James 3 beta minimal secure configuration
Hi, I understand that security involves lot of layers, but I want to understand is James default configuration secure enough to restrict un-authorized access? If not, what are the areas we need to configure? Is there any documentation available? In my view security here means (these are few I have on top of my head), 1) Without having user authentication mails shouldn't be sent out 2) Can we enforce authentication passwords are complex? 3) Is there any way we can limit out going capabilities to only certain users? for example, only my company admins can send emails, NOT associates. like that. Any help would be appreciated. Thanks for your time. Thank you, Giri
Re: IMAP Reload Issues with Thunderbird
Hi All, thx for the reply. It happens on all subfolders but not for the INBOX. I will try to investigate a bit more. Perhaps it's important to mention that I filled the folders by copying the messages with the Thunderbird client after I applied the patch from JIRA JAMES-1436. Thomas Greafenhain Am 03.11.2013 15:38, schrieb Eric Charles: Strange, we never had such issues reported. Does this only happen for a specific subfolders or for all? Do you have that issue on the INBOX? What about the default installation with the embedded Derby database? (did you monitor the PostgreSQL connection for any trouble?) On 31/10/13 10:36, Thomas Graefenhain wrote: Hi All, Prerequisite: I'm using James 3.0-beta4 configured with PostgreSQL 9.3. I'm accessing it via Thunderbird 24.1.0 over IMAP. My folder structure is like the following: INBOX.Folder.Subfolder and I have over 600 mails in one Subfolder. Problem: While accessing a Subfolder with Thunderbird the amount of mails shown in Thunderbird varies but never shows all mails. Each time I'm switching into a Subfolder Thunderbird clears that folder and reloads it from the server with different results. Also the number of mails 'not seen' varies and even after marking the whole folder as seen, I've unseen mails in that folder after reload. This happens independently of configuring Thunderbird to use IDLE mode for IMAP or not. Question: Is this behavior a know issue? Is there a patch? Are there any suggestions to solve that or are there any workarounds? I'm willing to help on that if I will get some pointers where to start. Thx in advance Thomas - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Virtual hosting and SMTP
Quoting Eric Charles : If you don't want to enforce ssl/tls, don't use the startTls/sslEnable tag. Btw, I suspect bad bugs there. Err, do you mean bad bugs when enforcing, or when not? (Or just with impl of SSL/TLS generally?) Simply not working in general, at least I need to double check. Seems OK here when the gateway demands STARTTLS (not SSL) and I don't demand anything. I think that covers all the gateways I'll be using. Take care if you don't use /%user/%domain and experiment... Seems OK so far. Are you thinking concurrency issues, parts of the code expecting this format (in which case why make it configurable?), or something else? Nothing about concurrency, but more about the virtual hosting working. the %domain is needed for this. I guess my nomenclature was bad with my subject line. It's not really vhosting in the James sense at all, as effectively there would just be one domain in use (and it's no problem to use the variable in the .properties if it's needed, although it didn't appear to be for me). The fetchmail conf can deliver mail for all upstream domains/users into one mailbox, but it would be desirable if it could filter it into certain subfolders. Leaving the user issue aside, that's something also required for certain other types of incoming filtering (spam and other things). http://tools.ietf.org/html/rfc2822#section-3.2.4 '+' is a valid character for username. SMTP servers can indeed assign proprietary meaning. You can achieve this in James with a Regex Matcher. OK, but without a suitable mailet for the filing, it looks like I'm still stuffed. I'm a bit lost atm in JIRA trying to work out where sieve/jsieve/sieve-mailet is broken. Can anyone shed light on this? I'd like to look at it myself if I can, as it's seemingly down to that or writing my own mailet from scratch. Robin Bankhead - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Maildir with hierarchical filesystem layout
Happy to (pending testing), if you think you *do* gain anything from
it; in this instance it was more in the manner of scratching a
personal itch, not so much destined for core adoption. But if you
think it's worthwhile, then I'll throw it on there.
Robin Bankhead
Quoting Eric Charles :
Thx. Can you open a JIRA on
https://issues.apache.org/jira/browse/MAILBOX and explain what we
gain with this patch?
On 03/11/13 10:54, Robin Bankhead wrote:
Quick reply to my own question: No, not quite that simple.
The commented-out code only addresses translation from absolute folder
path to mailbox path, so I also had to add similar translation to the
getFolderName() method. Also, as
MailboxConstants.DEFAULT_DELIMITER_STRING is now (char)
DEFAULT_DELIMITER, that had to change too.
The below patch is not yet tested, but I reckon it should create the
folders as intended.
Robin Bankhead
Index: MaildirStore.java
--- MaildirStore.java Base (BASE)
+++ MaildirStore.java Locally Modified (Based On LOCAL)
@@ -41,7 +41,7 @@
public static final String PATH_FULLUSER = "%fulluser";
public static final String WILDCARD = "%";
-public static final String maildirDelimiter = ".";
+public static final String maildirDelimiter = "/";
private String maildirLocation;
@@ -192,8 +199,8 @@
// remove leading dot
mName = folderName.substring(1);
// they are equal, anyways, this might change someday...
-//if (maildirDelimiter !=
MailboxConstants.DEFAULT_DELIMITER_STRING)
-//mName = mName.replace(maildirDelimiter,
MailboxConstants.DEFAULT_DELIMITER_STRING);
+if (maildirDelimiter.charAt(0) !=
MailboxConstants.DEFAULT_DELIMITER)
+mName = mName.replace(maildirDelimiter.charAt(0),
MailboxConstants.DEFAULT_DELIMITER);
return mName;
}
@@ -213,6 +220,8 @@
if (!root.endsWith(File.pathSeparator))
folder.append(File.separator);
folder.append(".");
+if (maildirDelimiter.charAt(0) !=
MailboxConstants.DEFAULT_DELIMITER)
+name = name.replace(MailboxConstants.DEFAULT_DELIMITER,
maildirDelimiter.charAt(0));
folder.append(name);
return folder.toString();
}
Quoting Robin Bankhead :
Hello,
I've been doing things with the mailbox-maildir code, while also
learning a bit about namespaces, and I came across this:
org.apache.james.mailbox.maildir.MaildirStore.maildirDelimiter = ".";
Simple question: If I simply changed this to '/' (and reinstated the
commented-out code in that file that references it), would this *in
theory* be all that'd be required to enable a hierarchical on-disk
layout?
I have the luxury of breaking stuff at the moment, and I like the idea
of the maildir hierarchy being mirrored in the actual filesystem. To
my mind it would have the benefit of relieving the (albeit not too
onerous) limitations on subdirs-per-dir, and be more intuitive to boot.
I'd just welcome a heads-up if anyone who knows the Mailbox codebase
better than I (so, pretty much anyone) happens to know that it's going
to be a lot more work than it looks like it might be.
Thanks,
Robin Bankhead
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
Re: Maildir with hierarchical filesystem layout
Thx. Can you open a JIRA on
https://issues.apache.org/jira/browse/MAILBOX and explain what we gain
with this patch?
On 03/11/13 10:54, Robin Bankhead wrote:
Quick reply to my own question: No, not quite that simple.
The commented-out code only addresses translation from absolute folder
path to mailbox path, so I also had to add similar translation to the
getFolderName() method. Also, as
MailboxConstants.DEFAULT_DELIMITER_STRING is now (char)
DEFAULT_DELIMITER, that had to change too.
The below patch is not yet tested, but I reckon it should create the
folders as intended.
Robin Bankhead
Index: MaildirStore.java
--- MaildirStore.java Base (BASE)
+++ MaildirStore.java Locally Modified (Based On LOCAL)
@@ -41,7 +41,7 @@
public static final String PATH_FULLUSER = "%fulluser";
public static final String WILDCARD = "%";
-public static final String maildirDelimiter = ".";
+public static final String maildirDelimiter = "/";
private String maildirLocation;
@@ -192,8 +199,8 @@
// remove leading dot
mName = folderName.substring(1);
// they are equal, anyways, this might change someday...
-//if (maildirDelimiter !=
MailboxConstants.DEFAULT_DELIMITER_STRING)
-//mName = mName.replace(maildirDelimiter,
MailboxConstants.DEFAULT_DELIMITER_STRING);
+if (maildirDelimiter.charAt(0) !=
MailboxConstants.DEFAULT_DELIMITER)
+mName = mName.replace(maildirDelimiter.charAt(0),
MailboxConstants.DEFAULT_DELIMITER);
return mName;
}
@@ -213,6 +220,8 @@
if (!root.endsWith(File.pathSeparator))
folder.append(File.separator);
folder.append(".");
+if (maildirDelimiter.charAt(0) !=
MailboxConstants.DEFAULT_DELIMITER)
+name = name.replace(MailboxConstants.DEFAULT_DELIMITER,
maildirDelimiter.charAt(0));
folder.append(name);
return folder.toString();
}
Quoting Robin Bankhead :
Hello,
I've been doing things with the mailbox-maildir code, while also
learning a bit about namespaces, and I came across this:
org.apache.james.mailbox.maildir.MaildirStore.maildirDelimiter = ".";
Simple question: If I simply changed this to '/' (and reinstated the
commented-out code in that file that references it), would this *in
theory* be all that'd be required to enable a hierarchical on-disk
layout?
I have the luxury of breaking stuff at the moment, and I like the idea
of the maildir hierarchy being mirrored in the actual filesystem. To
my mind it would have the benefit of relieving the (albeit not too
onerous) limitations on subdirs-per-dir, and be more intuitive to boot.
I'd just welcome a heads-up if anyone who knows the Mailbox codebase
better than I (so, pretty much anyone) happens to know that it's going
to be a lot more work than it looks like it might be.
Thanks,
Robin Bankhead
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
Re: IMAP Reload Issues with Thunderbird
Strange, we never had such issues reported. Does this only happen for a specific subfolders or for all? Do you have that issue on the INBOX? What about the default installation with the embedded Derby database? (did you monitor the PostgreSQL connection for any trouble?) On 31/10/13 10:36, Thomas Graefenhain wrote: Hi All, Prerequisite: I'm using James 3.0-beta4 configured with PostgreSQL 9.3. I'm accessing it via Thunderbird 24.1.0 over IMAP. My folder structure is like the following: INBOX.Folder.Subfolder and I have over 600 mails in one Subfolder. Problem: While accessing a Subfolder with Thunderbird the amount of mails shown in Thunderbird varies but never shows all mails. Each time I'm switching into a Subfolder Thunderbird clears that folder and reloads it from the server with different results. Also the number of mails 'not seen' varies and even after marking the whole folder as seen, I've unseen mails in that folder after reload. This happens independently of configuring Thunderbird to use IDLE mode for IMAP or not. Question: Is this behavior a know issue? Is there a patch? Are there any suggestions to solve that or are there any workarounds? I'm willing to help on that if I will get some pointers where to start. Thx in advance Thomas - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Unable to send mail using SSL/TLS
Use the gatewayPort attribute in RemoteDelivery mailet (in mailetcontainer.xml) http://james.apache.org/server/3/dev-provided-mailets.html#RemoteDelivery On 31/10/13 01:09, Saibabu Vallurupalli wrote: Hi All, I configured James 3 Beta 3 to use SSL/TLS followed the instructions (1) and (2). After starting the server , I am able to send receive emails on port 465 using SMTP on SSL/TLS. If I try to send a mail to another server it is always trying to connect to the remote server on port 25. The other server also uses port 465 and they have blocked port 25. So, my remote delivery is not happening. Is there any other configuration with in James which uses secured port 465 and send email. Also, Since I know the Remote server doesn't have port 25 open I can force to use 465. In a real world scenarion is this not a default configuration to try sending email on port 25 and then try other secured port like 465. Please advise. (1) : http://james.apache.org/server/3/config-ssl-tls.html (2): http://james.apache.org/server/3/config-smtp-lmtp.html Thank you, Sai - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Virtual hosting and SMTP
On 27/10/13 10:31, Robin Bankhead wrote: Quoting Eric Charles : Multiple outgoing gateways are possible. the outgoing tag is the name of the queue that will hold messages being processed by the RemoteDelivery Mailet (deployed doc is misleading). Use distinct one per RemoteDelivery mailet. OK I have it now, everything I needed was in the mailetcontainer.xml file so I just worked from that, putting my own blocks above the "All"-matching one. I'd gotten so distracted with my maildir adventures that I forgot all about this being there, sorry ^^ OK If you don't want to enforce ssl/tls, don't use the startTls/sslEnable tag. Btw, I suspect bad bugs there. Err, do you mean bad bugs when enforcing, or when not? (Or just with impl of SSL/TLS generally?) Simply not working in general, at least I need to double check. for filtering..., current matchers can help, but sieve is not operational atm. Yeah the matchers look to have all I need for matching, but with no mailet that can do "FileInto" (in Sieve-speak) that's no good... Is there a lot needing to be done with sieve? Perhaps I could help... Take care if you don't use /%user/%domain and experiment... Seems OK so far. Are you thinking concurrency issues, parts of the code expecting this format (in which case why make it configurable?), or something else? Nothing about concurrency, but more about the virtual hosting working. the %domain is needed for this. While on that subject, are there any other variables that could be used there? (Hey, I'm in breaking-stuff mode) What do you mean with "user+box@..." ? I'm sure I came across a notation like this while I was creating the vhosting setup on my home box (with dovecot and postfix), but of course I can't find a citation for you now :S IIRC, the idea was you appended a plus-sign followed by this "next hop" string to the recipient name when sending, and this was a cue for the receiving MDA to file it into the specified subdir of that mailbox. Probably some short-lived proprietary extension from years ago; if you haven't heard of it then that's all I need to know ;) http://tools.ietf.org/html/rfc2822#section-3.2.4 '+' is a valid character for username. SMTP servers can indeed assign proprietary meaning. You can achieve this in James with a Regex Matcher. Thanks again, Robin Bankhead - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
Re: Maildir with hierarchical filesystem layout
Quick reply to my own question: No, not quite that simple.
The commented-out code only addresses translation from absolute folder
path to mailbox path, so I also had to add similar translation to the
getFolderName() method. Also, as
MailboxConstants.DEFAULT_DELIMITER_STRING is now (char)
DEFAULT_DELIMITER, that had to change too.
The below patch is not yet tested, but I reckon it should create the
folders as intended.
Robin Bankhead
Index: MaildirStore.java
--- MaildirStore.java Base (BASE)
+++ MaildirStore.java Locally Modified (Based On LOCAL)
@@ -41,7 +41,7 @@
public static final String PATH_FULLUSER = "%fulluser";
public static final String WILDCARD = "%";
-public static final String maildirDelimiter = ".";
+public static final String maildirDelimiter = "/";
private String maildirLocation;
@@ -192,8 +199,8 @@
// remove leading dot
mName = folderName.substring(1);
// they are equal, anyways, this might change someday...
-//if (maildirDelimiter != MailboxConstants.DEFAULT_DELIMITER_STRING)
-//mName = mName.replace(maildirDelimiter,
MailboxConstants.DEFAULT_DELIMITER_STRING);
+if (maildirDelimiter.charAt(0) != MailboxConstants.DEFAULT_DELIMITER)
+mName = mName.replace(maildirDelimiter.charAt(0),
MailboxConstants.DEFAULT_DELIMITER);
return mName;
}
@@ -213,6 +220,8 @@
if (!root.endsWith(File.pathSeparator))
folder.append(File.separator);
folder.append(".");
+ if (maildirDelimiter.charAt(0) !=
MailboxConstants.DEFAULT_DELIMITER)
+ name = name.replace(MailboxConstants.DEFAULT_DELIMITER,
maildirDelimiter.charAt(0));
folder.append(name);
return folder.toString();
}
Quoting Robin Bankhead :
Hello,
I've been doing things with the mailbox-maildir code, while also
learning a bit about namespaces, and I came across this:
org.apache.james.mailbox.maildir.MaildirStore.maildirDelimiter = ".";
Simple question: If I simply changed this to '/' (and reinstated the
commented-out code in that file that references it), would this *in
theory* be all that'd be required to enable a hierarchical on-disk
layout?
I have the luxury of breaking stuff at the moment, and I like the
idea of the maildir hierarchy being mirrored in the actual
filesystem. To my mind it would have the benefit of relieving the
(albeit not too onerous) limitations on subdirs-per-dir, and be more
intuitive to boot.
I'd just welcome a heads-up if anyone who knows the Mailbox codebase
better than I (so, pretty much anyone) happens to know that it's
going to be a lot more work than it looks like it might be.
Thanks,
Robin Bankhead
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
