Hi there! Matt can u help me? i config like u said <tls socketTLS="false" startTLS="false"> <privateKey>file://../cert/hranitel-ist.ru-key.pem</privateKey> <certificates>file://../cert/hranitel-ist.ru-crt.pem</certificates> </tls> for smtp and imap, server starting without errors
15:58:35.219 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service bound to: 0.0.0.0:143 15:58:35.223 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service is running on: KSUSHA-ILYUSHA 15:58:35.223 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler hello name is: KSUSHA-ILYUSHA 15:58:35.224 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler connection timeout is: 300 15:58:35.225 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service connection backlog is: 200 15:58:35.226 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - TLS enabled with auth NONE using truststore null 15:58:35.234 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service bound to: 0.0.0.0:993 15:58:35.235 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service is running on: KSUSHA-ILYUSHA 15:58:35.235 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler hello name is: KSUSHA-ILYUSHA 15:58:35.236 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service handler connection timeout is: 300 15:58:35.238 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - IMAP Service connection backlog is: 200 15:58:35.241 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - SSL enabled with keystore(JKS) at null, certificates file://../cert/hranitel-ist.ru-crt.pem 15:58:35.524 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - Init IMAP Service done 15:58:35.617 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - Init IMAP Service done 15:58:35.623 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - LMTP Service disabled by configuration 15:58:35.627 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - POP3 Service disabled by configuration 15:58:35.634 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service bound to: 0.0.0.0:25 15:58:35.634 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service is running on: KSUSHA-ILYUSHA 15:58:35.635 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler hello name is: KSUSHA-ILYUSHA 15:58:35.635 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler connection timeout is: 360 15:58:35.637 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service connection backlog is: 200 15:58:35.640 ←[34m[INFO ]←[0;39m o.a.j.s.n.SMTPServer - No maximum message size is enforced for this server. 15:58:35.642 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service bound to: 0.0.0.0:465 15:58:35.643 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service is running on: KSUSHA-ILYUSHA 15:58:35.643 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler hello name is: KSUSHA-ILYUSHA 15:58:35.644 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler connection timeout is: 360 15:58:35.648 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service connection backlog is: 200 15:58:35.649 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - SSL enabled with keystore(JKS) at null, certificates file://../cert/hranitel-ist.ru-crt.pem 15:58:35.650 ←[34m[INFO ]←[0;39m o.a.j.s.n.SMTPServer - No maximum message size is enforced for this server. 15:58:35.651 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service bound to: 0.0.0.0:587 15:58:35.652 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service is running on: KSUSHA-ILYUSHA 15:58:35.656 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler hello name is: KSUSHA-ILYUSHA 15:58:35.660 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service handler connection timeout is: 360 15:58:35.660 ←[34m[INFO ]←[0;39m o.a.j.p.l.n.AbstractConfigurableAsyncServer - SMTP Service connection backlog is: 200 15:58:35.661 ←[34m[INFO ]←[0;39m o.a.j.p.l.SslConfig - TLS enabled with auth NONE using truststore null but i cant log in into mail via any client сб, 1 февр. 2025 г. в 10:15, Ilya Terskov <prosgar...@gmail.com>: > Thanks alot Matt i try make Pem from Lets encrypt and use it. > > сб, 1 февр. 2025 г., 06:46 cryptearth <cryptea...@cryptearth.de.invalid>: > >> "It doesn't work" is not a helpful error description - in fact: it is >> none at all. >> If you try to start james with regular PEM files but have messed up >> something you will get a stack trace telling you what went wrong. >> Converting a PEM certificate chain with a private key into a java >> keystore is not required anymore (although I still have a little helper >> doing exactly that). >> >> Anyway - here's how I've set it up: >> >> - placing the certificate chain in <james>/conf/chain.crt >> Important: chain.crt has to contain your certificate and the >> intermediate certificate in that order and should not contain the root >> certificate. >> - placing the private key in <james>/conf/private.key >> Important: make sure it has access set to 0600 (so read/write only to >> the user, none to group or others); you CAN also secure it by a >> passphrase - but my personal point: as you have to provide it along in >> the config it's the same as hanging a key right next to a locked door - >> why even bother to lock the door in the first place? >> >> Add to the server xml files (example for smtp/25): >> >> <smtpservers> >> <smtpserver enabled="true"> >> <jmxName>smtpserver-global</jmxName> >> <bind>0.0.0.0:25</bind> >> <connectionBacklog>200</connectionBacklog> >> <tls socketTLS="false" startTLS="true"> >> <privateKey>file://conf/private.key</privateKey> >> <certificates>file://conf/chain.crt</certificates> >> <!-- An optional secret might be specified for the private >> key --> >> <!-- <secret>james72laBalle</secret> --> >> </tls> >> // ... rest of the file >> >> Same for every other TLS block. >> >> Afterwards start james by your start script - it should come up without >> issues. For the smtp server you can use services such as >> https://www.checktls.com/TestReceiver - can also check dane and mta-sts >> and produce a very detailed log, my personal favorite >> or >> https://ssl-tools.net/mailservers - can have some issues sometimes - but >> also has good result presentation >> >> If you got your inbound smtp correctly setup - copy the config to imap >> (and maybe pop if you use that) and make sure the ports are correct. >> You should also set starttls on outgoing connections in the >> mailetcontainer.xml, section RemoteDelivery: >> >> <processor state="relay" enableJmx="true"> >> <mailet match="All" class="RemoteDelivery"> >> <outgoingQueue>outgoing</outgoingQueue> >> <startTLS>true</startTLS> >> >> Note: proper spelling is important - it has to be written as "startTLS" >> - otherwise you will get an error on startup >> And you can test that as well with the above sites or just send an email >> to your gmail account and look into the raw mail - it should say >> something like this: >> >> Received by: mx.google.mx via ESMTPS for <recpt> (TLS=<some tls cipher>) >> >> If you get any error please get the full log so we can get what failed >> and direct you towards the right file to fix. >> >> You may also can automate it with certbot by just sym-linking to the >> files used by apache - but if so you have to run james as root. >> >> Hope this helps. >> >> >> Matt >> >> >> Am 31.01.25 um 20:13 schrieb Ilya Terskov: >> > Hi there guys once more :) >> > I hear that james can use common acme/lets encrypt pkcs keys instead of >> > java jks, even see this in readme files but i try make it and never get >> it >> > work... But converting from pkcs to jks and this keys works. Can you >> tell >> > me how u doing it? >> > >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >> For additional commands, e-mail: server-user-h...@james.apache.org >> >>
