Well, as I had similar issues the first time I used James I may can
provide some help. Be aware: This might be a longer message - just as
there're a lot of things that can lead to such problems.
Well, where should I start? I guess with the James server itself. I may
repeat myself as I already written it in my last mail as a reply to
another topic, but it may help anyway. Be aware: There're several ways
to get James working, this is just the way I did it.
1) clone stable James git repo: git clone --branch james-project-3.4.0
https://github.com/apache/james-project.git james-3.4.0
2) build it: mvn -DskipTests package (you need a jdk11 (technical with a
bit of tweaking it can be done with a jdk8) and may increase of 'ulimit
-n' as the default 1024 won't be sufficient)
3) after successful build copy
james-3.4.0/server/app/target/james-server-app-3.4.0-app.tar.gz (or
.zip) to the base folder you want it to have installed it and unpack it
4) make sure to check configs! here's a list of configs I set (this may
can vary for you):
4a) domainlist.xml line 50: defaultDomain - default set to localhost -
set your actual domain
4b) james-database.properties - if you want to use a database (like
mysql/mariadb) set your credentials and change the database type - if
not set James will use a local file based database
4c) mailetcontainer.xml: right up top set the postmaster address (usual
[email protected]), comment out the RemoteAddrNotInNetwork
matcher (about at the middle), add this to RemoteDelievery mailet:
<startTLS>true</startTLS> (yes, the spelling is important here - it has
to be small "start" and all-capital "TLS")
4d) smtpserver.xml (important to be able to receive mails from
external): enable SMTP AUTH by set the authRequired value to announce
(protection against open relay so only clients authed (logged in) can
send mails)
4e) optional: when you have set up a java keystore you can set it so
your SMTP server (and also IMAP/POP3) offer StartTLS
5) try to start your new James server first time with
<path-to-james>/bin/james console - if somethings doesn't work the start
up will fail with a more or less helpful message - if start up is
successful log will end with the line "start up in xxx seconds" or
something like this
5a) if you get the error that any port (25, 465, 587, 110, 995, 143,
993) is in use make sure to kill any other mail-related server
5b) if start up failed fix errors (sure, just ask here) - otherwise when
first test was ok kill the process with CTRL+C - then start it normal
with <james>/bin/james start (can take up to about 60sec - depend on the
power of the system)
6) add your domain via cli tool: <james>/bin/james-cli.sh -h localhost
AddDomain your-domain.example
7) add at least your postmaster: <james>/bin/james-cli.sh -h localhost
AddUser [email protected] securepassword
If you got so far James runs and is able to send and receive mails. Now
let's look at firewall and domain:
To be able to receive mails from other servers you have to open TCP/25
in your firewall - it's just the smtp standard port used by all servers
- there's just no way to tell another server to connect to another port
- if TCP/25 can't be reached from the outside world you cannot receive
mails from other servers. In addition to that you can open TCP/143 for
IMAP or TCP/110 for POP3 (yes, currently it's insecure as there's no
cryptography set up YET - we will get to this).
No the server and domain related stuff: Although possible otherwise,
James should run on a system set a fixed IP (dynamic IPs can be used
when you have some automatic DNS updater - but sending mails from
dynamic IP is often blocked as spam). Also this IP should have a PTR
correctly set to match the MX record of the domain.
As an example (I use my domain and IPs here as an example):
My domain is cryptearth.de. I have two James servers running, one on my
root server hosted at OVH and one on a small SoC at my home as a backup.
Hence I have two MX records: The default (priority 10) points to
mail.cryptearth.de wich just points to mail root server. As a backup if
my root fails I have the second MX record with a lower priority (20)
pointing to my private connection home.cryptearth.de (as my ISP provides
me with a static IP and a custom PTR this is possible). Also, I had set
the PTR in the control panel of OVH server manager to have the value of
cryptearth.de (so the IP 91.121.4.115 get's resolved back to
cryptearth.de instead of what OVH has as default) - also my ISP has set
the PTR of my private IP 213.211.219.9 to home.cryptearth.de. Having
correctly set DNS records is crucial for working mail.
So, when someone tries to send me an e-mail the MTA checks the MX record
of my domain so it can connect to the James running on my root (or my
backup).
At this point you should set to receive mails from other services (like
gmail) and to send mails to others without them getting marked as spam.
Now some important security stuff: TLS/StartTLS/SSL
First, like for your webserver, you need a TLS certificate. Let's
Encrypt does the job. You need: The server certificate, the intermediate
certificate, the private key. I have written a small tool in Java to
create a java keystore file. You need BouncyCastle lib to compile/run it.
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
public final class James
{
public final static void main(final String... args) throws Exception
{
KeyStore keyStore=KeyStore.getInstance("JKS");
keyStore.load(null, null);
KeyPair keyPair=(new
JcaPEMKeyConverter()).getKeyPair((PEMKeyPair)(new PEMParser(new
FileReader(new File("./server.key")))).readObject());
Certificate
main=CertificateFactory.getInstance("X509").generateCertificate(new
FileInputStream(new File("./server.crt")));
Certificate
chain=CertificateFactory.getInstance("X509").generateCertificate(new
FileInputStream(new File("./chain.crt")));
keyStore.setKeyEntry("james", keyPair.getPrivate(),
"secret".toCharArray(), new Certificate[] { main, chain });
keyStore.store(new FileOutputStream(new File("./james.jks")),
"secret".toCharArray());
}
}
When you created your keystore just place it in the conf directory of
your James setup. Then you should edit at least these configs:
- smtpserver.xml: change the TLS line to startTLS="true", set the name
of the keystore file (file://conf/james.jks), set the secret
- imapserver.xml/pop3server.xml - same as above
This way you enable all server modules to offer STARTTLS so a modern MUA
can upgrade the connection to a TLS encrypted one.
After all that you should now be able to successful receive mails from
external services and retrieve them over IMAP/POP3 - and send mails to
others via SMTP. If anything fails from the top to this point you'll get
logs with helpful error messages to figure out what went wrong.
To figure this all out it took me several weeks - so if you have any
question just ask - I'm sure if I got something wrong the devs will also
help.
Matt
Am 02.03.2020 um 13:08 schrieb [email protected]:
Anybody face with receive problem on 3.4.0 release? I can monitor the mail is
sending through SMTP server and queued successfully. But mail client is not
able to receive mail. I am not able to see any kind of error in log
files,either.
+1
and was unable to find a solution
--
David Matthews
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
