Sorry Dwayne for been so late.
This works for me...
# keytool -genkey -alias james -keyalg RSA -keystore
/path/to/james/conf/keystore
... (use the same password as in smtpserver.xml)
smtpserver.xml:
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!-- See http://james.apache.org/server/3/config.html for usage -->
<smtpserver enabled="true">
<bind>0.0.0.0:465</bind>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="true" startTLS="false">
<keystore>file://conf/keystore</keystore>
<secret>password</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit> 0 </connectionLimit>
<connectionLimitPerIP> 0 </connectionLimitPerIP>
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
<authRequired>true</authRequired>
<verifyIdentity>true</verifyIdentity>
<maxmessagesize>0</maxmessagesize>
<addressBracketsEnforcement>true</addressBracketsEnforcement>
<handlerchain enableJmx="true">
<handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
norman-maurers-macbook-pro:~ norman$ /usr/bin/openssl s_client -quiet
-connect localhost:465
depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown
verify return:1
220 192.168.0.208 SMTP Server (JAMES SMTP Server) ready Thu, 9 Jun
2011 20:31:07 +0200 (CEST)
The tests were made after I just untarred the release..
Hope it helps,
Norman
2011/6/6 Dwayne Nelson <[email protected]>:
> Great, thanks! I will look out for it. Please also let me know which build
> it corresponds to -- the main page suggests 3.0-M3 has released but
> currently still provides the link for M2 only.
>
> -Dwayne
>
> On 6/4/2011 10:57 AM, Norman Maurer wrote:
>>
>> Imn currently on-the-road butI will try to provide you one later today.
>>
>> Bye
>> Norman
>>
>> Am Samstag, 4. Juni 2011 schrieb Dwayne Nelson<[email protected]>:
>>>
>>> Does anyone have a working sample configuration for TLS (complete with a
>>> sample keystore and corresponding smtpserver.xml) that they wouldn't mind
>>> sharing?
>>>
>>> I am not able to tell what is not working with mine -- I only know that
>>> james will shut down after a few seconds and it never answers on part 465.
>>> I feel like it would be a lot easier to customize the configuration if I
>>> was able to successfully launch using a reference TLS configuration.
>>>
>>> -Dwane
>>>
>>> On 06/03/2011 07:15 AM, Dwayne Nelson wrote:
>>>
>>> So I tried TLS on 465 using the existing smtpserver.xml file by added the
>>> TLS block and had a similar result (James exits without warning or error).
>>> In this case the only changes I made to the default configuration were the
>>> following:
>>>
>>> (1) Added james.keystore to james/conf and
>>>
>>> (2) Added the TLS block to smtpserver.xml
>>>
>>> (3) Commented out the setting for authorizedAddresses
>>>
>>> full config file below:
>>>
>>> <smtpserver enabled="true">
>>> <bind>0.0.0.0:465</bind>
>>> <connectionBacklog>200</connectionBacklog>
>>> <tls socketTLS="true" startTLS="false">
>>> <keystore>file://conf/james.keystore</keystore>
>>> <secret>password</secret>
>>> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>>> </tls>
>>> <connectiontimeout>360</connectiontimeout>
>>> <connectionLimit> 0</connectionLimit>
>>> <connectionLimitPerIP> 0</connectionLimitPerIP>
>>>
>>> <!--
>>> <authorizedAddresses>127.0.0.0/8</authorizedAddresses>
>>> -->
>>>
>>> <authRequired>true</authRequired>
>>> <verifyIdentity>true</verifyIdentity>
>>> <maxmessagesize>0</maxmessagesize>
>>> <addressBracketsEnforcement>true</addressBracketsEnforcement>
>>> <handlerchain enableJmx="true">
>>> <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
>>> <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
>>> </handlerchain>
>>> </smtpserver>
>>>
>>> If this configuration is working for others, there might be something
>>> wrong with my keystore file. But if that was the case, I would hope to see
>>> some sort of error message.
>>>
>>> -Dwayne
>>>
>>> On 05/27/2011 05:36 AM, Eric Charles wrote:
>>>
>>> Hi,
>>>
>>> The multiport is for now a hack with the spring definitions.
>>> Before this, may I ask you if you succeed to make it work with a single
>>> encrypted port. The procedure on [1] should work (no need for
>>> sunjce_provider.jar).
>>>
>>> If single port works, we can review the multiport (there may be changes
>>> in spring since last time we tried it).
>>>
>>> Tks,
>>> Eric
>>>
>>> [1]
>>> http://people.apache.org/~eric/james/20110517/site/config-ssl-tls.html
>>>
>>> On 26/05/2011 22:26, Dwayne Nelson wrote:
>>>
>>> I did try using a later snapshot and the behavior was the same. When I
>>> changed the debugging level, I did not notice any errors associated with
>>> the new smtpserver-ssl section. Instead, I noted exception thrown
>>> relating to jackrabbit. Is there a how-to/quick-start guide covering
>>> multi-port (25/465) smtp servers?
>>>
>>> From a new installation, here are the steps that I am taking:
>>>
>>> (1) copy sunjce_provider.jar to james/lib (if it isn't already there)
>>>
>>> I've also had to do a chmod a-x james/bin/wrapper-linux-x86-32 to
>>> prevent an error (I'm running on Natty 64-bit)
>>>
>>> (2) modify james/conf/context/james-server-context.xml to add a section
>>> for smtpserver-ssl (right after the section for smtpserver). Here is the
>>> full text of what I add:
>>>
>>> <!--
>>> SMTP Server SSL
>>> -->
>>> <bean id="smtpserver-ssl"
>>> class="org.apache.james.smtpserver.netty.SMTPServer">
>>> <property name="protocolHandlerChain"
>>> ref="smtpProtocolHandlerChain-ssl"/>
>>> </bean>
>>> <bean id="smtpProtocolHandlerChain-ssl"
>>>
>>> class="org.apache.james.container.spring.bean.postprocessor.ProtocolHandlerChainPostProcessor">
>>>
>>> <property name="coreHandlersPackage"
>>> value="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
>>> <property name="beanName" value="smtpserver-ssl"/>
>>> </bean>
>>>
>>> (3) add smtpserver-ssl.xml to james/conf (with appropriate password and
>>> configured for socketTLS) -- there is already a file for port 25. Here
>>> are the contents of my new file:
>>>
>>> <smtpserver enabled="true">
>>> <bind>0.0.0.0:465</bind>
>>> <connectionBacklog>200</connectionBacklog>
>>> <tls socketTLS="true" startTLS="false">
>>> <keystore>file://conf/james.keystore></keystore>
>>> <secret>thisisnotreallymysecretpassword</secret>
>>> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>>> </tls>
>>> <jmxName>smtpserver-ssl</jmxName>
>>> <handler>
>>> <helloName autodetect="false">localhost.tld</helloName>
>>> <connectiontimeout>360</connectiontimeout>
>>> <connectionLimit> 0</connectionLimit>
>>> <connectionLimitPerIP> 0</connectionLimitPerIP>
>>> <authRequired>true</authRequired>
>>> <maxmessagesize>0</maxmessagesize>
>>> <addressBracketsEnforcement>true</addressBracketsEnforcement>
>>> <handlerchain>
>>> <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler" />
>>> <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader" />
>>> </handlerchain>
>>> </handler>
>>> </smtpserver>
>>>
>>> (4) add james.keystore to james/conf
>>>
>>> I'm pretty sure that's all I'm doing. Have I omitted something obvious?
>>>
>>> -Dwayne
>>>
>>> On 5/25/2011 10:40 AM, Eric Charles wrote:
>>>
>>> Hi,
>>>
>>> Sorry, seems like your last mail was unanswered.
>>>
>>> Let us know the results, but latest snapshot should not change the
>>> behavior on that level. You should see some exceptions in
>>> james-server.log (you can change the debugging level if needed in
>>> log4j.properties)
>>>
>>> Tks,
>>> - Eric
>>>
>>> On 25/05/2011 16:11, Dwayne Nelson wrote:
>>>
>>> I will try a newer snapshot today and see if that solves the problem.
>>>
>>> On 5/23/2011 07:13 PM, Dwayne Nelson wrote:
>>>
>>> Right - it doesn't exist. I was following the link from this page:
>>>
>>> http://people.apache.org/~eric/james/20110517/site/config.html
>>>
>>> But yes, your link [1] gets me the file I was looking for.
>>>
>>> In reading it over again closely, I noted that I need to make a change
>>> to conf/context/james-server-context.xml as well. I added the block
>>> specified in the sample file and restarted, but James does not
>>> initialize and quietly exits ... here is the only new message that
>>> appears in the james-server.log file:
>>>
>>> INFO 22:53:08,519 |
>>> org.apache.james.container.spring.context.JamesServerApplicationContext
>>> |
>>> Refreshing
>>>
>>> org.apache.james.container.spring.context.JamesServerApplicationContext@36baa466:
>>>
>>> startup date [Mon May 23 22:53:08 UTC 2011]; root of context hierarchy
>>>
>>> Where should I be looking for any thrown exceptions?
>>>
>>> -Dwayne
>>>
>>> On 05/23/2011 06:17 AM, Eric Charles wrote:
>>>
>>> Hi,
>>>
>>> The link you gave does not exist.
>>> Are you talking about [1] ?
>>>
>>> If this is the case, don't forget to update the spring configuration
>>> file as written in [1]
>>>
>>> If you want to be sure your smtpserver-ssl.xml is really processed,
>>> simply put a bad tag inside and you should see an exception on
>>> startup :)
>>>
>>> Tks,
>>>
>>> Eric
>>>
>>> [1]
>>>
>>> https://svn.apache.org/repos/asf/james/server/trunk/container-spring/src/main/config/examples/smtpserver-ssl.xml
>>>
>>>
>>>
>>> On 22/05/2011 22:10, Dwayne Nelson wrote:
>>>
>>> I can't find any linked examples for SMTP on port 465 and I am not
>>> sure
>>> if James is even looking at my new configuration file
>>> (smtpserver-ssl.xml) -- no reference to port 465 appears in my
>>> server logs.
>>>
>>> This is where I looked for example information:
>>>
>>>
>>> https://svn.apache.org/repos/asf/james/server/tags/james-server-3.0-M3/container-spring/src/main/config/examples/smtpserver.xml
>>>
>>>
>>>
>>>
>>> -Dwayne
>>>
>>> On 05/17/2011 07:57 AM, Eric Charles wrote:
>>>
>>> Hi Daniel,
>>>
>>> You can read a snapshot of the server website on [1] that is in-line
>>> with the upcoming beta release.
>>>
>>> The quick start has been updated to reflect current code.
>>> For SSL [2] and Antispam [3], this is still draft (go to the linked
>>> examples to have some ideas :)
>>>
>>> Tks,
>>> - Eric
>>>
>>> [1] http://people.apache.org/~eric/james/20110517/site/index.html
>>> [2]
>>> http://people.apache.org/~eric/james/20110517/site/config-ssl-tls.html
>>>
>>> [3]
>>> http://people.apache.org/~eric/james/20110517/site/config-antispam.html
>>>
>>>
>>>
>>> On 17/05/2011 05:27, Daniel Tan wrote:
>>>
>>> Hi eric,
>>>
>>> where will the links be updated for ssl and spam?
>>>
>>> regards,
>>> daniel
>>>
>>> On 11-May-2011, at 10:54 PM, Eric Charles wrote:
>>>
>>>
>>> Hi,
>>>
>>> See also http://james.apache.org/server/3/quick-start.html.
>>> You must edit database.properties and change the values
>>> according to
>>> your database (+ place the mysql jdbc driver in conf/lib folder).
>>>
>>> For SSL and spam, the documentation will be available online begin
>>> next week (we are in the process of releasing a new 3.0-M3
>>> milestone).
>>>
>>> Tks,
>>>
>>> - Eric
>>>
>>>
>>> On 11/05/2011 16:39, Daniel Tan wrote:
>>>
>>> hi,
>>>
>>> i am trying my hand in implementing james with ssl/spam/mysql.
>>>
>>> at this link http://wiki.apache.org/james/V3ConfigTutorial, i
>>> have
>>> followed the instructions but when i telnet to localhost 4555, i
>>> tried to adduser test test, the logs throws connection refused.
>>>
>>> ** END NESTED EXCEPTION **
>>>
>>>
>>>
>>> Last packet sent to the server was 1 ms ago.)
>>> at
>>>
>>> org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.lib.jdbc.DelegatingDataSource.getConnection(DelegatingDataSource.java:137)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.lib.jdbc.DecoratingDataSource.getConnection(DecoratingDataSource.java:112)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.jdbc.schema.DataSourceFactory.installDBDictionary(DataSourceFactory.java:239)
>>>
>>>
>>>
>>> ... 60 more
>>> Caused by: com.mysql.jdbc.CommunicationsException: Communications
>>> link failure due to underlying exception:
>>>
>>> ** BEGIN NESTED EXCEPTION **
>>>
>>> java.net.SocketException
>>> MESSAGE: java.net.ConnectException: Connection refused
>>>
>>> STACKTRACE:
>>>
>>> java.net.SocketException: java.net.ConnectException: Connection
>>> refused
>>> at
>>>
>>> com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:156)
>>>
>>>
>>>
>>> at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:284)
>>> at com.mysql.jdbc.Connection.createNewIO(Connection.java:2569)
>>> at com.mysql.jdbc.Connection.<init>(Connection.java:1485)
>>> at
>>>
>>> com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1388)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.lib.jdbc.DelegatingDataSource.getConnection(DelegatingDataSource.java:137)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.lib.jdbc.DecoratingDataSource.getConnection(DecoratingDataSource.java:112)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.jdbc.schema.DataSourceFactory.installDBDictionary(DataSourceFactory.java:239)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.jdbc.conf.JDBCConfigurationImpl.getConnectionFactory(JDBCConfigurationImpl.java:728)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.jdbc.conf.JDBCConfigurationImpl.getDataSource(JDBCConfigurationImpl.java:867)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.jdbc.kernel.JDBCStoreManager.getDataSource(JDBCStoreManager.java:176)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.jdbc.kernel.JDBCStoreManager.setContext(JDBCStoreManager.java:159)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.jdbc.kernel.JDBCStoreManager.setContext(JDBCStoreManager.java:145)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.kernel.DelegatingStoreManager.setContext(DelegatingStoreManager.java:79)
>>>
>>>
>>>
>>> at
>>> org.apache.openjpa.kernel.BrokerImpl.initialize(BrokerImpl.java:360)
>>>
>>>
>>> at
>>> org.apache.openjpa.kernel.BrokerImpl.initialize(BrokerImpl.java:315)
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.kernel.AbstractBrokerFactory.initializeBroker(AbstractBrokerFactory.java:231)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.kernel.AbstractBrokerFactory.newBroker(AbstractBrokerFactory.java:215)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.kernel.DelegatingBrokerFactory.newBroker(DelegatingBrokerFactory.java:156)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:227)
>>>
>>>
>>>
>>> at
>>>
>>> org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:154)
>>>
>>>
>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>>
>>>
>>> at
>>>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>>
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>> at
>>>
>>> org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.invokeProxyMethod(AbstractE
>>>
>>>
>>>
>>>
>>>
>>>
>>> for ssl, found this link http://wiki.apache.org/james/UsingSSL
>>> but
>>> it is outdated and only for v2. trying to find a guide for v3.
>>>
>>> for spam, found this link but very outdated.
>>>
>>> http://www.google.com.sg/url?sa=t&source=web&cd=5&ved=0CDMQFjAE&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fwhitepapers%2Femail%2Fimplementing-spam-filtering-gateway-apache-james_1358&rct=j&q=implement%20apache%20james%20spam&ei=bp_KTd7eHY7JrQeN3JzpDw&usg=AFQjCNH0rWTaVXZw5mXRdLlDqxewWkdArA&sig2=kMd7nb4ABMqfcZiZ8NrfRg&cad=rja
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail:
>>> [email protected]
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>>
>>> -----------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
