[BUILD-STABLE]: Job 'james/ApacheJames/master [master] [541]'
BUILD-STABLE: Job 'james/ApacheJames/master [master] [541]': Is back to normal. - To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
[BUILD-FAILURE]: Job 'james/ApacheJames/master [master] [542]'
BUILD-FAILURE: Job 'james/ApacheJames/master [master] [542]': Check console output at "https://ci-builds.apache.org/job/james/job/ApacheJames/job/master/542/;>james/ApacheJames/master [master] [542]" - To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
[jira] [Created] (JAMES-3755) IMAP OIDC: optional configuration of a token_instrospection endpoint
Benoit Tellier created JAMES-3755: - Summary: IMAP OIDC: optional configuration of a token_instrospection endpoint Key: JAMES-3755 URL: https://issues.apache.org/jira/browse/JAMES-3755 Project: James Server Issue Type: Improvement Components: IMAPServer, SMTPServer Affects Versions: 3.7.0 Reporter: Benoit Tellier Fix For: 3.8.0 Today upon receiving a OIDC auth request James verifies the signature against a configured JWKS endpoint to validate the token. This decentralized design do not account for revocation. Several solution to this problem exists: - Calling the OIDC provider introspection endpoint to validate the token - Or having a set of invalidated token maintained by the application, this needs to be updated by a backchannel from the OIDC provider. While my favor tend to go to the second one, the first one is rather common to. To give an exemple, one of my customers is required to implement the first approach: calling the introspection endpoint. h3. Proposed solution - Optional configurable endpoint for checking token validity - If specified this endpoint will be called to validate OIDC tokens The call can be performed using a reactor-netty HTTP client. h3. References - https://datatracker.ietf.org/doc/html/rfc7662 RFC-7662 OAuth 2.0 Token Introspection -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
Re: iPhone/Android mail apps with JAMES
Benoit, Thank you so much for the info. I'm going to start pulling together some wireshark captures and logs and hopefully we can figure out what it going wrong. I really appreciate your help. Jerry On 4/26/2022 9:40 PM, btell...@linagora.com wrote: Hello Jerry, I confirm that different email applications uses the IMAP protocol in different ways. I confirm that some clients uses the IMAP SEARCH results upon resynchronisation, and thus that inacurate results could result in bad synchronisation. That being said, having traffic capture for bith apps would be valuable to diagnose what is going on. Things like wireshark of James debug logs (that include IMAP command). FYI I succeeded to reinde email on the JPA Guice based distribution on the 3.7.0 demo image. Regards, Benoit On 4/26/22 11:41, Jerry Malcolm wrote: This is a critical problem. I really need some direction on this. Please!!! I started this thread about two and half years ago when I moved my James installation to AWS EC2. All of my clients lost all of their mail on their mobile devices, even though all of the mail still shows up fine on desktop Thunderbird. I tried all of the suggestions, but never could get the older emails restored. Since then I have added another very large customer account on a completely different james installation, and I've upgraded to pretty much the latest GitHub version of James on my original installation. For the new client, there was no migration. It was completely start from scratch on a new domain. Yet across the board, NONE of my clients on either system can reliably get their mail on iPhone or Android. On my own iPhone, I have replaced the native iPhone mail app with Edison mail app and later with Outlook mail app. I get one or two emails downloaded periodically on each app on my various email accounts, and some email accounts just start saying there's no mail in the last month or two (and there's actually typically 10-20 emails each day on those accounts). Today, a client configured their mail account on an iPhone. It immediately said 21 unread emails, and the inbox then downloaded 3 emails. Open TBird on the same account. There's there's the 21 emails. I've tried to re-index the Lucene cache. But I'm still getting the same error that I got in Oct 2019 about wrong parameters or something when I try to do that. So I completely erased the Lucene cache folder. No change. I'm running Spring. I tried to move to Guice a month or so ago, but gave up when I couldn't fix the errors I was getting , so I moved back to Spring. Is this whole iPhone problem due to me using the Spring build? I have no problem trying again to get Guice up and running. But I don't want to waste a week trying to get Guice up and find out the same problem exists in the Guice build. It's obvious that for some reason all of the mobile email apps (native, Edison, Outlook) ask for email differently than Thunderbird. But I'm at a loss to explain why JAMES refuses to send the mail that is there when these same email client apps have no problem getting mail from other mail servers. It's hard for me to understand how every other JAMES user in the world is working totally successfully with mobile phones when I have two completely independent JAMES environments with a huge number of clients on each and NOT ONE of them can get more than 5% of their real mail on their phone. If somebody can just educate me just a little on the differences between how JAMES responds to IMAP queries on mobile devices vs. IMAP queries from Thunderbird, and point me to the handling code, I'll start seeing what I can do to resolve this. Or better yet, is there someway to disable all of the Lucene or whatever caching completely and just make JAMES think it's talking to Thunderbird instead of an iPhone? I'm to the point that my major client is refusing to use the JAMES environment for their company mail accounts since their phone email apps are not receiving most of their critical corporate emails. To say the least, they are NOT happy. Somebody PLEASE respond before my customer fires me. Please HELP Give me SOMETHING I can work with I just want to get a conversation going. Thanks Jerry On 11/8/2019 8:03 AM, Matthieu Baechler wrote: Hi Jerry, On Tue, 2019-10-29 at 15:12 -0500, Jerry Malcolm wrote: Ok, I need an IMAP expert Below is a very brief trace of the communications between iPhone mail and JAMES (3.4). I completely deleted an account on my iPhone, then recreated it while in airplane mode to make sure I didn't miss any communications in my trace. I started the trace, exited airplane mode and let the iPhone do an initial sync with the account. The inbox folder in this account has over 1000 emails going back to early 2019. I'm not an expert in IMAP. But it appears that the iPhone mail app requests all of the emails 1:* (see line 812), but JAMES
[jira] [Created] (JAMES-3758) Endpoint to delete emails older than X days/months/years
Benoit Tellier created JAMES-3758: - Summary: Endpoint to delete emails older than X days/months/years Key: JAMES-3758 URL: https://issues.apache.org/jira/browse/JAMES-3758 Project: James Server Issue Type: Improvement Components: mailbox, webadmin Affects Versions: 3.7.0 Reporter: Benoit Tellier An often requested feature is to have a data cleaup mechanism to delete old emails. We can easily implement such a task in webadmin-mailbox. For instance: {code:java} curl -XDELETE /messages?olderThan=1year {code} Would plan a task to delete emails older than a year accross all accounts. It will return the count of deleted emails. As one of my customer is interested by this feature I might work on this. -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
Re: iPhone/Android mail apps with JAMES
Hello Jerry, I confirm that different email applications uses the IMAP protocol in different ways. I confirm that some clients uses the IMAP SEARCH results upon resynchronisation, and thus that inacurate results could result in bad synchronisation. That being said, having traffic capture for bith apps would be valuable to diagnose what is going on. Things like wireshark of James debug logs (that include IMAP command). FYI I succeeded to reinde email on the JPA Guice based distribution on the 3.7.0 demo image. Regards, Benoit On 4/26/22 11:41, Jerry Malcolm wrote: This is a critical problem. I really need some direction on this. Please!!! I started this thread about two and half years ago when I moved my James installation to AWS EC2. All of my clients lost all of their mail on their mobile devices, even though all of the mail still shows up fine on desktop Thunderbird. I tried all of the suggestions, but never could get the older emails restored. Since then I have added another very large customer account on a completely different james installation, and I've upgraded to pretty much the latest GitHub version of James on my original installation. For the new client, there was no migration. It was completely start from scratch on a new domain. Yet across the board, NONE of my clients on either system can reliably get their mail on iPhone or Android. On my own iPhone, I have replaced the native iPhone mail app with Edison mail app and later with Outlook mail app. I get one or two emails downloaded periodically on each app on my various email accounts, and some email accounts just start saying there's no mail in the last month or two (and there's actually typically 10-20 emails each day on those accounts). Today, a client configured their mail account on an iPhone. It immediately said 21 unread emails, and the inbox then downloaded 3 emails. Open TBird on the same account. There's there's the 21 emails. I've tried to re-index the Lucene cache. But I'm still getting the same error that I got in Oct 2019 about wrong parameters or something when I try to do that. So I completely erased the Lucene cache folder. No change. I'm running Spring. I tried to move to Guice a month or so ago, but gave up when I couldn't fix the errors I was getting , so I moved back to Spring. Is this whole iPhone problem due to me using the Spring build? I have no problem trying again to get Guice up and running. But I don't want to waste a week trying to get Guice up and find out the same problem exists in the Guice build. It's obvious that for some reason all of the mobile email apps (native, Edison, Outlook) ask for email differently than Thunderbird. But I'm at a loss to explain why JAMES refuses to send the mail that is there when these same email client apps have no problem getting mail from other mail servers. It's hard for me to understand how every other JAMES user in the world is working totally successfully with mobile phones when I have two completely independent JAMES environments with a huge number of clients on each and NOT ONE of them can get more than 5% of their real mail on their phone. If somebody can just educate me just a little on the differences between how JAMES responds to IMAP queries on mobile devices vs. IMAP queries from Thunderbird, and point me to the handling code, I'll start seeing what I can do to resolve this. Or better yet, is there someway to disable all of the Lucene or whatever caching completely and just make JAMES think it's talking to Thunderbird instead of an iPhone? I'm to the point that my major client is refusing to use the JAMES environment for their company mail accounts since their phone email apps are not receiving most of their critical corporate emails. To say the least, they are NOT happy. Somebody PLEASE respond before my customer fires me. Please HELP Give me SOMETHING I can work with I just want to get a conversation going. Thanks Jerry On 11/8/2019 8:03 AM, Matthieu Baechler wrote: Hi Jerry, On Tue, 2019-10-29 at 15:12 -0500, Jerry Malcolm wrote: Ok, I need an IMAP expert Below is a very brief trace of the communications between iPhone mail and JAMES (3.4). I completely deleted an account on my iPhone, then recreated it while in airplane mode to make sure I didn't miss any communications in my trace. I started the trace, exited airplane mode and let the iPhone do an initial sync with the account. The inbox folder in this account has over 1000 emails going back to early 2019. I'm not an expert in IMAP. But it appears that the iPhone mail app requests all of the emails 1:* (see line 812), but JAMES returns a single id plus two ranges (line 813). But the total count JAMES reports is nowhere near the full 1000. Subsequently (line 822), iPhone requests the emails JAMES told it about in line 813. From what I can tell, the problem is in line 813. JAMES
[jira] [Created] (JAMES-3756) Configurable impresonnation
Benoit Tellier created JAMES-3756: - Summary: Configurable impresonnation Key: JAMES-3756 URL: https://issues.apache.org/jira/browse/JAMES-3756 Project: James Server Issue Type: Improvement Components: IMAPServer, SMTPServer, UsersStore UsersRepository Reporter: Benoit Tellier h3. What is impersonnation Hello I'm Bob, connect me as Alice. Use cases: - 1. Migration: migration user impersonnate existing user to migrate in/out emails of the user - 2. Assistance: An admin impersonate a user to assist them with one problem... - 3. Delegation: The secretary impersonnate her boss mails. h3. What exists today in James Impersonation exists for IMAP AUTHENTICATE PLAIN. Impersonation relies on the 'Authorizator' interface. A simple implementation of it is provided: We then verify this the user performing the impersonation is an admin account defined in the configuration. This makes it suitable for simple use cases defined in 1 and 2 (where multi-tenancy is not an issue) However, this is unsuitable for more advanced use cases. h3. Proposal Provide a configuration option to enable fine-grained authorization. If enabled, a storage API for delegation will be enabled (stores user X have the right to impersonate to user Y). We can then have a webadmin API to manage this, as well as the wiring needed in the AUthorizator. -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
[jira] [Created] (JAMES-3757) IMAP/SMTP OIDC extensions should support impersonnation
Benoit Tellier created JAMES-3757: - Summary: IMAP/SMTP OIDC extensions should support impersonnation Key: JAMES-3757 URL: https://issues.apache.org/jira/browse/JAMES-3757 Project: James Server Issue Type: Improvement Components: IMAPServer, SMTPServer Affects Versions: 3.7.0 Reporter: Benoit Tellier Alice provides here token but request to connect to bob account. Today we enforce the user of the token to be the one of the logged in user. We could easily implement a call to the Authorizator to allow such a user case (today not the case). -- This message was sent by Atlassian Jira (v8.20.7#820007) - To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org