0 Replies Latest reply on Jul 31, 2006 6:59 AM by woess

    550 Not authorized problem

    woess

      Hi,

      I'm trying to send emails using the mail server from my spring web application and get a 550 Not Authorized error.

      My jboss-service.xml in mail.sar/META-INF and login-conf.xml are below.
      Any ideas - help would be hugely appreciated.

      Thanks

      jboss-service.xml

      -------------------------------------------------------------

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE server
      PUBLIC "-//JBoss//DTD MBean Service 4.0//EN"
      "http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd">



      <!--
      JBoss Mail Server 1.0 milestone 5 configruation.
      Please see http://wiki.jboss.org/wiki/Wiki.jsp?page=JBMSInstallingM5 for more
      configuration details.
      -->

      <!-- The SSL domain setup -->




      D:\jboss-4.0.4/server/default/conf/jbmail.store
      fishStore9





      <jaas:policy
      xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd"
      xmlns:jaas="urn:jboss:security-config:4.1"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      >
      <jaas:application-policy name="jbms">
      <jaas:authentication>
      <jaas:login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag="required">
      <jaas:module-option name="dsJndiName">java:/DefaultDS</jaas:module-option>
      <jaas:module-option name="principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</jaas:module-option>
      <jaas:module-option name="rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</jaas:module-option>
      </jaas:login-module>
      </jaas:authentication>
      </jaas:application-policy>
      </jaas:policy>

      <depends optional-attribute-name="LoginConfigService">
      jboss.security:service=XMLLoginConfig

      <depends optional-attribute-name="SecurityManagerService">
      jboss.security:service=JaasSecurityManager



      <!--




      testlist@localhost.localdomain
      replyToListtrue
      subjectPrefixTest List
      prefixAutoBracketedtrue
      attachmentAllowedfalse
      membersOnlytrue

      test@localhost.localdomain
      acoliver@localhost.localdomain
      test@localhost.localdomain
      jboss@localhost.localdomain
      eric@localhost.localdomain
      mikea@localhost.localdomain
      mikek@localhost.localdomain
      kabir@localhost.localdomain





      -->

      <!--
      Queue for messages meant for posting replies to nukes forums
      -->
      <!--

      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager

      -->

      <!--
      Queue for messages meant for a mail list hosted by this server
      -->
      <!--
      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager

      -->
      <!--
      Queue for messages which will be delivered to users in a domain served by this
      server. (local users with an account here)
      -->

      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager



      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager



      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager


      <!--
      Queue for messages which will be delivered to users in a domain not served by
      this server.
      -->

      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager


      <!--
      Local domain group. The server will try to deliver any message to any user
      with the exact string in the @ clause locally.
      -->

      postmaster@localhost.localdomain

      <domains includes-local-interfaces="true">
      localhost
      localdomain







      <!--
      The SMTPSender MBean is used to send mails to remote hosts. It also maintains
      the DNS server list.
      -->

      <!-- if no servers then uses the default DNS servers from the host's resolution path. -->


      192.168.1.1





      <!-- StaticUserRepository maintains the user account information as part of
      this configuration. You must specify the username and password below.
      Each user will be accepted as a local mailbox for any domain in the
      local domain group. You should be using JAAS login modules instead (like
      the database login module). Using SUR requires a restart for each change.
      -->
      <!--



      bkoodaSysfishProps9
      noreplyfishProps9



      -->

      <!-- USE JAAS SECURITY -->
      <!-- UserRepository implementation for JAAS
      Uncomment and comment StaticUserRepository above to enable
      A JAAS security domain must be configured in conf/login-config.xml
      Currently only authenticates a user, no roles are checked.
      TODO make a REAL xmbean...is presently standard
      -->


      jboss.security:service=JaasSecurityManager
      jboss.mail:type=SecurityConfig,name=LoginConfig
      jboss-mail


      <!--
      UserRepository implementation for JAAS
      Uncomment and comment StaticUserRepository above to enable
      A JAAS security domain must be configured in conf/login-config.xml
      Currently only authenticates a user, no roles are checked
      -->

      jboss.security:service=JaasSecurityManager
      jboss.mail:type=SecurityConfig,name=LoginConfig
      jboss-mail-apop





      <!--
      Hibernate based store that uses a Paging mechanism
      to achieve partial I/O across a range of databases
      -->

      65536
      true
      65536
      0
      false
      <!--depends>jboss.mail:service=Hibernate</depends-->




      <!-- Mail Body Manager -->

      true
      <depends optional-attribute-name="Store"
      proxy-type="attribute">jboss.mail:type=MailServices,name=PagedStore


      <mbean code="org.jboss.mail.mailbox.MailboxServiceImpl"
      name="jboss.mail:type=MailServices,name=MailboxManager" xmbean-dd="META-INF/Mailbox-xmbean.xml">
      <depends optional-attribute-name="BodyManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager

      <!--
      JMS is used to asynchronously process mails, however the bodies are not stored via JMS as JBossMQ, the present
      JBosss messaging solution, doesn't do this efficiently. This instance is to support nukes mail list integration.
      -->

      <!--





      nukes.modules:name=NukesForumMailPoster
      queue
      nukespost
      <depends optional-attribute-name="DomainGroup">jboss.mail:type=MailServices,name=DomainGroup,group=Local
      jboss.mq:service=DestinationManager
      jboss.mq.destination:name=maillist,service=Queue
      -->

      <!--
      This JMS mail listener is used to pass things to the mail list processing plugins (MDBs).
      -->
      <!--






      queue
      maillist
      jboss.mq:service=DestinationManager

      jboss.mq.destination:name=maillist,service=Queue
      <depends optional-attribute-name="MailListManager">jboss.mail:type=MailServices,name=MailListManager

      -->

      <!--
      JMS is used to asynchronously process mails, however the bodies are not stored via JMS as JBossMQ, the present
      JBosss messaging solution, doesn't do this efficiently. This is used for normal mail processing.
      -->






      jboss.mq:service=DestinationManager
      <!-- jboss.management.local:j2eeType=JCAManagedConnectionFactory,name=JmsXA-->

      jboss.mq.destination:name=localMail,service=Queue
      jboss.mq.destination:name=remoteMail,service=Queue
      <depends optional-attribute-name="DomainGroup">jboss.mail:type=MailServices,name=DomainGroup,group=Local
      <!-- queue or topic -->
      queue
      <!-- posts which are OnServer meaning they are for our domain and presumably a "local" user
      and won't go through an additional SMTP server should be sent here -->
      localMail
      <!-- posts which are OffServer meaning they will go through an additional SMTP server before
      finally being received should go here -->
      remoteMail
      <!-- Specifies the retry policy for failed local mail recipients. You can add as many retryTime
      elements as you like. Each retryTime element specifies the time in seconds to wait before
      redelivery, and they are processed from the top. Once you run out of retry entries a bounce
      message is generated for the sender. In the configuration shown below, if a message fails
      it will retry after a minute, if the retry fails
      it will retry again after a further two minutes, if the retry fails
      it will retry after after a further ten minutes, if the retry fails
      it will retry after after a further hour, if the retry fails
      it will retry after after a further hour, if the retry fails
      it will generate a bounce message
      -->


      60
      120
      600
      3600
      3600


      <!-- Specifies the retry policy for failed remote mail recipients. You can add as many retryTime
      elements as you like. Each retryTime element specifies the time in seconds to wait before
      redelivery, and they are processed from the top. Once you run out of retry entries a bounce
      message is generated for the sender. In the configuration shown below, if a message fails
      it will retry after a minute, if the retry fails
      it will retry again after a further two minutes, if the retry fails
      it will retry after after a further ten minutes, if the retry fails
      it will retry after after a further hour, if the retry fails
      it will retry after after a further hour, if the retry fails
      it will generate a bounce message
      -->


      60
      120
      600
      3600
      3600




      <mbean code="org.jboss.mail.MailListenerChainService"
      name="jboss.mail:type=MailServices,name=MailListenerChain" xmbean-dd="META-INF/chain-xmbean.xml">
      jboss.mail:type=MailServices,name=MailListener


      <!-- Uncomment to allow replies to go to Nukes
      jboss.mail:type=MailServices,name=NukesPosterJMSListener
      -->
      jboss.mail:type=MailServices,name=MailListener





      <!--
      Mail Listener responsible for delivering mails to local mailboxes.
      -->

      <depends optional-attribute-name="MailboxManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
      <depends optional-attribute-name="Router"
      proxy-type="org.jboss.mail.MailListener">jboss.mail:type=MailServices,name=MailListener


      <!--
      Mail Listener chain for mails to be delivered locally.
      Any listeners that are specific to locally delivered mail should be
      added here. E.g. SPAM filtering.
      -->
      <mbean code="org.jboss.mail.MailListenerChainService"
      name="jboss.mail:type=MailServices,name=LocalDeliveryChain" xmbean-dd="META-INF/chain-xmbean.xml">
      jboss.mail:type=MailServices,name=LocalDelivery


      jboss.mail:type=MailServices,name=LocalDelivery




      <!--
      Mail Listener responsible for delivering mails to remote addresses.
      -->

      <depends optional-attribute-name="Router"
      proxy-type="org.jboss.mail.MailListener">jboss.mail:type=MailServices,name=MailListener
      <depends optional-attribute-name="DomainGroup"
      proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Local
      <depends optional-attribute-name="Sender"
      proxy-type="attribute">jboss.mail:type=MailServices,name=SMTPSender


      <!--
      Mail Listener chain for mails to be delivered remotely.
      -->
      <mbean code="org.jboss.mail.MailListenerChainService"
      name="jboss.mail:type=MailServices,name=RemoteDeliveryChain" xmbean-dd="META-INF/chain-xmbean.xml">
      jboss.mail:type=MailServices,name=RemoteDelivery


      jboss.mail:type=MailServices,name=RemoteDelivery





      <!--
      SMTPProtocol is used for a "Server" instance. This is an unencrypted
      protocol
      -->


      <depends optional-attribute-name="DomainGroup"
      proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Local
      <depends optional-attribute-name="MailBodyManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager
      <depends optional-attribute-name="ListenerChain"
      proxy-type="org.jboss.mail.MailListenerChain">jboss.mail:type=MailServices,name=MailListenerChain
      <depends optional-attribute-name="UserRepository"
      proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true

      jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
      java:/jaas/Mail+SSL
      <!--register the protocols you want to use -->
      localhost.localdomain
      <!--
      auth-required - optional, default = true: Determines whether we require the
      user to login to the SMTP server in order to send the mail. By default we
      do require it. I'd rather folks say that JBMail doesn't work at all than
      say its an open relay....if YOU misconfigure it you CAN make it an open
      relay....Its going to warn you in big bold fat letters. This is only
      required to send mail to some SMTP server outside of your domain
      -->

      <!-- CHRIS CHANGED -->
      true


      <!--
      JBMail can not be configured as an open relay, you must specify a list of domains
      to allow relaying to.
      -->

      <!-- CHRIS CHANGED -->
      false


      <!--
      auth-allowed means that users are allowed to login. This is othogonal to AuthRequired.
      Where AuthRequired means "auth required in order to send mail", AuthAllowed means
      "is anyone able to log in at all?" A completely open relay (spam machine) would not
      require authenticaiton and might not even allow it (so it can't be tracked or whatever).
      One reason to FORBID authentication is if you want users to only authenticate over SSL but
      want a seperate instance of SMTP (on the same box even) to receive mails from the outside for
      local users.
      -->
      true
      <!--
      auth methods allowed. DO NOT CHANGE THIS (unless you really know what
      you are doing and have a very good reason to)
      -->
      AUTH LOGIN PLAIN

      <!-- verify the identity -->
      false
      10000000
      <!-- block size for messages (should be about your average message size) -->
      4096
      <!-- rfc 2487 related properties -->
      false
      false
      false
      <!-- change to true for TLS support -->
      true
      postmaster@localhost.localdomain
      <!--
      The maximum number of received headers allowed (to avoid looping).
      If greater than this the message is not accepted. Default is 100 if not present
      -->
      100
      <!--
      The number of received headers before we start inspecting them looking
      for our server to see if more than maxOwnReceivedHdrs are present
      Default is 20 if not present
      -->
      20
      <!--
      The number of received headers for our server allowed.
      Default is 5 if not present
      -->
      5



      5
      5
      10
      120000


      <!-- defines an SMTP server. -->

      <depends optional-attribute-name="Protocol">jboss.mail:type=Protocol,name=SMTPProtocol
      <depends optional-attribute-name="ThreadPool"
      proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolSMTP
      <!-- protocol should reference SMTP -->
      <!-- port to listen on -->
      25
      <!-- which addresses to listen on 0.0.0.0 = all or localhost means only the localhost -->
      0.0.0.0
      <!-- timeout between commands (not presently supported) -->
      <!-- note from mikea: rfc 821 sets strict guidelines on allowable timeouts -->
      30000
      <!-- timeout for the connection regardless of whether it is finished. Thus it will kill the
      socket and thread mid-stream/operation. This should be big enough to allow whatever the
      messages you're sending while defending against folks who might try to DoS your server
      by keeping a large number of connections alive -->
      <!-- note from mikea: 10 mb in 120 seconds is about 100 kb/s - which may or may not be
      the actual bandwidth achieved depending on server. therefore, i believe this value should
      be set somewhat higher to avoid timing out on 10mb emails,
      and other methods be used to detect DoS's -->
      120000






      5
      5
      10
      120000



      jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
      java:/jaas/Mail+SSL
      jboss.mail:type=MailServices,name=MailListener
      <depends optional-attribute-name="MailboxManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
      <depends optional-attribute-name="UserRepository"
      proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
      <!--depends optional-attribute-name="APOPUserRepository"
      proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true,apop=true</depends-->
      <!--register the protocols you want to use -->
      localhost.localdomain
      true
      false
      <!-- enable for forcing clients to use their own certificats -->
      false



      jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
      java:/jaas/Mail+SSL
      jboss.mail:type=MailServices,name=MailListener
      <depends optional-attribute-name="MailboxManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
      <depends optional-attribute-name="UserRepository"
      proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
      <!--depends optional-attribute-name="APOPUserRepository"
      proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true,apop=true</depends-->
      <!--register the protocols you want to use -->
      localhost.localdomain
      <!-- never enable for POP/SSL) -->
      false
      false


      <!-- defines a POP/SSL server. Differs from a TLS supporting POP server as
      it is ALWAYS encrypted, even from the start -->

      <depends optional-attribute-name="Protocol">jboss.mail:type=Protocol,name=POP3SSLProtocol
      <depends optional-attribute-name="ThreadPool"
      proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolPOP
      <!-- Secure servers require a security domain -->
      java:/jaas/Mail+SSL
      <!-- port to listen on -->
      995
      <!-- which addresses to listen on 0.0.0.0 = all or localhost means only the localhost -->
      0.0.0.0
      <!-- timeout between commands (not presently supported) -->
      30000
      <!-- timeout for the connection regardless of whether it is finished. Thus it will kill the
      socket and thread mid-stream/operation. This should be big enough to allow whatever the
      messages you're sending while defending against folks who might try to DoS your server
      by keeping a large number of connections alive -->
      120000
      jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
      true


      <!-- defines a POP server. -->

      jboss.mail:type=Protocol,name=POP3Protocol
      <depends optional-attribute-name="ThreadPool"
      proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolPOP
      <!-- options are presently POP or SMTP, we want POP -->
      jboss.mail:type=Protocol,name=POP3Protocol
      <!-- port to listen on -->
      110
      <!-- which addresses to listen on 0.0.0.0 = all or localhost means only the localhost -->
      0.0.0.0
      <!-- timeout between commands (not presently supported) -->
      30000
      <!-- timeout for the connection regardless of whether it is finished. Thus it will kill the
      socket and thread mid-stream/operation. This should be big enough to allow whatever the
      messages you're sending while defending against folks who might try to DoS your server
      by keeping a large number of connections alive -->
      120000
      false



      <!-- fetchmail example see http://wiki.jboss.org/wiki/Wiki.jsp?page=HowToConfigurePOPFetchmailForJBossMailServer1.0M4 for details
      must be unique
      foo.nowhere.com
      110
      remoteuser
      mypassword
      andy@localhost
      false
      <depends optional-attribute-name="SMTPProtocol"
      proxy-type="org.jboss.mail.smtp.SMTPProtocolMBean">jboss.mail:type=Protocol,name=SMTPProtocol


      unique
      true
      this needs to match your Popper instance's mbean name
      jboss.mail:type=Fetchmail,name=Popper,instance=example
      pop()
      NOW
      10000
      -1

      -->

      <!-- if(IMAP_ENABLED.equals(true))

      jboss.mail:type=MailServices,name=MailListener
      <depends optional-attribute-name="MailboxManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
      <depends optional-attribute-name="UserRepository"
      proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
      localhost.localdomain

      -->

      <!--if(IMAP_ENABLED.equals(true))

      jboss.mail:type=Protocol,name=IMAP4Protocol
      <depends optional-attribute-name="ThreadPool"
      proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolSMTP
      jboss.mail:type=Protocol,name=IMAP4Protocol
      ${IMAP_PORT}
      0.0.0.0
      30000
      120000

      -->

      <mbean code="org.jboss.mail.userapi.MailSenderImpl"
      name="jboss.mail:type=MailServices,name=MailSender" xmbean-dd="META-INF/MailSender-xmbean.xml">
      <depends optional-attribute-name="ListenerChain"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailListenerChain
      <depends optional-attribute-name="BodyManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager
      <depends optional-attribute-name="MailboxManager"
      proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager


      <!-- REQUIRES JB404GA NOT YET IN USE

      /home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear
      /home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear/mail.sar/META-INF/jboss-service.xml



      <depends optional-attribute-name="DumDOM" proxy-type="attribute">jboss.mail:type=MailServices,name=DumDOM

      -->


      <!--
      <mbean code="org.jboss.mail.management.DumDOMImpl"
      name="jboss.mail:type=MailServices,name=DumDOM" xmbean-dd="META-INF/DumDOM-xmbean.xml">
      /home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear
      /home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear/mail.sar/META-INF/jboss-service.xml

      -->


      ---------------------------------
      LOGIN-CONF.xml

      <!-- Security domain for JBoss Mail Server -->
      <application-policy name = "jboss-mail"> <!-- must match what is specified in
      $JBOSS_HOME/server/$CONFIG/deploy/mail.ear/mail.sar/META-INF ! -->

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/DefaultDS</module-option>
      <module-option name = "principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</module-option>
      <module-option name = "rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</module-option>
      </login-module>

      </application-policy>

      <!-- Security domain for JBoss Mail Server -->
      <application-policy name = "jboss-mail-apop"> <!-- must match what is specified in
      $JBOSS_HOME/server/$CONFIG/deploy/mail.ear/mail.sar/META-INF ! -->

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/DefaultDS</module-option>
      <module-option name = "principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</module-option>
      <module-option name = "rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</module-option>
      </login-module>

      </application-policy>

      <!-- Security domain for JBoss Mail Server -->
      <application-policy name = "Mail+SSL"> <!-- must match what is specified in
      $JBOSS_HOME/server/$CONFIG/deploy/mail.ear/mail.sar/META-INF ! -->

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/DefaultDS</module-option>
      <module-option name = "principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</module-option>
      <module-option name = "rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</module-option>
      </login-module>

      </application-policy>