Hi Cryptearth,
I’ve invested a lot of time and effort into the Apache James project,
but I’ve grown tired of the constant struggle with its limitations.
Despite being a mature product with over 22 years on the market, the
documentation often lacks depth, making it difficult to find answers.
While James is fast and powerful, it still suffers from surprising gaps
and issues — for example, there’s no straightforward support for bulk
mailing, modifying the database has led to memory leaks, and there are
odd behaviors when dealing with servers using self-signed certificates,
among other things I’ve already lost track of.
At this point, I’m simply exhausted from fighting and fine-tuning a
product that still feels far from stable and predictable.
I initially migrated from Microsoft Exchange to James, and later moved
to Stalwart for production use. I’m genuinely impressed — after only
three years of development, Stalwart has proven remarkably stable. It’s
been running smoothly for four months now without a single issue, and I
can hardly believe such a young project delivers this level of
reliability.
I genuinely like Apache James, especially its CLI and API — so much that
I even wrote simple scripts and a small application for managing users
and aliases. Its configuration options are also quite solid and
feature-rich. I might return to it one day, but only when it truly
becomes a production- or enterprise-ready solution.
С уважением,
Руководитель ИТ
ООО «КПС-Технологии»
Терсков Илья Андреевич
Тел.: +7 (3843) 73-14-42
Моб.: +7 (996) 415-16-29
E-mail: i.ters...@kps-t.ru
------ Исходное сообщение ------
От "cryptearth" <cryptea...@cryptearth.de.INVALID>
Кому server-user@james.apache.org
Дата 17.08.2025 2:34:56
Тема Re: James SMTP
Hi everyone,
sorry for not being active for some time. Anyway - after reading up I'd like to
give my thoughts for those you may still seek for them or at least for the
archive.
Hey Ilja,
from what I get your issue back in late april was that you struggled with some
target smtp servers not accepting your mails.
As by the bounce message your shared usually there's either an additional
information or an attachement with an error description what exactly failed.
This could be from the domain can't get resolved or doesn't have a proper MX
record (usually James then falls back to a simple A record and tries that
instead), is temporarily out of service (down for maintenance) or has blocked
your server for some reason.
To start with diagnostics as the postmaster I recommend first checking the
health of your domain, using mxtoolbox https://mxtoolbox.com/emailhealth or
similar services (there was another tool with even more tests but I forget its
name).
So I checked your domain which, as you use cloudflare, only got me 2 warnings
and 0 errors (and with this is even better than my own which currently results
in 2 errors (1 for my backup out of service (waiting for opensuse 16) and 1 for
my server being level 3 blocked for my hoster OVH not getting spam in my area
under control). Given you can exchange most mails without issues I assume the
fault is not at your end.
Then I checked the given example of belovskaya.ru which returns a few errors - noteably
some DNS issues. I guess the main cause with that domain in particular and likely with
others you have trouble with are DNS realted issues which have to be fixed by the
respective domain admins. The issue seems the run a mix of delegated nameservers and
thier own: NS belovskaya.ru returns a few NS of nic.ru as well as one of thier own with a
glue record: ns.belovskaya.ru. It's possible that your server struggle to properly
resolve the MX record due to this mess. Usually a domain should either use external
nameservers (from the registry or services like cloudflare) or host thier own, only. A
mixed setup can (and in your case does) cause issues. So there's nothin you can do from
your side but it's an issue on thier end. If you keep trouble with them try to contact
them on a different channel (like an oldschool letter or a mail to another mail service)
or you could even go the route to lookup the hostmaster address of nic.ru (as I wasn't
able to find any info on them or on the affected domain I would start at i...@nic.ru and
would request either thier hostmaster or the hostermaster of the affected domain) and try
to contact them so they can try to contant they admin of the affected to domain to inform
them: "hey, there's something wrong with your domain".
Also: You seem to confuse the smtp.xml for inbound traffic with the mailet.xml
for outbound traffic.
The smtpserver.xml (and imapserver.xml) are used for inbound traffic, only.
That is: For mails that others send to your server.
For everything outgoing - from your James to other servers, that happens in the
mailetcontainer.xml. Here the only options you can set are:
- a relay if you don't send mails on your own but use an external relay
- some log stuff
- if StartTLS is to be used
So, there isn't much you can do from your side at all.
The authorizedAddress in smtpserver.xml is for blindly trusting incoming
traffic for sending mails outbound. This is an option when you use James as the
external relay others connect to for outbound mails. As the config says:
Usually you want to disable that entirely but use smtp-auth only - that is: A
user has to login via smtp before able to send mails. That trusted network
would be usefull if you have a webserver within the same network but on a
different server which uses Apache and sends mails via PHP mail(). Then you
configure php to use the James as relay and add the webserver as a trusted
source so it can send mails without having to authenticate. I've done that via
sendmail and a bit of stuff in the mailetcontainer.xml as I use sendmail as
dumb nullclient to also drop in local mails like cronjob reports into a special
local-services mailbox.
Hope you can sort out your issues.
For us it could be helpful to get more info about a bounce message like What's
the actual error message? or something like that. Otherwise we can only advice
you to contact the admins of the affected target domains as the issue is likely
not on your side.
Have a nice weekend everybody.
Greetings from Germany
Matt
Am 29.04.25 um 17:44 schrieb Терсков Илья Андреевич:
Hi David.
yeah i check it with this service.
a little iproved my config. sorry for too many words here
just i have problem that some domains (mail servers) cant get our mail with
error
/Hi. This is the James mail server at KPST-SRV-JAMES. I'm afraid I wasn't able
to deliver your message to the following addresses. This is a permanent error;
I've given up. Sorry it didn't work out. Below I include the list of recipients
and the reason why I was unable to deliver your message. Original email
subject: Проверка доступности с нового сервера Failed recipient(s):
sher...@belovskaya.ru Error message: Too many retries failure. Bouncing after 3
retries./
so i dont undertand what i do wrong. but mostly about 90% others our external
clients works with our mail just fine
here config smtp
<smtpservers>
<smtpserver enabled="true">
<jmxName>smtpserver-global</jmxName>
<bind>0.0.0.0:25</bind>
<authorizedAddresses>127.0.0.0/8, 172.16.149.0/24</authorizedAddresses>
<auth>
<announce>never</announce>
<requireSSL>false</requireSSL>
<plainAuthEnabled>false</plainAuthEnabled>
</auth>
<tls socketTLS="false" startTLS="true">
<privateKey>file://../cert/mail.kps-t.ru-key.pem</privateKey>
<certificates>file://../cert/mail.kps-t.ru-chain.pem</certificates>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit>0</connectionLimit>
<connectionLimitPerIP>0</connectionLimitPerIP>
<connectionBacklog>200</connectionBacklog>
<verifyIdentity>false</verifyIdentity>
<maxmessagesize>25M</maxmessagesize>
<addressBracketsEnforcement>false</addressBracketsEnforcement>
<helloName autodetect="false">mail.kps-t.ru</helloName>
<smtpGreeting>mail.kps-t.ru</smtpGreeting>
<heloEnforcement>false</heloEnforcement>
<handlerchain>
<handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
<smtpserver enabled="true">
<jmxName>smtpserver-TLS</jmxName>
<bind>0.0.0.0:465</bind>
<helloName autodetect="false">mail.kps-t.ru</helloName>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="true" startTLS="false">
<privateKey>file://../cert/mail.kps-t.ru-key.pem</privateKey>
<certificates>file://../cert/mail.kps-t.ru-chain.pem</certificates>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit>0</connectionLimit>
<connectionLimitPerIP>0</connectionLimitPerIP>
<auth>
<announce>always</announce>
<requireSSL>true</requireSSL>
<plainAuthEnabled>true</plainAuthEnabled>
</auth>
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
<verifyIdentity>true</verifyIdentity>
<maxmessagesize>100M</maxmessagesize>
<addressBracketsEnforcement>true</addressBracketsEnforcement>
<smtpGreeting>mail.kps-t.ru</smtpGreeting>
<handlerchain>
<handler
class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
<smtpserver enabled="true">
<jmxName>smtpserver-authenticated</jmxName>
<bind>0.0.0.0:587</bind>
<helloName autodetect="false">mail.kps-t.ru</helloName>
<connectionBacklog>200</connectionBacklog>
<tls socketTLS="false" startTLS="true">
<privateKey>file://../cert/mail.kps-t.ru-key.pem</privateKey>
<certificates>file://../cert/mail.kps-t.ru-chain.pem</certificates>
</tls>
<connectiontimeout>360</connectiontimeout>
<connectionLimit>0</connectionLimit>
<connectionLimitPerIP>0</connectionLimitPerIP>
<auth>
<announce>always</announce>
<requireSSL>true</requireSSL>
<plainAuthEnabled>true</plainAuthEnabled>
</auth>
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
<verifyIdentity>true</verifyIdentity>
<maxmessagesize>100M</maxmessagesize>
<addressBracketsEnforcement>true</addressBracketsEnforcement>
<smtpGreeting>mail.kps-t.ru</smtpGreeting>
<handlerchain>
<handler
class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
<handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
</handlerchain>
</smtpserver>
</smtpservers>
29.04.2025 22:38, David Matthews пишет:
so my config for now is good?
can i send full smtp config to u? :)
hi
You can confirm Quan's diagnosis at
https://mxtoolbox.com/diagnostic.aspx
These days (for the last 15 years at least) a mail exchanger configured as an
open relay is considered a gross misconfiguration and your domain will likely
get blocked for facilitating abuse.
-- David Matthews
m...@dmatthews.org
---------------------------------------------------------------------
To unsubscribe, e-mail:server-user-unsubscr...@james.apache.org
For additional commands, e-mail:server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
