Hey Mike,
I still can't see this should be a TLS related error. TLS simply adds an
additional layer ensuring security. If your issue would be caused by
anything TLS related you either wouldn't get a connection at all - or
you should get an error on either side (wich I guess openssl would throw
out directly - for james server try in cli mode with
-Djavax.net.debug=all). Also you could run wireshark to see if there's
any packet loss. Depending on used cipher it's possible there's a small
buffer not transmitted directly.
If Thunderbird isn't able to connect it's most likely a cert-trust-chain
issue. Just try use a free let's encrypt cert for testing.
If you still get issues: please get us some debug logs any maybe packet
captures. It's very hard to tell what's goin wrong when the only
information basicly is "works w/o TLS but doesn't w/ TLS".
Matt
Am 05.09.2017 um 03:00 schrieb Mike Lepore:
yes, when I set the socketTLS to false and the binding address back
with port 25, it seems to work just fine. It just seems to hang when
I'm inputting the the message itself when set to port 465 with
socketTLS set to true. Am I not able to use openssl like that to
actually send an email on port 465? I also can't get Mozilla
Thunderbird to connect to the socketTLS/465 either. Seems like I have
to be missing something in the confs.
mike@lic4u:/share/james/conf$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: from lic4u on 2017-09-04 at 8:51pm...
body test
.
250 2.6.0 Message received
quit
221 2.0.0 lic4u Service closing transmission channel
Connection closed by foreign host.
mike@lic4u:/share/james/conf$
thanks,
Michael Lepore
michael.lepore.w...@gmail.com
On 09/02/2017 12:36 AM, cryptearth wrote:
Hello Mike,
this doesn't look like an TLS-based error to me because the
connection gets established and you can get somd commands to work. If
this issue would be related to anything on the secure layer most
likely the connection wouldn't established at all.
Did you already tried if it works without TLS?
If so, you could enable debug on server side to see where starts to
fail.
Also: side-note about socketTLS vs startTLS:
When using socketTLS the connection is encrypted from the beginning,
you have a secure tunnel through wich unencrypted data flows
protected by the encryption of this tunnel.
When using startTLS you start the connection as an unencrypted plain
one, so the channel you're using itself is not secured. By sending
starttls command basicly you say:"hey, let's speak nonesense from now
on" and then encrypted data runs across the unsecure channel.
In real the difference is a bit more complicated and the result is
pretty much the same, but maybe this helps to understand what both of
these are. So you only use one of them - that's why you getting a 500
- tls already active on your second try.
greetings
Matt
---- Mike Lepore schrieb ----
I can't seem to get james3 to work with smtpserver for socketTLS on
port
465.
when I execute this command it just seems to hang at the end and not
complete the send. any ideas? Am I not running the send command
properly? I have smtpserver.xml configured for socketTLS.
<bind>0.0.0.0:465</bind>
...
<tls socketTLS="true" startTLS="false">
<keystore>...ks file...</keystore>
<secret>...pw...</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
<!-- The algorithm is optional and only needs to be specified
when using something other
than the Sun JCE provider - You could use IbmX509 with IBM
Java
runtime. -->
<!--algorithm>SunX509</algorithm-->
</tls>
# this from the smtpserver.log:
INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
Connection established from 127.0.0.1
# command...
/usr/bin/openssl s_client -quiet -connect localhost:465
depth=0 CN = mail.lepore.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail.lepore.org
verify return:1
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: this is a test on 2017-09-01 at 2:30pm
test body
.
----------
#tried using startTLS (didn't work either)
/usr/bin/openssl s_client -quiet -connect localhost:465
depth=0 CN = mail.lepore.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail.lepore.org
verify return:1
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
STARTTLS
500 5.5.1 TLS already active RFC2487 5.2
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
test body
.
--
thanks,
Michael Lepore
michael.lepore.w...@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
