550 Not authorized problem
Hi,
I'm trying to send emails using the mail server from my spring web application and get a 550 Not Authorized error.
My jboss-service.xml in mail.sar/META-INF and login-conf.xml are below.
Any ideas - help would be hugely appreciated.
Thanks
jboss-service.xml
-------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server
PUBLIC "-//JBoss//DTD MBean Service 4.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd">
<!--
JBoss Mail Server 1.0 milestone 5 configruation.
Please see http://wiki.jboss.org/wiki/Wiki.jsp?page=JBMSInstallingM5 for more
configuration details.
-->
<!-- The SSL domain setup -->
D:\jboss-4.0.4/server/default/conf/jbmail.store
fishStore9
<jaas:policy
xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd"
xmlns:jaas="urn:jboss:security-config:4.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
<jaas:application-policy name="jbms">
<jaas:authentication>
<jaas:login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<jaas:module-option name="dsJndiName">java:/DefaultDS</jaas:module-option>
<jaas:module-option name="principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</jaas:module-option>
<jaas:module-option name="rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</jaas:module-option>
</jaas:login-module>
</jaas:authentication>
</jaas:application-policy>
</jaas:policy>
<depends optional-attribute-name="LoginConfigService">
jboss.security:service=XMLLoginConfig
<depends optional-attribute-name="SecurityManagerService">
jboss.security:service=JaasSecurityManager
<!--
testlist@localhost.localdomain
replyToListtrue
subjectPrefixTest List
prefixAutoBracketedtrue
attachmentAllowedfalse
membersOnlytrue
test@localhost.localdomain
acoliver@localhost.localdomain
test@localhost.localdomain
jboss@localhost.localdomain
eric@localhost.localdomain
mikea@localhost.localdomain
mikek@localhost.localdomain
kabir@localhost.localdomain
-->
<!--
Queue for messages meant for posting replies to nukes forums
-->
<!--
<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
-->
<!--
Queue for messages meant for a mail list hosted by this server
-->
<!--
<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
-->
<!--
Queue for messages which will be delivered to users in a domain served by this
server. (local users with an account here)
-->
<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
<!--
Queue for messages which will be delivered to users in a domain not served by
this server.
-->
<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
<!--
Local domain group. The server will try to deliver any message to any user
with the exact string in the @ clause locally.
-->
postmaster@localhost.localdomain
<domains includes-local-interfaces="true">
localhost
localdomain
<!--
The SMTPSender MBean is used to send mails to remote hosts. It also maintains
the DNS server list.
-->
<!-- if no servers then uses the default DNS servers from the host's resolution path. -->
192.168.1.1
<!-- StaticUserRepository maintains the user account information as part of
this configuration. You must specify the username and password below.
Each user will be accepted as a local mailbox for any domain in the
local domain group. You should be using JAAS login modules instead (like
the database login module). Using SUR requires a restart for each change.
-->
<!--
bkoodaSysfishProps9
noreplyfishProps9
-->
<!-- USE JAAS SECURITY -->
<!-- UserRepository implementation for JAAS
Uncomment and comment StaticUserRepository above to enable
A JAAS security domain must be configured in conf/login-config.xml
Currently only authenticates a user, no roles are checked.
TODO make a REAL xmbean...is presently standard
-->
jboss.security:service=JaasSecurityManager
jboss.mail:type=SecurityConfig,name=LoginConfig
jboss-mail
<!--
UserRepository implementation for JAAS
Uncomment and comment StaticUserRepository above to enable
A JAAS security domain must be configured in conf/login-config.xml
Currently only authenticates a user, no roles are checked
-->
jboss.security:service=JaasSecurityManager
jboss.mail:type=SecurityConfig,name=LoginConfig
jboss-mail-apop
<!--
Hibernate based store that uses a Paging mechanism
to achieve partial I/O across a range of databases
-->
65536
true
65536
0
false
<!--depends>jboss.mail:service=Hibernate</depends-->
<!-- Mail Body Manager -->
true
<depends optional-attribute-name="Store"
proxy-type="attribute">jboss.mail:type=MailServices,name=PagedStore
<mbean code="org.jboss.mail.mailbox.MailboxServiceImpl"
name="jboss.mail:type=MailServices,name=MailboxManager" xmbean-dd="META-INF/Mailbox-xmbean.xml">
<depends optional-attribute-name="BodyManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager
<!--
JMS is used to asynchronously process mails, however the bodies are not stored via JMS as JBossMQ, the present
JBosss messaging solution, doesn't do this efficiently. This instance is to support nukes mail list integration.
-->
<!--
nukes.modules:name=NukesForumMailPoster
queue
nukespost
<depends optional-attribute-name="DomainGroup">jboss.mail:type=MailServices,name=DomainGroup,group=Local
jboss.mq:service=DestinationManager
jboss.mq.destination:name=maillist,service=Queue
-->
<!--
This JMS mail listener is used to pass things to the mail list processing plugins (MDBs).
-->
<!--
queue
maillist
jboss.mq:service=DestinationManager
jboss.mq.destination:name=maillist,service=Queue
<depends optional-attribute-name="MailListManager">jboss.mail:type=MailServices,name=MailListManager
-->
<!--
JMS is used to asynchronously process mails, however the bodies are not stored via JMS as JBossMQ, the present
JBosss messaging solution, doesn't do this efficiently. This is used for normal mail processing.
-->
jboss.mq:service=DestinationManager
<!-- jboss.management.local:j2eeType=JCAManagedConnectionFactory,name=JmsXA-->
jboss.mq.destination:name=localMail,service=Queue
jboss.mq.destination:name=remoteMail,service=Queue
<depends optional-attribute-name="DomainGroup">jboss.mail:type=MailServices,name=DomainGroup,group=Local
<!-- queue or topic -->
queue
<!-- posts which are OnServer meaning they are for our domain and presumably a "local" user
and won't go through an additional SMTP server should be sent here -->
localMail
<!-- posts which are OffServer meaning they will go through an additional SMTP server before
finally being received should go here -->
remoteMail
<!-- Specifies the retry policy for failed local mail recipients. You can add as many retryTime
elements as you like. Each retryTime element specifies the time in seconds to wait before
redelivery, and they are processed from the top. Once you run out of retry entries a bounce
message is generated for the sender. In the configuration shown below, if a message fails
it will retry after a minute, if the retry fails
it will retry again after a further two minutes, if the retry fails
it will retry after after a further ten minutes, if the retry fails
it will retry after after a further hour, if the retry fails
it will retry after after a further hour, if the retry fails
it will generate a bounce message
-->
60
120
600
3600
3600
<!-- Specifies the retry policy for failed remote mail recipients. You can add as many retryTime
elements as you like. Each retryTime element specifies the time in seconds to wait before
redelivery, and they are processed from the top. Once you run out of retry entries a bounce
message is generated for the sender. In the configuration shown below, if a message fails
it will retry after a minute, if the retry fails
it will retry again after a further two minutes, if the retry fails
it will retry after after a further ten minutes, if the retry fails
it will retry after after a further hour, if the retry fails
it will retry after after a further hour, if the retry fails
it will generate a bounce message
-->
60
120
600
3600
3600
<mbean code="org.jboss.mail.MailListenerChainService"
name="jboss.mail:type=MailServices,name=MailListenerChain" xmbean-dd="META-INF/chain-xmbean.xml">
jboss.mail:type=MailServices,name=MailListener
<!-- Uncomment to allow replies to go to Nukes
jboss.mail:type=MailServices,name=NukesPosterJMSListener
-->
jboss.mail:type=MailServices,name=MailListener
<!--
Mail Listener responsible for delivering mails to local mailboxes.
-->
<depends optional-attribute-name="MailboxManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
<depends optional-attribute-name="Router"
proxy-type="org.jboss.mail.MailListener">jboss.mail:type=MailServices,name=MailListener
<!--
Mail Listener chain for mails to be delivered locally.
Any listeners that are specific to locally delivered mail should be
added here. E.g. SPAM filtering.
-->
<mbean code="org.jboss.mail.MailListenerChainService"
name="jboss.mail:type=MailServices,name=LocalDeliveryChain" xmbean-dd="META-INF/chain-xmbean.xml">
jboss.mail:type=MailServices,name=LocalDelivery
jboss.mail:type=MailServices,name=LocalDelivery
<!--
Mail Listener responsible for delivering mails to remote addresses.
-->
<depends optional-attribute-name="Router"
proxy-type="org.jboss.mail.MailListener">jboss.mail:type=MailServices,name=MailListener
<depends optional-attribute-name="DomainGroup"
proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Local
<depends optional-attribute-name="Sender"
proxy-type="attribute">jboss.mail:type=MailServices,name=SMTPSender
<!--
Mail Listener chain for mails to be delivered remotely.
-->
<mbean code="org.jboss.mail.MailListenerChainService"
name="jboss.mail:type=MailServices,name=RemoteDeliveryChain" xmbean-dd="META-INF/chain-xmbean.xml">
jboss.mail:type=MailServices,name=RemoteDelivery
jboss.mail:type=MailServices,name=RemoteDelivery
<!--
SMTPProtocol is used for a "Server" instance. This is an unencrypted
protocol
-->
<depends optional-attribute-name="DomainGroup"
proxy-type="attribute">jboss.mail:type=MailServices,name=DomainGroup,group=Local
<depends optional-attribute-name="MailBodyManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager
<depends optional-attribute-name="ListenerChain"
proxy-type="org.jboss.mail.MailListenerChain">jboss.mail:type=MailServices,name=MailListenerChain
<depends optional-attribute-name="UserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
java:/jaas/Mail+SSL
<!--register the protocols you want to use -->
localhost.localdomain
<!--
auth-required - optional, default = true: Determines whether we require the
user to login to the SMTP server in order to send the mail. By default we
do require it. I'd rather folks say that JBMail doesn't work at all than
say its an open relay....if YOU misconfigure it you CAN make it an open
relay....Its going to warn you in big bold fat letters. This is only
required to send mail to some SMTP server outside of your domain
-->
<!-- CHRIS CHANGED -->
true
<!--
JBMail can not be configured as an open relay, you must specify a list of domains
to allow relaying to.
-->
<!-- CHRIS CHANGED -->
false
<!--
auth-allowed means that users are allowed to login. This is othogonal to AuthRequired.
Where AuthRequired means "auth required in order to send mail", AuthAllowed means
"is anyone able to log in at all?" A completely open relay (spam machine) would not
require authenticaiton and might not even allow it (so it can't be tracked or whatever).
One reason to FORBID authentication is if you want users to only authenticate over SSL but
want a seperate instance of SMTP (on the same box even) to receive mails from the outside for
local users.
-->
true
<!--
auth methods allowed. DO NOT CHANGE THIS (unless you really know what
you are doing and have a very good reason to)
-->
AUTH LOGIN PLAIN
<!-- verify the identity -->
false
10000000
<!-- block size for messages (should be about your average message size) -->
4096
<!-- rfc 2487 related properties -->
false
false
false
<!-- change to true for TLS support -->
true
postmaster@localhost.localdomain
<!--
The maximum number of received headers allowed (to avoid looping).
If greater than this the message is not accepted. Default is 100 if not present
-->
100
<!--
The number of received headers before we start inspecting them looking
for our server to see if more than maxOwnReceivedHdrs are present
Default is 20 if not present
-->
20
<!--
The number of received headers for our server allowed.
Default is 5 if not present
-->
5
5
5
10
120000
<!-- defines an SMTP server. -->
<depends optional-attribute-name="Protocol">jboss.mail:type=Protocol,name=SMTPProtocol
<depends optional-attribute-name="ThreadPool"
proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolSMTP
<!-- protocol should reference SMTP -->
<!-- port to listen on -->
25
<!-- which addresses to listen on 0.0.0.0 = all or localhost means only the localhost -->
0.0.0.0
<!-- timeout between commands (not presently supported) -->
<!-- note from mikea: rfc 821 sets strict guidelines on allowable timeouts -->
30000
<!-- timeout for the connection regardless of whether it is finished. Thus it will kill the
socket and thread mid-stream/operation. This should be big enough to allow whatever the
messages you're sending while defending against folks who might try to DoS your server
by keeping a large number of connections alive -->
<!-- note from mikea: 10 mb in 120 seconds is about 100 kb/s - which may or may not be
the actual bandwidth achieved depending on server. therefore, i believe this value should
be set somewhat higher to avoid timing out on 10mb emails,
and other methods be used to detect DoS's -->
120000
5
5
10
120000
jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
java:/jaas/Mail+SSL
jboss.mail:type=MailServices,name=MailListener
<depends optional-attribute-name="MailboxManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
<depends optional-attribute-name="UserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
<!--depends optional-attribute-name="APOPUserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true,apop=true</depends-->
<!--register the protocols you want to use -->
localhost.localdomain
true
false
<!-- enable for forcing clients to use their own certificats -->
false
jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
java:/jaas/Mail+SSL
jboss.mail:type=MailServices,name=MailListener
<depends optional-attribute-name="MailboxManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
<depends optional-attribute-name="UserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
<!--depends optional-attribute-name="APOPUserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true,apop=true</depends-->
<!--register the protocols you want to use -->
localhost.localdomain
<!-- never enable for POP/SSL) -->
false
false
<!-- defines a POP/SSL server. Differs from a TLS supporting POP server as
it is ALWAYS encrypted, even from the start -->
<depends optional-attribute-name="Protocol">jboss.mail:type=Protocol,name=POP3SSLProtocol
<depends optional-attribute-name="ThreadPool"
proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolPOP
<!-- Secure servers require a security domain -->
java:/jaas/Mail+SSL
<!-- port to listen on -->
995
<!-- which addresses to listen on 0.0.0.0 = all or localhost means only the localhost -->
0.0.0.0
<!-- timeout between commands (not presently supported) -->
30000
<!-- timeout for the connection regardless of whether it is finished. Thus it will kill the
socket and thread mid-stream/operation. This should be big enough to allow whatever the
messages you're sending while defending against folks who might try to DoS your server
by keeping a large number of connections alive -->
120000
jboss.mail:service=JaasSecurityDomain,name=Mail+SSL
true
<!-- defines a POP server. -->
jboss.mail:type=Protocol,name=POP3Protocol
<depends optional-attribute-name="ThreadPool"
proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolPOP
<!-- options are presently POP or SMTP, we want POP -->
jboss.mail:type=Protocol,name=POP3Protocol
<!-- port to listen on -->
110
<!-- which addresses to listen on 0.0.0.0 = all or localhost means only the localhost -->
0.0.0.0
<!-- timeout between commands (not presently supported) -->
30000
<!-- timeout for the connection regardless of whether it is finished. Thus it will kill the
socket and thread mid-stream/operation. This should be big enough to allow whatever the
messages you're sending while defending against folks who might try to DoS your server
by keeping a large number of connections alive -->
120000
false
<!-- fetchmail example see http://wiki.jboss.org/wiki/Wiki.jsp?page=HowToConfigurePOPFetchmailForJBossMailServer1.0M4 for details
must be unique
foo.nowhere.com
110
remoteuser
mypassword
andy@localhost
false
<depends optional-attribute-name="SMTPProtocol"
proxy-type="org.jboss.mail.smtp.SMTPProtocolMBean">jboss.mail:type=Protocol,name=SMTPProtocol
unique
true
this needs to match your Popper instance's mbean name
jboss.mail:type=Fetchmail,name=Popper,instance=example
pop()
NOW
10000
-1
-->
<!-- if(IMAP_ENABLED.equals(true))
jboss.mail:type=MailServices,name=MailListener
<depends optional-attribute-name="MailboxManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
<depends optional-attribute-name="UserRepository"
proxy-type="attribute">jboss.mail:type=MailServices,name=UserRepository,uimanageable=true
localhost.localdomain
-->
<!--if(IMAP_ENABLED.equals(true))
jboss.mail:type=Protocol,name=IMAP4Protocol
<depends optional-attribute-name="ThreadPool"
proxy-type="attribute">jboss.mail:type=ThreadPool,name=ThreadPoolSMTP
jboss.mail:type=Protocol,name=IMAP4Protocol
${IMAP_PORT}
0.0.0.0
30000
120000
-->
<mbean code="org.jboss.mail.userapi.MailSenderImpl"
name="jboss.mail:type=MailServices,name=MailSender" xmbean-dd="META-INF/MailSender-xmbean.xml">
<depends optional-attribute-name="ListenerChain"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailListenerChain
<depends optional-attribute-name="BodyManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailBodyManager
<depends optional-attribute-name="MailboxManager"
proxy-type="attribute">jboss.mail:type=MailServices,name=MailboxManager
<!-- REQUIRES JB404GA NOT YET IN USE
/home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear
/home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear/mail.sar/META-INF/jboss-service.xml
<depends optional-attribute-name="DumDOM" proxy-type="attribute">jboss.mail:type=MailServices,name=DumDOM
-->
<!--
<mbean code="org.jboss.mail.management.DumDOMImpl"
name="jboss.mail:type=MailServices,name=DumDOM" xmbean-dd="META-INF/DumDOM-xmbean.xml">
/home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear
/home/andy/jboss-4.0.4.CR2-test/server/default/deploy/mail.ear/mail.sar/META-INF/jboss-service.xml
-->
---------------------------------
LOGIN-CONF.xml
<!-- Security domain for JBoss Mail Server -->
<application-policy name = "jboss-mail"> <!-- must match what is specified in
$JBOSS_HOME/server/$CONFIG/deploy/mail.ear/mail.sar/META-INF ! -->
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</module-option>
<module-option name = "rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</module-option>
</login-module>
</application-policy>
<!-- Security domain for JBoss Mail Server -->
<application-policy name = "jboss-mail-apop"> <!-- must match what is specified in
$JBOSS_HOME/server/$CONFIG/deploy/mail.ear/mail.sar/META-INF ! -->
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</module-option>
<module-option name = "rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</module-option>
</login-module>
</application-policy>
<!-- Security domain for JBoss Mail Server -->
<application-policy name = "Mail+SSL"> <!-- must match what is specified in
$JBOSS_HOME/server/$CONFIG/deploy/mail.ear/mail.sar/META-INF ! -->
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT password FROM MAIL_USERS WHERE login=?</module-option>
<module-option name = "rolesQuery">SELECT role, 'Roles' FROM MAIL_ROLES WHERE login=?</module-option>
</login-module>
</application-policy>