Hey there,
Matt here again.
I just wanted to give a small follow up to my own topic after some testing.
As described, it took a few steps to get James 3.5 working on my freshly
updated OpenSUSE Leap 15.2. After I made some changes in some config
files, replace BouncyCastle with the current version and added the
current mariadb-jdbc driver I was able to copy over the user table from
my root to my local home backup and gave it a test. All went fine and my
local backup now runs on 3.5 as nothin happend. Now it's time to copy
over the big mail data table and then update my root server (oh boy,
this will be fun).
So, if anyone needs some help getting current James versions run on
current opensuse systems I'm happy to offer help as far as I can provide it.
May I add a question:
As I noted in my initial mail, MD5 is still the default hash algo for
passwords. Although James uses a derbyDB by default I guess using full
blown SQL server isn't that far off from common use case. As we all keep
reading about big databases leaked (often due to not secured
master-slave replication) I may suggest for the next build that this
should be changed to SHA-256 to prevent leaks due to weak MD5 if
someone's database gets leaked.
So long,
Matt
Am 20.08.2020 um 23:31 schrieb cryptearth:
Hey there all,
Matt here.
So I upgraded my server from openSUSE 15.1 to new released 15.2. It
comes with quite some recent versions of the required stuff: Java 11,
MariaDB 10.4, maven and git are finally part of the main repository -
so, I thought: Yes, should be a walk in the park. Well, as about since
the first time I tried James back in 3.0.0-RC5 on openSUSE 42.x (don't
know which one it was, could had been even some 13.x version) it also
wasn't as easy this time.
The initial build worked without issues, no fiddle around with ulimit.
The config worked as smooth as I'm used to. But then, my old friend
the "index too large" error happend. I had this with MariaDB 10.2 and
had to use 10.3 from mariadb repos. I had to do the same here: Instead
of using 10.4 from opensuse repos I had to switch to 10.5 from mariadb
repos. It seems to be an issue with the version on opensuse repos -
may I should report this to them.
So, I got James up and running, but as I tested StartTLS I encountered
another issue. I narrowed it down to the BouncyCastle version 1.62. It
somehow fails to do the TLS1.3 handshake. I upgraded to the current
1.66 version and it worked without issues. I don't know why James is
shipped with such an old BC version, as even when 3.5 became final a
newer BC version was already available. I guess a new BC version is
something that should be part of the 3.6 branch.
Oh, another side-note: As I looked through the configs I've seen that
MD5 is still the default hashing algo, it should be changed to at
least SHA-256 to prevent leaks with unsecure database configurations.
Now I have to re-add all my domains and users and fully test it with
IPv4 and IPv6 and TLS and such. If I encounter other issues I'll
report back.
So long ...
Matt
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
