Re: James 3.8 one OpenSuSE 15.5
Hello, Interesting read thanks. Few remarks though, but feel free to agree or not :) : - any reason to still run the spring version of James? That version I believe is not always up-to-date with dependencies (specially the sprint dependencies). Truth is it might get deprecated and removed in later release if a consensus is reached, as all active dev is done on the Guice versions now. You might want to check that (JPA Guice here probably closest to the Spring version) - note that there is active development at the moment (still WIP) regarding a Postgresql reactive implementation with james (Guice). I saw you seem to use MariaDB but might interest you for the future maybe? - for sync between your main server and backup, maybe just redirect the mails to both platforms, and let them treat the mails separately? If not I guess db backup and sync between the two could do it too. Good job on running latest James on the new OpenSuse though, thanks for sharing! Rene. On 1/9/24 10:17, cryptearth wrote: Hello there everybody, happy new year 2024 to all of you. It's been quite some time since I was last active on this maillist. After upgrading my server to OpenSuSE 15.5 and James to 3.8 and after reading the recent topics on the web archive I decided to post a small round up how it went this way. Important word of warning and security: This is only a personal write-down how I did my setup. I'm aware there're still some security improvements to be done. This is meant as an informative guide. I'm by no means responsible for any security issues that may arise by following this. I myself got hacked by the Log4J issue mostly due to not applying the available update fast enough. It's your own responsibility to make your setup secure. All I can offer are some guidelines from personal experience. That warning out now let's get to the real topic. As several of the active devs here know I use James for quite some time now and over the years encountered several issues mostly specific to OpenSuSE and the packages provided by its repositories. Luckily this time everything went smoothly. I started from a fresh clean "server"-type install, but this should be applicable to any existing system as well. So the first step is to fully update the new system. As OpenSuSE comes with postfix I replace it with sendmail for later. I guess it's also possible with postfix or exim or any other MTA providing the required sendmail dependency. Using sendmail was just the simplest option I figured out when I first used it. The keyword here is "nullclient": It configures sendmail to just forward everything to James without any handling itself. For this sendmail comes with an almost ready-to-use config which only needs one change in /etc/sendmail/ linux.nullclient.mc in line 27 by replacing the example "mailhub.domain.notused" with "localhost". Then just generate the new sendmail.cf from it (either as root or via sudo): m4 /etc/mail/linux.nullclient.mc > /etc/sendmail.cf I also have to edit the systemd script. For some reason the systemctl edit command works a bit unexpected for simple edits so by appending --full it becomes a full override. The service file needs two changes: 1) moving the PIDFile from /var/run to /run as hinted by systemctl status message: PIDFile=/run/sendmail.pid 2) remove the -bd flag from the start args to prevent sendmail from blocking port TCP/25: Environment="SENDMAIL_ARGS=-L -Am -q30m -om" Check if sendmail service is enabled and started: systemctl status sendmail At least enabled it so it gets started at reboot. As James isn't setup yet to take its mails don't start it yet - it could cause a hang into an infinite loop. Before get to James I prepare the rest of the system by install these packages (can be installed along when switching postfix for sendmail): - java-17-openjdk-devel - git - maven - mariadb - phpMyAdmin-apache - yast2-http-server The required dependencies get pulled in by the resolver. After installing the packages YaST tells you to secure MariaDB. So I do this right away by running mariadb-secure-installation as root/sudo and set a root password. All other questions can be answered with thier default option (just hit enter). To get phpMyAdmin running only the initial setup using "yast http-server" is required. Select enable PHP in the 2nd step and complete the setup by just hitting F10 a couple times. If the Apache2 server is accessible via the internet care should be taken by limiting phpMyAdmin to localhost. Edit /etc/ apache2/conf.d/phpMyAdmin.conf line 27 to "Require local" and use ssh tunnels. If you have services like a vpn or a tor hidden service running you may want to secure it even further with something like an .htaccess or similar. This way you prevent attackers from trying to bruteforce your database password. Complete the pre-setup by use phpMyAdmin to add a new user for James. Now let's build James: git clone https://github.com/apache/james-project -b james-
Re: James 3.8 one OpenSuSE 15.5
Hello Rene, thank you for the kind words. May let me answer your points: - Spring vs. Guice: I use James since the Beta of 3.0 and if I recall correctly back then the Spring package was the one to use. By the usual "never change a running system" I not changed since. I had a quick look into it, but unfortunately the links on the install instructions https://james.apache.org/server/install.html only lead to a 404 - so there's something missing. Also I seem to require docker - which I don't have any experience with. I'd rather prefer just to build a package, unpack it and start it without having to deal with any extra containerization around it. It seems I require some help to setup a guice install. - as for using MariaDB: This goes back to 2015 when I started to rent my server and own domain. Back then I had basically no knowledge about server administration let alone set up a mail server. Although there're complete guides on how to setup postfix with dovecot and such on opensuse I not managed to get it working. So I looked for a simple complete solution and ended up using Citadel/UX. For some reason with some update it broke to a state I wasn't able to start it again. Hence I wasn't able to get any data out of it as for some reason I just was not able to access the BerkeleyDB data file. As I also wasn't able to get the regular stuff with maildir running I just wanted a setup using a regular MySQL not just for config- and user-data but also as the mail storage backend so that in the event I encountered such a situation again I can just use regular tools to restore a mysql database. As I'm also a hobbyist Java developer for me it was a simple idea of "there has to be some simple mail server implemented in Java" - and this is how I ended up discovering and using James ever since. It also already came into play that for some reason I had to manually restore my database - exactly the reason why I chose MySQL as storage backend. As it was helpful for the reason I chose it I rather stick to it for that reason. The switch from MySQL to MariaDB was just something OpenSuSE did - so I followed it. As a user I not noticed any differences. As for the database issues mentioned: For some reason I had to set up the MySQL- and later the MariaDB-repos instead of using what comes with the OpenSuSE repos. I don't know what the difference was but it prevented the initial setup of the database structure on first run. Hence I'm glad that this is now fixed - whoever is reponsible for it. - sync between main server and backup: I guess the additional forward from the main server to the backup and handle them independently seems like a neat idea simple to implement. I mostly rely on my backup when doing maintenance on the root like OS updates which require a system reboot. It's not I want to try to build a distributed synchronized cluster. I guess for that there're better solutions out there. Looking thru the docs there's something pointing to https://github.com/apache/james-project/blob/james-project-3.8.0/docs/modules/servers/pages/distributed/run-docker.adoc - but that doesn't exists or isn't set to public, same as for the guice setup. So it seems there's documentation for what I want to do - but it's not available to me. Have a good one. Matt On 09.01.24 08:44, Rene Cordier wrote: Hello, Interesting read thanks. Few remarks though, but feel free to agree or not :) : - any reason to still run the spring version of James? That version I believe is not always up-to-date with dependencies (specially the sprint dependencies). Truth is it might get deprecated and removed in later release if a consensus is reached, as all active dev is done on the Guice versions now. You might want to check that (JPA Guice here probably closest to the Spring version) - note that there is active development at the moment (still WIP) regarding a Postgresql reactive implementation with james (Guice). I saw you seem to use MariaDB but might interest you for the future maybe? - for sync between your main server and backup, maybe just redirect the mails to both platforms, and let them treat the mails separately? If not I guess db backup and sync between the two could do it too. Good job on running latest James on the new OpenSuse though, thanks for sharing! Rene. On 1/9/24 10:17, cryptearth wrote: Hello there everybody, happy new year 2024 to all of you. It's been quite some time since I was last active on this maillist. After upgrading my server to OpenSuSE 15.5 and James to 3.8 and after reading the recent topics on the web archive I decided to post a small round up how it went this way. Important word of warning and security: This is only a personal write-down how I did my setup. I'm aware there're still some security improvements to be done. This is meant as an informative guide. I'm by no means responsible for any security issues that may arise by following this.
Re: James 3.8 one OpenSuSE 15.5
Hi Matt, Let me answer you this time below in each of your points :) Cheers, Rene. On 1/9/24 21:27, cryptearth wrote: Hello Rene, thank you for the kind words. May let me answer your points: - Spring vs. Guice: I use James since the Beta of 3.0 and if I recall correctly back then the Spring package was the one to use. By the usual "never change a running system" I not changed since. I had a quick look into it, but unfortunately the links on the install instructions https://james.apache.org/server/install.html only lead to a 404 - so there's something missing. Also I seem to require docker - which I don't have any experience with. I'd rather prefer just to build a package, unpack it and start it without having to deal with any extra containerization around it. It seems I require some help to setup a guice install. Regarding the 404 on the install page, it looks like you are right. It's not normal and I might take a look at it, thanks for the feedback! However, docker is one way, but like Sprint you can still just run a jar with Guice as well. You can see the download page for example (where the links seem to work) : https://james.apache.org/download.cgi . If you want to try to switch to Guice, the JPA james server is the one for you, that you can plug with MariaDB. The distributed version is for heavy deployments (which I don't think interests you here) with cassandra, opensearch, rabbitmq, ... => https://www.apache.org/dyn/closer.lua/james/server/3.8.0/james-server-jpa-guice.zip . You will see in the README as well in the zip some basic instructions to run it, with docker or manually with the jar like you are used to. I totally understand the reason behind the fact that you started with Spring, so far it works, and it's safe to stick to it. Quite a fair statement actually. The problem is that though the main development efforts since a while are being done on Guice, and the Spring one is quickly maintained, as nobody seems fully willing to keep developing on it now. It works but could have potentially some vulnerabilities... I'm thinking for example the spring dependencies, that are old and outdated I think^^' - as for using MariaDB: This goes back to 2015 when I started to rent my server and own domain. Back then I had basically no knowledge about server administration let alone set up a mail server. Although there're complete guides on how to setup postfix with dovecot and such on opensuse I not managed to get it working. So I looked for a simple complete solution and ended up using Citadel/UX. For some reason with some update it broke to a state I wasn't able to start it again. Hence I wasn't able to get any data out of it as for some reason I just was not able to access the BerkeleyDB data file. As I also wasn't able to get the regular stuff with maildir running I just wanted a setup using a regular MySQL not just for config- and user-data but also as the mail storage backend so that in the event I encountered such a situation again I can just use regular tools to restore a mysql database. As I'm also a hobbyist Java developer for me it was a simple idea of "there has to be some simple mail server implemented in Java" - and this is how I ended up discovering and using James ever since. It also already came into play that for some reason I had to manually restore my database - exactly the reason why I chose MySQL as storage backend. As it was helpful for the reason I chose it I rather stick to it for that reason. The switch from MySQL to MariaDB was just something OpenSuSE did - so I followed it. As a user I not noticed any differences. As for the database issues mentioned: For some reason I had to set up the MySQL- and later the MariaDB-repos instead of using what comes with the OpenSuSE repos. I don't know what the difference was but it prevented the initial setup of the database structure on first run. Hence I'm glad that this is now fixed - whoever is reponsible for it. I get this :) I was just trying to inform you that these days we work also on a Postgresql exclusive implementation for James. JPA is good to be able to plug to a lot of different SQL databases with the same code, but performances can be a bit meh. We are working on a full postgresql implementation of James in parallel as most people using JPA in the community are using Postgresql as their database (as it is quite a popular one). The goal is to have better performance here than with JPA for this particular db. But likely JPA might be enough for your singular usage. Was just throwing that here if maybe it was interesting for you. - sync between main server and backup: I guess the additional forward from the main server to the backup and handle them independently seems like a neat idea simple to implement. I mostly rely on my backup when doing maintenance on the root like OS updates which require a system reboot. It's not I want to try to build a di
Re: James 3.8 one OpenSuSE 15.5
Hello Rene, thank you for your reply. I tried to look into the docs and the readme, but I get redirected to these two pages without content: https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html From the readme it looks simple to get the jpa-guice package to run as it seems I can re-use a lot of my current configs. As for the required keystore: All I found was its use for TLS - as I use the new PEM variant it should also work this way. I'll give it a shot in a VM. Nice to see that the pop3 server is disabled by default. I'm sure this protocol still has its uses, but as it downloads the messages from the server and removes them while doing so I only see an application where messages not supposed to be left on the server like for quota reasons or something like privacy. As for MySQL/MariaDB vs PostgreSQL: The only think I know about PostgreSQL is that it exist but never used it due to most beginner books I read when I started roughly over 15 years ago all mentioned it but only used MySQL anyways. Shouldn't make a difference which to use. As for forwarding mails to my backup: I already came up with some ideas to make this work in both ways without causing loops so that mails received by the backup will also get forwarded to the main when it comes back up. btw: I noticed that my domain gets an .INVALID appended to it - but only here on this mailing list. Testmails to other services don't show this. Anyone maybe has an idea about that? Have a good one. Matt On 10.01.24 04:28, Rene Cordier wrote: Hi Matt, Let me answer you this time below in each of your points :) Cheers, Rene. On 1/9/24 21:27, cryptearth wrote: Hello Rene, thank you for the kind words. May let me answer your points: - Spring vs. Guice: I use James since the Beta of 3.0 and if I recall correctly back then the Spring package was the one to use. By the usual "never change a running system" I not changed since. I had a quick look into it, but unfortunately the links on the install instructions https://james.apache.org/server/install.html only lead to a 404 - so there's something missing. Also I seem to require docker - which I don't have any experience with. I'd rather prefer just to build a package, unpack it and start it without having to deal with any extra containerization around it. It seems I require some help to setup a guice install. Regarding the 404 on the install page, it looks like you are right. It's not normal and I might take a look at it, thanks for the feedback! However, docker is one way, but like Sprint you can still just run a jar with Guice as well. You can see the download page for example (where the links seem to work) : https://james.apache.org/download.cgi . If you want to try to switch to Guice, the JPA james server is the one for you, that you can plug with MariaDB. The distributed version is for heavy deployments (which I don't think interests you here) with cassandra, opensearch, rabbitmq, ... => https://www.apache.org/dyn/closer.lua/james/server/3.8.0/james-server-jpa-guice.zip . You will see in the README as well in the zip some basic instructions to run it, with docker or manually with the jar like you are used to. I totally understand the reason behind the fact that you started with Spring, so far it works, and it's safe to stick to it. Quite a fair statement actually. The problem is that though the main development efforts since a while are being done on Guice, and the Spring one is quickly maintained, as nobody seems fully willing to keep developing on it now. It works but could have potentially some vulnerabilities... I'm thinking for example the spring dependencies, that are old and outdated I think^^' - as for using MariaDB: This goes back to 2015 when I started to rent my server and own domain. Back then I had basically no knowledge about server administration let alone set up a mail server. Although there're complete guides on how to setup postfix with dovecot and such on opensuse I not managed to get it working. So I looked for a simple complete solution and ended up using Citadel/UX. For some reason with some update it broke to a state I wasn't able to start it again. Hence I wasn't able to get any data out of it as for some reason I just was not able to access the BerkeleyDB data file. As I also wasn't able to get the regular stuff with maildir running I just wanted a setup using a regular MySQL not just for config- and user-data but also as the mail storage backend so that in the event I encountered such a situation again I can just use regular tools to restore a mysql database. As I'm also a hobbyist Java developer for me it was a simple idea of "there has to be some simple mail server implemented in Java" - and this is how I ended up discovering and using James ever since.
Re: James 3.8 one OpenSuSE 15.5
Hello Matt, Thanks for keeping reporting dead links, I try to fix them every time firing PRs :) Regarding the correct link to the jpa guice sample conf: https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration Regarding the link in a previous email with jpa-guice installation guide (but I think the readme is likely more complete): https://james.apache.org/server/install/guice-jpa.html For this though: https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html, yes that's still not done, it's normal atm, as said this new doc is still a work in progress ^^' Regarding your mail with INVALID suffixed to it... No idea really^^' Might want to ask the people managing the mailing lists I guess. Well if anything else don't hesitate :) Rene. On 1/11/24 02:45, cryptearth wrote: Hello Rene, thank you for your reply. I tried to look into the docs and the readme, but I get redirected to these two pages without content: https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html From the readme it looks simple to get the jpa-guice package to run as it seems I can re-use a lot of my current configs. As for the required keystore: All I found was its use for TLS - as I use the new PEM variant it should also work this way. I'll give it a shot in a VM. Nice to see that the pop3 server is disabled by default. I'm sure this protocol still has its uses, but as it downloads the messages from the server and removes them while doing so I only see an application where messages not supposed to be left on the server like for quota reasons or something like privacy. As for MySQL/MariaDB vs PostgreSQL: The only think I know about PostgreSQL is that it exist but never used it due to most beginner books I read when I started roughly over 15 years ago all mentioned it but only used MySQL anyways. Shouldn't make a difference which to use. As for forwarding mails to my backup: I already came up with some ideas to make this work in both ways without causing loops so that mails received by the backup will also get forwarded to the main when it comes back up. btw: I noticed that my domain gets an .INVALID appended to it - but only here on this mailing list. Testmails to other services don't show this. Anyone maybe has an idea about that? Have a good one. Matt On 10.01.24 04:28, Rene Cordier wrote: Hi Matt, Let me answer you this time below in each of your points :) Cheers, Rene. On 1/9/24 21:27, cryptearth wrote: Hello Rene, thank you for the kind words. May let me answer your points: - Spring vs. Guice: I use James since the Beta of 3.0 and if I recall correctly back then the Spring package was the one to use. By the usual "never change a running system" I not changed since. I had a quick look into it, but unfortunately the links on the install instructions https://james.apache.org/server/install.html only lead to a 404 - so there's something missing. Also I seem to require docker - which I don't have any experience with. I'd rather prefer just to build a package, unpack it and start it without having to deal with any extra containerization around it. It seems I require some help to setup a guice install. Regarding the 404 on the install page, it looks like you are right. It's not normal and I might take a look at it, thanks for the feedback! However, docker is one way, but like Sprint you can still just run a jar with Guice as well. You can see the download page for example (where the links seem to work) : https://james.apache.org/download.cgi . If you want to try to switch to Guice, the JPA james server is the one for you, that you can plug with MariaDB. The distributed version is for heavy deployments (which I don't think interests you here) with cassandra, opensearch, rabbitmq, ... => https://www.apache.org/dyn/closer.lua/james/server/3.8.0/james-server-jpa-guice.zip . You will see in the README as well in the zip some basic instructions to run it, with docker or manually with the jar like you are used to. I totally understand the reason behind the fact that you started with Spring, so far it works, and it's safe to stick to it. Quite a fair statement actually. The problem is that though the main development efforts since a while are being done on Guice, and the Spring one is quickly maintained, as nobody seems fully willing to keep developing on it now. It works but could have potentially some vulnerabilities... I'm thinking for example the spring dependencies, that are old and outdated I think^^' - as for using MariaDB: This goes back to 2015 when I started to rent my server and own domain. Back then I had basically no knowledge about server administration let alone set up a mail server. Although there're complete guides on how to setup postfix
Re: James 3.8 one OpenSuSE 15.5
Hi everyone, so, I had a look into Guice+JPA and it's quite easy to setup by just reuse the configs I have for the Spring build. And although I still can use james-cli (although a bit different) I now have access to the REST-api via the webadmin (until now it seems I misunderstood it: I thought the "web admin" to be some browser admin panel instead of just an REST-api). And although it seems rather easy to use it to do the same as with the james-cli and even more - looking in the list archive: Is there any "client" for it like some webpage or some standalone gui? Guess if not it'd be a nice project to get something together - although I'm only a hobbyist and hence the "most advanced" I was able to get done was a simple networked battle ships game with some very ugly ui-code for the placement of the ships. So I guess if at all I can only provide some simple stuff and far from the code standards of ASF. The next will now be to switch over to Guice+JPA and also upgrade my backup server. Nice to see I still can learn about James - just another confirmation it was the right choice after Citadel/UX got broken, although I'll re-visit other setups with sendmail, postfix or exim just for the fun of additional knowledge. So long ... have a good one. Matt Am 11.01.24 um 05:40 schrieb Rene Cordier: Hello Matt, Thanks for keeping reporting dead links, I try to fix them every time firing PRs :) Regarding the correct link to the jpa guice sample conf: https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration Regarding the link in a previous email with jpa-guice installation guide (but I think the readme is likely more complete): https://james.apache.org/server/install/guice-jpa.html For this though: https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html, yes that's still not done, it's normal atm, as said this new doc is still a work in progress ^^' Regarding your mail with INVALID suffixed to it... No idea really^^' Might want to ask the people managing the mailing lists I guess. Well if anything else don't hesitate :) Rene. On 1/11/24 02:45, cryptearth wrote: Hello Rene, thank you for your reply. I tried to look into the docs and the readme, but I get redirected to these two pages without content: https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html From the readme it looks simple to get the jpa-guice package to run as it seems I can re-use a lot of my current configs. As for the required keystore: All I found was its use for TLS - as I use the new PEM variant it should also work this way. I'll give it a shot in a VM. Nice to see that the pop3 server is disabled by default. I'm sure this protocol still has its uses, but as it downloads the messages from the server and removes them while doing so I only see an application where messages not supposed to be left on the server like for quota reasons or something like privacy. As for MySQL/MariaDB vs PostgreSQL: The only think I know about PostgreSQL is that it exist but never used it due to most beginner books I read when I started roughly over 15 years ago all mentioned it but only used MySQL anyways. Shouldn't make a difference which to use. As for forwarding mails to my backup: I already came up with some ideas to make this work in both ways without causing loops so that mails received by the backup will also get forwarded to the main when it comes back up. btw: I noticed that my domain gets an .INVALID appended to it - but only here on this mailing list. Testmails to other services don't show this. Anyone maybe has an idea about that? Have a good one. Matt On 10.01.24 04:28, Rene Cordier wrote: Hi Matt, Let me answer you this time below in each of your points :) Cheers, Rene. On 1/9/24 21:27, cryptearth wrote: Hello Rene, thank you for the kind words. May let me answer your points: - Spring vs. Guice: I use James since the Beta of 3.0 and if I recall correctly back then the Spring package was the one to use. By the usual "never change a running system" I not changed since. I had a quick look into it, but unfortunately the links on the install instructions https://james.apache.org/server/install.html only lead to a 404 - so there's something missing. Also I seem to require docker - which I don't have any experience with. I'd rather prefer just to build a package, unpack it and start it without having to deal with any extra containerization around it. It seems I require some help to setup a guice install. Regarding the 404 on the install page, it looks like you are right. It's not normal and I might take a look at it, thanks for the feedback! However, docker is one way, but like Sprint you can still just run a jar with Guice as well. You can see the download page for
Re: James 3.8 one OpenSuSE 15.5
Hi Matt, Happy to see the transition didn't look too hard for you ! Regarding the webadmin, no there is no UI at the moment. It's been a task in the backlog for a long time though. But if you want to take a look, and even contribute, the task is here: https://issues.apache.org/jira/browse/JAMES-1931 . I'm sure people would be happy to see a contribution about this and support you regarding the coding standards of the project with reviews, even if the UI is not really good looking, it is ok I think. It's destined more to sys admins than lambda users for a backend software, as long as it does the job, it's enough already IMO :) Cheers, Rene. On 1/14/24 09:07, cryptearth wrote: Hi everyone, so, I had a look into Guice+JPA and it's quite easy to setup by just reuse the configs I have for the Spring build. And although I still can use james-cli (although a bit different) I now have access to the REST-api via the webadmin (until now it seems I misunderstood it: I thought the "web admin" to be some browser admin panel instead of just an REST-api). And although it seems rather easy to use it to do the same as with the james-cli and even more - looking in the list archive: Is there any "client" for it like some webpage or some standalone gui? Guess if not it'd be a nice project to get something together - although I'm only a hobbyist and hence the "most advanced" I was able to get done was a simple networked battle ships game with some very ugly ui-code for the placement of the ships. So I guess if at all I can only provide some simple stuff and far from the code standards of ASF. The next will now be to switch over to Guice+JPA and also upgrade my backup server. Nice to see I still can learn about James - just another confirmation it was the right choice after Citadel/UX got broken, although I'll re-visit other setups with sendmail, postfix or exim just for the fun of additional knowledge. So long ... have a good one. Matt Am 11.01.24 um 05:40 schrieb Rene Cordier: Hello Matt, Thanks for keeping reporting dead links, I try to fix them every time firing PRs :) Regarding the correct link to the jpa guice sample conf: https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration Regarding the link in a previous email with jpa-guice installation guide (but I think the readme is likely more complete): https://james.apache.org/server/install/guice-jpa.html For this though: https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html, yes that's still not done, it's normal atm, as said this new doc is still a work in progress ^^' Regarding your mail with INVALID suffixed to it... No idea really^^' Might want to ask the people managing the mailing lists I guess. Well if anything else don't hesitate :) Rene. On 1/11/24 02:45, cryptearth wrote: Hello Rene, thank you for your reply. I tried to look into the docs and the readme, but I get redirected to these two pages without content: https://github.com/apache/james-project/tree/master/server/container/guice/jpa-guice/sample-configuration https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html From the readme it looks simple to get the jpa-guice package to run as it seems I can re-use a lot of my current configs. As for the required keystore: All I found was its use for TLS - as I use the new PEM variant it should also work this way. I'll give it a shot in a VM. Nice to see that the pop3 server is disabled by default. I'm sure this protocol still has its uses, but as it downloads the messages from the server and removes them while doing so I only see an application where messages not supposed to be left on the server like for quota reasons or something like privacy. As for MySQL/MariaDB vs PostgreSQL: The only think I know about PostgreSQL is that it exist but never used it due to most beginner books I read when I started roughly over 15 years ago all mentioned it but only used MySQL anyways. Shouldn't make a difference which to use. As for forwarding mails to my backup: I already came up with some ideas to make this work in both ways without causing loops so that mails received by the backup will also get forwarded to the main when it comes back up. btw: I noticed that my domain gets an .INVALID appended to it - but only here on this mailing list. Testmails to other services don't show this. Anyone maybe has an idea about that? Have a good one. Matt On 10.01.24 04:28, Rene Cordier wrote: Hi Matt, Let me answer you this time below in each of your points :) Cheers, Rene. On 1/9/24 21:27, cryptearth wrote: Hello Rene, thank you for the kind words. May let me answer your points: - Spring vs. Guice: I use James since the Beta of 3.0 and if I recall correctly back then the Spring package was the one to use. By the usual "never change a running system" I not changed since. I had a quick l
Re: James 3.8 one OpenSuSE 15.5
Well, just as an update: As the OpenSuSE forums are as helpful as always: not at all - I looked up options to change James listen directly on TCP/25 itself - and had not much luck. I don't want to spam the list with the details as it doesn't belong here, the short version is: The packet filter doesn't seem to work the way I expected it to according to its own docs. There also seem other options such as privilege dropping or enabling non-root processes to bind to ports below 1024 - but the former isn't supported by Java and the latter works not on a per-process basis but global on a per-executable scope: When I allow James to bind to ports below 1024 so can any other Java process, not exactly what I wanted. I'm also not quite sure if it's just OpenSuSE biting me once again as it did for so many years with the somehow screwed up MySQL/MariaDB packages as when testing in a VM with Arch it works as expected. I guess I should start to reconsider keep using OpenSuSE for my servers as it keeps throwing rocks into my path, its community isn't really helpful and many informations one finds just don't work for one reason or another with no clue why or how to fix it. Anyway ... As for developing a client for the web-admin api: As its only security seems to be the JWT I still have to get my head around how to implement that securely so that only authorized admins with access to a valid token can access the web-admin. I also plan to keep it modular so that each function can get implemented independently without much spaghetti code. I'm aware about some sort of markup languages so one can just write a simple parser and then define such functionalities via config files. But I guess that's something for someone with more experience in that style of coding. Unfortunately I won't have much time in the next few weeks as overtime and extra work is planed throughout february. But I'll keep it in mind as I want to give something back to such a great project. So long, have a good one y'all. Matt On 15.01.24 03:45, Rene Cordier wrote: Hi Matt, Happy to see the transition didn't look too hard for you ! Regarding the webadmin, no there is no UI at the moment. It's been a task in the backlog for a long time though. But if you want to take a look, and even contribute, the task is here: https://issues.apache.org/jira/browse/JAMES-1931 . I'm sure people would be happy to see a contribution about this and support you regarding the coding standards of the project with reviews, even if the UI is not really good looking, it is ok I think. It's destined more to sys admins than lambda users for a backend software, as long as it does the job, it's enough already IMO :) Cheers, Rene. On 1/14/24 09:07, cryptearth wrote: Hi everyone, so, I had a look into Guice+JPA and it's quite easy to setup by just reuse the configs I have for the Spring build. And although I still can use james-cli (although a bit different) I now have access to the REST-api via the webadmin (until now it seems I misunderstood it: I thought the "web admin" to be some browser admin panel instead of just an REST-api). And although it seems rather easy to use it to do the same as with the james-cli and even more - looking in the list archive: Is there any "client" for it like some webpage or some standalone gui? Guess if not it'd be a nice project to get something together - although I'm only a hobbyist and hence the "most advanced" I was able to get done was a simple networked battle ships game with some very ugly ui-code for the placement of the ships. So I guess if at all I can only provide some simple stuff and far from the code standards of ASF. The next will now be to switch over to Guice+JPA and also upgrade my backup server. Nice to see I still can learn about James - just another confirmation it was the right choice after Citadel/UX got broken, although I'll re-visit other setups with sendmail, postfix or exim just for the fun of additional knowledge. So long ... have a good one. Matt Am 11.01.24 um 05:40 schrieb Rene Cordier: Hello Matt, Thanks for keeping reporting dead links, I try to fix them every time firing PRs :) Regarding the correct link to the jpa guice sample conf: https://github.com/apache/james-project/tree/master/server/apps/jpa-app/sample-configuration Regarding the link in a previous email with jpa-guice installation guide (but I think the readme is likely more complete): https://james.apache.org/server/install/guice-jpa.html For this though: https://james.staged.apache.org/james-project/3.8.0/servers/basic/conf/index.html, yes that's still not done, it's normal atm, as said this new doc is still a work in progress ^^' Regarding your mail with INVALID suffixed to it... No idea really^^' Might want to ask the people managing the mailing lists I guess. Well if anything else don't hesitate :) Rene. On 1/11/24 02:45, cryptearth wrote: Hello Rene,
Re: James 3.8 one OpenSuSE 15.5
Hi cryptearth, I can't help for OpenSuse problems. Regarding web-admin API access control, a design I would live to see is actually relying on OpenID connect. This would enable to use OIDC providers like LemonLDAP or Keycloack to be used in order to manage users, and which user can access which application. We did implement something very similar for JMAP: - Set up Apisix as an API gateway to validate JWT tokens: https://github.com/apache/james-project/tree/master/examples/oidc - And have a dumb code in James following what the API gateway decided: https://github.com/apache/james-project/blob/7536d45ada1d3b7ba83cd2020ba862f294125c6d/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/XUserAuthenticationStrategy.java#L39 I would love to have this approach being explored. Or... It could be possible to go faster. And just not expose the webadmin port publicly, but on a private docker network. Then no need to protect it. We could rework the web-admin api in a second time in order t make it compatible. This would be the way I would follow first. Regards On 06/02/2024 01:02, cryptearth wrote: Well, just as an update: As the OpenSuSE forums are as helpful as always: not at all - I looked up options to change James listen directly on TCP/25 itself - and had not much luck. I don't want to spam the list with the details as it doesn't belong here, the short version is: The packet filter doesn't seem to work the way I expected it to according to its own docs. There also seem other options such as privilege dropping or enabling non-root processes to bind to ports below 1024 - but the former isn't supported by Java and the latter works not on a per-process basis but global on a per-executable scope: When I allow James to bind to ports below 1024 so can any other Java process, not exactly what I wanted. I'm also not quite sure if it's just OpenSuSE biting me once again as it did for so many years with the somehow screwed up MySQL/MariaDB packages as when testing in a VM with Arch it works as expected. I guess I should start to reconsider keep using OpenSuSE for my servers as it keeps throwing rocks into my path, its community isn't really helpful and many informations one finds just don't work for one reason or another with no clue why or how to fix it. Anyway ... As for developing a client for the web-admin api: As its only security seems to be the JWT I still have to get my head around how to implement that securely so that only authorized admins with access to a valid token can access the web-admin. I also plan to keep it modular so that each function can get implemented independently without much spaghetti code. I'm aware about some sort of markup languages so one can just write a simple parser and then define such functionalities via config files. But I guess that's something for someone with more experience in that style of coding. Unfortunately I won't have much time in the next few weeks as overtime and extra work is planed throughout february. But I'll keep it in mind as I want to give something back to such a great project. So long, have a good one y'all. Matt On 15.01.24 03:45, Rene Cordier wrote: Hi Matt, Happy to see the transition didn't look too hard for you ! Regarding the webadmin, no there is no UI at the moment. It's been a task in the backlog for a long time though. But if you want to take a look, and even contribute, the task is here: https://issues.apache.org/jira/browse/JAMES-1931 . I'm sure people would be happy to see a contribution about this and support you regarding the coding standards of the project with reviews, even if the UI is not really good looking, it is ok I think. It's destined more to sys admins than lambda users for a backend software, as long as it does the job, it's enough already IMO :) Cheers, Rene. On 1/14/24 09:07, cryptearth wrote: Hi everyone, so, I had a look into Guice+JPA and it's quite easy to setup by just reuse the configs I have for the Spring build. And although I still can use james-cli (although a bit different) I now have access to the REST-api via the webadmin (until now it seems I misunderstood it: I thought the "web admin" to be some browser admin panel instead of just an REST-api). And although it seems rather easy to use it to do the same as with the james-cli and even more - looking in the list archive: Is there any "client" for it like some webpage or some standalone gui? Guess if not it'd be a nice project to get something together - although I'm only a hobbyist and hence the "most advanced" I was able to get done was a simple networked battle ships game with some very ugly ui-code for the placement of the ships. So I guess if at all I can only provide some simple stuff and far from the code standards of ASF. The next will now be to switch over to Guice+JPA and also upgrade my backup server. Nice to see I still can learn about James - ju
Re: James 3.8 one OpenSuSE 15.5
Hi Benoit, Not sure to follow you. I really don't think it is necessary to implement OpenID connect auth for a webadmin UI panel, that sounds like a lot of unnecessary complicated work, likely overkill. Could start by just maybe some basic auth configurable admin creds in James, like I believe most admin UI panels in most softwares do? I think first version should just stay simple anyways. Regards, Rene. On 2/6/24 22:14, Benoit TELLIER wrote: Hi cryptearth, I can't help for OpenSuse problems. Regarding web-admin API access control, a design I would live to see is actually relying on OpenID connect. This would enable to use OIDC providers like LemonLDAP or Keycloack to be used in order to manage users, and which user can access which application. We did implement something very similar for JMAP: - Set up Apisix as an API gateway to validate JWT tokens: https://github.com/apache/james-project/tree/master/examples/oidc - And have a dumb code in James following what the API gateway decided: https://github.com/apache/james-project/blob/7536d45ada1d3b7ba83cd2020ba862f294125c6d/server/protocols/jmap/src/main/java/org/apache/james/jmap/http/XUserAuthenticationStrategy.java#L39 I would love to have this approach being explored. Or... It could be possible to go faster. And just not expose the webadmin port publicly, but on a private docker network. Then no need to protect it. We could rework the web-admin api in a second time in order t make it compatible. This would be the way I would follow first. Regards On 06/02/2024 01:02, cryptearth wrote: Well, just as an update: As the OpenSuSE forums are as helpful as always: not at all - I looked up options to change James listen directly on TCP/25 itself - and had not much luck. I don't want to spam the list with the details as it doesn't belong here, the short version is: The packet filter doesn't seem to work the way I expected it to according to its own docs. There also seem other options such as privilege dropping or enabling non-root processes to bind to ports below 1024 - but the former isn't supported by Java and the latter works not on a per-process basis but global on a per-executable scope: When I allow James to bind to ports below 1024 so can any other Java process, not exactly what I wanted. I'm also not quite sure if it's just OpenSuSE biting me once again as it did for so many years with the somehow screwed up MySQL/MariaDB packages as when testing in a VM with Arch it works as expected. I guess I should start to reconsider keep using OpenSuSE for my servers as it keeps throwing rocks into my path, its community isn't really helpful and many informations one finds just don't work for one reason or another with no clue why or how to fix it. Anyway ... As for developing a client for the web-admin api: As its only security seems to be the JWT I still have to get my head around how to implement that securely so that only authorized admins with access to a valid token can access the web-admin. I also plan to keep it modular so that each function can get implemented independently without much spaghetti code. I'm aware about some sort of markup languages so one can just write a simple parser and then define such functionalities via config files. But I guess that's something for someone with more experience in that style of coding. Unfortunately I won't have much time in the next few weeks as overtime and extra work is planed throughout february. But I'll keep it in mind as I want to give something back to such a great project. So long, have a good one y'all. Matt On 15.01.24 03:45, Rene Cordier wrote: Hi Matt, Happy to see the transition didn't look too hard for you ! Regarding the webadmin, no there is no UI at the moment. It's been a task in the backlog for a long time though. But if you want to take a look, and even contribute, the task is here: https://issues.apache.org/jira/browse/JAMES-1931 . I'm sure people would be happy to see a contribution about this and support you regarding the coding standards of the project with reviews, even if the UI is not really good looking, it is ok I think. It's destined more to sys admins than lambda users for a backend software, as long as it does the job, it's enough already IMO :) Cheers, Rene. On 1/14/24 09:07, cryptearth wrote: Hi everyone, so, I had a look into Guice+JPA and it's quite easy to setup by just reuse the configs I have for the Spring build. And although I still can use james-cli (although a bit different) I now have access to the REST-api via the webadmin (until now it seems I misunderstood it: I thought the "web admin" to be some browser admin panel instead of just an REST-api). And although it seems rather easy to use it to do the same as with the james-cli and even more - looking in the list archive: Is there any "client" for it like some webpage or some standalone gui? Guess if not it'd be a