Hi Matt, I will check the steps that you mentioned. Then I will let you know about the result.
Thank you for your help Saygılarımla/Best regards/Mit freundlichen Grüßen, Ahmet Orkun Gedik Sap Basis İzmir Yönetici Takım Lideri Sap Basis İzmir Yönetici Takım Liderliği KoçSistem Bilgi ve İletişim Hizmetleri A.Ş. T: +90 (232) 242 0699<tel:+90%20(232)%20242%200699> M:+90 (549) 742 3219<tel:+90%20(549)%20742%203219> [KoçSistem Logo]<https://www.kocsistem.com.tr/> [https://www.kocsistem.com.tr/assets/imza_img/facebook.jpg]<https://www.facebook.com/KocSistem/> [https://www.kocsistem.com.tr/assets/imza_img/twitter.jpg]<https://twitter.com/KocSistem> [https://www.kocsistem.com.tr/assets/imza_img/linkedin.jpg]<https://www.linkedin.com/company/kocsistem/> [https://www.kocsistem.com.tr/assets/imza_img/instagram.jpg]<https://www.instagram.com/kocsistem> On 2 Mar 2020 18:58 +0300, cryptearth <[email protected]>, wrote: Well, as I had similar issues the first time I used James I may can provide some help. Be aware: This might be a longer message - just as there're a lot of things that can lead to such problems. Well, where should I start? I guess with the James server itself. I may repeat myself as I already written it in my last mail as a reply to another topic, but it may help anyway. Be aware: There're several ways to get James working, this is just the way I did it. 1) clone stable James git repo: git clone --branch james-project-3.4.0 https://github.com/apache/james-project.git james-3.4.0 2) build it: mvn -DskipTests package (you need a jdk11 (technical with a bit of tweaking it can be done with a jdk8) and may increase of 'ulimit -n' as the default 1024 won't be sufficient) 3) after successful build copy james-3.4.0/server/app/target/james-server-app-3.4.0-app.tar.gz (or .zip) to the base folder you want it to have installed it and unpack it 4) make sure to check configs! here's a list of configs I set (this may can vary for you): 4a) domainlist.xml line 50: defaultDomain - default set to localhost - set your actual domain 4b) james-database.properties - if you want to use a database (like mysql/mariadb) set your credentials and change the database type - if not set James will use a local file based database 4c) mailetcontainer.xml: right up top set the postmaster address (usual [email protected]), comment out the RemoteAddrNotInNetwork matcher (about at the middle), add this to RemoteDelievery mailet: <startTLS>true</startTLS> (yes, the spelling is important here - it has to be small "start" and all-capital "TLS") 4d) smtpserver.xml (important to be able to receive mails from external): enable SMTP AUTH by set the authRequired value to announce (protection against open relay so only clients authed (logged in) can send mails) 4e) optional: when you have set up a java keystore you can set it so your SMTP server (and also IMAP/POP3) offer StartTLS 5) try to start your new James server first time with <path-to-james>/bin/james console - if somethings doesn't work the start up will fail with a more or less helpful message - if start up is successful log will end with the line "start up in xxx seconds" or something like this 5a) if you get the error that any port (25, 465, 587, 110, 995, 143, 993) is in use make sure to kill any other mail-related server 5b) if start up failed fix errors (sure, just ask here) - otherwise when first test was ok kill the process with CTRL+C - then start it normal with <james>/bin/james start (can take up to about 60sec - depend on the power of the system) 6) add your domain via cli tool: <james>/bin/james-cli.sh -h localhost AddDomain your-domain.example 7) add at least your postmaster: <james>/bin/james-cli.sh -h localhost AddUser [email protected] securepassword If you got so far James runs and is able to send and receive mails. Now let's look at firewall and domain: To be able to receive mails from other servers you have to open TCP/25 in your firewall - it's just the smtp standard port used by all servers - there's just no way to tell another server to connect to another port - if TCP/25 can't be reached from the outside world you cannot receive mails from other servers. In addition to that you can open TCP/143 for IMAP or TCP/110 for POP3 (yes, currently it's insecure as there's no cryptography set up YET - we will get to this). No the server and domain related stuff: Although possible otherwise, James should run on a system set a fixed IP (dynamic IPs can be used when you have some automatic DNS updater - but sending mails from dynamic IP is often blocked as spam). Also this IP should have a PTR correctly set to match the MX record of the domain. As an example (I use my domain and IPs here as an example): My domain is cryptearth.de. I have two James servers running, one on my root server hosted at OVH and one on a small SoC at my home as a backup. Hence I have two MX records: The default (priority 10) points to mail.cryptearth.de wich just points to mail root server. As a backup if my root fails I have the second MX record with a lower priority (20) pointing to my private connection home.cryptearth.de (as my ISP provides me with a static IP and a custom PTR this is possible). Also, I had set the PTR in the control panel of OVH server manager to have the value of cryptearth.de (so the IP 91.121.4.115 get's resolved back to cryptearth.de instead of what OVH has as default) - also my ISP has set the PTR of my private IP 213.211.219.9 to home.cryptearth.de. Having correctly set DNS records is crucial for working mail. So, when someone tries to send me an e-mail the MTA checks the MX record of my domain so it can connect to the James running on my root (or my backup). At this point you should set to receive mails from other services (like gmail) and to send mails to others without them getting marked as spam. Now some important security stuff: TLS/StartTLS/SSL First, like for your webserver, you need a TLS certificate. Let's Encrypt does the job. You need: The server certificate, the intermediate certificate, the private key. I have written a small tool in Java to create a java keystore file. You need BouncyCastle lib to compile/run it. import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.FileReader; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.KeyPair; import java.security.KeyStore; import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; public final class James { public final static void main(final String... args) throws Exception { KeyStore keyStore=KeyStore.getInstance("JKS"); keyStore.load(null, null); KeyPair keyPair=(new JcaPEMKeyConverter()).getKeyPair((PEMKeyPair)(new PEMParser(new FileReader(new File("./server.key")))).readObject()); Certificate main=CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(new File("./server.crt"))); Certificate chain=CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(new File("./chain.crt"))); keyStore.setKeyEntry("james", keyPair.getPrivate(), "secret".toCharArray(), new Certificate[] { main, chain }); keyStore.store(new FileOutputStream(new File("./james.jks")), "secret".toCharArray()); } } When you created your keystore just place it in the conf directory of your James setup. Then you should edit at least these configs: - smtpserver.xml: change the TLS line to startTLS="true", set the name of the keystore file (file://conf/james.jks), set the secret - imapserver.xml/pop3server.xml - same as above This way you enable all server modules to offer STARTTLS so a modern MUA can upgrade the connection to a TLS encrypted one. After all that you should now be able to successful receive mails from external services and retrieve them over IMAP/POP3 - and send mails to others via SMTP. If anything fails from the top to this point you'll get logs with helpful error messages to figure out what went wrong. To figure this all out it took me several weeks - so if you have any question just ask - I'm sure if I got something wrong the devs will also help. Matt Am 02.03.2020 um 13:08 schrieb [email protected]: Anybody face with receive problem on 3.4.0 release? I can monitor the mail is sending through SMTP server and queued successfully. But mail client is not able to receive mail. I am not able to see any kind of error in log files,either. +1 and was unable to find a solution -- David Matthews [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Bu e-posta mesaji kisiye özel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence. Bu e-posta mesaji kisiye özel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.
