You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Mike Lepore <mi...@gmail.com> on 2017/09/01 18:38:41 UTC
socketTLS port 465 smtp not working
I can't seem to get james3 to work with smtpserver for socketTLS on port
465.
when I execute this command it just seems to hang at the end and not
complete the send. any ideas? Am I not running the send command
properly? I have smtpserver.xml configured for socketTLS.
<bind>0.0.0.0:465</bind>
...
<tls socketTLS="true" startTLS="false">
<keystore>...ks file...</keystore>
<secret>...pw...</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
<!-- The algorithm is optional and only needs to be specified
when using something other
than the Sun JCE provider - You could use IbmX509 with IBM Java
runtime. -->
<!--algorithm>SunX509</algorithm-->
</tls>
# this from the smtpserver.log:
INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
Connection established from 127.0.0.1
# command...
/usr/bin/openssl s_client -quiet -connect localhost:465
depth=0 CN = mail.lepore.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail.lepore.org
verify return:1
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: this is a test on 2017-09-01 at 2:30pm
test body
.
----------
#tried using startTLS (didn't work either)
/usr/bin/openssl s_client -quiet -connect localhost:465
depth=0 CN = mail.lepore.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail.lepore.org
verify return:1
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
STARTTLS
500 5.5.1 TLS already active RFC2487 5.2
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
test body
.
--
thanks,
Michael Lepore
michael.lepore.work@gmail.com
Re: socketTLS port 465 smtp not working [RESOLVED]
Posted by Mike Lepore <mi...@gmail.com>.
I figured it out with the help from http://mac-blog.org.ua/test-ssl-smtp/
I needed the " -crlf -ign_eof" arguments to openssl. socketTLS works
just fine now with openssl on the command line.
mike@lic4u:/share/james/conf$ /usr/bin/openssl s_client -quiet -connect
localhost:465-crlf -ign_eof
depth=0 CN = mail.lepore.org
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = mail.lepore.org
verify return:1
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<te...@lepore.org>
250 2.1.0 Sender <te...@lepore.org> OK
rcpt to:<te...@lepore.org>
250 2.1.5 Recipient <te...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: test from lic4u localhost socketTLS port 465 on 2017-09-06 at
3:08pm
test body
.
250 2.6.0 Message received
quit
thanks,
Michael Lepore
michael.lepore.work@gmail.com
On 09/06/2017 07:10 AM, cryptearth wrote:
> Well, sure it could be the openssl client causing this issue (I hadn't
> time to try it myself), but as already said: SSL/TLS should just act
> as an additional layer sandwiched in between the TCP layer wich
> provides the connection itself and the SMTP layer on top of it as a
> kind of an "interface" to talk to the server. As the server respondes
> with a 3xx code after you send "data" command it shows communication
> is working in both directions. It's rather strange that the terminator
> is ignored. Instead of using openssl as a client try something else
> like the java mail client lib or another popular mail client - you
> should get some more useful information from it. Also, as already
> said, a packet capture like wireshark could also be very useful.
>
> Matt
>
> Am 05.09.2017 um 16:39 schrieb Mike Lepore:
>> yeah, I think it's using openssl to test with that is causing the
>> issue. I turned DEBUG On for smtpserver using the log4j instead of
>> the of the java property in cli mode since I didn't know exactly how
>> to execute james in cli mode. Using openssl for testing just seems to
>> hang at the " ending with <CRLF>.<CRLF>". It's as if openssl doesn't
>> recognize the return key as <crlf> like telnet does. Telnet seems to
>> work just fine for port 25 this way. I can type <CRLF>.<CRLF>
>> multiple times, but it won't recognize it as the end of the "data".
>> I'm running this on an Ubuntu linux machine, so maybe openssl is not
>> responding to the return key the same way telnet does. This is what
>> I got:
>>
>> INFO 10:25:21,571 | james.smtpserver | Id='154440174' User=''
>> Connection established from 127.0.0.1
>> DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.protocols.api.handler.CommandDispatcher received: EHLO
>> DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User='' Lookup
>> command handler for command: EHLO
>> DEBUG 10:26:06,050 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.protocols.smtp.core.esmtp.EhloCmdHandler: [250-lic4u
>> Hello localhost [127.0.0.1]), 250-PIPELINING,
>> 250-ENHANCEDSTATUSCODES, 250 8BITMIME]
>> DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.protocols.api.handler.CommandDispatcher received: MAIL
>> DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User='' Lookup
>> command handler for command: MAIL
>> DEBUG 10:26:55,823 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.smtpserver.JamesMailCmdHandler: [250 2.1.0 Sender
>> <ad...@lepore.org> OK]
>> DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.protocols.api.handler.CommandDispatcher received: RCPT
>> DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User='' Lookup
>> command handler for command: RCPT
>> DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User=''
>> executing hook org.apache.james.smtpserver.fastfail.ValidRcptHandler
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.smtpserver.fastfail.ValidRcptHandler: result=8
>> (DECLINED)
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook org.apache.james.smtpserver.AuthRequiredToRelayRcptHook
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.smtpserver.AuthRequiredToRelayRcptHook: result=8
>> (DECLINED)
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook:
>> result=8 (DECLINED)
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
>> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook
>> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
>> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook:
>> result=8 (DECLINED)
>> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
>> executing hook
>> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
>> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.smtpserver.JamesRcptCmdHandler: [250 2.1.5 Recipient
>> <ad...@lepore.org> OK]
>> DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.protocols.api.handler.CommandDispatcher received: DATA
>> DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User='' Lookup
>> command handler for command: DATA
>> DEBUG 10:28:19,776 | james.smtpserver | Id='154440174' User=''
>> org.apache.james.smtpserver.JamesDataCmdHandler: [354 Ok Send data
>> ending with <CRLF>.<CRLF>]
>>
>>
>> thanks,
>> Michael Lepore
>> michael.lepore.work@gmail.com
>>
>> On 09/05/2017 03:02 AM, cryptearth wrote:
>>> Hey Mike,
>>>
>>> I still can't see this should be a TLS related error. TLS simply
>>> adds an additional layer ensuring security. If your issue would be
>>> caused by anything TLS related you either wouldn't get a connection
>>> at all - or you should get an error on either side (wich I guess
>>> openssl would throw out directly - for james server try in cli mode
>>> with -Djavax.net.debug=all). Also you could run wireshark to see if
>>> there's any packet loss. Depending on used cipher it's possible
>>> there's a small buffer not transmitted directly.
>>> If Thunderbird isn't able to connect it's most likely a
>>> cert-trust-chain issue. Just try use a free let's encrypt cert for
>>> testing.
>>>
>>> If you still get issues: please get us some debug logs any maybe
>>> packet captures. It's very hard to tell what's goin wrong when the
>>> only information basicly is "works w/o TLS but doesn't w/ TLS".
>>>
>>> Matt
>>>
>>> Am 05.09.2017 um 03:00 schrieb Mike Lepore:
>>>> yes, when I set the socketTLS to false and the binding address back
>>>> with port 25, it seems to work just fine. It just seems to hang
>>>> when I'm inputting the the message itself when set to port 465 with
>>>> socketTLS set to true. Am I not able to use openssl like that to
>>>> actually send an email on port 465? I also can't get Mozilla
>>>> Thunderbird to connect to the socketTLS/465 either. Seems like I
>>>> have to be missing something in the confs.
>>>>
>>>>
>>>> mike@lic4u:/share/james/conf$ telnet localhost 25
>>>> Trying 127.0.0.1...
>>>> Connected to localhost.
>>>> Escape character is '^]'.
>>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>>> EHLO localhost
>>>> 250-lic4u Hello localhost [127.0.0.1])
>>>> 250-PIPELINING
>>>> 250-ENHANCEDSTATUSCODES
>>>> 250 8BITMIME
>>>> mail from:<ad...@lepore.org>
>>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>>> rcpt to:<ad...@lepore.org>
>>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>>> data
>>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>>> subject: from lic4u on 2017-09-04 at 8:51pm...
>>>>
>>>> body test
>>>> .
>>>> 250 2.6.0 Message received
>>>> quit
>>>> 221 2.0.0 lic4u Service closing transmission channel
>>>> Connection closed by foreign host.
>>>> mike@lic4u:/share/james/conf$
>>>>
>>>> thanks,
>>>> Michael Lepore
>>>> michael.lepore.work@gmail.com
>>>>
>>>> On 09/02/2017 12:36 AM, cryptearth wrote:
>>>>> Hello Mike,
>>>>>
>>>>> this doesn't look like an TLS-based error to me because the
>>>>> connection gets established and you can get somd commands to work.
>>>>> If this issue would be related to anything on the secure layer
>>>>> most likely the connection wouldn't established at all.
>>>>> Did you already tried if it works without TLS?
>>>>> If so, you could enable debug on server side to see where starts
>>>>> to fail.
>>>>>
>>>>> Also: side-note about socketTLS vs startTLS:
>>>>> When using socketTLS the connection is encrypted from the
>>>>> beginning, you have a secure tunnel through wich unencrypted data
>>>>> flows protected by the encryption of this tunnel.
>>>>> When using startTLS you start the connection as an unencrypted
>>>>> plain one, so the channel you're using itself is not secured. By
>>>>> sending starttls command basicly you say:"hey, let's speak
>>>>> nonesense from now on" and then encrypted data runs across the
>>>>> unsecure channel.
>>>>> In real the difference is a bit more complicated and the result is
>>>>> pretty much the same, but maybe this helps to understand what both
>>>>> of these are. So you only use one of them - that's why you getting
>>>>> a 500 - tls already active on your second try.
>>>>>
>>>>> greetings
>>>>>
>>>>> Matt
>>>>>
>>>>> ---- Mike Lepore schrieb ----
>>>>>
>>>>>> I can't seem to get james3 to work with smtpserver for socketTLS
>>>>>> on port
>>>>>> 465.
>>>>>>
>>>>>> when I execute this command it just seems to hang at the end and not
>>>>>> complete the send. any ideas? Am I not running the send command
>>>>>> properly? I have smtpserver.xml configured for socketTLS.
>>>>>>
>>>>>> <bind>0.0.0.0:465</bind>
>>>>>> ...
>>>>>>
>>>>>> <tls socketTLS="true" startTLS="false">
>>>>>> <keystore>...ks file...</keystore>
>>>>>> <secret>...pw...</secret>
>>>>>>
>>>>>> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>>>>>>
>>>>>> <!-- The algorithm is optional and only needs to be
>>>>>> specified
>>>>>> when using something other
>>>>>> than the Sun JCE provider - You could use IbmX509 with
>>>>>> IBM Java
>>>>>> runtime. -->
>>>>>> <!--algorithm>SunX509</algorithm-->
>>>>>> </tls>
>>>>>>
>>>>>> # this from the smtpserver.log:
>>>>>>
>>>>>> INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
>>>>>> Connection established from 127.0.0.1
>>>>>>
>>>>>>
>>>>>>
>>>>>> # command...
>>>>>>
>>>>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>>>>> depth=0 CN = mail.lepore.org
>>>>>> verify error:num=18:self signed certificate
>>>>>> verify return:1
>>>>>> depth=0 CN = mail.lepore.org
>>>>>> verify return:1
>>>>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>>>>> EHLO localhost
>>>>>> 250-lic4u Hello localhost [127.0.0.1])
>>>>>> 250-PIPELINING
>>>>>> 250-ENHANCEDSTATUSCODES
>>>>>> 250 8BITMIME
>>>>>> mail from:<ad...@lepore.org>
>>>>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>>>>> rcpt to:<ad...@lepore.org>
>>>>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>>>>> data
>>>>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>>>>> subject: this is a test on 2017-09-01 at 2:30pm
>>>>>>
>>>>>> test body
>>>>>>
>>>>>> .
>>>>>>
>>>>>>
>>>>>> ----------
>>>>>>
>>>>>> #tried using startTLS (didn't work either)
>>>>>>
>>>>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>>>>> depth=0 CN = mail.lepore.org
>>>>>> verify error:num=18:self signed certificate
>>>>>> verify return:1
>>>>>> depth=0 CN = mail.lepore.org
>>>>>> verify return:1
>>>>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>>>>> EHLO localhost
>>>>>> 250-lic4u Hello localhost [127.0.0.1])
>>>>>> 250-PIPELINING
>>>>>> 250-ENHANCEDSTATUSCODES
>>>>>> 250 8BITMIME
>>>>>> STARTTLS
>>>>>> 500 5.5.1 TLS already active RFC2487 5.2
>>>>>> mail from:<ad...@lepore.org>
>>>>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>>>>> rcpt to:<ad...@lepore.org>
>>>>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>>>>> data
>>>>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>>>>> subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
>>>>>>
>>>>>> test body
>>>>>> .
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> thanks,
>>>>>> Michael Lepore
>>>>>> michael.lepore.work@gmail.com
>>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
Re: socketTLS port 465 smtp not working
Posted by cryptearth <cr...@cryptearth.de>.
Well, sure it could be the openssl client causing this issue (I hadn't
time to try it myself), but as already said: SSL/TLS should just act as
an additional layer sandwiched in between the TCP layer wich provides
the connection itself and the SMTP layer on top of it as a kind of an
"interface" to talk to the server. As the server respondes with a 3xx
code after you send "data" command it shows communication is working in
both directions. It's rather strange that the terminator is ignored.
Instead of using openssl as a client try something else like the java
mail client lib or another popular mail client - you should get some
more useful information from it. Also, as already said, a packet capture
like wireshark could also be very useful.
Matt
Am 05.09.2017 um 16:39 schrieb Mike Lepore:
> yeah, I think it's using openssl to test with that is causing the
> issue. I turned DEBUG On for smtpserver using the log4j instead of the
> of the java property in cli mode since I didn't know exactly how to
> execute james in cli mode. Using openssl for testing just seems to
> hang at the " ending with <CRLF>.<CRLF>". It's as if openssl doesn't
> recognize the return key as <crlf> like telnet does. Telnet seems to
> work just fine for port 25 this way. I can type <CRLF>.<CRLF>
> multiple times, but it won't recognize it as the end of the "data".
> I'm running this on an Ubuntu linux machine, so maybe openssl is not
> responding to the return key the same way telnet does. This is what I
> got:
>
> INFO 10:25:21,571 | james.smtpserver | Id='154440174' User=''
> Connection established from 127.0.0.1
> DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User=''
> org.apache.james.protocols.api.handler.CommandDispatcher received: EHLO
> DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User='' Lookup
> command handler for command: EHLO
> DEBUG 10:26:06,050 | james.smtpserver | Id='154440174' User=''
> org.apache.james.protocols.smtp.core.esmtp.EhloCmdHandler: [250-lic4u
> Hello localhost [127.0.0.1]), 250-PIPELINING, 250-ENHANCEDSTATUSCODES,
> 250 8BITMIME]
> DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User=''
> org.apache.james.protocols.api.handler.CommandDispatcher received: MAIL
> DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User='' Lookup
> command handler for command: MAIL
> DEBUG 10:26:55,823 | james.smtpserver | Id='154440174' User=''
> org.apache.james.smtpserver.JamesMailCmdHandler: [250 2.1.0 Sender
> <ad...@lepore.org> OK]
> DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User=''
> org.apache.james.protocols.api.handler.CommandDispatcher received: RCPT
> DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User='' Lookup
> command handler for command: RCPT
> DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User=''
> executing hook org.apache.james.smtpserver.fastfail.ValidRcptHandler
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> org.apache.james.smtpserver.fastfail.ValidRcptHandler: result=8
> (DECLINED)
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook org.apache.james.smtpserver.AuthRequiredToRelayRcptHook
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> org.apache.james.smtpserver.AuthRequiredToRelayRcptHook: result=8
> (DECLINED)
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook:
> result=8 (DECLINED)
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
> DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook
> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
> org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook: result=8
> (DECLINED)
> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
> executing hook
> org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
> DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
> org.apache.james.smtpserver.JamesRcptCmdHandler: [250 2.1.5 Recipient
> <ad...@lepore.org> OK]
> DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User=''
> org.apache.james.protocols.api.handler.CommandDispatcher received: DATA
> DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User='' Lookup
> command handler for command: DATA
> DEBUG 10:28:19,776 | james.smtpserver | Id='154440174' User=''
> org.apache.james.smtpserver.JamesDataCmdHandler: [354 Ok Send data
> ending with <CRLF>.<CRLF>]
>
>
> thanks,
> Michael Lepore
> michael.lepore.work@gmail.com
>
> On 09/05/2017 03:02 AM, cryptearth wrote:
>> Hey Mike,
>>
>> I still can't see this should be a TLS related error. TLS simply adds
>> an additional layer ensuring security. If your issue would be caused
>> by anything TLS related you either wouldn't get a connection at all -
>> or you should get an error on either side (wich I guess openssl would
>> throw out directly - for james server try in cli mode with
>> -Djavax.net.debug=all). Also you could run wireshark to see if
>> there's any packet loss. Depending on used cipher it's possible
>> there's a small buffer not transmitted directly.
>> If Thunderbird isn't able to connect it's most likely a
>> cert-trust-chain issue. Just try use a free let's encrypt cert for
>> testing.
>>
>> If you still get issues: please get us some debug logs any maybe
>> packet captures. It's very hard to tell what's goin wrong when the
>> only information basicly is "works w/o TLS but doesn't w/ TLS".
>>
>> Matt
>>
>> Am 05.09.2017 um 03:00 schrieb Mike Lepore:
>>> yes, when I set the socketTLS to false and the binding address back
>>> with port 25, it seems to work just fine. It just seems to hang
>>> when I'm inputting the the message itself when set to port 465 with
>>> socketTLS set to true. Am I not able to use openssl like that to
>>> actually send an email on port 465? I also can't get Mozilla
>>> Thunderbird to connect to the socketTLS/465 either. Seems like I
>>> have to be missing something in the confs.
>>>
>>>
>>> mike@lic4u:/share/james/conf$ telnet localhost 25
>>> Trying 127.0.0.1...
>>> Connected to localhost.
>>> Escape character is '^]'.
>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>> EHLO localhost
>>> 250-lic4u Hello localhost [127.0.0.1])
>>> 250-PIPELINING
>>> 250-ENHANCEDSTATUSCODES
>>> 250 8BITMIME
>>> mail from:<ad...@lepore.org>
>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>> rcpt to:<ad...@lepore.org>
>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>> data
>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>> subject: from lic4u on 2017-09-04 at 8:51pm...
>>>
>>> body test
>>> .
>>> 250 2.6.0 Message received
>>> quit
>>> 221 2.0.0 lic4u Service closing transmission channel
>>> Connection closed by foreign host.
>>> mike@lic4u:/share/james/conf$
>>>
>>> thanks,
>>> Michael Lepore
>>> michael.lepore.work@gmail.com
>>>
>>> On 09/02/2017 12:36 AM, cryptearth wrote:
>>>> Hello Mike,
>>>>
>>>> this doesn't look like an TLS-based error to me because the
>>>> connection gets established and you can get somd commands to work.
>>>> If this issue would be related to anything on the secure layer most
>>>> likely the connection wouldn't established at all.
>>>> Did you already tried if it works without TLS?
>>>> If so, you could enable debug on server side to see where starts to
>>>> fail.
>>>>
>>>> Also: side-note about socketTLS vs startTLS:
>>>> When using socketTLS the connection is encrypted from the
>>>> beginning, you have a secure tunnel through wich unencrypted data
>>>> flows protected by the encryption of this tunnel.
>>>> When using startTLS you start the connection as an unencrypted
>>>> plain one, so the channel you're using itself is not secured. By
>>>> sending starttls command basicly you say:"hey, let's speak
>>>> nonesense from now on" and then encrypted data runs across the
>>>> unsecure channel.
>>>> In real the difference is a bit more complicated and the result is
>>>> pretty much the same, but maybe this helps to understand what both
>>>> of these are. So you only use one of them - that's why you getting
>>>> a 500 - tls already active on your second try.
>>>>
>>>> greetings
>>>>
>>>> Matt
>>>>
>>>> ---- Mike Lepore schrieb ----
>>>>
>>>>> I can't seem to get james3 to work with smtpserver for socketTLS
>>>>> on port
>>>>> 465.
>>>>>
>>>>> when I execute this command it just seems to hang at the end and not
>>>>> complete the send. any ideas? Am I not running the send command
>>>>> properly? I have smtpserver.xml configured for socketTLS.
>>>>>
>>>>> <bind>0.0.0.0:465</bind>
>>>>> ...
>>>>>
>>>>> <tls socketTLS="true" startTLS="false">
>>>>> <keystore>...ks file...</keystore>
>>>>> <secret>...pw...</secret>
>>>>>
>>>>> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>>>>>
>>>>> <!-- The algorithm is optional and only needs to be specified
>>>>> when using something other
>>>>> than the Sun JCE provider - You could use IbmX509 with
>>>>> IBM Java
>>>>> runtime. -->
>>>>> <!--algorithm>SunX509</algorithm-->
>>>>> </tls>
>>>>>
>>>>> # this from the smtpserver.log:
>>>>>
>>>>> INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
>>>>> Connection established from 127.0.0.1
>>>>>
>>>>>
>>>>>
>>>>> # command...
>>>>>
>>>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>>>> depth=0 CN = mail.lepore.org
>>>>> verify error:num=18:self signed certificate
>>>>> verify return:1
>>>>> depth=0 CN = mail.lepore.org
>>>>> verify return:1
>>>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>>>> EHLO localhost
>>>>> 250-lic4u Hello localhost [127.0.0.1])
>>>>> 250-PIPELINING
>>>>> 250-ENHANCEDSTATUSCODES
>>>>> 250 8BITMIME
>>>>> mail from:<ad...@lepore.org>
>>>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>>>> rcpt to:<ad...@lepore.org>
>>>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>>>> data
>>>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>>>> subject: this is a test on 2017-09-01 at 2:30pm
>>>>>
>>>>> test body
>>>>>
>>>>> .
>>>>>
>>>>>
>>>>> ----------
>>>>>
>>>>> #tried using startTLS (didn't work either)
>>>>>
>>>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>>>> depth=0 CN = mail.lepore.org
>>>>> verify error:num=18:self signed certificate
>>>>> verify return:1
>>>>> depth=0 CN = mail.lepore.org
>>>>> verify return:1
>>>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>>>> EHLO localhost
>>>>> 250-lic4u Hello localhost [127.0.0.1])
>>>>> 250-PIPELINING
>>>>> 250-ENHANCEDSTATUSCODES
>>>>> 250 8BITMIME
>>>>> STARTTLS
>>>>> 500 5.5.1 TLS already active RFC2487 5.2
>>>>> mail from:<ad...@lepore.org>
>>>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>>>> rcpt to:<ad...@lepore.org>
>>>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>>>> data
>>>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>>>> subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
>>>>>
>>>>> test body
>>>>> .
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> thanks,
>>>>> Michael Lepore
>>>>> michael.lepore.work@gmail.com
>>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: socketTLS port 465 smtp not working
Posted by Mike Lepore <mi...@gmail.com>.
yeah, I think it's using openssl to test with that is causing the
issue. I turned DEBUG On for smtpserver using the log4j instead of the
of the java property in cli mode since I didn't know exactly how to
execute james in cli mode. Using openssl for testing just seems to hang
at the " ending with <CRLF>.<CRLF>". It's as if openssl doesn't
recognize the return key as <crlf> like telnet does. Telnet seems to
work just fine for port 25 this way. I can type <CRLF>.<CRLF> multiple
times, but it won't recognize it as the end of the "data". I'm running
this on an Ubuntu linux machine, so maybe openssl is not responding to
the return key the same way telnet does. This is what I got:
INFO 10:25:21,571 | james.smtpserver | Id='154440174' User=''
Connection established from 127.0.0.1
DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: EHLO
DEBUG 10:26:06,048 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: EHLO
DEBUG 10:26:06,050 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.smtp.core.esmtp.EhloCmdHandler: [250-lic4u
Hello localhost [127.0.0.1]), 250-PIPELINING, 250-ENHANCEDSTATUSCODES,
250 8BITMIME]
DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: MAIL
DEBUG 10:26:55,820 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: MAIL
DEBUG 10:26:55,823 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.JamesMailCmdHandler: [250 2.1.0 Sender
<ad...@lepore.org> OK]
DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: RCPT
DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: RCPT
DEBUG 10:27:16,730 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.smtpserver.fastfail.ValidRcptHandler
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.fastfail.ValidRcptHandler: result=8 (DECLINED)
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.smtpserver.AuthRequiredToRelayRcptHook
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.AuthRequiredToRelayRcptHook: result=8 (DECLINED)
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.SenderAuthIdentifyVerificationRcptHook:
result=8 (DECLINED)
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,780 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.protocols.smtp.core.log.HookResultLogger@11a4b662
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.smtp.core.PostmasterAbuseRcptHook: result=8
(DECLINED)
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User='' executing
hook org.apache.james.smtpserver.jmx.HookResultJMXMonitor@4e8755f9
DEBUG 10:27:16,781 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.JamesRcptCmdHandler: [250 2.1.5 Recipient
<ad...@lepore.org> OK]
DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User=''
org.apache.james.protocols.api.handler.CommandDispatcher received: DATA
DEBUG 10:28:19,769 | james.smtpserver | Id='154440174' User='' Lookup
command handler for command: DATA
DEBUG 10:28:19,776 | james.smtpserver | Id='154440174' User=''
org.apache.james.smtpserver.JamesDataCmdHandler: [354 Ok Send data
ending with <CRLF>.<CRLF>]
thanks,
Michael Lepore
michael.lepore.work@gmail.com
On 09/05/2017 03:02 AM, cryptearth wrote:
> Hey Mike,
>
> I still can't see this should be a TLS related error. TLS simply adds
> an additional layer ensuring security. If your issue would be caused
> by anything TLS related you either wouldn't get a connection at all -
> or you should get an error on either side (wich I guess openssl would
> throw out directly - for james server try in cli mode with
> -Djavax.net.debug=all). Also you could run wireshark to see if there's
> any packet loss. Depending on used cipher it's possible there's a
> small buffer not transmitted directly.
> If Thunderbird isn't able to connect it's most likely a
> cert-trust-chain issue. Just try use a free let's encrypt cert for
> testing.
>
> If you still get issues: please get us some debug logs any maybe
> packet captures. It's very hard to tell what's goin wrong when the
> only information basicly is "works w/o TLS but doesn't w/ TLS".
>
> Matt
>
> Am 05.09.2017 um 03:00 schrieb Mike Lepore:
>> yes, when I set the socketTLS to false and the binding address back
>> with port 25, it seems to work just fine. It just seems to hang when
>> I'm inputting the the message itself when set to port 465 with
>> socketTLS set to true. Am I not able to use openssl like that to
>> actually send an email on port 465? I also can't get Mozilla
>> Thunderbird to connect to the socketTLS/465 either. Seems like I
>> have to be missing something in the confs.
>>
>>
>> mike@lic4u:/share/james/conf$ telnet localhost 25
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>> EHLO localhost
>> 250-lic4u Hello localhost [127.0.0.1])
>> 250-PIPELINING
>> 250-ENHANCEDSTATUSCODES
>> 250 8BITMIME
>> mail from:<ad...@lepore.org>
>> 250 2.1.0 Sender <ad...@lepore.org> OK
>> rcpt to:<ad...@lepore.org>
>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>> data
>> 354 Ok Send data ending with <CRLF>.<CRLF>
>> subject: from lic4u on 2017-09-04 at 8:51pm...
>>
>> body test
>> .
>> 250 2.6.0 Message received
>> quit
>> 221 2.0.0 lic4u Service closing transmission channel
>> Connection closed by foreign host.
>> mike@lic4u:/share/james/conf$
>>
>> thanks,
>> Michael Lepore
>> michael.lepore.work@gmail.com
>>
>> On 09/02/2017 12:36 AM, cryptearth wrote:
>>> Hello Mike,
>>>
>>> this doesn't look like an TLS-based error to me because the
>>> connection gets established and you can get somd commands to work.
>>> If this issue would be related to anything on the secure layer most
>>> likely the connection wouldn't established at all.
>>> Did you already tried if it works without TLS?
>>> If so, you could enable debug on server side to see where starts to
>>> fail.
>>>
>>> Also: side-note about socketTLS vs startTLS:
>>> When using socketTLS the connection is encrypted from the beginning,
>>> you have a secure tunnel through wich unencrypted data flows
>>> protected by the encryption of this tunnel.
>>> When using startTLS you start the connection as an unencrypted plain
>>> one, so the channel you're using itself is not secured. By sending
>>> starttls command basicly you say:"hey, let's speak nonesense from
>>> now on" and then encrypted data runs across the unsecure channel.
>>> In real the difference is a bit more complicated and the result is
>>> pretty much the same, but maybe this helps to understand what both
>>> of these are. So you only use one of them - that's why you getting a
>>> 500 - tls already active on your second try.
>>>
>>> greetings
>>>
>>> Matt
>>>
>>> ---- Mike Lepore schrieb ----
>>>
>>>> I can't seem to get james3 to work with smtpserver for socketTLS on
>>>> port
>>>> 465.
>>>>
>>>> when I execute this command it just seems to hang at the end and not
>>>> complete the send. any ideas? Am I not running the send command
>>>> properly? I have smtpserver.xml configured for socketTLS.
>>>>
>>>> <bind>0.0.0.0:465</bind>
>>>> ...
>>>>
>>>> <tls socketTLS="true" startTLS="false">
>>>> <keystore>...ks file...</keystore>
>>>> <secret>...pw...</secret>
>>>>
>>>> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>>>>
>>>> <!-- The algorithm is optional and only needs to be specified
>>>> when using something other
>>>> than the Sun JCE provider - You could use IbmX509 with IBM
>>>> Java
>>>> runtime. -->
>>>> <!--algorithm>SunX509</algorithm-->
>>>> </tls>
>>>>
>>>> # this from the smtpserver.log:
>>>>
>>>> INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
>>>> Connection established from 127.0.0.1
>>>>
>>>>
>>>>
>>>> # command...
>>>>
>>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>>> depth=0 CN = mail.lepore.org
>>>> verify error:num=18:self signed certificate
>>>> verify return:1
>>>> depth=0 CN = mail.lepore.org
>>>> verify return:1
>>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>>> EHLO localhost
>>>> 250-lic4u Hello localhost [127.0.0.1])
>>>> 250-PIPELINING
>>>> 250-ENHANCEDSTATUSCODES
>>>> 250 8BITMIME
>>>> mail from:<ad...@lepore.org>
>>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>>> rcpt to:<ad...@lepore.org>
>>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>>> data
>>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>>> subject: this is a test on 2017-09-01 at 2:30pm
>>>>
>>>> test body
>>>>
>>>> .
>>>>
>>>>
>>>> ----------
>>>>
>>>> #tried using startTLS (didn't work either)
>>>>
>>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>>> depth=0 CN = mail.lepore.org
>>>> verify error:num=18:self signed certificate
>>>> verify return:1
>>>> depth=0 CN = mail.lepore.org
>>>> verify return:1
>>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>>> EHLO localhost
>>>> 250-lic4u Hello localhost [127.0.0.1])
>>>> 250-PIPELINING
>>>> 250-ENHANCEDSTATUSCODES
>>>> 250 8BITMIME
>>>> STARTTLS
>>>> 500 5.5.1 TLS already active RFC2487 5.2
>>>> mail from:<ad...@lepore.org>
>>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>>> rcpt to:<ad...@lepore.org>
>>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>>> data
>>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>>> subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
>>>>
>>>> test body
>>>> .
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> thanks,
>>>> Michael Lepore
>>>> michael.lepore.work@gmail.com
>>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: socketTLS port 465 smtp not working
Posted by cryptearth <cr...@cryptearth.de>.
Hey Mike,
I still can't see this should be a TLS related error. TLS simply adds an
additional layer ensuring security. If your issue would be caused by
anything TLS related you either wouldn't get a connection at all - or
you should get an error on either side (wich I guess openssl would throw
out directly - for james server try in cli mode with
-Djavax.net.debug=all). Also you could run wireshark to see if there's
any packet loss. Depending on used cipher it's possible there's a small
buffer not transmitted directly.
If Thunderbird isn't able to connect it's most likely a cert-trust-chain
issue. Just try use a free let's encrypt cert for testing.
If you still get issues: please get us some debug logs any maybe packet
captures. It's very hard to tell what's goin wrong when the only
information basicly is "works w/o TLS but doesn't w/ TLS".
Matt
Am 05.09.2017 um 03:00 schrieb Mike Lepore:
> yes, when I set the socketTLS to false and the binding address back
> with port 25, it seems to work just fine. It just seems to hang when
> I'm inputting the the message itself when set to port 465 with
> socketTLS set to true. Am I not able to use openssl like that to
> actually send an email on port 465? I also can't get Mozilla
> Thunderbird to connect to the socketTLS/465 either. Seems like I have
> to be missing something in the confs.
>
>
> mike@lic4u:/share/james/conf$ telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
> EHLO localhost
> 250-lic4u Hello localhost [127.0.0.1])
> 250-PIPELINING
> 250-ENHANCEDSTATUSCODES
> 250 8BITMIME
> mail from:<ad...@lepore.org>
> 250 2.1.0 Sender <ad...@lepore.org> OK
> rcpt to:<ad...@lepore.org>
> 250 2.1.5 Recipient <ad...@lepore.org> OK
> data
> 354 Ok Send data ending with <CRLF>.<CRLF>
> subject: from lic4u on 2017-09-04 at 8:51pm...
>
> body test
> .
> 250 2.6.0 Message received
> quit
> 221 2.0.0 lic4u Service closing transmission channel
> Connection closed by foreign host.
> mike@lic4u:/share/james/conf$
>
> thanks,
> Michael Lepore
> michael.lepore.work@gmail.com
>
> On 09/02/2017 12:36 AM, cryptearth wrote:
>> Hello Mike,
>>
>> this doesn't look like an TLS-based error to me because the
>> connection gets established and you can get somd commands to work. If
>> this issue would be related to anything on the secure layer most
>> likely the connection wouldn't established at all.
>> Did you already tried if it works without TLS?
>> If so, you could enable debug on server side to see where starts to
>> fail.
>>
>> Also: side-note about socketTLS vs startTLS:
>> When using socketTLS the connection is encrypted from the beginning,
>> you have a secure tunnel through wich unencrypted data flows
>> protected by the encryption of this tunnel.
>> When using startTLS you start the connection as an unencrypted plain
>> one, so the channel you're using itself is not secured. By sending
>> starttls command basicly you say:"hey, let's speak nonesense from now
>> on" and then encrypted data runs across the unsecure channel.
>> In real the difference is a bit more complicated and the result is
>> pretty much the same, but maybe this helps to understand what both of
>> these are. So you only use one of them - that's why you getting a 500
>> - tls already active on your second try.
>>
>> greetings
>>
>> Matt
>>
>> ---- Mike Lepore schrieb ----
>>
>>> I can't seem to get james3 to work with smtpserver for socketTLS on
>>> port
>>> 465.
>>>
>>> when I execute this command it just seems to hang at the end and not
>>> complete the send. any ideas? Am I not running the send command
>>> properly? I have smtpserver.xml configured for socketTLS.
>>>
>>> <bind>0.0.0.0:465</bind>
>>> ...
>>>
>>> <tls socketTLS="true" startTLS="false">
>>> <keystore>...ks file...</keystore>
>>> <secret>...pw...</secret>
>>>
>>> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>>> <!-- The algorithm is optional and only needs to be specified
>>> when using something other
>>> than the Sun JCE provider - You could use IbmX509 with IBM
>>> Java
>>> runtime. -->
>>> <!--algorithm>SunX509</algorithm-->
>>> </tls>
>>>
>>> # this from the smtpserver.log:
>>>
>>> INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
>>> Connection established from 127.0.0.1
>>>
>>>
>>>
>>> # command...
>>>
>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>> depth=0 CN = mail.lepore.org
>>> verify error:num=18:self signed certificate
>>> verify return:1
>>> depth=0 CN = mail.lepore.org
>>> verify return:1
>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>> EHLO localhost
>>> 250-lic4u Hello localhost [127.0.0.1])
>>> 250-PIPELINING
>>> 250-ENHANCEDSTATUSCODES
>>> 250 8BITMIME
>>> mail from:<ad...@lepore.org>
>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>> rcpt to:<ad...@lepore.org>
>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>> data
>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>> subject: this is a test on 2017-09-01 at 2:30pm
>>>
>>> test body
>>>
>>> .
>>>
>>>
>>> ----------
>>>
>>> #tried using startTLS (didn't work either)
>>>
>>> /usr/bin/openssl s_client -quiet -connect localhost:465
>>> depth=0 CN = mail.lepore.org
>>> verify error:num=18:self signed certificate
>>> verify return:1
>>> depth=0 CN = mail.lepore.org
>>> verify return:1
>>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>>> EHLO localhost
>>> 250-lic4u Hello localhost [127.0.0.1])
>>> 250-PIPELINING
>>> 250-ENHANCEDSTATUSCODES
>>> 250 8BITMIME
>>> STARTTLS
>>> 500 5.5.1 TLS already active RFC2487 5.2
>>> mail from:<ad...@lepore.org>
>>> 250 2.1.0 Sender <ad...@lepore.org> OK
>>> rcpt to:<ad...@lepore.org>
>>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>>> data
>>> 354 Ok Send data ending with <CRLF>.<CRLF>
>>> subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
>>>
>>> test body
>>> .
>>>
>>>
>>>
>>> --
>>>
>>> thanks,
>>> Michael Lepore
>>> michael.lepore.work@gmail.com
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: AW: socketTLS port 465 smtp not working
Posted by Mike Lepore <mi...@gmail.com>.
yes, when I set the socketTLS to false and the binding address back with
port 25, it seems to work just fine. It just seems to hang when I'm
inputting the the message itself when set to port 465 with socketTLS set
to true. Am I not able to use openssl like that to actually send an
email on port 465? I also can't get Mozilla Thunderbird to connect to
the socketTLS/465 either. Seems like I have to be missing something in
the confs.
mike@lic4u:/share/james/conf$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
EHLO localhost
250-lic4u Hello localhost [127.0.0.1])
250-PIPELINING
250-ENHANCEDSTATUSCODES
250 8BITMIME
mail from:<ad...@lepore.org>
250 2.1.0 Sender <ad...@lepore.org> OK
rcpt to:<ad...@lepore.org>
250 2.1.5 Recipient <ad...@lepore.org> OK
data
354 Ok Send data ending with <CRLF>.<CRLF>
subject: from lic4u on 2017-09-04 at 8:51pm...
body test
.
250 2.6.0 Message received
quit
221 2.0.0 lic4u Service closing transmission channel
Connection closed by foreign host.
mike@lic4u:/share/james/conf$
thanks,
Michael Lepore
michael.lepore.work@gmail.com
On 09/02/2017 12:36 AM, cryptearth wrote:
> Hello Mike,
>
> this doesn't look like an TLS-based error to me because the connection gets established and you can get somd commands to work. If this issue would be related to anything on the secure layer most likely the connection wouldn't established at all.
> Did you already tried if it works without TLS?
> If so, you could enable debug on server side to see where starts to fail.
>
> Also: side-note about socketTLS vs startTLS:
> When using socketTLS the connection is encrypted from the beginning, you have a secure tunnel through wich unencrypted data flows protected by the encryption of this tunnel.
> When using startTLS you start the connection as an unencrypted plain one, so the channel you're using itself is not secured. By sending starttls command basicly you say:"hey, let's speak nonesense from now on" and then encrypted data runs across the unsecure channel.
> In real the difference is a bit more complicated and the result is pretty much the same, but maybe this helps to understand what both of these are. So you only use one of them - that's why you getting a 500 - tls already active on your second try.
>
> greetings
>
> Matt
>
> ---- Mike Lepore schrieb ----
>
>> I can't seem to get james3 to work with smtpserver for socketTLS on port
>> 465.
>>
>> when I execute this command it just seems to hang at the end and not
>> complete the send. any ideas? Am I not running the send command
>> properly? I have smtpserver.xml configured for socketTLS.
>>
>> <bind>0.0.0.0:465</bind>
>> ...
>>
>> <tls socketTLS="true" startTLS="false">
>> <keystore>...ks file...</keystore>
>> <secret>...pw...</secret>
>>
>> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>> <!-- The algorithm is optional and only needs to be specified
>> when using something other
>> than the Sun JCE provider - You could use IbmX509 with IBM Java
>> runtime. -->
>> <!--algorithm>SunX509</algorithm-->
>> </tls>
>>
>> # this from the smtpserver.log:
>>
>> INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
>> Connection established from 127.0.0.1
>>
>>
>>
>> # command...
>>
>> /usr/bin/openssl s_client -quiet -connect localhost:465
>> depth=0 CN = mail.lepore.org
>> verify error:num=18:self signed certificate
>> verify return:1
>> depth=0 CN = mail.lepore.org
>> verify return:1
>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>> EHLO localhost
>> 250-lic4u Hello localhost [127.0.0.1])
>> 250-PIPELINING
>> 250-ENHANCEDSTATUSCODES
>> 250 8BITMIME
>> mail from:<ad...@lepore.org>
>> 250 2.1.0 Sender <ad...@lepore.org> OK
>> rcpt to:<ad...@lepore.org>
>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>> data
>> 354 Ok Send data ending with <CRLF>.<CRLF>
>> subject: this is a test on 2017-09-01 at 2:30pm
>>
>> test body
>>
>> .
>>
>>
>> ----------
>>
>> #tried using startTLS (didn't work either)
>>
>> /usr/bin/openssl s_client -quiet -connect localhost:465
>> depth=0 CN = mail.lepore.org
>> verify error:num=18:self signed certificate
>> verify return:1
>> depth=0 CN = mail.lepore.org
>> verify return:1
>> 220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>> EHLO localhost
>> 250-lic4u Hello localhost [127.0.0.1])
>> 250-PIPELINING
>> 250-ENHANCEDSTATUSCODES
>> 250 8BITMIME
>> STARTTLS
>> 500 5.5.1 TLS already active RFC2487 5.2
>> mail from:<ad...@lepore.org>
>> 250 2.1.0 Sender <ad...@lepore.org> OK
>> rcpt to:<ad...@lepore.org>
>> 250 2.1.5 Recipient <ad...@lepore.org> OK
>> data
>> 354 Ok Send data ending with <CRLF>.<CRLF>
>> subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
>>
>> test body
>> .
>>
>>
>>
>> --
>>
>> thanks,
>> Michael Lepore
>> michael.lepore.work@gmail.com
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
AW: socketTLS port 465 smtp not working
Posted by cryptearth <cr...@cryptearth.de>.
Hello Mike,
this doesn't look like an TLS-based error to me because the connection gets established and you can get somd commands to work. If this issue would be related to anything on the secure layer most likely the connection wouldn't established at all.
Did you already tried if it works without TLS?
If so, you could enable debug on server side to see where starts to fail.
Also: side-note about socketTLS vs startTLS:
When using socketTLS the connection is encrypted from the beginning, you have a secure tunnel through wich unencrypted data flows protected by the encryption of this tunnel.
When using startTLS you start the connection as an unencrypted plain one, so the channel you're using itself is not secured. By sending starttls command basicly you say:"hey, let's speak nonesense from now on" and then encrypted data runs across the unsecure channel.
In real the difference is a bit more complicated and the result is pretty much the same, but maybe this helps to understand what both of these are. So you only use one of them - that's why you getting a 500 - tls already active on your second try.
greetings
Matt
---- Mike Lepore schrieb ----
>I can't seem to get james3 to work with smtpserver for socketTLS on port
>465.
>
>when I execute this command it just seems to hang at the end and not
>complete the send. any ideas? Am I not running the send command
>properly? I have smtpserver.xml configured for socketTLS.
>
> <bind>0.0.0.0:465</bind>
>...
>
> <tls socketTLS="true" startTLS="false">
> <keystore>...ks file...</keystore>
> <secret>...pw...</secret>
>
><provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
> <!-- The algorithm is optional and only needs to be specified
>when using something other
> than the Sun JCE provider - You could use IbmX509 with IBM Java
>runtime. -->
> <!--algorithm>SunX509</algorithm-->
> </tls>
>
># this from the smtpserver.log:
>
>INFO 14:13:44,677 | james.smtpserver | Id='-927469453' User=''
>Connection established from 127.0.0.1
>
>
>
># command...
>
>/usr/bin/openssl s_client -quiet -connect localhost:465
>depth=0 CN = mail.lepore.org
>verify error:num=18:self signed certificate
>verify return:1
>depth=0 CN = mail.lepore.org
>verify return:1
>220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>EHLO localhost
>250-lic4u Hello localhost [127.0.0.1])
>250-PIPELINING
>250-ENHANCEDSTATUSCODES
>250 8BITMIME
>mail from:<ad...@lepore.org>
>250 2.1.0 Sender <ad...@lepore.org> OK
>rcpt to:<ad...@lepore.org>
>250 2.1.5 Recipient <ad...@lepore.org> OK
>data
>354 Ok Send data ending with <CRLF>.<CRLF>
>subject: this is a test on 2017-09-01 at 2:30pm
>
>test body
>
>.
>
>
>----------
>
>#tried using startTLS (didn't work either)
>
>/usr/bin/openssl s_client -quiet -connect localhost:465
>depth=0 CN = mail.lepore.org
>verify error:num=18:self signed certificate
>verify return:1
>depth=0 CN = mail.lepore.org
>verify return:1
>220 lic4u JAMES SMTP Server Server (JAMES SMTP Server ) ready
>EHLO localhost
>250-lic4u Hello localhost [127.0.0.1])
>250-PIPELINING
>250-ENHANCEDSTATUSCODES
>250 8BITMIME
>STARTTLS
>500 5.5.1 TLS already active RFC2487 5.2
>mail from:<ad...@lepore.org>
>250 2.1.0 Sender <ad...@lepore.org> OK
>rcpt to:<ad...@lepore.org>
>250 2.1.5 Recipient <ad...@lepore.org> OK
>data
>354 Ok Send data ending with <CRLF>.<CRLF>
>subject: test from lic4u apache-james on 2017-09-01 at 2:17pm
>
>test body
>.
>
>
>
>--
>
>thanks,
>Michael Lepore
>michael.lepore.work@gmail.com
>