I'm having some success using the onMessage method, and the DENY/DECLINE
semantics are exactly what I'm after.
The only question I have is that in the onMessage method, I have an
SMTPSession object and a Mail object. When I call Mail#getRemoteAddr this
always, *always* returns 127.0.0.1, regardless of where the mail is coming
from. However, if I use SMTPSession#getAttribute("CURRENT_HELO_NAME") then
I get the true remote IP address.
I don't know if CURRENT_HELO_NAME is set by James or by the connecting
agent, and therefore if it's a reliable way of determining the connecting
machine's remote IP or not.
I also don't know why MailImpl#getRemoteAddr always returns 127.0.0.1, but
if CURRENT_HELO_NAME is reliable, that doesn't matter so much.
Thanks,
Martin
On 1 April 2013 09:41, Martin Hewitt <[email protected]> wrote:
> Sorry, not the check() method, the onMessage method, as used in
> SpamAssassinHandler:
> https://james.apache.org/server/head/xref/org/apache/james/smtpserver/core/filter/fastfail/SpamAssassinHandler.html#145
>
> Martin
>
>
> On 1 April 2013 09:34, Martin Hewitt <[email protected]> wrote:
>
>> Hi Eric,
>>
>> I don't think that's quite what I'm looking for - unless I have to run
>> two servers - as I still need to enable remote access for delivery of
>> incoming messages.
>>
>> However, your comment got me looking in the smtpserver.conf instead of
>> the mailetcontainer.conf file, and I think, if I can create a custom
>> handler and insert it into the SMTP server handler chain, I can get access
>> to the SMTPSession in the check() method of the handler, from which I can
>> then use SMTPSession#getRemoteIPAddress in conjunction with the Mail object
>> to achieve what I need to.
>>
>> I think...
>>
>> Martin
>>
>>
>> On 31 March 2013 11:15, Eric Charles <[email protected]> wrote:
>>
>>> Hi,
>>>
>>> Did you look at authorizedAddresses [1] in smtpserver-template.xml ?
>>> It allows to configure the smptserver to accept only some originating
>>> addresses. Does it completely map your requirements (it sounds like, but
>>> not sure from your mail).
>>>
>>> Thx, Eric
>>>
>>>
>>> [1]
>>> <!-- Uncomment this if you want to authorize specific
>>> addresses/networks.
>>> If you use SMTP AUTH, addresses that match those
>>> specified here will
>>> be permitted to relay without SMTP AUTH. If you do not
>>> use SMTP
>>> AUTH, and you specify addreses here, then only addresses
>>> that match
>>> those specified will be permitted to relay.
>>>
>>> Addresses may be specified as a an IP address or domain
>>> name, with an
>>> optional netmask, e.g.,
>>>
>>> 127.*, 127.0.0.0/8, 127.0.0.0/255.0.0.0, and localhost/8
>>> are all the same
>>>
>>> See also the RemoteAddrNotInNetwork matcher in the
>>> transport processor.
>>> You would generally use one OR the other approach.
>>> -->
>>> <authorizedAddresses>127.0.0.**0/8 <http://127.0.0.0/8>
>>> </authorizedAddresses>
>>>
>>>
>>>
>>>
>>>
>>> On 29/03/2013 12:31, Martin Hewitt wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm building a system that uses the James SMTP server to send and
>>>> receive
>>>> messages. I intercept these messages with a custom mailet and feed them
>>>> into my system. However, when it comes to sending mail through the SMTP
>>>> server, there's a bit of difference.
>>>>
>>>> My users have an email address, which is configured in a database, I
>>>> have a
>>>> custom UserRepository that handles the verification of addresses.
>>>> However,
>>>> because users never login to James/IMAP directly, there's no real
>>>> concept
>>>> of a "password". This means I can't use conventional authentication,
>>>> but I
>>>> can't close off port 25, because I won't get incoming mail, but,
>>>> obviously,
>>>> I don't want to have an open SMTP relay running.
>>>>
>>>> What I'm looking to do is configure my mailets such that, if a message
>>>> is
>>>> destined for remote delivery (i.e. is an outgoing message) that the SMTP
>>>> server only allows such a delivery if the request originated from the
>>>> same
>>>> machine that the SMTP server is running on.
>>>>
>>>> I'm not sure how (or, even, if) I can get this information from the
>>>> Mailet/Matcher API - I think I'm more in Matcher territory than Mailet
>>>> territory - but the Matcher still only has access to the Mail object,
>>>> and I
>>>> think I'm probably a bit lower-level than that.
>>>>
>>>> Can/should I run two SMTP instances, one for incoming and one for
>>>> outgoing?
>>>> Can they have different Mailet chains?
>>>>
>>>> Not sure how best to achieve this!
>>>>
>>>> Martin
>>>>
>>>>
>>> ------------------------------**------------------------------**
>>> ---------
>>> To unsubscribe, e-mail:
>>> server-user-unsubscribe@james.**apache.org<[email protected]>
>>> For additional commands, e-mail:
>>> [email protected].**org<[email protected]>
>>>
>>>
>>
>
