subject:"James 3.8 one OpenSuSE 15.5"

Re: James 3.8 one OpenSuSE 15.5

2024-02-06 Thread Rene Cordier

Hi Benoit,

Not sure to follow you. I really don't think it is necessary to
implement OpenID connect auth for a webadmin UI panel, that sounds like
a lot of unnecessary complicated work, likely overkill.

Could start by just maybe some basic auth configurable admin creds in
James, like I believe most admin UI panels in most softwares do?

I think first version should just stay simple anyways.

Regards,

Rene.

On 2/6/24 22:14, Benoit TELLIER wrote:

Hi cryptearth,

I can't help for OpenSuse problems.

Regarding web-admin API access control, a design I would live to see
is actually relying on OpenID connect.

This would enable to use OIDC providers like LemonLDAP or Keycloack to
be used in order to manage users, and which user can access which
application.

We did implement something very similar for JMAP:
- Set up Apisix as an API gateway to validate JWT tokens:
https://github.com/apache/james-project/tree/master/examples/oidc
- And have a dumb code in James following what the API gateway
decided:
https://github.com/apache/james-project/blob/7536d45ada1d3b7ba83cd2020ba862f294125c6d/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/XUserAuthenticationStrategy.java#L39

I would love to have this approach being explored.

Or... It could be possible to go faster. And just not expose the
webadmin port publicly, but on a private docker network. Then no need
to protect it. We could rework the web-admin api in a second time in
order t make it compatible. This would be the way I would follow first.

Regards

On 06/02/2024 01:02, cryptearth wrote:

Well, just as an update:

As the OpenSuSE forums are as helpful as always: not at all - I
looked up options to change James listen directly on TCP/25 itself -
and had not much luck.

I don't want to spam the list with the details as it doesn't belong
here, the short version is: The packet filter doesn't seem to work
the way I expected it to according to its own docs.

There also seem other options such as privilege dropping or enabling
non-root processes to bind to ports below 1024 - but the former isn't
supported by Java and the latter works not on a per-process basis but
global on a per-executable scope: When I allow James to bind to ports
below 1024 so can any other Java process, not exactly what I wanted.

I'm also not quite sure if it's just OpenSuSE biting me once again as
it did for so many years with the somehow screwed up MySQL/MariaDB
packages as when testing in a VM with Arch it works as expected. I
guess I should start to reconsider keep using OpenSuSE for my servers
as it keeps throwing rocks into my path, its community isn't really
helpful and many informations one finds just don't work for one
reason or another with no clue why or how to fix it.

Anyway ...

As for developing a client for the web-admin api: As its only
security seems to be the JWT I still have to get my head around how
to implement that securely so that only authorized admins with access
to a valid token can access the web-admin.

I also plan to keep it modular so that each function can get
implemented independently without much spaghetti code. I'm aware
about some sort of markup languages so one can just write a simple
parser and then define such functionalities via config files. But I
guess that's something for someone with more experience in that style
of coding.

Unfortunately I won't have much time in the next few weeks as
overtime and extra work is planed throughout february. But I'll keep
it in mind as I want to give something back to such a great project.

So long,

have a good one y'all.

Matt

On 15.01.24 03:45, Rene Cordier wrote:

Hi Matt,

Happy to see the transition didn't look too hard for you ! Regarding
the webadmin, no there is no UI at the moment. It's been a task in
the backlog for a long time though. But if you want to take a look,
and even contribute, the task is here:
https://issues.apache.org/jira/browse/JAMES-1931 .

I'm sure people would be happy to see a contribution about this and
support you regarding the coding standards of the project with
reviews, even if the UI is not really good looking, it is ok I
think. It's destined more to sys admins than lambda users for a
backend software, as long as it does the job, it's enough already
IMO :)

Cheers,

Rene.

On 1/14/24 09:07, cryptearth wrote:

Hi everyone,

so, I had a look into Guice+JPA and it's quite easy to setup by
just reuse the configs I have for the Spring build. And although I
still can use james-cli (although a bit different) I now have
access to the REST-api via the webadmin (until now it seems I
misunderstood it: I thought the "web admin" to be some browser
admin panel instead of just an REST-api). And although it seems
rather easy to use it to do the same as with the james-cli and even
more - looking in the list archive: Is there any "client" for it
like some webpage or some standalone gui?

Guess if not it'd be a

Re: James 3.8 one OpenSuSE 15.5

2024-02-06 Thread Benoit TELLIER

Hi cryptearth,

I can't help for OpenSuse problems.

Regarding web-admin API access control, a design I would live to see is
actually relying on OpenID connect.

This would enable to use OIDC providers like LemonLDAP or Keycloack to
be used in order to manage users, and which user can access which
application.

I would love to have this approach being explored.

Or... It could be possible to go faster. And just not expose the
webadmin port publicly, but on a private docker network. Then no need to
protect it. We could rework the web-admin api in a second time in order
t make it compatible. This would be the way I would follow first.

Regards

On 06/02/2024 01:02, cryptearth wrote:

Well, just as an update:

As the OpenSuSE forums are as helpful as always: not at all - I looked
up options to change James listen directly on TCP/25 itself - and had
not much luck.

I don't want to spam the list with the details as it doesn't belong
here, the short version is: The packet filter doesn't seem to work the
way I expected it to according to its own docs.

I'm also not quite sure if it's just OpenSuSE biting me once again as
it did for so many years with the somehow screwed up MySQL/MariaDB
packages as when testing in a VM with Arch it works as expected. I
guess I should start to reconsider keep using OpenSuSE for my servers
as it keeps throwing rocks into my path, its community isn't really
helpful and many informations one finds just don't work for one reason
or another with no clue why or how to fix it.

Anyway ...

As for developing a client for the web-admin api: As its only security
seems to be the JWT I still have to get my head around how to
implement that securely so that only authorized admins with access to
a valid token can access the web-admin.

I also plan to keep it modular so that each function can get
implemented independently without much spaghetti code. I'm aware about
some sort of markup languages so one can just write a simple parser
and then define such functionalities via config files. But I guess
that's something for someone with more experience in that style of
coding.

Unfortunately I won't have much time in the next few weeks as overtime
and extra work is planed throughout february. But I'll keep it in mind
as I want to give something back to such a great project.

So long,

have a good one y'all.

Matt

On 15.01.24 03:45, Rene Cordier wrote:

Hi Matt,

I'm sure people would be happy to see a contribution about this and
support you regarding the coding standards of the project with
reviews, even if the UI is not really good looking, it is ok I think.
It's destined more to sys admins than lambda users for a backend
software, as long as it does the job, it's enough already IMO :)

Cheers,

Rene.

On 1/14/24 09:07, cryptearth wrote:

Hi everyone,

so, I had a look into Guice+JPA and it's quite easy to setup by just
reuse the configs I have for the Spring build. And although I still
can use james-cli (although a bit different) I now have access to
the REST-api via the webadmin (until now it seems I misunderstood
it: I thought the "web admin" to be some browser admin panel instead
of just an REST-api). And although it seems rather easy to use it to
do the same as with the james-cli and even more - looking in the
list archive: Is there any "client" for it like some webpage or some
standalone gui?

Guess if not it'd be a nice project to get something together -
although I'm only a hobbyist and hence the "most advanced" I was
able to get done was a simple networked battle ships game with some
very ugly ui-code for the placement of the ships. So I guess if at
all I can only provide some simple stuff and far from the code
standards of ASF.

The next will now be to switch over to Guice+JPA and also upgrade my
backup server. Nice to see I still can learn about James -

Re: James 3.8 one OpenSuSE 15.5

2024-02-05 Thread cryptearth

Well, just as an update:

As the OpenSuSE forums are as helpful as always: not at all - I looked
up options to change James listen directly on TCP/25 itself - and had
not much luck.

I don't want to spam the list with the details as it doesn't belong
here, the short version is: The packet filter doesn't seem to work the
way I expected it to according to its own docs.

I'm also not quite sure if it's just OpenSuSE biting me once again as it
did for so many years with the somehow screwed up MySQL/MariaDB packages
as when testing in a VM with Arch it works as expected. I guess I should
start to reconsider keep using OpenSuSE for my servers as it keeps
throwing rocks into my path, its community isn't really helpful and many
informations one finds just don't work for one reason or another with no
clue why or how to fix it.

Anyway ...

As for developing a client for the web-admin api: As its only security
seems to be the JWT I still have to get my head around how to implement
that securely so that only authorized admins with access to a valid
token can access the web-admin.

I also plan to keep it modular so that each function can get implemented
independently without much spaghetti code. I'm aware about some sort of
markup languages so one can just write a simple parser and then define
such functionalities via config files. But I guess that's something for
someone with more experience in that style of coding.

Unfortunately I won't have much time in the next few weeks as overtime
and extra work is planed throughout february. But I'll keep it in mind
as I want to give something back to such a great project.

So long,

have a good one y'all.

Matt

On 15.01.24 03:45, Rene Cordier wrote:

Hi Matt,

Happy to see the transition didn't look too hard for you ! Regarding
the webadmin, no there is no UI at the moment. It's been a task in the
backlog for a long time though. But if you want to take a look, and
even contribute, the task is here:
https://issues.apache.org/jira/browse/JAMES-1931 .

I'm sure people would be happy to see a contribution about this and
support you regarding the coding standards of the project with
reviews, even if the UI is not really good looking, it is ok I think.
It's destined more to sys admins than lambda users for a backend
software, as long as it does the job, it's enough already IMO :)

Cheers,

Rene.

On 1/14/24 09:07, cryptearth wrote:

Hi everyone,

so, I had a look into Guice+JPA and it's quite easy to setup by just
reuse the configs I have for the Spring build. And although I still
can use james-cli (although a bit different) I now have access to the
REST-api via the webadmin (until now it seems I misunderstood it: I
thought the "web admin" to be some browser admin panel instead of
just an REST-api). And although it seems rather easy to use it to do
the same as with the james-cli and even more - looking in the list
archive: Is there any "client" for it like some webpage or some
standalone gui?

Guess if not it'd be a nice project to get something together -
although I'm only a hobbyist and hence the "most advanced" I was able
to get done was a simple networked battle ships game with some very
ugly ui-code for the placement of the ships. So I guess if at all I
can only provide some simple stuff and far from the code standards of
ASF.

The next will now be to switch over to Guice+JPA and also upgrade my
backup server. Nice to see I still can learn about James - just
another confirmation it was the right choice after Citadel/UX got
broken, although I'll re-visit other setups with sendmail, postfix or
exim just for the fun of additional knowledge.

So long ... have a good one.

Matt

Am 11.01.24 um 05:40 schrieb Rene Cordier:

Hello Matt,

Thanks for keeping reporting dead links, I try to fix them every
time firing PRs :)

Regarding the correct link to the jpa guice sample conf:
https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration

Regarding the link in a previous email with jpa-guice installation
guide (but I think the readme is likely more complete):
https://james.apache.org/server/install/guice-jpa.html

For this though:
https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html,
yes that's still not done, it's normal atm, as said this new doc is
still a work in progress ^^'

Regarding your mail with INVALID suffixed to it... No idea really^^'
Might want to ask the people managing the mailing lists I guess.

Well if anything else don't hesitate :)

Rene.

On 1/11/24 02:45, cryptearth wrote:

Hello Rene,

Re: James 3.8 one OpenSuSE 15.5

2024-01-14 Thread Rene Cordier

Hi Matt,

Happy to see the transition didn't look too hard for you ! Regarding the
webadmin, no there is no UI at the moment. It's been a task in the
backlog for a long time though. But if you want to take a look, and even
contribute, the task is here:
https://issues.apache.org/jira/browse/JAMES-1931 .

I'm sure people would be happy to see a contribution about this and
support you regarding the coding standards of the project with reviews,
even if the UI is not really good looking, it is ok I think. It's
destined more to sys admins than lambda users for a backend software, as
long as it does the job, it's enough already IMO :)

Cheers,

Rene.

On 1/14/24 09:07, cryptearth wrote:

Hi everyone,

so, I had a look into Guice+JPA and it's quite easy to setup by just
reuse the configs I have for the Spring build. And although I still
can use james-cli (although a bit different) I now have access to the
REST-api via the webadmin (until now it seems I misunderstood it: I
thought the "web admin" to be some browser admin panel instead of just
an REST-api). And although it seems rather easy to use it to do the
same as with the james-cli and even more - looking in the list
archive: Is there any "client" for it like some webpage or some
standalone gui?

Guess if not it'd be a nice project to get something together -
although I'm only a hobbyist and hence the "most advanced" I was able
to get done was a simple networked battle ships game with some very
ugly ui-code for the placement of the ships. So I guess if at all I
can only provide some simple stuff and far from the code standards of
ASF.

So long ... have a good one.

Matt

Am 11.01.24 um 05:40 schrieb Rene Cordier:

Hello Matt,

Thanks for keeping reporting dead links, I try to fix them every time
firing PRs :)

Regarding the correct link to the jpa guice sample conf:
https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration

Regarding the link in a previous email with jpa-guice installation
guide (but I think the readme is likely more complete):
https://james.apache.org/server/install/guice-jpa.html

For this though:
https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html,
yes that's still not done, it's normal atm, as said this new doc is
still a work in progress ^^'

Regarding your mail with INVALID suffixed to it... No idea really^^'
Might want to ask the people managing the mailing lists I guess.

Well if anything else don't hesitate :)

Rene.

On 1/11/24 02:45, cryptearth wrote:

Hello Rene,

thank you for your reply.

I tried to look into the docs and the readme, but I get redirected
to these two pages without content:

https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration

https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html

From the readme it looks simple to get the jpa-guice package to run
as it seems I can re-use a lot of my current configs. As for the
required keystore: All I found was its use for TLS - as I use the
new PEM variant it should also work this way. I'll give it a shot in
a VM.

Nice to see that the pop3 server is disabled by default. I'm sure
this protocol still has its uses, but as it downloads the messages
from the server and removes them while doing so I only see an
application where messages not supposed to be left on the server
like for quota reasons or something like privacy.

As for MySQL/MariaDB vs PostgreSQL: The only think I know about
PostgreSQL is that it exist but never used it due to most beginner
books I read when I started roughly over 15 years ago all mentioned
it but only used MySQL anyways. Shouldn't make a difference which to
use.

As for forwarding mails to my backup: I already came up with some
ideas to make this work in both ways without causing loops so that
mails received by the backup will also get forwarded to the main
when it comes back up.

btw: I noticed that my domain gets an .INVALID appended to it - but
only here on this mailing list. Testmails to other services don't
show this. Anyone maybe has an idea about that?

Have a good one.

Matt

On 10.01.24 04:28, Rene Cordier wrote:

Hi Matt,

Let me answer you this time below in each of your points :)

Cheers,

Rene.

On 1/9/24 21:27, cryptearth wrote:

Hello Rene,

thank you for the kind words.

May let me answer your points:

Re: James 3.8 one OpenSuSE 15.5

2024-01-13 Thread cryptearth

Hi everyone,

so, I had a look into Guice+JPA and it's quite easy to setup by just
reuse the configs I have for the Spring build. And although I still can
use james-cli (although a bit different) I now have access to the
REST-api via the webadmin (until now it seems I misunderstood it: I
thought the "web admin" to be some browser admin panel instead of just
an REST-api). And although it seems rather easy to use it to do the same
as with the james-cli and even more - looking in the list archive: Is
there any "client" for it like some webpage or some standalone gui?

Guess if not it'd be a nice project to get something together - although
I'm only a hobbyist and hence the "most advanced" I was able to get done
was a simple networked battle ships game with some very ugly ui-code for
the placement of the ships. So I guess if at all I can only provide some
simple stuff and far from the code standards of ASF.

The next will now be to switch over to Guice+JPA and also upgrade my
backup server. Nice to see I still can learn about James - just another
confirmation it was the right choice after Citadel/UX got broken,
although I'll re-visit other setups with sendmail, postfix or exim just
for the fun of additional knowledge.

So long ... have a good one.

Matt

Am 11.01.24 um 05:40 schrieb Rene Cordier:

Hello Matt,

Thanks for keeping reporting dead links, I try to fix them every time
firing PRs :)

Regarding the correct link to the jpa guice sample conf:
https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration

Regarding the link in a previous email with jpa-guice installation
guide (but I think the readme is likely more complete):
https://james.apache.org/server/install/guice-jpa.html

For this though:
https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html,
yes that's still not done, it's normal atm, as said this new doc is
still a work in progress ^^'

Regarding your mail with INVALID suffixed to it... No idea really^^'
Might want to ask the people managing the mailing lists I guess.

Well if anything else don't hesitate :)

Rene.

On 1/11/24 02:45, cryptearth wrote:

Hello Rene,

thank you for your reply.

I tried to look into the docs and the readme, but I get redirected to
these two pages without content:

https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration

https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html

From the readme it looks simple to get the jpa-guice package to run
as it seems I can re-use a lot of my current configs. As for the
required keystore: All I found was its use for TLS - as I use the new
PEM variant it should also work this way. I'll give it a shot in a VM.

btw: I noticed that my domain gets an .INVALID appended to it - but
only here on this mailing list. Testmails to other services don't
show this. Anyone maybe has an idea about that?

Have a good one.

Matt

On 10.01.24 04:28, Rene Cordier wrote:

Hi Matt,

Let me answer you this time below in each of your points :)

Cheers,

Rene.

On 1/9/24 21:27, cryptearth wrote:

Hello Rene,

thank you for the kind words.

May let me answer your points:

- Spring vs. Guice: I use James since the Beta of 3.0 and if I
recall correctly back then the Spring package was the one to use.
By the usual "never change a running system" I not changed since. I
had a quick look into it, but unfortunately the links on the
install instructions https://james.apache.org/server/install.html
only lead to a 404 - so there's something missing. Also I seem to
require docker - which I don't have any experience with. I'd rather
prefer just to build a package, unpack it and start it without
having to deal with any extra containerization around it. It seems
I require some help to setup a guice install.

Regarding the 404 on the install page, it looks like you are right.
It's not normal and I might take a look at it, thanks for the
feedback! However, docker is one way, but like Sprint you can still
just run a jar with Guice as well. You can see the download page for

Re: James 3.8 one OpenSuSE 15.5

2024-01-10 Thread Rene Cordier

Hello Matt,

Thanks for keeping reporting dead links, I try to fix them every time
firing PRs :)

Regarding the correct link to the jpa guice sample conf:
https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration

Regarding the link in a previous email with jpa-guice installation guide
(but I think the readme is likely more complete):
https://james.apache.org/server/install/guice-jpa.html

For this though:
https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html,
yes that's still not done, it's normal atm, as said this new doc is
still a work in progress ^^'

Regarding your mail with INVALID suffixed to it... No idea really^^'
Might want to ask the people managing the mailing lists I guess.

Well if anything else don't hesitate :)

Rene.

On 1/11/24 02:45, cryptearth wrote:

Hello Rene,

thank you for your reply.

I tried to look into the docs and the readme, but I get redirected to
these two pages without content:

https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration

https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html

From the readme it looks simple to get the jpa-guice package to run as
it seems I can re-use a lot of my current configs. As for the required
keystore: All I found was its use for TLS - as I use the new PEM
variant it should also work this way. I'll give it a shot in a VM.

Nice to see that the pop3 server is disabled by default. I'm sure this
protocol still has its uses, but as it downloads the messages from the
server and removes them while doing so I only see an application where
messages not supposed to be left on the server like for quota reasons
or something like privacy.

As for MySQL/MariaDB vs PostgreSQL: The only think I know about
PostgreSQL is that it exist but never used it due to most beginner
books I read when I started roughly over 15 years ago all mentioned it
but only used MySQL anyways. Shouldn't make a difference which to use.

btw: I noticed that my domain gets an .INVALID appended to it - but
only here on this mailing list. Testmails to other services don't show
this. Anyone maybe has an idea about that?

Have a good one.

Matt

On 10.01.24 04:28, Rene Cordier wrote:

Hi Matt,

Let me answer you this time below in each of your points :)

Cheers,

Rene.

On 1/9/24 21:27, cryptearth wrote:

Hello Rene,

thank you for the kind words.

May let me answer your points:

- Spring vs. Guice: I use James since the Beta of 3.0 and if I
recall correctly back then the Spring package was the one to use. By
the usual "never change a running system" I not changed since. I had
a quick look into it, but unfortunately the links on the install
instructions https://james.apache.org/server/install.html only lead
to a 404 - so there's something missing. Also I seem to require
docker - which I don't have any experience with. I'd rather prefer
just to build a package, unpack it and start it without having to
deal with any extra containerization around it. It seems I require
some help to setup a guice install.

If you want to try to switch to Guice, the JPA james server is the
one for you, that you can plug with MariaDB. The distributed version
is for heavy deployments (which I don't think interests you here)
with cassandra, opensearch, rabbitmq, ... =>
https://www.apache.org/dyn/closer.lua/james/server/3.8.0/james-server-jpa-guice.zip
. You will see in the README as well in the zip some basic
instructions to run it, with docker or manually with the jar like you
are used to.

I totally understand the reason behind the fact that you started with
Spring, so far it works, and it's safe to stick to it. Quite a fair
statement actually. The problem is that though the main development
efforts since a while are being done on Guice, and the Spring one is
quickly maintained, as nobody seems fully willing to keep developing
on it now. It works but could have potentially some
vulnerabilities... I'm thinking for example the spring dependencies,
that are old and outdated I think^^'

Re: James 3.8 one OpenSuSE 15.5

2024-01-10 Thread cryptearth

Hello Rene,

thank you for your reply.

I tried to look into the docs and the readme, but I get redirected to
these two pages without content:

https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration
https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html

From the readme it looks simple to get the jpa-guice package to run as
it seems I can re-use a lot of my current configs. As for the required
keystore: All I found was its use for TLS - as I use the new PEM variant
it should also work this way. I'll give it a shot in a VM.

Nice to see that the pop3 server is disabled by default. I'm sure this
protocol still has its uses, but as it downloads the messages from the
server and removes them while doing so I only see an application where
messages not supposed to be left on the server like for quota reasons or
something like privacy.

As for MySQL/MariaDB vs PostgreSQL: The only think I know about
PostgreSQL is that it exist but never used it due to most beginner books
I read when I started roughly over 15 years ago all mentioned it but
only used MySQL anyways. Shouldn't make a difference which to use.

As for forwarding mails to my backup: I already came up with some ideas
to make this work in both ways without causing loops so that mails
received by the backup will also get forwarded to the main when it comes
back up.

btw: I noticed that my domain gets an .INVALID appended to it - but only
here on this mailing list. Testmails to other services don't show this.
Anyone maybe has an idea about that?

Have a good one.

Matt

On 10.01.24 04:28, Rene Cordier wrote:

Hi Matt,

Let me answer you this time below in each of your points :)

Cheers,

Rene.

On 1/9/24 21:27, cryptearth wrote:

Hello Rene,

thank you for the kind words.

May let me answer your points:

- Spring vs. Guice: I use James since the Beta of 3.0 and if I recall
correctly back then the Spring package was the one to use. By the
usual "never change a running system" I not changed since. I had a
quick look into it, but unfortunately the links on the install
instructions https://james.apache.org/server/install.html only lead
to a 404 - so there's something missing. Also I seem to require
docker - which I don't have any experience with. I'd rather prefer
just to build a package, unpack it and start it without having to
deal with any extra containerization around it. It seems I require
some help to setup a guice install.

If you want to try to switch to Guice, the JPA james server is the one
for you, that you can plug with MariaDB. The distributed version is
for heavy deployments (which I don't think interests you here) with
cassandra, opensearch, rabbitmq, ... =>
https://www.apache.org/dyn/closer.lua/james/server/3.8.0/james-server-jpa-guice.zip
. You will see in the README as well in the zip some basic
instructions to run it, with docker or manually with the jar like you
are used to.

I totally understand the reason behind the fact that you started with
Spring, so far it works, and it's safe to stick to it. Quite a fair
statement actually. The problem is that though the main development
efforts since a while are being done on Guice, and the Spring one is
quickly maintained, as nobody seems fully willing to keep developing
on it now. It works but could have potentially some vulnerabilities...
I'm thinking for example the spring dependencies, that are old and
outdated I think^^'

- as for using MariaDB: This goes back to 2015 when I started to rent
my server and own domain. Back then I had basically no knowledge
about server administration let alone set up a mail server. Although
there're complete guides on how to setup postfix with dovecot and
such on opensuse I not managed to get it working. So I looked for a
simple complete solution and ended up using Citadel/UX. For some
reason with some update it broke to a state I wasn't able to start it
again. Hence I wasn't able to get any data out of it as for some
reason I just was not able to access the BerkeleyDB data file. As I
also wasn't able to get the regular stuff with maildir running I just
wanted a setup using a regular MySQL not just for config- and
user-data but also as the mail storage backend so that in the event I
encountered such a situation again I can just use regular tools to
restore a mysql database. As I'm also a hobbyist Java developer for
me it was a simple idea of "there has to be some simple mail server
implemented in Java" - and this is how I ended up discovering and
using James ever since.

Re: James 3.8 one OpenSuSE 15.5

2024-01-09 Thread Rene Cordier


Hi Matt,

Let me answer you this time below in each of your points :)

Cheers,

Rene.

On 1/9/24 21:27, cryptearth wrote:

Hello Rene,

thank you for the kind words.

May let me answer your points:

- Spring vs. Guice: I use James since the Beta of 3.0 and if I recall 
correctly back then the Spring package was the one to use. By the 
usual "never change a running system" I not changed since. I had a 
quick look into it, but unfortunately the links on the install 
instructions https://james.apache.org/server/install.html only lead to 
a 404 - so there's something missing. Also I seem to require docker - 
which I don't have any experience with. I'd rather prefer just to 
build a package, unpack it and start it without having to deal with 
any extra containerization around it. It seems I require some help to 
setup a guice install.


Regarding the 404 on the install page, it looks like you are right. It's 
not normal and I might take a look at it, thanks for the feedback! 
However, docker is one way, but like Sprint you can still just run a jar 
with Guice as well. You can see the download page for example (where the 
links seem to work) : https://james.apache.org/download.cgi .


If you want to try to switch to Guice, the JPA james server is the one 
for you, that you can plug with MariaDB. The distributed version is for 
heavy deployments (which I don't think interests you here) with 
cassandra, opensearch, rabbitmq, ... => 
https://www.apache.org/dyn/closer.lua/james/server/3.8.0/james-server-jpa-guice.zip 
. You will see in the README as well in the zip some basic instructions 
to run it, with docker or manually with the jar like you are used to.


I totally understand the reason behind the fact that you started with 
Spring, so far it works, and it's safe to stick to it. Quite a fair 
statement actually. The problem is that though the main development 
efforts since a while are being done on Guice, and the Spring one is 
quickly maintained, as nobody seems fully willing to keep developing on 
it now. It works but could have potentially some vulnerabilities... I'm 
thinking for example the spring dependencies, that are old and outdated 
I think^^'




- as for using MariaDB: This goes back to 2015 when I started to rent 
my server and own domain. Back then I had basically no knowledge about 
server administration let alone set up a mail server. Although 
there're complete guides on how to setup postfix with dovecot and such 
on opensuse I not managed to get it working. So I looked for a simple 
complete solution and ended up using Citadel/UX. For some reason with 
some update it broke to a state I wasn't able to start it again. Hence 
I wasn't able to get any data out of it as for some reason I just was 
not able to access the BerkeleyDB data file. As I also wasn't able to 
get the regular stuff with maildir running I just wanted a setup using 
a regular MySQL not just for config- and user-data but also as the 
mail storage backend so that in the event I encountered such a 
situation again I can just use regular tools to restore a mysql 
database. As I'm also a hobbyist Java developer for me it was a simple 
idea of "there has to be some simple mail server implemented in Java" 
- and this is how I ended up discovering and using James ever since.


It also already came into play that for some reason I had to manually 
restore my database - exactly the reason why I chose MySQL as storage 
backend. As it was helpful for the reason I chose it I rather stick to 
it for that reason. The switch from MySQL to MariaDB was just 
something OpenSuSE did - so I followed it. As a user I not noticed any 
differences.


As for the database issues mentioned: For some reason I had to set up 
the MySQL- and later the MariaDB-repos instead of using what comes 
with the OpenSuSE repos. I don't know what the difference was but it 
prevented the initial setup of the database structure on first run. 
Hence I'm glad that this is now fixed - whoever is reponsible for it.
I get this :) I was just trying to inform you that these days we work 
also on a Postgresql exclusive implementation for James. JPA is good to 
be able to plug to a lot of different SQL databases with the same code, 
but performances can be a bit meh. We are working on a full postgresql 
implementation of James in parallel as most people using JPA in the 
community are using Postgresql as their database (as it is quite a 
popular one). The goal is to have better performance here than with JPA 
for this particular db. But likely JPA might be enough for your singular 
usage. Was just throwing that here if maybe it was interesting for you.



- sync between main server and backup: I guess the additional forward 
from the main server to the backup and handle them independently seems 
like a neat idea simple to implement. I mostly rely on my backup when 
doing maintenance on the root like OS updates which require a system 
reboot. It's not I want to try to build a

Re: James 3.8 one OpenSuSE 15.5

2024-01-09 Thread cryptearth

Hello Rene,

thank you for the kind words.

May let me answer your points:

- Spring vs. Guice: I use James since the Beta of 3.0 and if I recall
correctly back then the Spring package was the one to use. By the usual
"never change a running system" I not changed since. I had a quick look
into it, but unfortunately the links on the install instructions
https://james.apache.org/server/install.html only lead to a 404 - so
there's something missing. Also I seem to require docker - which I don't
have any experience with. I'd rather prefer just to build a package,
unpack it and start it without having to deal with any extra
containerization around it. It seems I require some help to setup a
guice install.

- as for using MariaDB: This goes back to 2015 when I started to rent my
server and own domain. Back then I had basically no knowledge about
server administration let alone set up a mail server. Although there're
complete guides on how to setup postfix with dovecot and such on
opensuse I not managed to get it working. So I looked for a simple
complete solution and ended up using Citadel/UX. For some reason with
some update it broke to a state I wasn't able to start it again. Hence I
wasn't able to get any data out of it as for some reason I just was not
able to access the BerkeleyDB data file. As I also wasn't able to get
the regular stuff with maildir running I just wanted a setup using a
regular MySQL not just for config- and user-data but also as the mail
storage backend so that in the event I encountered such a situation
again I can just use regular tools to restore a mysql database. As I'm
also a hobbyist Java developer for me it was a simple idea of "there has
to be some simple mail server implemented in Java" - and this is how I
ended up discovering and using James ever since.

It also already came into play that for some reason I had to manually
restore my database - exactly the reason why I chose MySQL as storage
backend. As it was helpful for the reason I chose it I rather stick to
it for that reason. The switch from MySQL to MariaDB was just something
OpenSuSE did - so I followed it. As a user I not noticed any differences.

As for the database issues mentioned: For some reason I had to set up
the MySQL- and later the MariaDB-repos instead of using what comes with
the OpenSuSE repos. I don't know what the difference was but it
prevented the initial setup of the database structure on first run.
Hence I'm glad that this is now fixed - whoever is reponsible for it.

- sync between main server and backup: I guess the additional forward
from the main server to the backup and handle them independently seems
like a neat idea simple to implement. I mostly rely on my backup when
doing maintenance on the root like OS updates which require a system
reboot. It's not I want to try to build a distributed synchronized
cluster. I guess for that there're better solutions out there. Looking
thru the docs there's something pointing to
https://github.com/apache/james-project/blob/james-project-3.8.0/docs/modules/servers/pages/distributed/run-docker.adoc
- but that doesn't exists or isn't set to public, same as for the guice
setup. So it seems there's documentation for what I want to do - but
it's not available to me.

Have a good one.

Matt

On 09.01.24 08:44, Rene Cordier wrote:

Hello,

Interesting read thanks.

Few remarks though, but feel free to agree or not :) :

- any reason to still run the spring version of James? That version I
believe is not always up-to-date with dependencies (specially the
sprint dependencies). Truth is it might get deprecated and removed in
later release if a consensus is reached, as all active dev is done on
the Guice versions now. You might want to check that (JPA Guice here
probably closest to the Spring version)

- note that there is active development at the moment (still WIP)
regarding a Postgresql reactive implementation with james (Guice). I
saw you seem to use MariaDB but might interest you for the future maybe?

- for sync between your main server and backup, maybe just redirect
the mails to both platforms, and let them treat the mails separately?
If not I guess db backup and sync between the two could do it too.

Good job on running latest James on the new OpenSuse though, thanks
for sharing!

Rene.

On 1/9/24 10:17, cryptearth wrote:

Hello there everybody,

happy new year 2024 to all of you.
It's been quite some time since I was last active on this maillist.
After
upgrading my server to OpenSuSE 15.5 and James to 3.8 and after
reading the
recent topics on the web archive I decided to post a small round up
how it

went this way.

Important word of warning and security:
This is only a personal write-down how I did my setup. I'm aware
there're
still some security improvements to be done. This is meant as an
informative
guide. I'm by no means responsible for any security issues that may
arise by

following

Re: James 3.8 one OpenSuSE 15.5

2024-01-08 Thread Rene Cordier


Hello,

Interesting read thanks.

Few remarks though, but feel free to agree or not :) :

- any reason to still run the spring version of James? That version I 
believe is not always up-to-date with dependencies (specially the sprint 
dependencies). Truth is it might get deprecated and removed in later 
release if a consensus is reached, as all active dev is done on the 
Guice versions now. You might want to check that (JPA Guice here 
probably closest to the Spring version)


- note that there is active development at the moment (still WIP) 
regarding a Postgresql reactive implementation with james (Guice). I saw 
you seem to use MariaDB but might interest you for the future maybe?


- for sync between your main server and backup, maybe just redirect the 
mails to both platforms, and let them treat the mails separately? If not 
I guess db backup and sync between the two could do it too.


Good job on running latest James on the new OpenSuse though, thanks for 
sharing!


Rene.

On 1/9/24 10:17, cryptearth wrote:

Hello there everybody,

happy new year 2024 to all of you.
It's been quite some time since I was last active on this maillist. After
upgrading my server to OpenSuSE 15.5 and James to 3.8 and after reading the
recent topics on the web archive I decided to post a small round up how it
went this way.

Important word of warning and security:
This is only a personal write-down how I did my setup. I'm aware there're
still some security improvements to be done. This is meant as an informative
guide. I'm by no means responsible for any security issues that may arise by
following this. I myself got hacked by the Log4J issue mostly due to not
applying the available update fast enough. It's your own responsibility to
make your setup secure. All I can offer are some guidelines from personal
experience.

That warning out now let's get to the real topic.

As several of the active devs here know I use James for quite some time now
and over the years encountered several issues mostly specific to OpenSuSE and
the packages provided by its repositories. Luckily this time everything went
smoothly.

I started from a fresh clean "server"-type install, but this should be
applicable to any existing system as well. So the first step is to fully update
the new system.

As OpenSuSE comes with postfix I replace it with sendmail for later. I guess
it's also possible with postfix or exim or any other MTA  providing the
required sendmail dependency. Using sendmail was just the simplest option I
figured out when I first used it.
The keyword here is "nullclient": It configures sendmail to just forward
everything to James without any handling itself. For this sendmail comes with
an almost ready-to-use config which only needs one change in /etc/sendmail/
linux.nullclient.mc in line 27 by replacing the example
"mailhub.domain.notused" with "localhost". Then just generate the new
sendmail.cf from it (either as root or via sudo):
m4 /etc/mail/linux.nullclient.mc > /etc/sendmail.cf

I also have to edit the systemd script. For some reason the systemctl edit
command works a bit unexpected for simple edits so by appending --full it
becomes a full override. The service file needs two changes:

1) moving the PIDFile from /var/run to /run as hinted by systemctl status
message:
PIDFile=/run/sendmail.pid

2) remove the -bd flag from the start args to prevent sendmail from blocking
port TCP/25:
Environment="SENDMAIL_ARGS=-L -Am -q30m -om"

Check if sendmail service is enabled and started: systemctl status sendmail
At least enabled it so it gets started at reboot. As James isn't setup yet to
take its mails don't start it yet - it could cause a hang into an infinite
loop.

Before get to James I prepare the rest of the system by install these packages
(can be installed along when switching postfix for sendmail):
- java-17-openjdk-devel
- git
- maven
- mariadb
- phpMyAdmin-apache
- yast2-http-server
The required dependencies get pulled in by the resolver. After installing the
packages YaST tells you to secure MariaDB. So I do this right away by running
mariadb-secure-installation as root/sudo and set a root password. All other
questions can be answered with thier default option (just hit enter).

To get phpMyAdmin running only the initial setup using "yast http-server" is
required. Select enable PHP in the 2nd step and complete the setup by just
hitting F10 a couple times. If the Apache2 server is accessible via the
internet care should be taken by limiting phpMyAdmin to localhost. Edit /etc/
apache2/conf.d/phpMyAdmin.conf line 27 to "Require local" and use ssh tunnels.
If you have services like a vpn or a tor hidden service running you may want
to secure it even further with something like an .htaccess or similar. This
way you prevent attackers from trying to bruteforce your database password.

Complete the pre-setup by use phpMyAdmin to add a new user for James.

Now let's build James:
git clone https://github.com/apache/james-project -b

James 3.8 one OpenSuSE 15.5

2024-01-08 Thread cryptearth

Hello there everybody,

happy new year 2024 to all of you.
It's been quite some time since I was last active on this maillist. After 
upgrading my server to OpenSuSE 15.5 and James to 3.8 and after reading the 
recent topics on the web archive I decided to post a small round up how it 
went this way.

Important word of warning and security:
This is only a personal write-down how I did my setup. I'm aware there're 
still some security improvements to be done. This is meant as an informative 
guide. I'm by no means responsible for any security issues that may arise by 
following this. I myself got hacked by the Log4J issue mostly due to not 
applying the available update fast enough. It's your own responsibility to 
make your setup secure. All I can offer are some guidelines from personal 
experience.

That warning out now let's get to the real topic.

As several of the active devs here know I use James for quite some time now 
and over the years encountered several issues mostly specific to OpenSuSE and 
the packages provided by its repositories. Luckily this time everything went 
smoothly.

I started from a fresh clean "server"-type install, but this should be 
applicable to any existing system as well. So the first step is to fully update 
the new system.

As OpenSuSE comes with postfix I replace it with sendmail for later. I guess 
it's also possible with postfix or exim or any other MTA  providing the 
required sendmail dependency. Using sendmail was just the simplest option I 
figured out when I first used it.
The keyword here is "nullclient": It configures sendmail to just forward 
everything to James without any handling itself. For this sendmail comes with 
an almost ready-to-use config which only needs one change in /etc/sendmail/
linux.nullclient.mc in line 27 by replacing the example 
"mailhub.domain.notused" with "localhost". Then just generate the new 
sendmail.cf from it (either as root or via sudo):
m4 /etc/mail/linux.nullclient.mc > /etc/sendmail.cf

I also have to edit the systemd script. For some reason the systemctl edit 
command works a bit unexpected for simple edits so by appending --full it 
becomes a full override. The service file needs two changes:

1) moving the PIDFile from /var/run to /run as hinted by systemctl status 
message:
PIDFile=/run/sendmail.pid

2) remove the -bd flag from the start args to prevent sendmail from blocking 
port TCP/25:
Environment="SENDMAIL_ARGS=-L -Am -q30m -om"

Check if sendmail service is enabled and started: systemctl status sendmail
At least enabled it so it gets started at reboot. As James isn't setup yet to 
take its mails don't start it yet - it could cause a hang into an infinite 
loop.

Before get to James I prepare the rest of the system by install these packages 
(can be installed along when switching postfix for sendmail):
- java-17-openjdk-devel
- git
- maven
- mariadb
- phpMyAdmin-apache
- yast2-http-server
The required dependencies get pulled in by the resolver. After installing the 
packages YaST tells you to secure MariaDB. So I do this right away by running 
mariadb-secure-installation as root/sudo and set a root password. All other 
questions can be answered with thier default option (just hit enter).

To get phpMyAdmin running only the initial setup using "yast http-server" is 
required. Select enable PHP in the 2nd step and complete the setup by just 
hitting F10 a couple times. If the Apache2 server is accessible via the 
internet care should be taken by limiting phpMyAdmin to localhost. Edit /etc/
apache2/conf.d/phpMyAdmin.conf line 27 to "Require local" and use ssh tunnels. 
If you have services like a vpn or a tor hidden service running you may want 
to secure it even further with something like an .htaccess or similar. This 
way you prevent attackers from trying to bruteforce your database password.

Complete the pre-setup by use phpMyAdmin to add a new user for James.

Now let's build James:
git clone https://github.com/apache/james-project -b james-project-3.8.0
cd james-project
mvn clean package -DskipTests -T 1C
As I use the spring package I then unpack the tar in james-project/server/
apps/spring-app/target/james-server-spring-app-3.8.0-app.tar.gz.
I also need to get the mariadb-connector/J: https://mariadb.com/downloads/
connectors/ and place the .jar in the james-server-spring-app-3.8.0/lib 
folder.
I'm not sure why this isn't distributed along or part of the package manifest 
to pull from the repos - guess this is some licence nonesense.

It's config time now - and there's not that much to do.
As I don't use POP3 the first I do is disable the POP3 server.
Next I set up the database stuff by change the driver to
org.mariadb.jdbc.Driver
and the connector-string to
jdbc:mariadb://localhost:3306/james
Btw: As pretty much any modern JDBC driver should be a type 4.x there's no 
need to specify the driver class name or do something like
Class.forName()
As long as the driver jar is in classpath on startup of the JVM it gets

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

Re: James 3.8 one OpenSuSE 15.5

James 3.8 one OpenSuSE 15.5

11 matches

Site Navigation

Mail list logo

Footer information