Menu
▾
▴
jboss-dev-forums
|
From: <aco...@jb...> - 2005-08-01 21:07:36
|
Your understanding is correct basically. To be clear. There will need to be "RelayDomainGroup"s. I know nothing of source routing information, I'm sure you'll do the right thing :-) We should not route except for within RelayDomainGroups as that would be an "open relay" and that would be Relay relay bad. :-) Thanks for taking this on. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3887790#3887790 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3887790 |
|
From: mikezzz <nu...@jb...> - 2005-08-13 16:27:32
|
I've commited relaying by domain. I have also added configuration for it to the installer. There are a couple of points with this change which I would like to hear thoughts on. - It is now impossible to set up an open anonymous relay. Is this a problem? If working as an open relay is a requirement then I think we should have a seperate explict configuration option for it. - Performance, checking the domain of the incoming user can be a slow operation (due to a reverse domain lookup). Should we add a warning about this in the installer text? Mike. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889896#3889896 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889896 |
|
From: <aco...@jb...> - 2005-08-13 18:34:40
|
BTW the realying stuff isn't in the RC1. I figure we'll see how the RC goes and do some testing on relaying before deciding. We already have explicit configuration for anonymous more or less (AuthenticationRequired). However, I get what you mean. Let's go with "no you can't" for now and see what kind of feedback we get. My take is to be a bit more of a hitler on security than most mail servers. "Make security easy" So you ALWAYS check the incoming user domain? The intent of the feature was to only check the domain of the target. Meaning that if Anonymous User/SMTP = A, Routing Mail Server = B, Other Mail Server = C and if A has no account on B but is sending to mail server C then if B is configured with a routing domain group for only domains served by C it will route mails on behalf of anonymous users only to server C. This involves no checking of the sending user's domain. Now it might be an interesting twist to check that, but wouldn't that be more of an edge case? I probably wouldn't allow that config through the installer (only people smart enough to do the admin should be given said 6 ft rope). I'll check out what you added to the installer before registering an opinion but I'm kind of worried that routing may not be something simple enough to represent at installation time. Intuitively, it makes sense to me to reserve this for an administration piece (presently XML config hell, later GUI). For the installer I want to mostly stick to basics so that you can get up and running with normal stuff quickly. I'm even vacillating on whether or not to stick tools for JAAS login module configuration (BTW JAAS works great) to the installer, presently I say no (but yes for adminstrative piece). Next week I'm going to touch base with Mr. Adminstartion (Charles Crouch) and see whether we can leverage that code (for JBAS) and report back. -Andy View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889914#3889914 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889914 |
|
From: <aco...@jb...> - 2005-08-13 18:53:50
|
WHOA...dude.. I just took a look at the code.. To put it delicately, there was a miscommunication here. DomainGroups were supposed to be on the TO address to limit anonymous relay TO a server not *FROM* a user. I'm sure this has uses inside of organizations but I'd say its an edge case. So we should probably take it out of the GUI install since I think it will confuse 90% of folks and be useful to maybe 10%. I'll add a new feature request for M4 to limit the other side. What do you think? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889917#3889917 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889917 |
|
From: mikezzz <nu...@jb...> - 2005-08-14 08:56:24
|
Ooooooooooops!!! I will remove the config from the installer. Do you know if there is a way to silently set a variable for Velocity in the panel configuration. The MBean will require a valid value having it unset will cause the deployer to throw an error. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889932#3889932 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889932 |
|
From: mikezzz <nu...@jb...> - 2005-08-14 10:49:15
|
It was very simple to change it to be the way you intended. I have left the installer stuff in place (changed the text to be more appropriate). Have a go with it and see what you think. We can always pull it out later. Mike. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889942#3889942 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889942 |
|
From: <aco...@jb...> - 2005-08-14 15:44:16
|
Okay cool. I'll give it a test drive. Just hardcode it in the template if the config isn't setting it. Or you can set the var IN the template. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889958#3889958 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889958 |
|
From: <aco...@jb...> - 2005-08-19 12:46:37
|
This isn't working in present CVS:
"
Andrew-Olivers-Computer:~ acoliver$ telnet localhost 25Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 8:42:43 AM EDT
MAIL FROM:<no...@no...>
250 Sender <no...@no...> OK
RCPT TO:<aco...@jb...>
550 Not Authorized
"
<!--
Relay domain group.
-->
<domains includes-local-interfaces='false'>
jboss.org
<depends optional-attribute-name="DomainGroup" proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Local
<depends optional-attribute-name="MailBodyManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager
<depends optional-attribute-name="ListenerChain"
proxy-type="org.jboss.mail.MailListenerChain">jboss.mail:type=MailServices,name=MailListenerChain
<depends optional-attribute-name="UserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
<depends optional-attribute-name="RelayDomainGroup"
proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Relay
....
<!--
JBMail can not be configured as an open relay, you must specify a list of domains
to allow relaying to. -->
true
<!--
auth-allowed means that users are allowed to login. This is othogonal to AuthRequired.
Where AuthRequired means "auth required in order to send mail", AuthAllowed means
"is anyone able to log in at all?" A completely open relay (spam machine) would not
require authenticaiton and might not even allow it (so it can't be tracked or whatever). One reason to FORBID authentication is if you want users to only authenticate over SSL but
want a seperate instance of SMTP (on the same box even) to receive mails from the outside for
local users.
-->
true
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890782#3890782
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890782
|
|
From: mikezzz <nu...@jb...> - 2005-08-19 13:21:40
|
What is your auth required value set to? At the moment you can't anonymously relay with auth required set to true. Mike. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890794#3890794 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890794 |
|
From: <aco...@jb...> - 2005-08-19 19:16:40
|
Humm...I see. Originally AuthRequired was intended as the "Don't let anyone send mail OUT unless they are authenticated" -- as I see it Domain Relaying is an "exception" to auth required. if AuthRequired is "false" then you should effectively have an open relay. I think it is okay to relase M3 so long as AuthRequired=false is not an open relay. (because that would be basically redundant). Is that the case? for M4 we should revise this after some discussion. Deal? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890857#3890857 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890857 |
|
From: <aco...@jb...> - 2005-08-19 19:27:20
|
Seems like it is okay for now (in that it is not an open relay). I'm not sure relaying is actually working:
15:19:51,645 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
15:19:54,780 INFO [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
15:19:54,837 INFO [JkMain] Jk running ID=0 time=0/208 config=null
15:19:54,886 INFO [Server] JBoss (MX MicroKernel) [4.0.3RC2 (build: CVSTag=Branch_4_0 date=200508091251)] Started in 2m:6s:853ms
15:22:11,812 INFO [Server] Got request
15:22:11,838 INFO [Server] waiting for request
15:22:38,817 INFO [Server] Got request
15:22:38,818 INFO [Server] waiting for request
15:23:27,991 INFO [Mail] all headers after loading: MailHeadersImpl (4): [hdr(Received = 'Received: from null (localhost 0:0:0:0:0:0:0:1%0) by localhost.localdomain/JBossMail 1.0M3 (0:0:0:0:0:0:0:1%0)
with SMTP id 1124479407988576.2595372194803; Fri, 19 Aug 2005 15:23:27 -0400 (EDT)'), hdr(Subject = 'Subject: I do not like cheese'), hdr(From = 'From:<aco...@jb...>'), hdr(To = 'To:<aco...@jb...>')]
15:23:28,029 INFO [AbstractStore] Creating store item
15:23:28,052 INFO [PagedStore] Current Transaction: TransactionImpl:XidImpl[FormatId=257, GlobalId=Andrew-Olivers-Computer.local/23, BranchQual=, localId=23]
15:23:42,677 INFO [JMSMailListener] PUT MESSAGE ON QUEUE:org.jboss.mail.message.Mail@fe5a8a
15:23:45,626 INFO [STDOUT] DEBUG: JavaMail version 1.3.1
15:23:45,630 INFO [STDOUT] DEBUG: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/lib/javamail.providers (No such file or directory)
15:23:45,635 INFO [STDOUT] DEBUG: !anyLoaded
15:23:45,644 INFO [STDOUT] DEBUG: not loading resource: /META-INF/javamail.providers
15:23:45,652 INFO [STDOUT] DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
15:23:45,653 INFO [STDOUT] DEBUG: Tables of loaded providers
15:23:45,654 INFO [STDOUT] DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPTransport=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc], com.sun.mail.imap.IMAPStore=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3Store=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]}
15:23:45,655 INFO [STDOUT] DEBUG: Providers Listed By Protocol: {imap=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], pop3=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc], smtp=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]}
15:23:45,660 INFO [STDOUT] DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
15:23:45,666 INFO [STDOUT] DEBUG: !anyLoaded
15:23:45,671 INFO [STDOUT] DEBUG: not loading resource: /META-INF/javamail.address.map
15:23:45,672 INFO [STDOUT] DEBUG: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/lib/javamail.address.map (No such file or directory)
15:23:45,714 INFO [STDOUT] DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
15:23:50,357 INFO [STDOUT] DEBUG SMTP: useEhlo true, useAuth false
15:23:50,358 INFO [STDOUT] DEBUG SMTP: trying to connect to host "jboss.com.mail1.psmtp.com.", port 25
15:23:50,581 INFO [STDOUT] 220 Postini ESMTP 130 y6_3_2c0 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
15:23:50,583 INFO [STDOUT] DEBUG SMTP: connected to host "jboss.com.mail1.psmtp.com.", port: 25
15:23:50,594 INFO [STDOUT] EHLO Andrew-Olivers-Computer.local
15:23:50,682 INFO [STDOUT] 250-Postini says hello back
250-STARTTLS
250-8BITMIME
250 HELP
15:23:50,684 INFO [STDOUT] DEBUG SMTP: Found extension "STARTTLS", arg ""
15:23:50,685 INFO [STDOUT] DEBUG SMTP: Found extension "8BITMIME", arg ""
15:23:50,686 INFO [STDOUT] DEBUG SMTP: Found extension "HELP", arg ""
15:23:51,266 ERROR [SMTPSender] Cannot send mailjava.lang.ArrayIndexOutOfBoundsException: 1
java.lang.ArrayIndexOutOfBoundsException: 1
at org.jboss.mail.smtp.sender.SMTPSender.sendForDomain(SMTPSender.java:405)
at org.jboss.mail.smtp.sender.SMTPSender.send(SMTPSender.java:255)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:201)
at $Proxy96.send(Unknown Source)
at org.jboss.mail.mailhandler.remote.RemoteDeliveryMessageDrivenBean.deliver(RemoteDeliveryMessageDrivenBean.java:248)
at org.jboss.mail.mailhandler.remote.RemoteDeliveryMessageDrivenBean.onMessage(RemoteDeliveryMessageDrivenBean.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
at org.jboss.ejb.MessageDrivenContainer$ContainerInterceptor.invoke(MessageDrivenContainer.java:475)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:149)
at org.jboss.ejb.plugins.MessageDrivenInstanceInterceptor.invoke(MessageDrivenInstanceInterceptor.java:101)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:105)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:335)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:166)
at org.jboss.ejb.plugins.RunAsSecurityInterceptor.invoke(RunAsSecurityInterceptor.java:94)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
at org.jboss.ejb.MessageDrivenContainer.internalInvoke(MessageDrivenContainer.java:389)
at org.jboss.ejb.Container.invoke(Container.java:873)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(JMSContainerInvoker.java:1077)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(JMSContainerInvoker.java:1379)
at org.jboss.jms.asf.StdServerSession.onMessage(StdServerSession.java:256)
at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:904)
at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:160)
at org.jboss.mq.SpySession.run(SpySession.java:333)
at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:180)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743)
at java.lang.Thread.run(Thread.java:613)
15:23:51,289 INFO [STDOUT] QUIT
15:23:51,299 INFO [JMSMailListener] PUT MESSAGE ON QUEUE:org.jboss.mail.message.MailRetryWrapper@e48c89
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 8:42:43 AM EDT
MAIL FROM:<no...@no...>
250 Sender <no...@no...> OK
RCPT TO:<aco...@jb...>
550 Not Authorized
quit
221 localhost.localdomain closing connection
Connection closed by foreign host.
Andrew-Olivers-Computer:~ acoliver$ vi /Applications/JBoss\ Mail\ Server/server/default/deploy/mail.ear/mail.sar/META-INF/jboss-service.xml
Andrew-Olivers-Computer:~ acoliver$ telnet localhost 25Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 3:22:12 PM EDT
MAIL FROM:<no...@no...>
250 Sender <no...@no...> OK
RCPT TO:<an...@su...>
553 Relaying disallowed
quit
221 localhost.localdomain closing connection
Connection closed by foreign host.
Andrew-Olivers-Computer:~ acoliver$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 3:22:38 PM EDT
MAIL FROM:<aco...@jb...>
250 Sender <aco...@jb...> OK
RCPT TO:<aco...@jb...>
250 Recipient <aco...@jb...> OK
DATA
354 Ok Send data ending with .
Subject: I do not like cheese
From:<aco...@jb...>
To:<aco...@jb...>
I do not like cheese. It makes me ill.
-Andy
.
250 Message received
quit
221 localhost.localdomain closing connection
Connection closed by foreign host.
Though this could be something else.... I'll cut the release if there are no objections.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890860#3890860
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890860
|
|
From: <aco...@jb...> - 2005-08-19 20:53:09
|
I added this to the template:
#if($RELAY_BY_DOMAIN_ENABLED)
false
#else
true
#end
So that if relaying is enabled we will auto configure authrequired==false.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890869#3890869
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890869
|
|
From: mikezzz <nu...@jb...> - 2005-08-20 07:07:01
|
The exception seems to be unrelated to relaying. I'm happy to change the logic for M4. It's reasonably easy to move the logic around. Cheers, Mike. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890897#3890897 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890897 |
|
From: <aco...@jb...> - 2005-08-20 13:55:09
|
I thought so to however it only happens when relaying... Could be I did something wrong in telnet ;-) Actually I think this is in the Auth routines... However its probably a couple lines of boolean logic. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890902#3890902 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890902 |
|
From: mikezzz <nu...@jb...> - 2005-08-20 15:27:01
|
anonymous wrote : Could be I did something wrong in telnet ;-)
Sort of. This is the offending piece of code from SMTPSender (401-406):
String[] nameValue = headerLine.split(": ");
| if (excludeHeaders.get(nameValue[0].toUpperCase()) == null) {
| //subject, to, cc, bcc and from set above
| message.addHeader(nameValue[0], nameValue[1]);
| }
Basically if you set a header line without a space between the ':' and the header-text then the SMTPSender chokes on it (split(": ") returns an array with a single value). Looking at RFC 2822 it doesn't seem to specify that there needs to be a space between the ':' and the field text. I tested with Evolution and it choked on those mails also. I checked on the history and this code has been there for a while (I'm not sure that it ever worked, maybe some mail clients add spaces in there).
I have tested with changing the code to 'split(":")' and it works ok. Would you like me to commit this to the M3 branch?
anonymous wrote : Actually I think this is in the Auth routines...
I put the relaying logic in the RCTPHandler, however the auth method is called first and will fail if auth returns false. All we need to do is swap it round. However I would like to leave it as is and add an additional flag to allow a system to be an open relay. I.e. make it an explicit option for administrators.
Cheers,
Mike.
Mike.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890907#3890907
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890907
|
|
From: <aco...@jb...> - 2005-08-20 23:25:38
|
naw, too late we can fix this in M4, its not very serious. Additional flag: Then what does AuthRequired do? That was its original purpose... Fine if that has changed but what does it do now exactly? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890925#3890925 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890925 |
|
From: mikezzz <nu...@jb...> - 2005-08-21 07:12:59
|
anonymous wrote : Then what does AuthRequired do? I am not too fussed which way we go, but I thought it would be better users administering security: If AuthRequired == true meant you must log in, no exceptions (any relaying settings are ignored). If AuthRequired == false, you don't need to log in, but the relay settings define what you can do. Mike. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890932#3890932 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890932 |
|
From: <aco...@jb...> - 2005-08-21 13:58:54
|
Okay, I guess I'm just saying that if we do that then we ought just have "allow relay" and ditch auth required. It seems redundant. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890942#3890942 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890942 |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X