Matt i change in mailetscontainer as u said and it work i think
<processor state="relay" enableJmx="true">
<mailet match="All" class="RemoteDelivery">
<outgoingQueue>outgoing</outgoingQueue>
<startTLS>true</startTLS>
<delayTime>5000, 100000, 500000</delayTime>
<maxRetries>3</maxRetries>
<maxDnsProblemRetries>0</maxDnsProblemRetries>
<deliveryThreads>10</deliveryThreads>
<sendpartial>true</sendpartial>
<bounceProcessor>bounces</bounceProcessor>
</mailet>
</processor>
<startTLS>true</startTLS> or i should use <socketTLS>true</ socketTLS>?
also on sites u give to test it says error about TLS but in any mail
servers - gmail, yandex mail.ru it says TLS used and everything fine :D i
dont get what going on wrong
сб, 1 февр. 2025 г. в 22:04, Ilya Terskov <prosgar...@gmail.com>:
> i change certificates to
> <tls socketTLS="true" startTLS="false">
> <privateKey>file://conf/hranitel-ist.ru-key.pem</privateKey>
> <certificates>file://conf/hranitel-ist.ru-chain.pem</certificates>
> </tls>
> but still same :c
>
> сб, 1 февр. 2025 г. в 16:17, Ilya Terskov <prosgar...@gmail.com>:
>
>> Hi there! Matt can u help me?
>> i config like u said
>> <tls socketTLS="false" startTLS="false">
>> <privateKey>file://../cert/hranitel-ist.ru-key.pem</privateKey>
>> <certificates>file://../cert/hranitel-ist.ru-crt.pem</certificates>
>> </tls>
>> for smtp and imap, server starting without errors
>>
>> 15:58:35.219 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service bound to:
>> 0.0.0.0:143
>> 15:58:35.223 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service is running on:
>> KSUSHA-ILYUSHA
>> 15:58:35.223 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler hello
>> name is: KSUSHA-ILYUSHA
>> 15:58:35.224 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler
>> connection timeout is: 300
>> 15:58:35.225 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service connection
>> backlog is: 200
>> 15:58:35.226 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - TLS enabled with
>> auth NONE using truststore null
>> 15:58:35.234 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service bound to:
>> 0.0.0.0:993
>> 15:58:35.235 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service is running on:
>> KSUSHA-ILYUSHA
>> 15:58:35.235 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler hello
>> name is: KSUSHA-ILYUSHA
>> 15:58:35.236 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler
>> connection timeout is: 300
>> 15:58:35.238 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service connection
>> backlog is: 200
>> 15:58:35.241 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - SSL enabled with
>> keystore(JKS) at null, certificates file://../cert/hranitel-ist.ru-crt.pem
>> 15:58:35.524 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - Init IMAP Service done
>> 15:58:35.617 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - Init IMAP Service done
>> 15:58:35.623 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - LMTP Service disabled by
>> configuration
>> 15:58:35.627 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - POP3 Service disabled by
>> configuration
>> 15:58:35.634 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service bound to:
>> 0.0.0.0:25
>> 15:58:35.634 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service is running on:
>> KSUSHA-ILYUSHA
>> 15:58:35.635 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler hello
>> name is: KSUSHA-ILYUSHA
>> 15:58:35.635 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler
>> connection timeout is: 360
>> 15:58:35.637 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service connection
>> backlog is: 200
>> 15:58:35.640 ←[34m[INFO ]←[0;39m o.a.j.s.n.SMTPServer - No maximum
>> message size is enforced for this server.
>> 15:58:35.642 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service bound to:
>> 0.0.0.0:465
>> 15:58:35.643 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service is running on:
>> KSUSHA-ILYUSHA
>> 15:58:35.643 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler hello
>> name is: KSUSHA-ILYUSHA
>> 15:58:35.644 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler
>> connection timeout is: 360
>> 15:58:35.648 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service connection
>> backlog is: 200
>> 15:58:35.649 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - SSL enabled with
>> keystore(JKS) at null, certificates file://../cert/hranitel-ist.ru-crt.pem
>> 15:58:35.650 ←[34m[INFO ]←[0;39m o.a.j.s.n.SMTPServer - No maximum
>> message size is enforced for this server.
>> 15:58:35.651 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service bound to:
>> 0.0.0.0:587
>> 15:58:35.652 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service is running on:
>> KSUSHA-ILYUSHA
>> 15:58:35.656 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler hello
>> name is: KSUSHA-ILYUSHA
>> 15:58:35.660 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler
>> connection timeout is: 360
>> 15:58:35.660 ←[34m[INFO ]←[0;39m
>> o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service connection
>> backlog is: 200
>> 15:58:35.661 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - TLS enabled with
>> auth NONE using truststore null
>>
>> but i cant log in into mail via any client
>>
>> сб, 1 февр. 2025 г. в 10:15, Ilya Terskov <prosgar...@gmail.com>:
>>
>>> Thanks alot Matt i try make Pem from Lets encrypt and use it.
>>>
>>> сб, 1 февр. 2025 г., 06:46 cryptearth <cryptea...@cryptearth.de.invalid
>>> >:
>>>
>>>> "It doesn't work" is not a helpful error description - in fact: it is
>>>> none at all.
>>>> If you try to start james with regular PEM files but have messed up
>>>> something you will get a stack trace telling you what went wrong.
>>>> Converting a PEM certificate chain with a private key into a java
>>>> keystore is not required anymore (although I still have a little helper
>>>> doing exactly that).
>>>>
>>>> Anyway - here's how I've set it up:
>>>>
>>>> - placing the certificate chain in <james>/conf/chain.crt
>>>> Important: chain.crt has to contain your certificate and the
>>>> intermediate certificate in that order and should not contain the root
>>>> certificate.
>>>> - placing the private key in <james>/conf/private.key
>>>> Important: make sure it has access set to 0600 (so read/write only to
>>>> the user, none to group or others); you CAN also secure it by a
>>>> passphrase - but my personal point: as you have to provide it along in
>>>> the config it's the same as hanging a key right next to a locked door -
>>>> why even bother to lock the door in the first place?
>>>>
>>>> Add to the server xml files (example for smtp/25):
>>>>
>>>> <smtpservers>
>>>> <smtpserver enabled="true">
>>>> <jmxName>smtpserver-global</jmxName>
>>>> <bind>0.0.0.0:25</bind>
>>>> <connectionBacklog>200</connectionBacklog>
>>>> <tls socketTLS="false" startTLS="true">
>>>> <privateKey>file://conf/private.key</privateKey>
>>>> <certificates>file://conf/chain.crt</certificates>
>>>> <!-- An optional secret might be specified for the private
>>>> key -->
>>>> <!-- <secret>james72laBalle</secret> -->
>>>> </tls>
>>>> // ... rest of the file
>>>>
>>>> Same for every other TLS block.
>>>>
>>>> Afterwards start james by your start script - it should come up without
>>>> issues. For the smtp server you can use services such as
>>>> https://www.checktls.com/TestReceiver - can also check dane and
>>>> mta-sts
>>>> and produce a very detailed log, my personal favorite
>>>> or
>>>> https://ssl-tools.net/mailservers - can have some issues sometimes -
>>>> but
>>>> also has good result presentation
>>>>
>>>> If you got your inbound smtp correctly setup - copy the config to imap
>>>> (and maybe pop if you use that) and make sure the ports are correct.
>>>> You should also set starttls on outgoing connections in the
>>>> mailetcontainer.xml, section RemoteDelivery:
>>>>
>>>> <processor state="relay" enableJmx="true">
>>>> <mailet match="All" class="RemoteDelivery">
>>>> <outgoingQueue>outgoing</outgoingQueue>
>>>> <startTLS>true</startTLS>
>>>>
>>>> Note: proper spelling is important - it has to be written as "startTLS"
>>>> - otherwise you will get an error on startup
>>>> And you can test that as well with the above sites or just send an
>>>> email
>>>> to your gmail account and look into the raw mail - it should say
>>>> something like this:
>>>>
>>>> Received by: mx.google.mx via ESMTPS for <recpt> (TLS=<some tls
>>>> cipher>)
>>>>
>>>> If you get any error please get the full log so we can get what failed
>>>> and direct you towards the right file to fix.
>>>>
>>>> You may also can automate it with certbot by just sym-linking to the
>>>> files used by apache - but if so you have to run james as root.
>>>>
>>>> Hope this helps.
>>>>
>>>>
>>>> Matt
>>>>
>>>>
>>>> Am 31.01.25 um 20:13 schrieb Ilya Terskov:
>>>> > Hi there guys once more :)
>>>> > I hear that james can use common acme/lets encrypt pkcs keys instead
>>>> of
>>>> > java jks, even see this in readme files but i try make it and never
>>>> get it
>>>> > work... But converting from pkcs to jks and this keys works. Can you
>>>> tell
>>>> > me how u doing it?
>>>> >
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
>>>> For additional commands, e-mail: server-user-h...@james.apache.org
>>>>
>>>>
