seem to accept this administrator id as the equivalent of the master key I added to b5. So can I access UserABC's mailbox through imap but use my administratorId and password? If that's the case, then that's exactly what I need. The problem is I can't find any documentation on how to use administratorId. Where do I define it? And how do I pass it on imap calls using the javax.mail.Store and other classes in javax.mail that I use to access imap? Jerry - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail:
Re: Setting "administratorid"?
Hi Benoit, I wasn't actually questioning enableVirtualHosting. I was simply trying to figure out where to put the admin id. I noticed that the adminId was pulled from the configuration in the next line after the enableVirtualHosting flag was pulled. So I was just deducing that perhaps they should be side by side in the same config file. I tried that, and it worked. My only recommendation was that we add a 'dummy' commented-only line to the default config file, so others can easily find where to set it. Jerry On 11/4/2019 3:27 AM, Tellier Benoit wrote: Answers inlined, Regards, Benoit On 30/10/2019 11:37, Jerry Malcolm wrote: "enableVirtualHosting" is another config parameter that's set in this same method. So I decided to search around and see where that is set. I found it, and just taking a wild guess, is this correct? Maybe we need to further explain this. When virtual hosting is enabled, usernames are composed of a local part and a domain part. al...@domain.tld and al...@company.org are two distinct users, with different login and distinct mailboxes. Creating a user without domain part is forbidden. When virtual hosting is turned of, usernames are only composed of a local part. All domains handled by James (check domain list) can be used as domain part of their mail address. al...@domain.tld and al...@company.org are two mail address belonging to a same "alice" user, with same login and mailboxes. Creating users with domain parts is forbidden. I will add the following indication within the documentation as it might get really useful to understand this. Thanks for highlighting this weak point! MD5 Try more secure algorithms, you should give a go to SHA-512. We should update default configuration accordingly as MD5 hashing is not acceptable. true ad...@myhost.com This took a whole lot of digging to figure out. I really think the default usersrepository.xml should have at least commented-out lines defining where/how to set the administrator id. I would be glad to have you contribute this! I'll add it to my list if this is indeed the correct implementation. Jerry On 10/29/2019 11:27 PM, Jerry Malcolm wrote: I see in AbstractUsersRepository where "adminstratorid" is pulled from somewhere in the configuration: administratorId = Optional.ofNullable(configuration.getString("administratorId")); But I can't find any place to set it in the shipped configuration files. Where is the administrator id supposed to be defined, and what is the correct syntax to define it? Thx Jerry - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
(Resolved): Moving Servers Wipes Out iPhone's Mail Accounts
Finally, after 2 weeks, iPhones have all of their mail. The problem was that my Lucene index was corrupted. Or to be more precise, only emails from the last two weeks since I first started up James on the new environment were indexed. Even after renaming (effectively removing) the /var/store/lucene folder, the index would not fully rebuild. Same problem... but worse now... now it showed only mail that came in over the last 10 minutes since I cleaned the lucene index folder and lost the last 2 weeks' mail that actually was indexed. On a whim, I changed indexer.xml to use lazyIndex instead of luceneIndex... voila all of the folders were fully indexed, and iPhone has all of the mail for each folder. Couldn't find much documentation on lazyIndex vs. luceneIndex. But at this point, I think I'll take having mail back on my client's iPhones over any downside to using lazyIndex. But educate me if there are serious downsides to using lazyIndex. Thunderbird populates folders using a different imap command which, apparently, goes straight to the JPA database instead of using the Lucene index. So that's why the problem didn't appear in TBird. I'm going to start another thread in the dev group specifically to discuss the Lucene issue. Jerry On 10/31/2019 12:35 PM, Jerry Malcolm wrote: (I'm moving this thread to the dev forum since it appears now to not be a user problem) More data now... Since iPhone doesn't load the correct email list and TBird does, I traced the precise same scenario with the same email account with TBird as the previous iPhone trace in the post below. As I suspected, in order to do an initial full sync on a folder, TBird is asking for the list of UIDs in a different way. Note from the two traces: TBird: UID fetch 1:* (FLAGS) Response: 1 FETCH (FLAGS (\\Seen) UID 5801) (...followed by many other UIDs including the ones in iPhone search below) --- iPhone: UID SEARCH RETURN (COUNT) 1:* NOT DELETED Response: ESEARCH (TAG "39") UID ALL 7776,7955:7970,7975:8033 The two queries above are for the same email account/folder. Again, I'm not an IMAP expert. But it appears that both should return the same list of UIDs even though they ask for it differently. Summary... the TBird query gets all UIDs for the folder starting at 5801 as expected. The iPhone query gets a subset of UIDs starting at 7776. This continues to support my current theory that the code that processes UID SEARCH RETURN (COUNT) 1:* is not correct. If someone knows what class processes these imap queries, please let me know. I'm going to dig into the code now. But a few pointers to the package/classes would be helpful. Thunderbird trace: 127 Request: 19 select "INBOX" 129,Response: * FLAGS (\\Answered \\Deleted \\Draft \\Flagged \\Seen "MailFlagBit1 "MailFlagBit0 NonJunk "label3 "label1 "Forwarded) 130,Response: 19 OK [READ-WRITE] SELECT completed. 132 Request: 20 getquotaroot "INBOX" 134 Response: * QUOTAROOT "INBOX" #private@malcolms.com 135,Response: 20 OK GETQUOTAROOT completed. 137,Request: 21 UID fetch 1:* (FLAGS) 139,Response: * 1 FETCH (FLAGS (\\Seen) UID 5801) 140,Response: * 2 FETCH (FLAGS (\\Seen) UID 5802) 141,Response: * 4 FETCH (FLAGS (\\Seen) UID 5804) On 10/29/2019 3:12 PM, Jerry Malcolm wrote: Ok, I need an IMAP expert Below is a very brief trace of the communications between iPhone mail and JAMES (3.4). I completely deleted an account on my iPhone, then recreated it while in airplane mode to make sure I didn't miss any communications in my trace. I started the trace, exited airplane mode and let the iPhone do an initial sync with the account. The inbox folder in this account has over 1000 emails going back to early 2019. I'm not an expert in IMAP. But it appears that the iPhone mail app requests all of the emails 1:* (see line 812), but JAMES returns a single id plus two ranges (line 813). But the total count JAMES reports is nowhere near the full 1000. Subsequently (line 822), iPhone requests the emails JAMES told it about in line 813. From what I can tell, the problem is in line 813. JAMES did not report all of the actual mail that is in the INBOX, which is exactly what I'm seeing on the phone. Shouldn't JAMES return all 1000+ email ids that exist in INBOX? Or am I reading the IMAP trace incorrectly? Note that the only emails JAMES reports came in AFTER I migrated to the new server and to the James 3.4 from v3b5. It appears that there is something different about pre-existing emails in the mailbox folder that is causing JAMES not to recognize them. But this problem ONLY exists on the iPhone mail app. Thunderbird gets all of the mail for the inbox. So is iPhone must be sending a slightly different request command syntax than other clients do (??) Just speculating 798 IMAP Request: 37 SELECT INBOX 802 IMAP Response: 37 OK [READ-WRITE] SELECT completed. 806 IMAP Request: 38 UID SEARCH RETURN
Re: Setting "administratorid"?
I just created an issue regarding this. https://issues.apache.org/jira/browse/JAMES-2963 Jerry, would you have time to contribute this missing documentation? Regards, Benoit On 04/11/2019 16:27, Tellier Benoit wrote: > Answers inlined, > > Regards, > > Benoit > > On 30/10/2019 11:37, Jerry Malcolm wrote: >> "enableVirtualHosting" is another config parameter that's set in this >> same method. So I decided to search around and see where that is set. >> I found it, and just taking a wild guess, is this correct? > > Maybe we need to further explain this. > > When virtual hosting is enabled, usernames are composed of a local part > and a domain part. al...@domain.tld and al...@company.org are two > distinct users, with different login and distinct mailboxes. Creating a > user without domain part is forbidden. > > > When virtual hosting is turned of, usernames are only composed of a > local part. All domains handled by James (check domain list) can be used > as domain part of their mail address. al...@domain.tld and > al...@company.org are two mail address belonging to a same "alice" user, > with same login and mailboxes. Creating users with domain parts is > forbidden. > > I will add the following indication within the documentation as it might > get really useful to understand this. Thanks for highlighting this weak > point! > >> >> > class="org.apache.james.user.jpa.JPAUsersRepository"> >> MD5 > > Try more secure algorithms, you should give a go to SHA-512. > > We should update default configuration accordingly as MD5 hashing is not > acceptable. > >> true >> ad...@myhost.com >> >> >> This took a whole lot of digging to figure out. I really think the >> default usersrepository.xml should have at least commented-out lines >> defining where/how to set the administrator id. > > I would be glad to have you contribute this! > >> >> I'll add it to my list if this is indeed the correct implementation. >> >> Jerry >> >> >> On 10/29/2019 11:27 PM, Jerry Malcolm wrote: >>> I see in AbstractUsersRepository where "adminstratorid" is pulled from >>> somewhere in the configuration: >>> >>> administratorId = >>> Optional.ofNullable(configuration.getString("administratorId")); >>> >>> But I can't find any place to set it in the shipped configuration >>> files. Where is the administrator id supposed to be defined, and what >>> is the correct syntax to define it? >>> >>> Thx >>> >>> Jerry >>> >>> >>> - >>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>> For additional commands, e-mail: server-user-h...@james.apache.org >>> >> >> - >> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >> For additional commands, e-mail: server-user-h...@james.apache.org >> - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Setting "administratorid"?
Answers inlined, Regards, Benoit On 30/10/2019 11:37, Jerry Malcolm wrote: > "enableVirtualHosting" is another config parameter that's set in this > same method. So I decided to search around and see where that is set. > I found it, and just taking a wild guess, is this correct? Maybe we need to further explain this. When virtual hosting is enabled, usernames are composed of a local part and a domain part. al...@domain.tld and al...@company.org are two distinct users, with different login and distinct mailboxes. Creating a user without domain part is forbidden. When virtual hosting is turned of, usernames are only composed of a local part. All domains handled by James (check domain list) can be used as domain part of their mail address. al...@domain.tld and al...@company.org are two mail address belonging to a same "alice" user, with same login and mailboxes. Creating users with domain parts is forbidden. I will add the following indication within the documentation as it might get really useful to understand this. Thanks for highlighting this weak point! > > class="org.apache.james.user.jpa.JPAUsersRepository"> > MD5 Try more secure algorithms, you should give a go to SHA-512. We should update default configuration accordingly as MD5 hashing is not acceptable. > true > ad...@myhost.com > > > This took a whole lot of digging to figure out. I really think the > default usersrepository.xml should have at least commented-out lines > defining where/how to set the administrator id. I would be glad to have you contribute this! > > I'll add it to my list if this is indeed the correct implementation. > > Jerry > > > On 10/29/2019 11:27 PM, Jerry Malcolm wrote: >> I see in AbstractUsersRepository where "adminstratorid" is pulled from >> somewhere in the configuration: >> >> administratorId = >> Optional.ofNullable(configuration.getString("administratorId")); >> >> But I can't find any place to set it in the shipped configuration >> files. Where is the administrator id supposed to be defined, and what >> is the correct syntax to define it? >> >> Thx >> >> Jerry >> >> >> - >> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >> For additional commands, e-mail: server-user-h...@james.apache.org >> > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Setting "administratorid"?
Please have a look at http://james.apache.org/server/config-users.html ad...@plateform.com in usersrepository.xml Will enable ad...@plateform.com to login as f...@plateform.com using imap. On 30/10/2019 11:27, Jerry Malcolm wrote: > I see in AbstractUsersRepository where "adminstratorid" is pulled from > somewhere in the configuration: > > administratorId = > Optional.ofNullable(configuration.getString("administratorId")); > > But I can't find any place to set it in the shipped configuration > files. Where is the administrator id supposed to be defined, and what > is the correct syntax to define it? > > Thx > > Jerry > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org