Re: trying my hand @ james ssl/spam/mysql

Fri, 03 Jun 2011 04:16:31 -0700

So I tried TLS on 465 using the existing smtpserver.xml file by added the TLS block and had a similar result (James exits without warning or error). In this case the only changes I made to the default configuration were the following: 

(1) Added james.keystore to james/conf and

(2) Added the TLS block to smtpserver.xml

(3) Commented out the setting for authorizedAddresses

full config file below:

<smtpserver enabled="true">
<bind>0.0.0.0:465</bind>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="true" startTLS="false">
<keystore>file://conf/james.keystore</keystore>
<secret>password</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit> 0 </connectionLimit>
<connectionLimitPerIP> 0 </connectionLimitPerIP>

<!--
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
-->

<authRequired>true</authRequired>
<verifyIdentity>true</verifyIdentity>
<maxmessagesize>0</maxmessagesize>
<addressBracketsEnforcement>true</addressBracketsEnforcement>
<handlerchain enableJmx="true">
<handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
If this configuration is working for others, there might be something wrong with my keystore file. But if that was the case, I would hope to see some sort of error message. 

-Dwayne

On 05/27/2011 05:36 AM, Eric Charles wrote:

Hi,

The multiport is for now a hack with the spring definitions.
Before this, may I ask you if you succeed to make it work with a single encrypted port. The procedure on [1] should work (no need for sunjce_provider.jar).
If single port works, we can review the multiport (there may be changes in spring since last time we tried it). 

Tks,
Eric
[1] http://people.apache.org/~eric/james/20110517/site/config-ssl-tls.html 

On 26/05/2011 22:26, Dwayne Nelson wrote:

I did try using a later snapshot and the behavior was the same. When I
changed the debugging level, I did not notice any errors associated with
the new smtpserver-ssl section. Instead, I noted exception thrown
relating to jackrabbit. Is there a how-to/quick-start guide covering
multi-port (25/465) smtp servers?

 From a new installation, here are the steps that I am taking:

(1) copy sunjce_provider.jar to james/lib (if it isn't already there)

I've also had to do a chmod a-x james/bin/wrapper-linux-x86-32 to
prevent an error (I'm running on Natty 64-bit)

(2) modify james/conf/context/james-server-context.xml to add a section
for smtpserver-ssl (right after the section for smtpserver). Here is the
full text of what I add:

<!--
SMTP Server SSL
-->
<bean id="smtpserver-ssl"
class="org.apache.james.smtpserver.netty.SMTPServer">
<property name="protocolHandlerChain" ref="smtpProtocolHandlerChain-ssl"/> 
</bean>
<bean id="smtpProtocolHandlerChain-ssl"
class="org.apache.james.container.spring.bean.postprocessor.ProtocolHandlerChainPostProcessor"> 

<property name="coreHandlersPackage"
value="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
<property name="beanName" value="smtpserver-ssl"/>
</bean>

(3) add smtpserver-ssl.xml to james/conf (with appropriate password and
configured for socketTLS) -- there is already a file for port 25. Here
are the contents of my new file:

<smtpserver enabled="true">
<bind>0.0.0.0:465</bind>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="true" startTLS="false">
<keystore>file://conf/james.keystore></keystore>
<secret>thisisnotreallymysecretpassword</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
</tls>
<jmxName>smtpserver-ssl</jmxName>
<handler>
<helloName autodetect="false">localhost.tld</helloName>
<connectiontimeout>360</connectiontimeout>
<connectionLimit> 0 </connectionLimit>
<connectionLimitPerIP> 0 </connectionLimitPerIP>
<authRequired>true</authRequired>
<maxmessagesize>0</maxmessagesize>
<addressBracketsEnforcement>true</addressBracketsEnforcement>
<handlerchain>
<handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler" /> 
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader" />
</handlerchain>
</handler>
</smtpserver>

(4) add james.keystore to james/conf

I'm pretty sure that's all I'm doing. Have I omitted something obvious?

-Dwayne

On 5/25/2011 10:40 AM, Eric Charles wrote:

Hi,

Sorry, seems like your last mail was unanswered.

Let us know the results, but latest snapshot should not change the
behavior on that level. You should see some exceptions in
james-server.log (you can change the debugging level if needed in
log4j.properties)

Tks,
- Eric

On 25/05/2011 16:11, Dwayne Nelson wrote:

I will try a newer snapshot today and see if that solves the problem.

On 5/23/2011 07:13 PM, Dwayne Nelson wrote:

Right - it doesn't exist. I was following the link from this page:

http://people.apache.org/~eric/james/20110517/site/config.html

But yes, your link [1] gets me the file I was looking for.
In reading it over again closely, I noted that I need to make a change 
to conf/context/james-server-context.xml as well. I added the block
specified in the sample file and restarted, but James does not
initialize and quietly exits ... here is the only new message that
appears in the james-server.log file:

INFO 22:53:08,519 |
org.apache.james.container.spring.context.JamesServerApplicationContext 
|
Refreshing
org.apache.james.container.spring.context.JamesServerApplicationContext@36baa466:
startup date [Mon May 23 22:53:08 UTC 2011]; root of context hierarchy 

Where should I be looking for any thrown exceptions?

-Dwayne

On 05/23/2011 06:17 AM, Eric Charles wrote:

Hi,

The link you gave does not exist.
Are you talking about [1] ?

If this is the case, don't forget to update the spring configuration
file as written in [1]

If you want to be sure your smtpserver-ssl.xml is really processed,
simply put a bad tag inside and you should see an exception on
startup :)

Tks,

Eric

[1]
https://svn.apache.org/repos/asf/james/server/trunk/container-spring/src/main/config/examples/smtpserver-ssl.xml 



On 22/05/2011 22:10, Dwayne Nelson wrote:

I can't find any linked examples for SMTP on port 465 and I am not
sure
if James is even looking at my new configuration file
(smtpserver-ssl.xml) -- no reference to port 465 appears in my
server logs.

This is where I looked for example information:
https://svn.apache.org/repos/asf/james/server/tags/james-server-3.0-M3/container-spring/src/main/config/examples/smtpserver.xml 




-Dwayne

On 05/17/2011 07:57 AM, Eric Charles wrote:

Hi Daniel,
You can read a snapshot of the server website on [1] that is in-line 
with the upcoming beta release.

The quick start has been updated to reflect current code.
For SSL [2] and Antispam [3], this is still draft (go to the linked 
examples to have some ideas :)

Tks,
- Eric

[1] http://people.apache.org/~eric/james/20110517/site/index.html
[2]
http://people.apache.org/~eric/james/20110517/site/config-ssl-tls.html 

[3]
http://people.apache.org/~eric/james/20110517/site/config-antispam.html 



On 17/05/2011 05:27, Daniel Tan wrote:

Hi eric,

where will the links be updated for ssl and spam?

regards,
daniel

On 11-May-2011, at 10:54 PM, Eric Charles wrote:


Hi,

See also http://james.apache.org/server/3/quick-start.html.
You must edit database.properties and change the values
according to
your database (+ place the mysql jdbc driver in conf/lib folder).
For SSL and spam, the documentation will be available online begin 
next week (we are in the process of releasing a new 3.0-M3
milestone).

Tks,

- Eric


On 11/05/2011 16:39, Daniel Tan wrote:

hi,

i am trying my hand in implementing james with ssl/spam/mysql.

at this link http://wiki.apache.org/james/V3ConfigTutorial, i
have
followed the instructions but when i telnet to localhost 4555, i 
tried to adduser test test, the logs throws connection refused.

** END NESTED EXCEPTION **



Last packet sent to the server was 1 ms ago.)
at
org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549) 



at
org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) 



at
org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) 



at
org.apache.openjpa.lib.jdbc.DelegatingDataSource.getConnection(DelegatingDataSource.java:137) 



at
org.apache.openjpa.lib.jdbc.DecoratingDataSource.getConnection(DecoratingDataSource.java:112) 



at
org.apache.openjpa.jdbc.schema.DataSourceFactory.installDBDictionary(DataSourceFactory.java:239) 



... 60 more
Caused by: com.mysql.jdbc.CommunicationsException: Communications 
link failure due to underlying exception:

** BEGIN NESTED EXCEPTION **

java.net.SocketException
MESSAGE: java.net.ConnectException: Connection refused

STACKTRACE:

java.net.SocketException: java.net.ConnectException: Connection
refused
at
com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:156) 



at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:284)
at com.mysql.jdbc.Connection.createNewIO(Connection.java:2569)
at com.mysql.jdbc.Connection.<init>(Connection.java:1485)
at
com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266) 



at
org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38) 



at
org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582) 



at
org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556) 



at
org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545) 



at
org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388) 



at
org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) 



at
org.apache.openjpa.lib.jdbc.DelegatingDataSource.getConnection(DelegatingDataSource.java:137) 



at
org.apache.openjpa.lib.jdbc.DecoratingDataSource.getConnection(DecoratingDataSource.java:112) 



at
org.apache.openjpa.jdbc.schema.DataSourceFactory.installDBDictionary(DataSourceFactory.java:239) 



at
org.apache.openjpa.jdbc.conf.JDBCConfigurationImpl.getConnectionFactory(JDBCConfigurationImpl.java:728) 



at
org.apache.openjpa.jdbc.conf.JDBCConfigurationImpl.getDataSource(JDBCConfigurationImpl.java:867) 



at
org.apache.openjpa.jdbc.kernel.JDBCStoreManager.getDataSource(JDBCStoreManager.java:176) 



at
org.apache.openjpa.jdbc.kernel.JDBCStoreManager.setContext(JDBCStoreManager.java:159) 



at
org.apache.openjpa.jdbc.kernel.JDBCStoreManager.setContext(JDBCStoreManager.java:145) 



at
org.apache.openjpa.kernel.DelegatingStoreManager.setContext(DelegatingStoreManager.java:79) 



at
org.apache.openjpa.kernel.BrokerImpl.initialize(BrokerImpl.java:360) 


at
org.apache.openjpa.kernel.BrokerImpl.initialize(BrokerImpl.java:315) 


at
org.apache.openjpa.kernel.AbstractBrokerFactory.initializeBroker(AbstractBrokerFactory.java:231) 



at
org.apache.openjpa.kernel.AbstractBrokerFactory.newBroker(AbstractBrokerFactory.java:215) 



at
org.apache.openjpa.kernel.DelegatingBrokerFactory.newBroker(DelegatingBrokerFactory.java:156) 



at
org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:227) 



at
org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:154) 



at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 



at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 



at java.lang.reflect.Method.invoke(Method.java:597)
at
org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.invokeProxyMethod(AbstractE 






for ssl, found this link http://wiki.apache.org/james/UsingSSL
but
it is outdated and only for v2. trying to find a guide for v3.

for spam, found this link but very outdated.
http://www.google.com.sg/url?sa=t&source=web&cd=5&ved=0CDMQFjAE&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fwhitepapers%2Femail%2Fimplementing-spam-filtering-gateway-apache-james_1358&rct=j&q=implement%20apache%20james%20spam&ei=bp_KTd7eHY7JrQeN3JzpDw&usg=AFQjCNH0rWTaVXZw5mXRdLlDqxewWkdArA&sig2=kMd7nb4ABMqfcZiZ8NrfRg&cad=rja
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected] 
For additional commands, e-mail:
[email protected]
--------------------------------------------------------------------- 


To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--------------------------------------------------------------------- 

To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--------------------------------------------------------------------- 

To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--------------------------------------------------------------------- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to