Hi Eric! Bingo! Success!
That was it... 1) pop3 and smpt are now working with TLS 2) My gmail account can be polled by James. One comment, though: http://wiki.apache.org/james/UsingSSL states: 1) Download the appropriate bcprov-jdkxx-yyy.jar from http://www.bouncycastle.org/latest_releases.html (where xx is the jdk release and yyy is the Bouncy Castle release - bcprov-jdk14-124.jar is the current one for JRE 1.4.x at the beginning of July 2004). 2) Put the jar in the {james}\lib directory (warning: not in the {james}\apps\james\SAR-INF\lib directory!). 3) Edit the {Program Files}\Java\j2re1.4.2\lib\security\java.security file, adding a security.provider.n=org.bouncycastle.jce.provider.BouncyCastleProvider line to the other security.provider lines, where n is the preference order. 4) Restart James, and Mozilla will work with SSL! Removing this false information would save the time of guys like me as well as yours... Your help has been greatly appreciated. I will continue studying James in more details. For the moment James does the job I need. Thanks again JL Quote: > Hi Jean Luc, > > I don't know if it will solve it, but could you remove the bouncy castle > jar and replace it with the sunjce_provider.jar. > > Documentation says " The Bouncy Castle bcprov*.jar won't make it". > > "With JRE 1.5+ you must copy the *Sun* JCE provider from {Program > Files}\Java\j2re1.5.n_nn\lib\ext\sunjce_provider.jar file into the > {james}\lib directory (warning: not in the {james}\apps\james\SAR-INF\lib > directory!). The Bouncy Castle bcprov*.jar won't make it. " > > Tks, > > Eric > > > > On 2/10/2010 19:00, Jean Luc Guislain wrote: > >> Hi Eric! >> >> I drive the last model: jdk1.6.0_21 >> >> I put bcprov-jdk16-145.jar in /opt/james-2.3.2/lib >> >> I put james.keystore here: >> >> /usr/lib/jdk1.6.0_21/bin/keytool -genkey -alias james -keyalg RSA >> -keystore >> >> /opt/james-2.3.2/apps/james/conf/james.keystore >> >> and of course: >> >> <factory name="ssl" >> >> class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory"> >> <ssl-factory> >> <keystore> >> <file>/opt/james-2.3.2/apps/james/conf/james.keystore</file> >> <password>secret</password> >> <key-password>secret</key-password> >> <type>JKS</type> >> <protocol>TLS</protocol> >> <algorithm>SunX509</algorithm> >> <authenticate-client>false</authenticate-client> >> </keystore> >> </ssl-factory> >> </factory> >> >> However it seems the problems's here: >> >> bash-4.1# openssl s_client -host Darkstar -port 995 >> CONNECTED(00000003) >> depth=0 /C=CA/ST=Quebec/L=Montreal/O=IFM Marketing/OU=IFM/CN=ifm.ath.cx >> verify error:num=18:self signed certificate >> verify return:1 >> depth=0 /C=CA/ST=Quebec/L=Montreal/O=IFM Marketing/OU=IFM/CN=ifm.ath.cx >> verify return:1 >> 2530:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal >> error:s3_pkt.c:1102:SSL alert number 80 >> 2530:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake >> failure:s23_lib.c:188: >> >> and this in the pop3 log file: >> >> 02/10/10 12:53:50 ERROR pop3server: Exception during connection from >> Darkstar.ifm.ath.cx (190.186.137.82) : Connection has been shutdown: >> javax.net.ssl.SSLException: java.security.ProviderException: >> >> java.security.NoSuchAlgorithmException: SunTlsMasterSecret KeyGenerator >> not >> available >> javax.net.ssl.SSLException: Connection has been shutdown: >> javax.net.ssl.SSLException: java.security.ProviderException: >> >> java.security.NoSuchAlgorithmException: SunTlsMasterSecret KeyGenerator >> not >> available >> >> Any idea? >> >> Tks >> >> >> >> On Sat, Oct 2, 2010 at 11:02 AM, Eric Charles<[email protected]> wrote: >> >> >> Hi Jean Luc, >>> >>> So desperately looking for the Algorithm... >>> Did you see http://markmail.org/message/ve5cnw6ufzsscn3p ? >>> >>> Which jdk version do you run? >>> If 1.4, I would upgrade to 1.5+ to simply copy the sunjce_provider.jar in >>> {james}\lib directory (warning: not in the {james}\apps\james\SAR-INF\lib >>> directory!). >>> With 1.5+, you don't depend on bouncycastle. >>> >>> Tks, >>> >>> Eric >>> >>> >>> >>> On 2/10/2010 12:36, Jean Luc Guislain wrote: >>> >>> Hi Eric! >>>> >>>> Thank you for your help. I am progressing slowly >>>> I configured James with TLS. >>>> I can't connect to James' pop server (using Opera's mail client under >>>> TLS) >>>> I get the error message in the pop3 log file: >>>> >>>> Caused by: java.security.ProviderException: >>>> java.security.NoSuchAlgorithmException: SunTlsMasterSecret KeyGenerator >>>> not >>>> available >>>> >>>> What should I do? >>>> >>>> >>>> >>>> On Tue, Aug 31, 2010 at 1:07 PM, Jean Luc Guislain< >>>> [email protected] >>>> >>>>> wrote: >>>>> >>>> Hi Eric >>>> >>>>> Thank you for your email. >>>>> Since I was new to James, I have spent some time to study the >>>>> configuartion >>>>> files in full details >>>>> I set up james on a fixed IP 190.186.137.82 servername ifm.ath.cx >>>>> My email address is [email protected] >>>>> Yes! It's working fine! >>>>> I want to replace a Communigate server with James and take advantage to >>>>> learn a little bit of Java on the fly... >>>>> I configured SSL according to the instructions given here: >>>>> http://wiki.apache.org/james/UsingSSL >>>>> I executed: >>>>> # keytool -genkey -alias james -keyalg RSA -keystore >>>>> /opt/james-2.3.2/apps/james/conf/keystore >>>>> The log files are clean. >>>>> However, when I try to login to ifm.ath.cx with Opera or Thunderbird >>>>> (both >>>>> latest versions) the connection does not occur and I get the message >>>>> "Connection to the POP server failed" >>>>> How come? >>>>> Would you have any idea why? >>>>> Best rgds >>>>> JL >>>>> >>>>> On Fri, Aug 27, 2010 at 10:03 AM, Eric Charles<[email protected]> >>>>> wrote: >>>>> >>>>> Hi Jean Luc, >>>>> >>>>>> I tried to fetchmail gmail with James 3.0. >>>>>> There was a few problems with 3.0 src code ( >>>>>> https://issues.apache.org/jira/browse/JAMES-1038) >>>>>> >>>>>> If you work with James 2.3 (I think the config is the same), following >>>>>> config should work (it worked for me with James 3.0 trunk + >>>>>> JAMES-1038). >>>>>> Once fetched, mails are marked SEEN, but are not removed from gmail. >>>>>> >>>>>> Before testing this, ensure you can reach you gmail account with your >>>>>> favorite IMAP client. >>>>>> >>>>>> Tks, >>>>>> >>>>>> Eric >>>>>> >>>>>> <?xml version="1.0"?> >>>>>> <fetchmail enabled="true"> >>>>>> <fetch name="gmail.com"> >>>>>> <accounts> >>>>>> <account user="[email protected]" password="YOUR_PASSWORD" >>>>>> recipient="YOUR_EMAIL_ADDRESS_IN_JAMES" ignorercpt-header="true"/> >>>>>> </accounts> >>>>>> <host>imap.gmail.com</host> >>>>>> <interval>6000</interval> >>>>>> <javaMailProviderName>imap</javaMailProviderName> >>>>>> <javaMailFolderName>INBOX</javaMailFolderName> >>>>>> <javaMailProperties> >>>>>> <property name="mail.imap.ssl.enable" value="true"/> >>>>>> </javaMailProperties> >>>>>> <fetchall>false</fetchall> >>>>>> <recursesubfolders>false</recursesubfolders> >>>>>> <defaultdomain>localhost</defaultdomain> >>>>>> <fetched leaveonserver="true" markseen="true"/> >>>>>> <remotereceivedheader index="1" reject="true" leaveonserver="true" >>>>>> markseen="false"/> >>>>>> <maxmessagesize limit="0" reject="false" leaveonserver="true" >>>>>> markseen="false"/> >>>>>> <undeliverable leaveonserver="true" markseen="false"/> >>>>>> <recipientnotfound defer="true" reject="true" leaveonserver="true" >>>>>> markseen="false"/> >>>>>> <blacklist reject="true" leaveonserver="true" markseen="false"> >>>>>> wib...@localhost, flob...@localhost</blacklist> >>>>>> <userundefined reject="true" leaveonserver="true" markseen="false" /> >>>>>> <remoterecipient reject="true" leaveonserver="true" markseen="false" >>>>>> /> >>>>>> </fetch> >>>>>> </fetchmail> >>>>>> >>>>>> >>>>>> >>>>>> On 25/08/2010 20:28, Jean Luc Guislain wrote: >>>>>> >>>>>> I would like to know if somebody has a working >>>>>> >>>>>>> james-fetchmail.xml >>>>>>> >>>>>>> file to poll a pop gmail account. >>>>>>> >>>>>>> Rgs, >>>>>>> JL >>>>>>> >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> >>>>>> To unsubscribe, e-mail: [email protected] >>>>>> For additional commands, e-mail: [email protected] >>>>>> >>>>>> >>>>>> >>>>>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >>> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
