Well, sure it could be the openssl client causing this issue (I hadn't
time to try it myself), but as already said: SSL/TLS should just act as
an additional layer sandwiched in between the TCP layer wich provides
the connection itself and the SMTP layer on top of it as a kind of an
"interface" to talk to the server. As the server respondes with a 3xx
code after you send "data" command it shows communication is working in
both directions. It's rather strange that the terminator is ignored.
Instead of using openssl as a client try something else like the java
mail client lib or another popular mail client - you should get some
more useful information from it. Also, as already said, a packet capture
like wireshark could also be very useful.
Matt
Am 05.09.2017 um 16:39 schrieb Mike Lepore:
yeah, I think it's using openssl to test with that is causing the
issue. I turned DEBUG On for smtpserver using the log4j instead of the
of the java property in cli mode since I didn't know exactly how to
execute james in cli mode. Using openssl for testing just seems to
hang at the " ending with <CRLF>.<CRLF>". It's as if openssl doesn't
recognize the return key as <crlf> like telnet does. Telnet seems to
work just fine for port 25 this way. I can type <CRLF>.<CRLF>
multiple times, but it won't recognize it as the end of the "data".
I'm running this on an Ubuntu linux machine, so maybe openssl is not
responding to the return key the same way telnet does. This is what I
got:
INFO 10:25:21,571 | james.smtpserver | Id='154440174' User=''
Connection established from 127.0.0.1
DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: EHLO
DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: EHLO
DEBUG 10:26:06,050 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.smtp.core.esmtp.EhloCmdHandler: [250-lic4u
Hello localhost [127.0.0.1]), 250-PIPELINING, 250-ENHANCEDSTATUSCODES,
250 8BITMIME]
DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: MAIL
DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: MAIL
DEBUG 10:26:55,823 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.JamesMailCmdHandler: [250 2.1.0 Sender
<ad...@lepore.org> OK]
DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: RCPT
DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: RCPT
DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User=''
executing hook org.apache.james.smtpserver.fastfail.ValidRcptHandler
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.fastfail.ValidRcptHandler: result=8
(DECLINED)
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook org.apache.james.smtpserver.AuthRequiredToRelayRcptHook
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.AuthRequiredToRelayRcptHook: result=8
(DECLINED)
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook:
result=8 (DECLINED)
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook: result=8
(DECLINED)
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
executing hook
org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.JamesRcptCmdHandler: [250 2.1.5 Recipient
<ad...@lepore.org> OK]
DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: DATA
DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: DATA
DEBUG 10:28:19,776 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.JamesDataCmdHandler: [354 Ok Send data
ending with <CRLF>.<CRLF>]
thanks,
Michael Lepore
michael.lepore.w...@gmail.com
On 09/05/2017 03:02 AM, cryptearth wrote:
Hey Mike,
I still can't see this should be a TLS related error. TLS simply adds
an additional layer ensuring security. If your issue would be caused
by anything TLS related you either wouldn't get a connection at all -
or you should get an error on either side (wich I guess openssl would
throw out directly - for james server try in cli mode with
-Djavax.net.debug=all). Also you could run wireshark to see if
there's any packet loss. Depending on used cipher it's possible
there's a small buffer not transmitted directly.
If Thunderbird isn't able to connect it's most likely a
cert-trust-chain issue. Just try use a free let's encrypt cert for
testing.
If you still get issues: please get us some debug logs any maybe
packet captures. It's very hard to tell what's goin wrong when the
only information basicly is "works w/o TLS but doesn't w/ TLS".
Matt
Am 05.09.2017 um 03:00 schrieb Mike Lepore:
yes, when I set the socketTLS to false and the binding address back
with port 25, it seems to work just fine. It just seems to hang
when I'm inputting the the message itself when set to port 465 with
socketTLS set to true. Am I not able to use openssl like that to
actually send an email on port 465? I also can't get Mozilla
Thunderbird to connect to the socketTLS/465 either. Seems like I
have to be missing something in the confs.
mike@lic4u:/share/james/conf$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: from lic4u on 2017-09-04 at 8:51pm...
body test
.
250 2.6.0 Message received
quit
221 2.0.0 lic4u Service closing transmission channel
Connection closed by foreign host.
mike@lic4u:/share/james/conf$
thanks,
Michael Lepore
michael.lepore.w...@gmail.com
On 09/02/2017 12:36 AM, cryptearth wrote:
Hello Mike,
this doesn't look like an TLS-based error to me because the
connection gets established and you can get somd commands to work.
If this issue would be related to anything on the secure layer most
likely the connection wouldn't established at all.
Did you already tried if it works without TLS?
If so, you could enable debug on server side to see where starts to
fail.
Also: side-note about socketTLS vs startTLS:
When using socketTLS the connection is encrypted from the
beginning, you have a secure tunnel through wich unencrypted data
flows protected by the encryption of this tunnel.
When using startTLS you start the connection as an unencrypted
plain one, so the channel you're using itself is not secured. By
sending starttls command basicly you say:"hey, let's speak
nonesense from now on" and then encrypted data runs across the
unsecure channel.
In real the difference is a bit more complicated and the result is
pretty much the same, but maybe this helps to understand what both
of these are. So you only use one of them - that's why you getting
a 500 - tls already active on your second try.
greetings
Matt
---- Mike Lepore schrieb ----
I can't seem to get james3 to work with smtpserver for socketTLS
on port
465.
when I execute this command it just seems to hang at the end and not
complete the send. any ideas? Am I not running the send command
properly? I have smtpserver.xml configured for socketTLS.
<bind>0.0.0.0:465</bind>
...
<tls socketTLS="true" startTLS="false">
<keystore>...ks file...</keystore>
<secret>...pw...</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
<!-- The algorithm is optional and only needs to be specified
when using something other
than the Sun JCE provider - You could use IbmX509 with
IBM Java
runtime. -->
<!--algorithm>SunX509</algorithm-->
</tls>
# this from the smtpserver.log:
INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
Connection established from 127.0.0.1
# command...
/usr/bin/openssl s_client -quiet -connect localhost:465
depth=0 CN = mail.lepore.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail.lepore.org
verify return:1
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: this is a test on 2017-09-01 at 2:30pm
test body
.
----------
#tried using startTLS (didn't work either)
/usr/bin/openssl s_client -quiet -connect localhost:465
depth=0 CN = mail.lepore.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail.lepore.org
verify return:1
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
STARTTLS
500 5.5.1 TLS already active RFC2487 5.2
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
test body
.
--
thanks,
Michael Lepore
michael.lepore.w...@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
