Le 28/09/2020 à 17:11, cryptearth a écrit : > Hey there, > > Matt here again. > > I just wanted to give a small follow up to my own topic after some > testing. > As described, it took a few steps to get James 3.5 working on my > freshly updated OpenSUSE Leap 15.2. After I made some changes in some > config files, replace BouncyCastle with the current version and added > the current mariadb-jdbc driver I was able to copy over the user table > from my root to my local home backup and gave it a test. All went fine > and my local backup now runs on 3.5 as nothin happend. Now it's time > to copy over the big mail data table and then update my root server > (oh boy, this will be fun). \o/ > So, if anyone needs some help getting current James versions run on > current opensuse systems I'm happy to offer help as far as I can > provide it. Thank you! > > May I add a question: > As I noted in my initial mail, MD5 is still the default hash algo for > passwords. Although James uses a derbyDB by default I guess using full > blown SQL server isn't that far off from common use case. As we all > keep reading about big databases leaked (often due to not secured > master-slave replication) I may suggest for the next build that this > should be changed to SHA-256 to prevent leaks due to weak MD5 if > someone's database gets leaked. +1, let's switch default configuration to something more secure.
Do you want to give the configuration change a shot? Regards, Benoit Tellier > > So long, > > Matt > > Am 20.08.2020 um 23:31 schrieb cryptearth: >> Hey there all, >> >> Matt here. >> So I upgraded my server from openSUSE 15.1 to new released 15.2. It >> comes with quite some recent versions of the required stuff: Java 11, >> MariaDB 10.4, maven and git are finally part of the main repository - >> so, I thought: Yes, should be a walk in the park. Well, as about >> since the first time I tried James back in 3.0.0-RC5 on openSUSE 42.x >> (don't know which one it was, could had been even some 13.x version) >> it also wasn't as easy this time. >> >> The initial build worked without issues, no fiddle around with >> ulimit. The config worked as smooth as I'm used to. But then, my old >> friend the "index too large" error happend. I had this with MariaDB >> 10.2 and had to use 10.3 from mariadb repos. I had to do the same >> here: Instead of using 10.4 from opensuse repos I had to switch to >> 10.5 from mariadb repos. It seems to be an issue with the version on >> opensuse repos - may I should report this to them. >> So, I got James up and running, but as I tested StartTLS I >> encountered another issue. I narrowed it down to the BouncyCastle >> version 1.62. It somehow fails to do the TLS1.3 handshake. I upgraded >> to the current 1.66 version and it worked without issues. I don't >> know why James is shipped with such an old BC version, as even when >> 3.5 became final a newer BC version was already available. I guess a >> new BC version is something that should be part of the 3.6 branch. >> >> Oh, another side-note: As I looked through the configs I've seen that >> MD5 is still the default hashing algo, it should be changed to at >> least SHA-256 to prevent leaks with unsecure database configurations. >> >> Now I have to re-add all my domains and users and fully test it with >> IPv4 and IPv6 and TLS and such. If I encounter other issues I'll >> report back. >> >> So long ... >> >> Matt >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >> For additional commands, e-mail: server-user-h...@james.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
