-
1. Re: Mail Relay.
acoliver Aug 1, 2005 5:07 PM (in response to mikezzz)Your understanding is correct basically. To be clear. There will need to be "RelayDomainGroup"s. I know nothing of source routing information, I'm sure you'll do the right thing :-)
We should not route except for within RelayDomainGroups as that would be an "open relay" and that would be Relay relay bad. :-)
Thanks for taking this on. -
2. Re: Mail Relay.
mikezzz Aug 13, 2005 12:27 PM (in response to mikezzz)I've commited relaying by domain. I have also added configuration for it to the installer. There are a couple of points with this change which I would like to hear thoughts on.
- It is now impossible to set up an open anonymous relay. Is this a problem? If working as an open relay is a requirement then I think we should have a seperate explict configuration option for it.
- Performance, checking the domain of the incoming user can be a slow operation (due to a reverse domain lookup). Should we add a warning about this in the installer text?
Mike. -
3. Re: Mail Relay.
acoliver Aug 13, 2005 2:34 PM (in response to mikezzz)BTW the realying stuff isn't in the RC1. I figure we'll see how the RC goes and do some testing on relaying before deciding.
We already have explicit configuration for anonymous more or less (AuthenticationRequired). However, I get what you mean. Let's go with "no you can't" for now and see what kind of feedback we get. My take is to be a bit more of a hitler on security than most mail servers. "Make security easy"
So you ALWAYS check the incoming user domain? The intent of the feature was to only check the domain of the target. Meaning that if Anonymous User/SMTP = A, Routing Mail Server = B, Other Mail Server = C and if A has no account on B but is sending to mail server C then if B is configured with a routing domain group for only domains served by C it will route mails on behalf of anonymous users only to server C. This involves no checking of the sending user's domain. Now it might be an interesting twist to check that, but wouldn't that be more of an edge case? I probably wouldn't allow that config through the installer (only people smart enough to do the admin should be given said 6 ft rope).
I'll check out what you added to the installer before registering an opinion but I'm kind of worried that routing may not be something simple enough to represent at installation time. Intuitively, it makes sense to me to reserve this for an administration piece (presently XML config hell, later GUI). For the installer I want to mostly stick to basics so that you can get up and running with normal stuff quickly. I'm even vacillating on whether or not to stick tools for JAAS login module configuration (BTW JAAS works great) to the installer, presently I say no (but yes for adminstrative piece).
Next week I'm going to touch base with Mr. Adminstartion (Charles Crouch) and see whether we can leverage that code (for JBAS) and report back.
-Andy -
4. Re: Mail Relay.
acoliver Aug 13, 2005 2:53 PM (in response to mikezzz)WHOA...dude.. I just took a look at the code.. To put it delicately, there was a miscommunication here. DomainGroups were supposed to be on the TO address to limit anonymous relay TO a server not *FROM* a user. I'm sure this has uses inside of organizations but I'd say its an edge case.
So we should probably take it out of the GUI install since I think it will confuse 90% of folks and be useful to maybe 10%. I'll add a new feature request for M4 to limit the other side. What do you think? -
5. Re: Mail Relay.
mikezzz Aug 14, 2005 4:56 AM (in response to mikezzz)Ooooooooooops!!!
I will remove the config from the installer. Do you know if there is a way to silently set a variable for Velocity in the panel configuration. The MBean will require a valid value having it unset will cause the deployer to throw an error. -
6. Re: Mail Relay.
mikezzz Aug 14, 2005 6:49 AM (in response to mikezzz)It was very simple to change it to be the way you intended. I have left the installer stuff in place (changed the text to be more appropriate). Have a go with it and see what you think. We can always pull it out later.
Mike. -
7. Re: Mail Relay.
acoliver Aug 14, 2005 11:44 AM (in response to mikezzz)Okay cool. I'll give it a test drive. Just hardcode it in the template if the config isn't setting it. Or you can set the var IN the template.
-
8. Re: Mail Relay.
acoliver Aug 19, 2005 8:46 AM (in response to mikezzz)This isn't working in present CVS:
"
Andrew-Olivers-Computer:~ acoliver$ telnet localhost 25Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 8:42:43 AM EDT
MAIL FROM:<noone@nowhere.com>
250 Sender <noone@nowhere.com> OK
RCPT TO:<acoliver@jboss.org>
550 Not Authorized
"
<!--
Relay domain group.
-->
<domains includes-local-interfaces='false'>
jboss.org
<depends optional-attribute-name="DomainGroup" proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Local
<depends optional-attribute-name="MailBodyManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager
<depends optional-attribute-name="ListenerChain"
proxy-type="org.jboss.mail.MailListenerChain">jboss.mail:type=MailServices,name=MailListenerChain
<depends optional-attribute-name="UserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
<depends optional-attribute-name="RelayDomainGroup"
proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Relay
....
<!--
JBMail can not be configured as an open relay, you must specify a list of domains
to allow relaying to. -->
true
<!--
auth-allowed means that users are allowed to login. This is othogonal to AuthRequired.
Where AuthRequired means "auth required in order to send mail", AuthAllowed means
"is anyone able to log in at all?" A completely open relay (spam machine) would not
require authenticaiton and might not even allow it (so it can't be tracked or whatever). One reason to FORBID authentication is if you want users to only authenticate over SSL but
want a seperate instance of SMTP (on the same box even) to receive mails from the outside for
local users.
-->
true -
9. Re: Mail Relay.
mikezzz Aug 19, 2005 9:21 AM (in response to mikezzz)What is your auth required value set to? At the moment you can't anonymously relay with auth required set to true.
Mike. -
10. Re: Mail Relay.
acoliver Aug 19, 2005 3:16 PM (in response to mikezzz)Humm...I see. Originally AuthRequired was intended as the "Don't let anyone send mail OUT unless they are authenticated" -- as I see it Domain Relaying is an "exception" to auth required. if AuthRequired is "false" then you should effectively have an open relay.
I think it is okay to relase M3 so long as AuthRequired=false is not an open relay. (because that would be basically redundant). Is that the case?
for M4 we should revise this after some discussion. Deal? -
11. Re: Mail Relay.
acoliver Aug 19, 2005 3:27 PM (in response to mikezzz)Seems like it is okay for now (in that it is not an open relay). I'm not sure relaying is actually working:
15:19:51,645 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
15:19:54,780 INFO [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
15:19:54,837 INFO [JkMain] Jk running ID=0 time=0/208 config=null
15:19:54,886 INFO [Server] JBoss (MX MicroKernel) [4.0.3RC2 (build: CVSTag=Branch_4_0 date=200508091251)] Started in 2m:6s:853ms
15:22:11,812 INFO [Server] Got request
15:22:11,838 INFO [Server] waiting for request
15:22:38,817 INFO [Server] Got request
15:22:38,818 INFO [Server] waiting for request
15:23:27,991 INFO [Mail] all headers after loading: MailHeadersImpl (4): [hdr(Received = 'Received: from null (localhost 0:0:0:0:0:0:0:1%0) by localhost.localdomain/JBossMail 1.0M3 (0:0:0:0:0:0:0:1%0)
with SMTP id 1124479407988576.2595372194803; Fri, 19 Aug 2005 15:23:27 -0400 (EDT)'), hdr(Subject = 'Subject: I do not like cheese'), hdr(From = 'From:<acoliver@jboss.org>'), hdr(To = 'To:<acoliver@jboss.org>')]
15:23:28,029 INFO [AbstractStore] Creating store item
15:23:28,052 INFO [PagedStore] Current Transaction: TransactionImpl:XidImpl[FormatId=257, GlobalId=Andrew-Olivers-Computer.local/23, BranchQual=, localId=23]
15:23:42,677 INFO [JMSMailListener] PUT MESSAGE ON QUEUE:org.jboss.mail.message.Mail@fe5a8a
15:23:45,626 INFO [STDOUT] DEBUG: JavaMail version 1.3.1
15:23:45,630 INFO [STDOUT] DEBUG: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/lib/javamail.providers (No such file or directory)
15:23:45,635 INFO [STDOUT] DEBUG: !anyLoaded
15:23:45,644 INFO [STDOUT] DEBUG: not loading resource: /META-INF/javamail.providers
15:23:45,652 INFO [STDOUT] DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
15:23:45,653 INFO [STDOUT] DEBUG: Tables of loaded providers
15:23:45,654 INFO [STDOUT] DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPTransport=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc], com.sun.mail.imap.IMAPStore=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3Store=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]}
15:23:45,655 INFO [STDOUT] DEBUG: Providers Listed By Protocol: {imap=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], pop3=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc], smtp=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]}
15:23:45,660 INFO [STDOUT] DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
15:23:45,666 INFO [STDOUT] DEBUG: !anyLoaded
15:23:45,671 INFO [STDOUT] DEBUG: not loading resource: /META-INF/javamail.address.map
15:23:45,672 INFO [STDOUT] DEBUG: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/lib/javamail.address.map (No such file or directory)
15:23:45,714 INFO [STDOUT] DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
15:23:50,357 INFO [STDOUT] DEBUG SMTP: useEhlo true, useAuth false
15:23:50,358 INFO [STDOUT] DEBUG SMTP: trying to connect to host "jboss.com.mail1.psmtp.com.", port 25
15:23:50,581 INFO [STDOUT] 220 Postini ESMTP 130 y6_3_2c0 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
15:23:50,583 INFO [STDOUT] DEBUG SMTP: connected to host "jboss.com.mail1.psmtp.com.", port: 25
15:23:50,594 INFO [STDOUT] EHLO Andrew-Olivers-Computer.local
15:23:50,682 INFO [STDOUT] 250-Postini says hello back
250-STARTTLS
250-8BITMIME
250 HELP
15:23:50,684 INFO [STDOUT] DEBUG SMTP: Found extension "STARTTLS", arg ""
15:23:50,685 INFO [STDOUT] DEBUG SMTP: Found extension "8BITMIME", arg ""
15:23:50,686 INFO [STDOUT] DEBUG SMTP: Found extension "HELP", arg ""
15:23:51,266 ERROR [SMTPSender] Cannot send mailjava.lang.ArrayIndexOutOfBoundsException: 1
java.lang.ArrayIndexOutOfBoundsException: 1
at org.jboss.mail.smtp.sender.SMTPSender.sendForDomain(SMTPSender.java:405)
at org.jboss.mail.smtp.sender.SMTPSender.send(SMTPSender.java:255)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:201)
at $Proxy96.send(Unknown Source)
at org.jboss.mail.mailhandler.remote.RemoteDeliveryMessageDrivenBean.deliver(RemoteDeliveryMessageDrivenBean.java:248)
at org.jboss.mail.mailhandler.remote.RemoteDeliveryMessageDrivenBean.onMessage(RemoteDeliveryMessageDrivenBean.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
at org.jboss.ejb.MessageDrivenContainer$ContainerInterceptor.invoke(MessageDrivenContainer.java:475)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:149)
at org.jboss.ejb.plugins.MessageDrivenInstanceInterceptor.invoke(MessageDrivenInstanceInterceptor.java:101)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:105)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:335)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:166)
at org.jboss.ejb.plugins.RunAsSecurityInterceptor.invoke(RunAsSecurityInterceptor.java:94)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
at org.jboss.ejb.MessageDrivenContainer.internalInvoke(MessageDrivenContainer.java:389)
at org.jboss.ejb.Container.invoke(Container.java:873)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(JMSContainerInvoker.java:1077)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(JMSContainerInvoker.java:1379)
at org.jboss.jms.asf.StdServerSession.onMessage(StdServerSession.java:256)
at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:904)
at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:160)
at org.jboss.mq.SpySession.run(SpySession.java:333)
at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:180)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743)
at java.lang.Thread.run(Thread.java:613)
15:23:51,289 INFO [STDOUT] QUIT
15:23:51,299 INFO [JMSMailListener] PUT MESSAGE ON QUEUE:org.jboss.mail.message.MailRetryWrapper@e48c89
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 8:42:43 AM EDT
MAIL FROM:<noone@nowhere.com>
250 Sender <noone@nowhere.com> OK
RCPT TO:<acoliver@jboss.org>
550 Not Authorized
quit
221 localhost.localdomain closing connection
Connection closed by foreign host.
Andrew-Olivers-Computer:~ acoliver$ vi /Applications/JBoss\ Mail\ Server/server/default/deploy/mail.ear/mail.sar/META-INF/jboss-service.xml
Andrew-Olivers-Computer:~ acoliver$ telnet localhost 25Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 3:22:12 PM EDT
MAIL FROM:<noone@nowhere.com>
250 Sender <noone@nowhere.com> OK
RCPT TO:<andy@superlinksoftware.com>
553 Relaying disallowed
quit
221 localhost.localdomain closing connection
Connection closed by foreign host.
Andrew-Olivers-Computer:~ acoliver$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain SMTP Server (JBMAIL SMTP Server version 0.1) ready August 19, 2005 3:22:38 PM EDT
MAIL FROM:<acoliver@jboss.org>
250 Sender <acoliver@jboss.org> OK
RCPT TO:<acoliver@jboss.org>
250 Recipient <acoliver@jboss.org> OK
DATA
354 Ok Send data ending with .
Subject: I do not like cheese
From:<acoliver@jboss.org>
To:<acoliver@jboss.org>
I do not like cheese. It makes me ill.
-Andy
.
250 Message received
quit
221 localhost.localdomain closing connection
Connection closed by foreign host.
Though this could be something else.... I'll cut the release if there are no objections. -
12. Re: Mail Relay.
acoliver Aug 19, 2005 4:52 PM (in response to mikezzz)I added this to the template:
#if($RELAY_BY_DOMAIN_ENABLED)
false
#else
true
#end
So that if relaying is enabled we will auto configure authrequired==false. -
13. Re: Mail Relay.
mikezzz Aug 20, 2005 3:06 AM (in response to mikezzz)The exception seems to be unrelated to relaying.
I'm happy to change the logic for M4. It's reasonably easy to move the logic around.
Cheers,
Mike. -
14. Re: Mail Relay.
acoliver Aug 20, 2005 9:55 AM (in response to mikezzz)I thought so to however it only happens when relaying... Could be I did something wrong in telnet ;-)
Actually I think this is in the Auth routines... However its probably a couple lines of boolean logic.