Not able to connect from IMAP clients


#1

Hi We have successfully installed OpenPaas server, able to send and receive emails using web(OpenPaas portal). However not able to access mail from IMAP/SMTP clients. I tried with port 143 and 993, able to telnet to those port from remote computer. But IMAP client not able to connect and not showing any error logs.

Please help.

Thanks,
Daniel


#2

Hi,

You could need to change the passwords of the James users, there are usually different from the OpenPaaS ones.

Use the following command for this:
java -jar /path/to/james-cli.jar SetPassword youruser@yourdomain.tld “newPassword”

Regards,
Raphaël.


#3

it worked on IMAP(able to receive mails), however SMTP not working(not able to send),

Thanks


#4

hi @binoyda, could you provide some logs from James in SMTP case? second, can help me to verify SMTP james does successfully authenticate users by using any mail client(thunderbird…) or by using telnet to connect to SMTP port, then login to SMTP server by SMTP commands?


#5

Hi @trantienduchn,
Using openpaas website I can send and receive mails(https enabled). Mails are going out (ssl encrypted) to gmail and other email providers.
After running "java -jar /path/to/james-cli.jar SetPassword youruser@yourdomain.tld “newPassword”
I can receive mails using Thunderbird client (port 993), however SMTP(ssl enabled port 465) not connecting.
But able to send mail from one email address to another email address within my openpaas domain users.
I can’t connect to James using telnet 465, whereas I can connect to 25 and send internal mail, not to external parties.

Here is the reply i got to thunderbird client while sending mail
We were unable to deliver the attached message because of an error in the mail server.

Message details:
Subject: t34
Sent date: Mon Mar 04 13:19:53 EST 2019
MAIL FROM: xxxx@domainname.com
RCPT TO: xxxx@gmail.com
From:
“Name Lastname)” xxxx@domainname.com

To:
xxxx@gmail.com

Size: 698 B


#6

I can’t connect to James using telnet 465

there would be a problem of JAMES SMTP server, could you give us the content of smtpserver.xml configuration file?


#7
<smtpservers>
    <smtpserver enabled="true">
        <jmxName>smtpserver-global</jmxName>
        <bind>0.0.0.0:25</bind>
        <connectionBacklog>200</connectionBacklog>
        <tls socketTLS="false" startTLS="false">
            <keystore>file://conf/keystore</keystore>
            <secret>xxxxxxxxxxxxxPWD</secret>
            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
            <algorithm>SunX509</algorithm>
        </tls>
        <connectiontimeout>360</connectiontimeout>
        <connectionLimit>0</connectionLimit>
        <connectionLimitPerIP>0</connectionLimitPerIP>
        <authRequired>false</authRequired>
        <authorizedAddresses>0.0.0.0/0</authorizedAddresses>
        <verifyIdentity>true</verifyIdentity>
        <maxmessagesize>0</maxmessagesize>
        <addressBracketsEnforcement>true</addressBracketsEnforcement>
        <smtpGreeting>JAMES Linagora's SMTP awesome Server</smtpGreeting>
        <handlerchain>
            <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
            <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
        </handlerchain>
    </smtpserver>
    <smtpserver enabled="true">
        <jmxName>smtpserver-TLS</jmxName>
        <bind>0.0.0.0:465</bind>
        <connectionBacklog>200</connectionBacklog>
        <tls socketTLS="true" startTLS="false">
            <keystore>file://conf/keystore</keystore>
            <secret>xxxxxxxxxxxxxPWD</secret>
            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
            <algorithm>SunX509</algorithm>
        </tls>
        <connectiontimeout>360</connectiontimeout>
        <connectionLimit>0</connectionLimit>
        <connectionLimitPerIP>0</connectionLimitPerIP>
        <!--
           Authorize only local users
        -->
        <authRequired>true</authRequired>
        <authorizedAddresses>0.0.0.0/0</authorizedAddresses>
        <!-- Trust authenticated users -->
        <verifyIdentity>false</verifyIdentity>
        <maxmessagesize>0</maxmessagesize>
        <addressBracketsEnforcement>true</addressBracketsEnforcement>
        <smtpGreeting>JAMES Linagora's SMTP awesome Server</smtpGreeting>
        <handlerchain>
            <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
            <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
        </handlerchain>
    </smtpserver>
    <smtpserver enabled="true">
    <jmxName>smtpserver-authenticated</jmxName>
        <bind>0.0.0.0:587</bind>
        <connectionBacklog>200</connectionBacklog>
        <tls socketTLS="false" startTLS="true">
            <keystore>file://conf/keystore</keystore>
            <secret>xxxxxxxxxxxxxPWD</secret>
            <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
            <algorithm>SunX509</algorithm>
        </tls>
        <connectiontimeout>360</connectiontimeout>
        <connectionLimit>0</connectionLimit>
        <connectionLimitPerIP>0</connectionLimitPerIP>
        <!--
           Authorize only local users
        -->
        <authRequired>true</authRequired>
        <authorizedAddresses>0.0.0.0/0</authorizedAddresses>
        <!-- Trust authenticated users -->
        <verifyIdentity>false</verifyIdentity>
        <maxmessagesize>0</maxmessagesize>
        <addressBracketsEnforcement>true</addressBracketsEnforcement>
        <smtpGreeting>JAMES Linagora's SMTP awesome Server</smtpGreeting>
        <handlerchain>
            <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/>
            <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/>
        </handlerchain>
    </smtpserver>
</smtpservers>

#8

You should have some logs on the server. Can you check?

Regards,
Raphaël.


#9

I tried following:
Removed all authentication setting and disabled “secure” option from OpenPaas mail setting(UI),

from root@servers1$ telnet openpaas_server 25
and send message to gmail id

Mail did not reach gmail server, but got a bounce message to the mail id used as “MAIL FROM:mail_id@openpaas.com

Bounce error message is “We were unable to deliver the attached message because of an error in the mail server.”

Tried same with port 587 and 465, result is same. also tried to send mail from Thunderbird/outlook result were same. However I am able to send mail from Openpaas web interface.

I suspect some james config?

Please help.
Thanks,
Daniel


#10

Yes, there seems to be an issue on this James server. Were you able to read the logs? When there is a message about “an error in the mail server” it generally means that you can see a matching error in the logs.

Regards,
Raphaël.


#11

Hi Raphaël,
James log got same error, nothing more i can see useful info.

Are you referring something specific.

Thanks,
Daniel


#12

I found this error in /var/log/james/jmaes.log

21:05:50.703 [INFO ] o.a.j.p.n.BasicChannelUpstreamHandler - Connection closed for 67.168.62.192
21:05:50.794 [INFO ] o.a.j.t.m.ToRepository - Storing mail Mail1552957550601-d0574318-72b0-4ee8-9ac0-74c58473f437 in MailRepositoryUrl{value=cassandra://var/mail/relay-denied/}

Please check content of /etc/james/mailetcontainer.xml

<?xml version="1.0"?>
<context>
    <postmaster>postmaster@openpaas.local</postmaster>
</context>

<spooler>
    <threads>20</threads>
</spooler>

<processors>
    <processor state="root" enableJmx="true">
        <mailet match="All" class="PostmasterAlias"/>
        <mailet match="RelayLimit=30" class="Null"/>
        <mailet match="dlp.Dlp" class="ToProcessor">
             <processor>dlpQuarantine</processor>
        </mailet>
        <mailet match="All" class="ToProcessor">
            <processor>transport</processor>
        </mailet>
    </processor>

    <processor state="dlpQuarantine" enableJmx="true">
        <mailet match="All" class="ToSenderDomainRepository">
             <urlPrefix>cassandra://var/mail/dlp/quarantine/</urlPrefix>
        </mailet>
    </processor>

    <processor state="dlpReject" enableJmx="true">
        <mailet match="All" class="ToSenderDomainRepository">
             <urlPrefix>cassandra://var/mail/dlp/rejected/</urlPrefix>
        </mailet>
    </processor>

    <processor state="error" enableJmx="true">
        <mailet match="All" class="Bounce"/>
        <mailet match="All" class="ToRepository">
            <repositoryPath>cassandra://var/mail/error/</repositoryPath>
        </mailet>
    </processor>
    <processor state="transport" enableJmx="true">
        <matcher name="mdn-matcher" match="org.apache.james.mailetcontainer.impl.matchers.And">
            <matcher match="HasMimeType=multipart/report"/>
            <matcher match="HasMimeTypeParameter=report-type=disposition-notification"/>
        </matcher>
        <mailet match="SMTPAuthSuccessful" class="SetMimeHeader">
            <name>X-UserIsAuth</name>
            <value>true</value>
        </mailet>
        <mailet match="HasMailAttribute=org.apache.james.SMIMECheckSignature" class="SetMimeHeader">
            <name>X-WasSigned</name>
            <value>true</value>
        </mailet>
        <!-- Beginning of contact pipeline -->
        <mailet match="SenderIsLocal" class="ContactExtractor">
            <attribute>extractedContacts</attribute>
        </mailet>
        <mailet match="All" class="AmqpForwardAttribute">
            <uri>amqp://localhost:5672</uri>
            <exchange>collector:email</exchange>
            <attribute>extractedContacts</attribute>
        </mailet>
        <!-- End of contact pipeline -->
        <mailet match="All" class="RemoveMimeHeader">
            <name>bcc</name>
        </mailet>
        <mailet match="All" class="RemoveMimeHeader">
            <name>X-MEETING-UID,X-MEETING-METHOD,X-MEETING-RECURRENCE-ID,X-MEETING-SEQUENCE,X-MEETING-DTSTAMP</name>
        </mailet>
        <mailet match="All" class="RecipientRewriteTable" />
        <mailet match="mdn-matcher" class="org.apache.james.jmap.mailet.ExtractMDNOriginalJMAPMessageId"/>

        <mailet match="RecipientIsLocal" class="org.apache.james.jmap.mailet.VacationMailet"/>
        <mailet match="RecipientIsLocal" class="org.apache.james.jmap.mailet.filter.JMAPFiltering"/>
        <mailet match="RecipientIsLocal" class="ToProcessor">
            <processor>local-recipient</processor>
        </mailet>

        <mailet match="org.apache.james.jmap.mailet.SentByJmap" class="ToProcessor">
          <processor>relay</processor>
        </mailet>
        <mailet match="SentByMailet" class="ToProcessor">
          <processor>relay</processor>
        </mailet>
        <mailet match="SMTPAuthSuccessful" class="ToProcessor">
          <processor>relay</processor>
        </mailet>
        <!--
        <mailet match="HostIsLocal" class="ToProcessor">
            <processor>local-address-error</processor>
            <notice>550 - Requested action not taken: no such user here</notice>
        </mailet>
        -->
        <mailet match="All" class="ToProcessor">
            <processor>relay-denied</processor>
        </mailet>
    </processor>

    <processor state="local-recipient" enableJmx="true">
        <!-- ICAL pipeline -->
        <mailet match="All" class="org.apache.james.jmap.mailet.TextCalendarBodyToAttachment"/>
        <mailet match="All" class="StripAttachment">
            <mimeType>text/calendar</mimeType>
            <attribute>rawIcalendar</attribute>
        </mailet>
        <mailet match="All" class="MimeDecodingMailet">
            <attribute>rawIcalendar</attribute>
        </mailet>
        <mailet match="All" class="ICalendarParser">
            <sourceAttribute>rawIcalendar</sourceAttribute>
            <destinationAttribute>icalendar</destinationAttribute>
        </mailet>
        <mailet match="All" class="ICALToHeader">
            <attribute>icalendar</attribute>
        </mailet>
        <mailet match="RecipientIsLocal" class="LogMessage"/>
        <mailet match="All" class="ICALToJsonAttribute">
            <source>icalendar</source>
            <destination>icalendarAsJson</destination>
            <rawSource>rawIcalendar</rawSource>
        </mailet>
        <mailet match="All" class="AmqpForwardAttribute">
            <uri>amqp://localhost:5672</uri>
            <exchange>james:events</exchange>
            <attribute>icalendarAsJson</attribute>
        </mailet>
        <!-- End of ICAL pipeline -->
        <mailet match="All" class="AddDeliveredToHeader"/>
        <mailet match="All" class="LocalDelivery"/>
    </processor>

    <processor state="relay" enableJmx="true">
        <mailet match="All" class="RemoteDelivery">
            <outgoingQueue>outgoing</outgoingQueue>
            <delayTime>5000, 100000, 500000</delayTime>
            <maxRetries>25</maxRetries>
            <maxDnsProblemRetries>0</maxDnsProblemRetries>
            <deliveryThreads>10</deliveryThreads>
            <sendpartial>true</sendpartial>
            <startTLS>true</startTLS>
            <heloName>OpeenPaas</heloName>
            <!--            <mail.smtp.ssl.enable>true</mail.smtp.ssl.enable> -->
            <!--            <sslEnable>true</sslEnable> -->
            <bounceProcessor>bounces</bounceProcessor>
        </mailet>
    </processor>
    <processor state="local-address-error" enableJmx="true">
        <mailet match="All" class="Bounce">
            <attachment>none</attachment>
        </mailet>
        <mailet match="All" class="ToRepository">
            <repositoryPath>cassandra://var/mail/address-error/</repositoryPath>
        </mailet>
    </processor>

    <processor state="relay-denied" enableJmx="true">
        <mailet match="All" class="Bounce">
            <attachment>none</attachment>
        </mailet>
        <mailet match="All" class="ToRepository">
            <repositoryPath>cassandra://var/mail/relay-denied/</repositoryPath>
            <notice>Warning: You are sending an e-mail to a remote server. You must be authentified to perform such an operation</notice>
        </mailet>
    </processor>

    <processor state="bounces" enableJmx="true">
        <mailet match="All" class="DSNBounce">
            <passThrough>false</passThrough>
        </mailet>
    </processor>

</processors>

#13

The mail is stored in relay-denied, it means the authentication was not sufficient. Did you check also smtpserver.xml configuration file?

BTW you are describing 2 different (and probably unrelated) behaviors:

  • sending an email via SMTP returns a bounce: in this case you should get something in the logs starting by [ERROR])
  • sending an email put it in relay-denied repository: in this case you are probably missing some authentiication / authorized IP address setting