You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by tyler <iw...@speakeasy.net> on 2004/02/08 21:21:21 UTC
Error while sending mail....
Hi guys, I'm new to the list, so here's my first question.
Why does james use files for persistence at all. It seems to me that
you could always use a DB, and if the user didn't
want to set up a DB you could just run hsql in process and use it as
your persistence engine. That would eliminate
the need for you to write all that file code. It just strikes me as odd
that everyone always wants to use their own file
IO system for persistence when it seems that is exactly what hsql is
there for.
-Tyler
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Error while sending mail....
Posted by Stefan Groschupf <sg...@media-style.com>.
>
> The open source development is more and more influenced by business
> issues this days. ;(
I'm not happy that hibernate move to jboss group and definitely
understand the ASF point of view.
Stefan
open technology: http://www.media-style.com
open source: http://www.weta-group.net
open discussion: http://www.text-mining.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Error while sending mail....
Posted by Stefan Groschupf <sg...@media-style.com>.
> Stefan Groschupf wrote:
>>> We've talked about using hsql or something like that, but I think
>>> the issue is frankly performance. I use hsql with great results
>>> with small datasets, but James can easily have 1+ gigs in messages
>>> and individual messages (a db record) can be 10 megs.
>>>
>> Whats about hibernate?
>
> I love hibernate a ton and use it everywhere. However, I think that
> would be to replace the way we the database repositories. A couple of
> problems though:
>
> - Hibernate is LGPL, meaning ASF isn't supposed to write code
> importing it.
The open source development is more and more influenced by business
issues this days. ;(
Stefan
open technology: http://www.media-style.com
open source: http://www.weta-group.net
open discussion: http://www.text-mining.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: SPF
Posted by "Noel J. Bergman" <no...@devtech.com>.
> > http://spf.pobox.com/
> - Assuming your mail server supported it, who wouldn't want SPF
> protected turned on?
I consider some things about SPF objectionable. It makes mobile e-mail more
difficult, especially with some loose ends surrounding it. It makes
assumptions like "all up-to-date ISPs support [SASL] on the server end." It
effectively requires @apache.org addresses to be sent via the ASF mail
server. Forwarding your @apache.org address would require the server to
perform Sender Rewriting (which is a bit of a mess), and parsing in the
event of a bounce. I'm not thrilled about the runtime overhead of having to
parse TXT records for SPF content (see Appendix B.3 for some examples).
That said, SPF does have potential, particularly given the extension
mechanism. I will find it more interesting when domain keys were supported,
since those would be sufficient for most cases, support mobile workers, and
could eliminate the need to rewrite the sender. And I would like to see the
parsing requirements reduced.
> - Does it have to reject during the SMTP connection, or can you
> accept and then reject?
You can accept and then reject.
> - If an SPF test failed (connection from server a.b.c.d that does not
> meet my lokitech.com SPF rule), would I still accept email with a
> from of lokitech.com, i.e., a domain this mail server handles locally?
SPF is applied to MAIL FROM. Would you want to accept
MAIL FROM: <li...@lokitech.com>
RCPT TO: <su...@lokitech.com>
if the sending machine were not valid for lokitech.com?
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: SPF
Posted by Serge Knystautas <se...@lokitech.com>.
tyler wrote:
> A full description is here...
>
> http://spf.pobox.com/
Thanks Tyler! Sounds interesting. Couple of questions (for Tyler,
Noel, whoever can answer):
- Assuming your mail server supported it, who wouldn't want SPF
protected turned on?
- Does it have to reject during the SMTP connection, or can you accept
and then reject?
- If an SPF test failed (connection from server a.b.c.d that does not
meet my lokitech.com SPF rule), would I still accept email with a from
of lokitech.com, i.e., a domain this mail server handles locally?
--
Serge Knystautas
President
Lokitech >>> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: SPF
Posted by "Noel J. Bergman" <no...@devtech.com>.
> When an email comes in, and it says it's from "aol.com"
> you check the spf record for aol.com. The computer on
> the other end of the line had better be listed in the
> spf record, or it's a spoofed from field
I believe that you mean the RFC 2821 MAIL FROM command, not the RFC 2822
From: header. See the proposed RFC, section 8.4.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: SPF
Posted by tyler <iw...@speakeasy.net>.
A full description is here...
http://spf.pobox.com/
The basic idea is this. Each domain owner publishes a record in DNS
indicating which servers are allowed to
send email "from" that domain. When an email comes in, and it says it's
from "aol.com" you check the spf record for aol.com.
The computer on the other end of the line had better be listed in the
spf record, or it's a spoofed from field and is
probably being sent by some compromised box run by a spammer from
Thailand. Hence we would throw it away.
I mention AOL, because aol has started publishing spf records, so that
should greatly reduce the quantity of spam
getting through the filters if we check for spf, as anything with a
forged aol "from" field will be tossed. This is starting
to become a bit of a standard as well, so it might be wise to support
it before too long.
-Tyler
On Feb 8, 2004, at 5:38 PM, Serge Knystautas wrote:
> tyler wrote:
>> Now one more question. Does James support SPF (Sender permitted from)
>> and if not, is there currently a plan to support it? If so, how do
>> you turn it on?
>
> I might know it by a different term, but can you describe SPF a bit?
> If you mean sender permitted based on the From email address, that is
> very spoofable unless you've got S/MIME signed messages. No server
> should really be allowing any message relayed just because it has
> From: sergek@lokitech.com.
>
> --
> Serge Knystautas
> President
> Lokitech >>> software . strategy . design >> http://www.lokitech.com
> p. 301.656.5501
> e. sergek@lokitech.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: SPF
Posted by "Noel J. Bergman" <no...@devtech.com>.
> I might know it by a different term, but can you describe SPF a bit?
See recent discussion on infrastructure@ regarding http://spf.pobox.com.
To answer Tyler's question, there is no support in James, but we'd be
interested in seeing contributions.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: SPF
Posted by Serge Knystautas <se...@lokitech.com>.
tyler wrote:
> Now one more question. Does James support SPF (Sender permitted from)
> and if not, is there currently a plan to support it? If so, how do you
> turn it on?
I might know it by a different term, but can you describe SPF a bit? If
you mean sender permitted based on the From email address, that is very
spoofable unless you've got S/MIME signed messages. No server should
really be allowing any message relayed just because it has From:
sergek@lokitech.com.
--
Serge Knystautas
President
Lokitech >>> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
SPF
Posted by tyler <iw...@speakeasy.net>.
Thanks for all the feedback regarding HSQL, makes much more sense in
that light. Anyway, I like the system a lot, though I still haven't got
it quite
working right, but I will, I think . :-)
Now one more question. Does James support SPF (Sender permitted from)
and if not, is there currently a plan to support it? If so, how do you
turn it on?
Thanks
-Tyler
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: Error while sending mail....
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
> > you want a mailet to be able to check an incoming message's
> > S/MIME signature, while my mailet does S/MIME sign an
> > outgoing message.
>
> Your AddServerSignature mailet provides part of a general capability for
> handling S/MIME. Adding a matcher to validate an S/MIME signature and
> mailets to encrypt and decrypt messages would fill in more parts of the
> package.
This is an area where I would enjoy doing something :-) But it could take some time. To start, I will finalize and add the AddServerSignature mailet.
>
> > I use "remote control mailets that accept messages encoding requests",
> > with security given by the "SMTPAuthUserIs" matcher.
>
> > I think that this approach is simpler to set up than using S/MIME.
>
> Good idea, especially when combined with TLS. Do you want to do a small
> write up of this approach for the site docs, with a brief example? If you
> don't have time, I will try to remember to do it when I modify
> FromRepository to accept parameters.
Ok I'll do it. Should I write it into the wiki?
Vincenzo
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: Error while sending mail....
Posted by "Noel J. Bergman" <no...@devtech.com>.
> you want a mailet to be able to check an incoming message's
> S/MIME signature, while my mailet does S/MIME sign an
> outgoing message.
Your AddServerSignature mailet provides part of a general capability for
handling S/MIME. Adding a matcher to validate an S/MIME signature and
mailets to encrypt and decrypt messages would fill in more parts of the
package.
> I use "remote control mailets that accept messages encoding requests",
> with security given by the "SMTPAuthUserIs" matcher.
> I think that this approach is simpler to set up than using S/MIME.
Good idea, especially when combined with TLS. Do you want to do a small
write up of this approach for the site docs, with a brief example? If you
don't have time, I will try to remember to do it when I modify
FromRepository to accept parameters.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: Error while sending mail....
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
Noel,
Sure I can commit my S/MIME code into CVS, but if I understand well your idea, you want a mailet to be able to check an incoming message's S/MIME signature, while my mailet does S/MIME sign an outgoing message.
In my production system I use "remote control mailets that accept messages encoding requests", with security given by the "SMTPAuthUserIs" matcher. Moreover, any matcher/mailet can check the user with the "org.apache.james.SMTPAuthUser" attribute. If the sender of the "messages encoding requests" is a user known by James, and SMTPAuth is on, I think that this approach is simpler to set up than using S/MIME.
Did I understand well your idea?
Regarding my S/MIME code, I will talk about it in a reply to your "[PROPOSAL] Release Plan" in the server-dev thread.
Vincenzo
> -----Original Message-----
> From: Noel J. Bergman [mailto:noel@devtech.com]
> Sent: domenica 8 febbraio 2004 23.07
> To: James Users List
> Subject: RE: Error while sending mail....
>
>
> > One more thought... I've been swearing to myself to build a little
> > web-app to manage my James JDBC mail repositories (delete stuff,
> > move messages around, read what's there, stats, etc...)
>
> FWIW, I've been using my FromRepository mailet quite a bit. It would be
> good to parameterize it so that it could receive an encoded message
telling
> it from which repository and perhaps other criteria about what to
respool.
>
> If Vincenzo would consider committing the S/MIME code into CVS, we could
> create remote control mailets that accept signed messages encoding
requests,
> providing remote control with security.
>
> --- Noel
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: Error while sending mail....
Posted by "Noel J. Bergman" <no...@devtech.com>.
> One more thought... I've been swearing to myself to build a little
> web-app to manage my James JDBC mail repositories (delete stuff,
> move messages around, read what's there, stats, etc...)
FWIW, I've been using my FromRepository mailet quite a bit. It would be
good to parameterize it so that it could receive an encoded message telling
it from which repository and perhaps other criteria about what to respool.
If Vincenzo would consider committing the S/MIME code into CVS, we could
create remote control mailets that accept signed messages encoding requests,
providing remote control with security.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Error while sending mail....
Posted by Serge Knystautas <se...@lokitech.com>.
Stefan Groschupf wrote:
>> We've talked about using hsql or something like that, but I think the
>> issue is frankly performance. I use hsql with great results with
>> small datasets, but James can easily have 1+ gigs in messages and
>> individual messages (a db record) can be 10 megs.
>>
> Whats about hibernate?
I love hibernate a ton and use it everywhere. However, I think that
would be to replace the way we the database repositories. A couple of
problems though:
- Hibernate is LGPL, meaning ASF isn't supposed to write code importing
it. They've considered publishing their API as ASL-style, but have yet
to. Once more, JBoss has effectively bought the Hibernate project, so
that complicates matters. As an outside change, the ASF 2.0 license is
supposed to be more compatible with (L)GPL, but honeslty I don't know
this is relevant.
- Hibernate can generate create-SQL and update-SQL scripts, but it's not
always well-optimized. The XML file let's use do very specific
create-SQL scripts. Then again, we've got squat for update scripts.
- I think we have people relying on our XML file approach within
matchers and mailets... so we couldn't just remove all JDBC code as much
as I'd like.
I mean generally I would support anyone with a patch to provide a
hibernate mail repository and would support making this the default (or
at least preferred over the JDBC one). Just not my itch right now.
One more thought... I've been swearing to myself to build a little
web-app to manage my James JDBC mail repositories (delete stuff, move
messages around, read what's there, stats, etc...), and if/when I get to
that, I would use hibernate and my JSP tag lib I created for it
(http://hibtags.sf.net).
--
Serge Knystautas
President
Lokitech >>> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Error while sending mail....
Posted by Stefan Groschupf <sg...@media-style.com>.
>
> We've talked about using hsql or something like that, but I think the
> issue is frankly performance. I use hsql with great results with
> small datasets, but James can easily have 1+ gigs in messages and
> individual messages (a db record) can be 10 megs.
>
Whats about hibernate?
Stefan
open technology: http://www.media-style.com
open source: http://www.weta-group.net
open discussion: http://www.text-mining.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: Error while sending mail....
Posted by "Noel J. Bergman" <no...@devtech.com>.
> Even real database servers do not handle the huge messages gracefully
Nope. The most performant solution I have found so far is out dbfile
approach, where we use the database for the boxcar, and the file system for
the ore.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Error while sending mail....
Posted by Serge Knystautas <se...@lokitech.com>.
tyler wrote:
> Hi guys, I'm new to the list, so here's my first question.
>
> Why does james use files for persistence at all. It seems to me that you
> could always use a DB, and if the user didn't
> want to set up a DB you could just run hsql in process and use it as
> your persistence engine. That would eliminate
> the need for you to write all that file code. It just strikes me as odd
> that everyone always wants to use their own file
> IO system for persistence when it seems that is exactly what hsql is
> there for.
First and foremost, it's because the IO code was written 4 years ago.
Second, it was written and supposed to be maintained by the Avalon
project, so we were supposed to be getting something for free.
We've talked about using hsql or something like that, but I think the
issue is frankly performance. I use hsql with great results with small
datasets, but James can easily have 1+ gigs in messages and individual
messages (a db record) can be 10 megs.
Even real database servers do not handle the huge messages gracefully
(we often recommend using file in certain scenarios for performance
reasons). I'm not knowledgeable enough to say that hsql isn't viable,
but I am pessimistic.
--
Serge Knystautas
President
Lokitech >>> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org