Hi everyone,
sorry for not being active for some time. Anyway - after reading up I'd
like to give my thoughts for those you may still seek for them or at
least for the archive.
Hey Ilja,
from what I get your issue back in late april was that you struggled
with some target smtp servers not accepting your mails.
As by the bounce message your shared usually there's either an
additional information or an attachement with an error description what
exactly failed. This could be from the domain can't get resolved or
doesn't have a proper MX record (usually James then falls back to a
simple A record and tries that instead), is temporarily out of service
(down for maintenance) or has blocked your server for some reason.
To start with diagnostics as the postmaster I recommend first checking
the health of your domain, using mxtoolbox
https://mxtoolbox.com/emailhealth or similar services (there was another
tool with even more tests but I forget its name).
So I checked your domain which, as you use cloudflare, only got me 2
warnings and 0 errors (and with this is even better than my own which
currently results in 2 errors (1 for my backup out of service (waiting
for opensuse 16) and 1 for my server being level 3 blocked for my hoster
OVH not getting spam in my area under control). Given you can exchange
most mails without issues I assume the fault is not at your end.
Then I checked the given example of belovskaya.ru which returns a few
errors - noteably some DNS issues. I guess the main cause with that
domain in particular and likely with others you have trouble with are
DNS realted issues which have to be fixed by the respective domain
admins. The issue seems the run a mix of delegated nameservers and thier
own: NS belovskaya.ru returns a few NS of nic.ru as well as one of thier
own with a glue record: ns.belovskaya.ru. It's possible that your server
struggle to properly resolve the MX record due to this mess. Usually a
domain should either use external nameservers (from the registry or
services like cloudflare) or host thier own, only. A mixed setup can
(and in your case does) cause issues. So there's nothin you can do from
your side but it's an issue on thier end. If you keep trouble with them
try to contact them on a different channel (like an oldschool letter or
a mail to another mail service) or you could even go the route to lookup
the hostmaster address of nic.ru (as I wasn't able to find any info on
them or on the affected domain I would start at i...@nic.ru and would
request either thier hostmaster or the hostermaster of the affected
domain) and try to contact them so they can try to contant they admin of
the affected to domain to inform them: "hey, there's something wrong
with your domain".
Also: You seem to confuse the smtp.xml for inbound traffic with the
mailet.xml for outbound traffic.
The smtpserver.xml (and imapserver.xml) are used for inbound traffic,
only. That is: For mails that others send to your server.
For everything outgoing - from your James to other servers, that happens
in the mailetcontainer.xml. Here the only options you can set are:
- a relay if you don't send mails on your own but use an external relay
- some log stuff
- if StartTLS is to be used
So, there isn't much you can do from your side at all.
The authorizedAddress in smtpserver.xml is for blindly trusting incoming
traffic for sending mails outbound. This is an option when you use James
as the external relay others connect to for outbound mails. As the
config says: Usually you want to disable that entirely but use smtp-auth
only - that is: A user has to login via smtp before able to send mails.
That trusted network would be usefull if you have a webserver within the
same network but on a different server which uses Apache and sends mails
via PHP mail(). Then you configure php to use the James as relay and add
the webserver as a trusted source so it can send mails without having to
authenticate. I've done that via sendmail and a bit of stuff in the
mailetcontainer.xml as I use sendmail as dumb nullclient to also drop in
local mails like cronjob reports into a special local-services mailbox.
Hope you can sort out your issues.
For us it could be helpful to get more info about a bounce message like
What's the actual error message? or something like that. Otherwise we
can only advice you to contact the admins of the affected target domains
as the issue is likely not on your side.
Have a nice weekend everybody.
Greetings from Germany
Matt
Am 29.04.25 um 17:44 schrieb Терсков Илья Андреевич:
Hi David.
yeah i check it with this service.
a little iproved my config. sorry for too many words here
just i have problem that some domains (mail servers) cant get our mail
with error
/Hi. This is the James mail server at KPST-SRV-JAMES. I'm afraid I
wasn't able to deliver your message to the following addresses. This
is a permanent error; I've given up. Sorry it didn't work out. Below I
include the list of recipients and the reason why I was unable to
deliver your message. Original email subject: Проверка доступности с
нового сервера Failed recipient(s): sher...@belovskaya.ru Error
message: Too many retries failure. Bouncing after 3 retries./
so i dont undertand what i do wrong. but mostly about 90% others our
external clients works with our mail just fine
here config smtp
<smtpservers>
<smtpserver enabled="true">
<jmxName>smtpserver-global</jmxName>
<bind>0.0.0.0:25</bind>
<authorizedAddresses>127.0.0.0/8,
172.16.149.0/24</authorizedAddresses>
<auth>
<announce>never</announce>
<requireSSL>false</requireSSL>
<plainAuthEnabled>false</plainAuthEnabled>
</auth>
<tls socketTLS="false" startTLS="true">
<privateKey>file://../cert/mail.kps-t.ru-key.pem</privateKey>
<certificates>file://../cert/mail.kps-t.ru-chain.pem</certificates>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit>0</connectionLimit>
<connectionLimitPerIP>0</connectionLimitPerIP>
<connectionBacklog>200</connectionBacklog>
<verifyIdentity>false</verifyIdentity>
<maxmessagesize>25M</maxmessagesize>
<addressBracketsEnforcement>false</addressBracketsEnforcement>
<helloName autodetect="false">mail.kps-t.ru</helloName>
<smtpGreeting>mail.kps-t.ru</smtpGreeting>
<heloEnforcement>false</heloEnforcement>
<handlerchain>
<handler
class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler
class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
<smtpserver enabled="true">
<jmxName>smtpserver-TLS</jmxName>
<bind>0.0.0.0:465</bind>
<helloName autodetect="false">mail.kps-t.ru</helloName>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="true" startTLS="false">
<privateKey>file://../cert/mail.kps-t.ru-key.pem</privateKey>
<certificates>file://../cert/mail.kps-t.ru-chain.pem</certificates>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit>0</connectionLimit>
<connectionLimitPerIP>0</connectionLimitPerIP>
<auth>
<announce>always</announce>
<requireSSL>true</requireSSL>
<plainAuthEnabled>true</plainAuthEnabled>
</auth>
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
<verifyIdentity>true</verifyIdentity>
<maxmessagesize>100M</maxmessagesize>
<addressBracketsEnforcement>true</addressBracketsEnforcement>
<smtpGreeting>mail.kps-t.ru</smtpGreeting>
<handlerchain>
<handler
class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler
class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
<smtpserver enabled="true">
<jmxName>smtpserver-authenticated</jmxName>
<bind>0.0.0.0:587</bind>
<helloName autodetect="false">mail.kps-t.ru</helloName>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="false" startTLS="true">
<privateKey>file://../cert/mail.kps-t.ru-key.pem</privateKey>
<certificates>file://../cert/mail.kps-t.ru-chain.pem</certificates>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit>0</connectionLimit>
<connectionLimitPerIP>0</connectionLimitPerIP>
<auth>
<announce>always</announce>
<requireSSL>true</requireSSL>
<plainAuthEnabled>true</plainAuthEnabled>
</auth>
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
<verifyIdentity>true</verifyIdentity>
<maxmessagesize>100M</maxmessagesize>
<addressBracketsEnforcement>true</addressBracketsEnforcement>
<smtpGreeting>mail.kps-t.ru</smtpGreeting>
<handlerchain>
<handler
class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler
class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
</smtpservers>
29.04.2025 22:38, David Matthews пишет:
so my config for now is good?
can i send full smtp config to u? :)
hi
You can confirm Quan's diagnosis at
https://mxtoolbox.com/diagnostic.aspx
These days (for the last 15 years at least) a mail exchanger
configured as an open relay is considered a gross misconfiguration
and your domain will likely get blocked for facilitating abuse.
--
David Matthews
m...@dmatthews.org
---------------------------------------------------------------------
To unsubscribe, e-mail:server-user-unsubscr...@james.apache.org
For additional commands, e-mail:server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
