Re: DKIM -- crashes at James startup with error: malformed sequence in RSA private key
Hi Gil, I'm using DKIM without problems. Maybe the blanks in private key are the problem? Can you check it? Your file: -BEGIN RSA PRIVATE KEY- ===KEY=== -END RSA PRIVATE KEY- My file: -BEGIN RSA PRIVATE KEY- ===KEY=== -END RSA PRIVATE KEY- Best wishes Günter > Gilberto Espinoza hat am 22.11.2023 17:03 CET > geschrieben: > > > Hello, > > My instance of James 3.8.0 crashes when I try to add the DKIM configuration > in the mailetcontainer.xml. I follow the instructions in the How-To ( > https://james.apache.org/howTo/dkim.html). After generating the private and > public keys as instructed, I add the following snippet to the > mailetcontainer.xml configuration. > > Upon startup, it crashes with the following error message: > > 15:19:36.350 [ERROR] o.a.j.m.l.AbstractStateMailetProcessor - Unable to > init mailet org.apache.james.jdkim.mailets.DKIMSign > org.bouncycastle.openssl.PEMException: malformed sequence in RSA private key > > The private key is a copy and paste of the contents of the private.pem file > that is generated using openssl as instructed in the How-To instructions. I > am at a loss on what is causing the malformed sequence. Any suggestions > would be appreciated. > > > > > v=1; s=james3; d=myrealdomain.net ; h=from : reply-to > : subject : date : to : cc : resent-date : resent-from : resent-sender : > resent-to : resent-cc : in-reply-to : references : list-id : list-help : > list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; > a=rsa-sha256; bh=; b=; > > > -BEGIN RSA PRIVATE KEY- > ===KEY=== > -END RSA PRIVATE KEY- > > > > > > Thanks, > > > Gil Espinoza - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: SPF record: not found for host
Hi, I test the "apache-jspf-resolver-1.0.3.jar" with newest source code and had the same problem. After some time I fund a solution. I changed the class "org.apache.james.jspf.impl.SPF". In the constructor I changed the "executor" form "AsynchronousSPFExecutor" to "SynchronousSPFExecutor" and the problem was solved. [this.executor = new SynchronousSPFExecutor(dnsProbe);] Best wishes Günter -- Günter Paul Hirschbachstraße 4a 53506 Ahrbrück Tel.: +4926436747 Mobile: +491759140889 - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: SPF record: not found for host
Hi, > And yes, by other domains all works fine. sorry, after wrote, the next problem with "myfritz.net": DNS: v=spf1 ip4:212.42.244.0/24 ip6:2001:bf0:244::/48 -all I think it's a james-problem. The problems is with incoming mails, I recieve the mails an can read it without problems. Best wishes Günter - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: SPF record: not found for host
Hi David, That's ironic: because of a hint from my provider to set up SPF to be on the safe side (because of Google!), I dealt with the topic. And now, of all people, should Google not be configured properly? It would be possible. The warning isn't really a problem, I can receive and send emails from Google. But I have to evaluateare this warnings. And yes, by other domains all works fine. Best wishes Günter > Obvious things first - does your setup deal with SPF records for other > domains without problem? > > If so join the gmail sucks club. > > I use gmail as a test sender/recipient for my mail server. I go back a couple > of years now - I noticed that gmail was failing my SPF record, despite it > definitely being correct. Since it was still delivering my test mails to > Inbox rather than junk, I just left it. > > Then it started to put mail in junk folders - good job I noticed. > > It did not like my SPFv6 record, despite it being correct, despite mxtoolbox > saying it was correct, despite the authoritative DNS server saying it was > correct and every other DNS server I thought to check. Even the gmail DNS > servers thought it was correct. Go figure that one :-) > > Since I have a /64, I pragmatically brought up the v6 address gmail thought I > should have and adjusted my records - just to make gmail happy and stop > binning test mails and email to friends unfortunate enough to be relying on > gmail. > > It has solved the problem, but you seem to have a different one. To complete > my story, it's likely that the record gmail wanted to see (and now does) had > been in use before. For most people DNS changes update in lets say 24 hours, > but for gmail it seems to take a couple of years :-) > > -- > David Matthews > m...@dmatthews.org > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: SPF record: not found for host
Hi David, That's ironic: because of a hint from my provider to set up SPF to be on the safe side (because of Google!), I dealt with the topic. And now, of all people, should Google not be configured properly? It would be possible. The warning isn't really a problem, I can receive and send emails from Google. But I have to evaluateare this warnings. And yes, by other domains all works fine. Best wishes Günter > Obvious things first - does your setup deal with SPF records for other > domains without problem? > > If so join the gmail sucks club. > > I use gmail as a test sender/recipient for my mail server. I go back a couple > of years now - I noticed that gmail was failing my SPF record, despite it > definitely being correct. Since it was still delivering my test mails to > Inbox rather than junk, I just left it. > > Then it started to put mail in junk folders - good job I noticed. > > It did not like my SPFv6 record, despite it being correct, despite mxtoolbox > saying it was correct, despite the authoritative DNS server saying it was > correct and every other DNS server I thought to check. Even the gmail DNS > servers thought it was correct. Go figure that one :-) > > Since I have a /64, I pragmatically brought up the v6 address gmail thought I > should have and adjusted my records - just to make gmail happy and stop > binning test mails and email to friends unfortunate enough to be relying on > gmail. > > It has solved the problem, but you seem to have a different one. To complete > my story, it's likely that the record gmail wanted to see (and now does) had > been in use before. For most people DNS changes update in lets say 24 hours, > but for gmail it seems to take a couple of years :-) > > -- > David Matthews > m...@dmatthews.org > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
SPF record: not found for host
Hi, I'm using the spf-mailet now and test it. I found this warning in the log file: "No SPF record found for host: googlemail.com" So I checked "googlemail.com" by mxtoolbox.com DNS-Record: v=spf1 redirect=_spf.google.com The Tool found not any problems. Somebody know about such problems or a solution? Best wishes Günter - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Hi Benoit, I wrote a documentary. You can find here: https://www.fentool.de/daten/aYg_h2p-hpw/JamesAttacks_v0.1.pdf Hope it's usefull. If you need a different format or if I can help in any other way, please contact me. @All: I would appreciate if someone reviews my work and wants to give me feeddback. (A better translation would also be helpful) Best wishes Günter > Benoit TELLIER hat am 15.06.2023 05:06 CEST geschrieben: > > > Hello Paul, > > Fail2ban set up with Apache James seems rather generic, and might be > worth sharing through either a blog post of through a dedicated > documentation page. > > Do you think you would be able to share your experience with others? > > I would be happy to add a blog post entry on James website for this, if > relevant. > > Regards, > > Benoit > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Hi David, You're right of course and I get that too. My problem is that I have no way to solve the problem directly with the firewall. I have very simple rules that say no more than 4 new connections are allowed on the smpt port from one IP address (I have similar rules for other ports): $IPTABLES -A INPUT -p tcp -d $MYHOST --dport 25 -m state --state NEW -m recent --set --name DDOS-SMTP $IPTABLES -A INPUT -p tcp -d $MYHOST --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DDOS-SMTP -j DROP It doesn't always work for James though. I also described this in the first post on this topic. The attacker open a connection and keeps trying to log in, more than 100 attempts in a few seconds. And the connection remains open so the firewall-rule doesn't work. My approach would be that James closes the connection after e.g. three attempts, that should be configurable. Then the standard firewall rules could take effect again. Best wishes Günter > David Matthews hat am 16.06.2023 08:47 CEST > geschrieben: > > > hi Gunter > > >The best way I think would be if James could handle this internally. Until > >then, fail2ban is a good alternative. > > I think you are misunderstanding. Neither james or any other mail exchanger > or imap server can take over the work fail2ban can do. Fail2ban can provide a > dynamic firewall, by blocking ip addresses that misbehave on the fly. This > blocking happens at network level rather than application level so is much > more efficient and safer than james/exim4/postfix alone can achieve with even > the finest configuration tweaks. > > -- > David Matthews > m...@dmatthews.org > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org -- Günter Paul Hirschbachstraße 4a 53506 Ahrbrück Tel.: +4926436747 Mobile: +491759140889 - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Hi Benoit, Yes, I am glad to write a small documentation. But I need a few days for this. I currently solved it by writing my own appender for log4j2. This makes the evaluation easier for me, since I can do without complicated regex expressions. But this does not work for other loggers. The best way I think would be if James could handle this internally. Until then, fail2ban is a good alternative. Best wishes Günter > Benoit TELLIER hat am 15.06.2023 05:06 CEST geschrieben: > > > Hello Paul, > > Fail2ban set up with Apache James seems rather generic, and might be > worth sharing through either a blog post of through a dedicated > documentation page. > > Do you think you would be able to share your experience with others? > > I would be happy to add a blog post entry on James website for this, if > relevant. > > Regards, > > Benoit > > On 15/06/2023 00:13, Günter Paul wrote: > > Hi, > > > > at the end I'm using fail2ban. Thanks a lot for information. > > > > I see log4j2 works too with the parameters, so I found a solution for me. > > > > Best wishes > > > > Günter > > > >> Günter Paul hat am 08.06.2023 22:23 CEST geschrieben: > >> > >> > >> Hi, > >> > >> Thanks, logback sounds good. I'm using the spring-version. I will try to > >> change, hope it' possible without problems. > >> > >> Günter > >> > >> > >> Am 8. Juni 2023 18:21:55 MESZ schrieb David Matthews > >> : > >>>> To chip-in. It should be possible to configure logback to: output only > >>>> log entries for failing > >>>> connections (e.g. for > >>>> org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest) > >>>> and with > >>>> simplified entry (e.g. only the error message) that should make writing > >>>> regexp simpler. > >>>> > >>> yes, that would help > >>> > >>> With my exim4 setup, fail2ban is only looking at the rejectlog. You can't > >>> just ban everything though as you'd lock yourself out next time you fat > >>> fingered the password. > >>> > >>> -- > >>> David Matthews > >>> m...@dmatthews.org > >>> > >>> > >>> - > >>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > >>> For additional commands, e-mail: server-user-h...@james.apache.org > >>> > > - > > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > > For additional commands, e-mail: server-user-h...@james.apache.org > > > > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Hi, at the end I'm using fail2ban. Thanks a lot for information. I see log4j2 works too with the parameters, so I found a solution for me. Best wishes Günter > Günter Paul hat am 08.06.2023 22:23 CEST geschrieben: > > > Hi, > > Thanks, logback sounds good. I'm using the spring-version. I will try to > change, hope it' possible without problems. > > Günter > > > Am 8. Juni 2023 18:21:55 MESZ schrieb David Matthews > : > >>To chip-in. It should be possible to configure logback to: output only log > >>entries for failing > >>connections (e.g. for > >>org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest) and > >>with > >>simplified entry (e.g. only the error message) that should make writing > >>regexp simpler. > >> > > > >yes, that would help > > > >With my exim4 setup, fail2ban is only looking at the rejectlog. You can't > >just ban everything though as you'd lock yourself out next time you fat > >fingered the password. > > > >-- > >David Matthews > >m...@dmatthews.org > > > > > >- > >To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > >For additional commands, e-mail: server-user-h...@james.apache.org > > - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Hi, Thanks, logback sounds good. I'm using the spring-version. I will try to change, hope it' possible without problems. Günter Am 8. Juni 2023 18:21:55 MESZ schrieb David Matthews : >>To chip-in. It should be possible to configure logback to: output only log >>entries for failing >>connections (e.g. for >>org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest) and >>with >>simplified entry (e.g. only the error message) that should make writing >>regexp simpler. >> > >yes, that would help > >With my exim4 setup, fail2ban is only looking at the rejectlog. You can't just >ban everything though as you'd lock yourself out next time you fat fingered >the password. > >-- >David Matthews >m...@dmatthews.org > > >- >To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >For additional commands, e-mail: server-user-h...@james.apache.org >
Re: Attack on the James Server
Hi David, I'm afraid fail2ban can't help. The tool evaluates the log file, right? The problem is as follows: First, the attacker's IP address is written in one line to the log file. And a second request could come almost at the same time, the IP address is also written to the log file. Then a non-existent user is written to the log file, unfortunately without specifying the IP address. An assignment to the attacker is no longer possible. I'm afraid the problem can only be solved within James himself. Example: INFO | jvm 1| 2023/06/07 16:49:55 | 07-Jun-2023 16:49:55.869 INFO [smtpserver-io-1] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 - Connection established from 59.2.248.84 INFO | jvm 1| 2023/06/07 16:49:55 | 07-Jun-2023 16:49:55.901 INFO [smtpserver-io-1] org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 - Connection established from 58.12.250.90 INFO | jvm 1| 2023/06/07 16:49:59 | 07-Jun-2023 16:49:59.761 INFO [smtpserver-io-1] org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61 - Rejected message. Unknown user: b...@domaine.de INFO | jvm 1| 2023/06/07 16:49:59 | 07-Jun-2023 16:49:59.761 INFO [smtpserver-io-1] org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 - org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED) > Günter Paul hat am 07.06.2023 17:24 CEST geschrieben: > > > Thanks David. You're probably right, I'll check fail2ban. At the oter sinde: > regex is not my friend though. > > BW Günter > > > David Matthews hat am 07.06.2023 16:40 CEST > > geschrieben: > > > > > > >Hello David, > > > > > >thanks for your information. Maybe fail2ban is a solution. I would prefer > > >to solve the problem with board funds from James. > > > > > With fail2ban, once you come up with a working regex, you're solving the > > problem at a pre James level - in affect you would be operating an > > automatic and dynamic firewall block. > > > > I think that's a deal more efficient than anything James or any other mail > > exchanger can do. > > > > -- > > David Matthews > > m...@dmatthews.org > > > > > > - > > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > > For additional commands, e-mail: server-user-h...@james.apache.org > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Thanks David. You're probably right, I'll check fail2ban. At the oter sinde: regex is not my friend though. BW Günter > David Matthews hat am 07.06.2023 16:40 CEST > geschrieben: > > > >Hello David, > > > >thanks for your information. Maybe fail2ban is a solution. I would prefer to > >solve the problem with board funds from James. > > > With fail2ban, once you come up with a working regex, you're solving the > problem at a pre James level - in affect you would be operating an automatic > and dynamic firewall block. > > I think that's a deal more efficient than anything James or any other mail > exchanger can do. > > -- > David Matthews > m...@dmatthews.org > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Hello David, thanks for your information. Maybe fail2ban is a solution. I would prefer to solve the problem with board funds from James. Perhaps the solution would be to extend the handlers to stop after a certain number of failed attempts? Best wishes Günter > David Matthews hat am 07.06.2023 10:29 CEST > geschrieben: > > > >I run a James mail server (james-server-spring-app-3.8.0). The log file > >shows that the server is constantly being attacked. This is normal, the > >server is on the Internet. > > My experience is that there is a sharp increase on attacks on small mail > servers since maybe April. This is not a James issue - I run exim/dovecot in > production setup. > > I'd strongly suggest looking at fail2ban and this may give a pointer:- > > https://dmatthews.org/webmail.html#fail2ban > > Fortunately for me fail2ban's regex for exim is ok as is; writing regex is > one of my least favourite tasks. Using James, you'll have some work to do > there. > > As an aside, it seems more or less concurrent to this large increase in > attacks, free email providers are all tying to get a phone number from you. > Gmail, not so forcefully, but another foreign provider (I have these legacy > accounts for testing purposes) told me there had been a hacked entry into my > account and to do a password reset I now have to supply a phone number. For > sure they are lying and there is no way they'll get a phone number from me > :-) Online attack on anonymity? > > -- > David Matthews > m...@dmatthews.org > > > - > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org -- Günter Paul Hirschbachstraße 4a 53506 Ahrbrück Tel.: +4926436747 Mobile: +491759140889 - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Attack on the James Server
Hello Karsten,
thanks for the tip. I tried it but it doesn't work.
It seems that "verifyFailureDelay" only works for an identical user login. Here
is a connection and then an attempt with different users to log in. There is no
delay between registrations. It would be good if a connection was closed after
three attempts.
Best wishes
Günter
> Karsten Otto hat am 07.06.2023
> 10:36 CEST geschrieben:
>
>
> There is a property named verifyFailureDelay that you can set in
> usersrepository.xml. The value is a time to wait between unsuccessful
> authentication attempts, e.g. 2s to wait 2 seconds.
>
> You won't get rid of the attacks this way, but slow down any brute force
> attempts to guess valid user passwords. Hopefully to a point where it
> does not make sense anymore and the attacker just gives up.
>
> On the other hand, a long delay could clog up your mail server and
> prevent legitimate users from accesssing it, so you may need to
> experiment with the settings a bit.
>
> Good luck,
> Karsten
>
> On 07.06.23 10:12 AM, Günter Paul wrote:
> > I run a James mail server (james-server-spring-app-3.8.0). The log file
> > shows that the server is constantly being attacked. This is normal, the
> > server is on the Internet.
> >
> > I was able to fend off some of the attacks via the firewall: blocking IP
> > addresses or limiting access per minute (connect).
> >
> > Now 2 attacks remain. In both cases there is a “connect”, then many
> > actions, then the connection is closed. The IP addresses change constantly.
> > In the "smtpserver.xml" file, I tried to reduce the number of accesses via
> > "MaxRcptHandler", but unfortunately that doesn't work here.
> >
> > Are there any out of the box options to configure something?
> >
> > Here are the concrete examples from the log file (domaine.de is a dummy for
> > my domaine)
> >
> > 1) Rejected message. Unknown user
> >
> > INFO | jvm 1| 2023/06/06 23:55:45 | 06-Jun-2023 23:55:45.837 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103
> > - Connection established from 60.29.127.226
> > INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
> > - Rejected message. Unknown user: dar...@domaine.de
> > INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
> > org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY
> > CONNECTED)
> > INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
> > - Rejected message. Unknown user: daniell...@domaine.de
> > INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
> > org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY
> > CONNECTED)
> >
> > … (202 lines in total )
> >
> > INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.470 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
> > - Rejected message. Unknown user: upoz3f3sx...@domaine.de
> > INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.471 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
> > org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY
> > CONNECTED)
> > INFO | jvm 1| 2023/06/06 23:55:51 | 06-Jun-2023 23:55:51.408 INFO
> > [smtpserver-io-3]
> > org.apache.james.protocols.netty.BasicChannelInboundHandler.channelInactive:143
> > - Connection closed for 60.29.127.226/60.29.127.226:50151
> >
> >
> > 2) Password is unverified
> >
> > INFO | jvm 1| 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.108 INFO
> > [smtpserver-io-2]
> > org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103
> > - Connection established from 45.133.235.202
> > INFO | jvm 1| 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.333 INFO
> > [smtpserver-io-2]
> > org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not
> > retrieve user Username{localPart=root, domainPart=Optional[Domai
Attack on the James Server
I run a James mail server (james-server-spring-app-3.8.0). The log file shows
that the server is constantly being attacked. This is normal, the server is on
the Internet.
I was able to fend off some of the attacks via the firewall: blocking IP
addresses or limiting access per minute (connect).
Now 2 attacks remain. In both cases there is a “connect”, then many actions,
then the connection is closed. The IP addresses change constantly. In the
"smtpserver.xml" file, I tried to reduce the number of accesses via
"MaxRcptHandler", but unfortunately that doesn't work here.
Are there any out of the box options to configure something?
Here are the concrete examples from the log file (domaine.de is a dummy for my
domaine)
1) Rejected message. Unknown user
INFO | jvm 1| 2023/06/06 23:55:45 | 06-Jun-2023 23:55:45.837 INFO
[smtpserver-io-3]
org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 -
Connection established from 60.29.127.226
INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO
[smtpserver-io-3]
org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
- Rejected message. Unknown user: dar...@domaine.de
INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.400 INFO
[smtpserver-io-3]
org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED)
INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO
[smtpserver-io-3]
org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
- Rejected message. Unknown user: daniell...@domaine.de
INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.401 INFO
[smtpserver-io-3]
org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED)
… (202 lines in total )
INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.470 INFO
[smtpserver-io-3]
org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61
- Rejected message. Unknown user: upoz3f3sx...@domaine.de
INFO | jvm 1| 2023/06/06 23:55:50 | 06-Jun-2023 23:55:50.471 INFO
[smtpserver-io-3]
org.apache.james.protocols.smtp.core.log.HookResultLogger.onHookResult:45 -
org.apache.james.smtpserver.fastfail.ValidRcptHandler: result= (DENY CONNECTED)
INFO | jvm 1| 2023/06/06 23:55:51 | 06-Jun-2023 23:55:51.408 INFO
[smtpserver-io-3]
org.apache.james.protocols.netty.BasicChannelInboundHandler.channelInactive:143
- Connection closed for 60.29.127.226/60.29.127.226:50151
2) Password is unverified
INFO | jvm 1| 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.108 INFO
[smtpserver-io-2]
org.apache.james.protocols.netty.BasicChannelInboundHandler.channelActive:103 -
Connection established from 45.133.235.202
INFO | jvm 1| 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.333 INFO
[smtpserver-io-2]
org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not
retrieve user Username{localPart=root, domainPart=Optional[Domain :
domaine.de]}. Password is unverified.
INFO | jvm 1| 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.333 INFO
[smtpserver-io-2]
org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 - AUTH
method LOGIN failed from Username{localPart=root, domainPart=Optional[Domain :
domaine.de]}@45.133.235.202
INFO | jvm 1| 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.512 INFO
[smtpserver-io-2]
org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not
retrieve user Username{localPart=root, domainPart=Optional[Domain :
domaine.de]}. Password is unverified.
INFO | jvm 1| 2023/06/06 23:44:49 | 06-Jun-2023 23:44:49.512 INFO
[smtpserver-io-2]
org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 - AUTH
method LOGIN failed from Username{localPart=root, domainPart=Optional[Domain :
domaine.de]}@45.133.235.202
… (408 lines in total )
INFO | jvm 1| 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.286 INFO
[smtpserver-io-2]
org.apache.james.user.lib.UsersRepositoryImpl.lambda$test$2:155 - Could not
retrieve user Username{localPart=root, domainPart=Optional[Domain :
domaine.de]}. Password is unverified.
INFO | jvm 1| 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.286 INFO
[smtpserver-io-2]
org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 - AUTH
method LOGIN failed from Username{localPart=root, domainPart=Optional[Domain :
domaine.de]}@45.133.235.202
INFO | jvm 1| 2023/06/06 23:45:25 | 06-Jun-2023 23:45:25.330 INFO
[smtpserver-io-2]
org.apache.james.protocols.netty.BasicChannelInboundHandler.channelInactive:143
- Connection closed for 45.133.235.202/45.133.235.202:57554
Does anyone know solutions to these problems?
Best wishes, Günt
Re: James logo – the Vote is Open
Hi, I vote for 10. Best wishes Günter Am 27. September 2016 09:19:38 MESZ, schrieb Laura Royet <lro...@linagora.com>: >Hi, > >* VOTE FOR LOGO NUMBER: 10. > >Regards, > >Laura > > >Le 26/09/2016 à 16:04, Laura Royet a écrit : >> Hi everyone, >> >> This emails opens the *single vote ballot* for *James log**o*. >> Below are the detailed explanation. >> >> **Who ca**n vote :* all the recipients of this email. >> Deadline :Monday, 3 October 2016 at 18:00 UTC*. >> >> *How to vo**te : >> **You have two options : **choosing**one of the **proposals between >> the 10 submitted *on : http://james.apache.org/#tabs-4 or *give a >> blank vote*. >> >> *So please complete the appropriate field below **:* >> * VOTE FOR LOGO NUMBER: >> * AGAINST PROPOSED LOGOS, WAIT MORE TIME FOR NEW CHOICES : >> >> >> >> The proposal collecting the most votes will become James new logo! >> >> Thank you in advance for participating. >> >> Regards, >> >> Laura >> >> > > >----- >To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >For additional commands, e-mail: server-user-h...@james.apache.org -- Günter Paul Hirschbachstr. 4a 53506 Ahrbrück
AW: cosmo server, rise from the dead
Vom HTC Touch Diamond gesendet - Ursprüngliche Nachricht - Von: Darko Hojnik hoj...@virtualizing.org Gesendet: Donnerstag, 7. April 2011 20:57 An: server-user@james.apache.org Betreff: cosmo server, rise from the dead Hello there, I think about my last posts about LDAP it will takes some time to use Apache James with LDAP. But also I've seen the Apache Foundation has no project about a groupware. I still didn't tried Apache HUPA because I've not enough time and resources. But I've remembered me about the OASF Chandler project. They have a calendar server called cosmo. The project seems to be dead, but the software should be under the Apache Softwarelicence 2. So if cosmo and chandler will be combined it could be the codebase to start a groupwareproject. Comments.? kind regards Darko - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
