| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> |
| <channel> |
| <title>James Website</title> |
| <description>Write an awesome description for your new site here. You can edit this line in _config.yml. It will appear in your document head meta (for Google search results) and in your feed.xml site description. |
| </description> |
| <link>http://james.apache.org/</link> |
| <atom:link href="http://james.apache.org/feed.xml" rel="self" type="application/rss+xml"/> |
| <pubDate>Thu, 14 Mar 2024 14:57:07 +0100</pubDate> |
| <lastBuildDate>Thu, 14 Mar 2024 14:57:07 +0100</lastBuildDate> |
| <generator>Jekyll v4.3.3</generator> |
| |
| <item> |
| <title>Apache James MIME4J 0.8.11</title> |
| <description><p>The Apache James developers are pleased to announce the 0.8.11 release of the MIME4J library.</p> |
| |
| <p>Early adopters can <a href="https://james.apache.org/download.cgi#Apache_Mime4J">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/MIME4J">tracker</a>.</p> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md">CHANGELOG</a>.</p> |
| |
| <p>This release fixes a minor regression of the 0.8.10 release regarding invalid encoding in email headers.</p> |
| |
| <p>The Apache James PMC would like to thanks all contributors who made this release possible!</p> |
| |
| </description> |
| <pubDate>Tue, 05 Mar 2024 02:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2024/03/05/mime4j-0.8.11.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2024/03/05/mime4j-0.8.11.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James Server 3.8.1</title> |
| <description><p>The Apache James developers are pleased to announce James server 3.8.1 release.</p> |
| |
| <p>Early adopters can <a href="http://james.apache.org/download.cgi#Apache_James_Server">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/JAMES">tracker</a>.</p> |
| |
| <p>The Apache James PMC would like to thank all contributors who made this release possible!</p> |
| |
| <h2 id="announcement">Announcement</h2> |
| |
| <p>This release comprise minor bug fixes enhancing Apache James stability.</p> |
| |
| <p>This release fixes the following security issues:</p> |
| |
| <ul> |
| <li><strong>CVE-2023-51747</strong>: SMTP smuggling in Apache James</li> |
| <li><strong>CVE-2023-51518</strong>: Privilege escalation via JMX pre-authentication deserialisation</li> |
| </ul> |
| |
| <h2 id="release-changelog">Release changelog</h2> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#381---2024-01-09">CHANGELOG</a>.</p> |
| |
| </description> |
| <pubDate>Tue, 09 Jan 2024 01:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2024/01/09/james-3.8.1.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2024/01/09/james-3.8.1.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James Server 3.7.5</title> |
| <description><p>The Apache James developers are pleased to announce James server 3.7.5 release.</p> |
| |
| <p>Early adopters can <a href="http://james.apache.org/download.cgi#Apache_James_Server">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/JAMES">tracker</a>.</p> |
| |
| <p>The Apache James PMC would like to thanks all contributors who made this release possible!</p> |
| |
| <h2 id="announcement">Announcement</h2> |
| |
| <p>This release comprise minor bug fixes enhancing Apache James stability.</p> |
| |
| <p>This release fixes the following security issues:</p> |
| |
| <ul> |
| <li><strong>CVE-2023-51747</strong>: SMTP smuggling in Apache James</li> |
| <li><strong>CVE-2023-51518</strong>: Privilege escalation via JMX pre-authentication deserialisation</li> |
| </ul> |
| |
| <h2 id="release-changelog">Release changelog</h2> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#375---2024-01-09">CHANGELOG</a>.</p> |
| |
| </description> |
| <pubDate>Tue, 09 Jan 2024 00:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2024/01/09/james-3.7.5.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2024/01/09/james-3.7.5.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James MIME4J 0.8.10</title> |
| <description><p>The Apache James developers are pleased to announce the 0.8.10 release of the MIME4J library.</p> |
| |
| <p>Early adopters can <a href="https://james.apache.org/download.cgi#Apache_Mime4J">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/MIME4J">tracker</a>.</p> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md">CHANGELOG</a>.</p> |
| |
| <p>This release fixes <code class="language-plaintext highlighter-rouge">CVE-2024-21742: Mime4J DOM header injection</code>.</p> |
| |
| <p>The Apache James PMC would like to thanks all contributors who made this release possible!</p> |
| |
| </description> |
| <pubDate>Mon, 08 Jan 2024 02:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2024/01/08/mime4j-0.8.10.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2024/01/08/mime4j-0.8.10.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Guest post: James and fail2ban</title> |
| <description><p>Credits: Paul Gunter</p> |
| |
| <p><a href="https://www.fentool.de/daten/aYg_h2p-hpw/JamesAttacks_v0.1.pdf">Original</a> version.</p> |
| |
| <h1 id="repel-brute-force-attacks-with-linux-firewall-iptables-and-fail2ban">Repel brute force attacks with Linux firewall (iptables) and fail2ban</h1> |
| |
| <h2 id="introduction">Introduction</h2> |
| |
| <p>Servers on the Internet are constantly under attack. Mail servers are also attacked to gain control of |
| a server that can be used to send bulk spam emails. This often leads to these servers ending up on |
| various black lists and can no longer be used as mail servers. A safe basic configuration of James is |
| required at this point.</p> |
| |
| <p>Nevertheless, attacks can mean that the server can practically no longer be operated. These are often |
| DoS or DDoS attacks (Denial-of-Service or Distributed Denial-of-Service), which smaller servers |
| in particular are difficult to defend against. However, basic protection via the firewall is relatively |
| easy to reach.</p> |
| |
| <p>But even after that, attacks can be seen, especially those that try to spy out access data. These |
| attacks can be detected by monitoring the log files. So the attack patterns are known and can be |
| repelled with fail2ban.</p> |
| |
| <p>All examples refer to a Linux operating system, Windows is not covered. The examples are shown |
| using Ubuntu and can be transferred to other Linux variants. “iptables” is used as the firewall front |
| end.</p> |
| |
| <h2 id="setting">Setting</h2> |
| |
| <p>The following assumes a small mail server on which only an SSH service can be accessed from |
| outside in addition to Apache James. In the example, the SSH service uses the standard port 22, |
| James uses the standard ports 25 (smtp), 110 (pop3) and/or 143 (imap).</p> |
| |
| <p>The examples refer to Apache James 3.8.0 (Spring App).</p> |
| |
| <p>The operating system is Ubuntu 22.04.</p> |
| |
| <p>The configuration should be carried out beforehand on a test system and not during operation. One |
| thing to note about James is that changes to log4j2’s configuration usually take effect immediately.</p> |
| |
| <h2 id="ddos---attacks">(D)DoS - Attacks</h2> |
| |
| <p>An attempt is made to load the server with so many requests that it no longer works. In the case of |
| DDos, this is carried out in parallel by a large number of servers, which also means a corresponding |
| amount of effort. A firewall can at least be used to ward off simple attacks.</p> |
| |
| <p>Rules are defined for the open ports and ping, which minimize the number of accesses. It must be |
| ensured that the number of accesses is not restricted to such an extent that regular accesses are also |
| affected.</p> |
| |
| <p>A normal check per ping usually has one access per second, so that 60 accesses per minute and IP |
| address are normal.</p> |
| |
| <p>The firewall rule can be (increase hitcount by one access so that there is no |
| crash during regular operation):</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo iptables -A INPUT -p icmp -m recent --set --name DDOS-PING |
| sudo iptables -A INPUT -p icmp -m recent --update --seconds 5 --hitcount 6 --name DDOS-PING -j DROP |
| </code></pre></div></div> |
| |
| <p>A permanent ping query with one server is possible, if the same server tries to work in parallel, it is |
| over after a total of 5 attempts.</p> |
| |
| <p>Similarly, this can be set for other open ports:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name DDOS-SSH |
| sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --name DDOS-SSH -j DROP |
| sudo iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name DDOS-SMTP |
| sudo iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DDOS-SMTP -j DROP |
| sudo iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --set --name DDOS-POP |
| sudo iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DDOS-POP -j DROP |
| sudo iptables -A INPUT -p tcp --dport 143 -m state --state NEW -m recent --set --name DDOS-IMAP |
| sudo iptables -A INPUT -p tcp --dport 143 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DDOS-IMAP -j DROP |
| </code></pre></div></div> |
| <p>There are many examples on the Internet how a firewall can be set up for a small server. It is |
| definitely worth looking into this further and setting up a suitable firewall.</p> |
| |
| <h2 id="fail2ban">Fail2Ban</h2> |
| |
| <p>Fail2ban analyzes log files and can trigger actions via rules. If an attack is detected, the firewall can |
| be expanded so that the attacker is blocked for a certain period of time.</p> |
| |
| <p>A typical example is an attacker trying to guess a password. Unfortunately, the firewall from above |
| does not work here. The reason is that the attacker first connects to the mail server via the SMTP |
| port. Within this connection he is now constantly trying to log in with his name and password. Since |
| the connection is not closed, the rules above do not apply. The failed login attempts are noted in |
| James log file and look something like this:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.reject:61</code></p> |
| |
| <ul> |
| <li>Rejected message. Unknown user: dar…@domaine.de</li> |
| </ul> |
| |
| <p>Here, an e-mail is rejected in the name of an unknown sender. “domaine.de” is your own domain, |
| which is being attacked. Unfortunately, the log line does not show which IP address the attack came |
| from, more on that later.</p> |
| |
| <p>Another example:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.doAuthTest:397 - AUTH method LOGIN failed from Username{localPart=root, domainPart=Optional[Domain :domaine.de]}@45.133.235.202</code></p> |
| |
| <p>An attempt is made to log in as root user, the password is incorrect and the login is rejected. At least |
| the attacker’s IP address is visible here at the end of the line.</p> |
| |
| <p>The following shows how these two attacks can be repelled with fail2ban. This can serve as a |
| template for similar attack attempts.</p> |
| |
| <h2 id="installing-fail2ban">Installing fail2ban</h2> |
| |
| <p>Information about fail2ban is available here: https://www.fail2ban.org/. There are many instructions |
| and good examples on the Internet. Therefore, here is only a brief explanation of how the |
| installation and initial setup works with Ubuntu. Other Linux distributions may vary.</p> |
| |
| <p>Fail2ban is set up with the following commands:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>supo apt update |
| sudo apt install fail2ban |
| sudo systemctl start fail2ban |
| sudo systemctl enable fail2ban |
| </code></pre></div></div> |
| |
| <p>Ubuntu installs the software. After start fail2ban manually. Finally the service is set to start |
| automatically after boot. The status of the service can be checked as follows:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">service fail2ban status</code></p> |
| |
| <p>Depending on the Linux variant, the setup may differ.</p> |
| |
| <p>The configuration files are located in “/etc/fail2ban/”. Changes should not be made to the original |
| files, as these will be overwritten during an update. Therefore, the “jail.conf” and “fail2ban.conf” |
| files should be copied to “jail.local” and “fail2ban.local”. (We will not make any adjustments to |
| these files here, so there is no need to copy them.)</p> |
| |
| <h2 id="how-fail2ban-works">How fail2ban works</h2> |
| |
| <p>As already written, fail2ban is based on the evaluation of log files. We will later adapt James |
| accordingly, we will use Log4j2.</p> |
| |
| <p>The log file contains a timestamp at the beginning of the line. As a rule, fail2ban recognizes the |
| format automatically, as it did in our case. The attacker’s IP address must also be in the line. Regular |
| expressions will be used to recognize these and also to filter the relevant lines. We will not go into |
| more detail here, for our own adaptations we refer to tutorials and examples from the Internet. |
| Filters are used to evaluate the log files. These are stored in the “./filter.d/” folder. Examples for |
| many services are already predefined there.</p> |
| |
| <p>Additional configurations are stored in the “./jail.d/” folder. With Ubuntu, the file “defaultsdebian.conf” is available there. Only the SSH service is activated there by default. All other services |
| are therefore not in operation and must be activated if necessary. With SSH, the standard values can |
| generally be accepted.</p> |
| |
| <p>The status of the evaluation of ssh can be tested as follows:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">sudo fail2ban-client status sshd</code></p> |
| |
| <p>For computers on the Internet, blocked IP addresses can be displayed here after a short time.</p> |
| |
| <p>For our purposes, we will set up the following files:</p> |
| |
| <ul> |
| <li>A James log file</li> |
| <li>A filter file „./filter.d/james.conf“</li> |
| <li>A jail file „../jail.d/james.conf“</li> |
| </ul> |
| |
| <h2 id="adaptation-to-sshd">Adaptation to SSHD</h2> |
| |
| <p>To get started, we’ll briefly deal with the customization for SSH access. It is best not to use ssh to |
| access our server with a password, but only with an SSH key. This makes incorrect passwords |
| rather unlikely. This means that the attacker can be blocked after just a few failed attempts. The |
| time after which access from a blocked IP address is allowed again can be set quite high here.</p> |
| |
| <p>The specifications come from the file “/etc/fail2ban/jail.conf” or from “/etc/fail2ban/jail.local”.</p> |
| |
| <p>These values are as follows:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># "bantime" is the number of seconds that a host is banned. |
| bantime = 10m |
| # A host is banned if it has generated "maxretry" during the last "findtime" |
| # seconds. |
| findtime = 10m |
| # "maxretry" is the number of failures before a host get banned. |
| maxretry = 5 |
| </code></pre></div></div> |
| |
| <p>In our case we change the values only for the SSHD service in the „/etc/fail2ban/jail.d/defaultsdebian.conf“ file. After the file looks like this:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[sshd] |
| enabled = true |
| bantime = 120m |
| findtime = 60m |
| maxretry = 2 |
| </code></pre></div></div> |
| |
| <p>If there are 2 failed attempts within 1 hour from an IP address, we block the address for 2 hours.</p> |
| |
| <p>After changes to configuration files, fail2ban must be restarted:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">sudo systemctl restart fail2ban</code></p> |
| |
| <h2 id="setup-apache-james">Setup Apache James</h2> |
| |
| <p>The following explains how James can be secured via fail2ban. Since there is no standard here, we |
| have to build the filter ourselves. Before that we will set up a log file.</p> |
| |
| <h3 id="generating-a-log-file">Generating a log file</h3> |
| |
| <p>The log files for James are in the installation logs folder. In the following we assume that this is the |
| folder: “/opt/james/log/”. In the Spring version of James there are quite a few log files. In our case, |
| we assume that there is only the “wrapper.log” file and that all relevant log outputs are logged there. |
| James Spring variant uses apache-log4j2 to log events. The “./conf/log4j2.xml” file is used as the |
| configuration file for this.</p> |
| |
| <p>We build a layout that outputs the following information:</p> |
| |
| <ul> |
| <li>The timestamp (%d)</li> |
| <li>The Java class from which the entry is generated (%C)</li> |
| <li>The attacker’s IP address (%X)</li> |
| <li>The log message (%msg)</li> |
| <li>A line break (%n)</li> |
| </ul> |
| |
| <p>The IP address is a variable that James provides himself. This is very useful as there are log entries |
| that do not report this IP address (see above). In order to be able to evaluate this better, the entry is |
| as follows: “[ip=%X{ip}]”. Unfortunately, this variable is not always filled. This is the case in our |
| other example, fortunately we can see the IP address from the log entry there.</p> |
| |
| <p>So that the wrapper.conf file is also filled further, there is also the console layout, which adopts |
| Tomcat layout.</p> |
| |
| <p>Our log file gets the name “james.log”, we use the “RollingFile” format.</p> |
| |
| <p>We only post log messages of classes whose packages start with “org.apache.james.protocols.smtp”.</p> |
| |
| <p>The complete configuration looks like this (/opt/james/conf/log4j2.xml):</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt; |
| &lt;Configuration status="INFO" monitorInterval="30" &gt; |
| &lt;Properties&gt; |
| &lt;Property name="logDir"&gt;../log&lt;/Property&gt; |
| &lt;Property name="logLayoutTomcat"&gt;%d{dd-MMM-yyyy HH:mm:ss.SSS} %level |
| [%t] %C.%M:%L - %msg%n&lt;/Property&gt; |
| &lt;Property name="logLayoutJames"&gt;%d{yyyy-MM-dd HH:mm:ss.SSS Z} - %C [ip= |
| %X{ip}] - %msg%n&lt;/Property&gt; |
| &lt;/Properties&gt; |
| &lt;Appenders&gt; |
| &lt;Console name="Console" target="SYSTEM_OUT"&gt; |
| &lt;PatternLayout pattern="${logLayoutTomcat}" /&gt; |
| &lt;/Console&gt; |
| &lt;RollingFile name="James" fileName="${logDir}/james.log" filePattern="$ |
| {logDir}/james.%d{yyyy-MM-dd}-%i.log.gz" ignoreExceptions="false"&gt; |
| &lt;PatternLayout pattern="${logLayoutJames}" charset="UTF-8" /&gt; |
| &lt;Policies&gt; |
| &lt;SizeBasedTriggeringPolicy size="10 MB" /&gt; |
| &lt;/Policies&gt; |
| &lt;DefaultRolloverStrategy min="1" max="9" /&gt; |
| &lt;/RollingFile&gt; |
| &lt;/Appenders&gt; |
| &lt;Loggers&gt; |
| &lt;Logger name="org.apache.james.protocols.smtp" level="info" &gt; |
| &lt;AppenderRef ref="James" level="info" /&gt; |
| &lt;/Logger&gt; |
| &lt;Root level="info" &gt; |
| &lt;AppenderRef ref="Console" level="info" /&gt; |
| &lt;/Root&gt; |
| &lt;/Loggers&gt; |
| &lt;/Configuration&gt; |
| </code></pre></div></div> |
| |
| <p>To test the log output, we first fill the file (/opt/james/log/james.log) with the following content:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>2023-06-17 11:11:50.206 +0200 - org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler [ip=45.129.14.30] - Rejected message. Unknown user: dar...@domaine.de |
| 2023-06-17 11:11:51.206 +0200 - org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler [ip=45.129.14.31] - Rejected message. Unknown user: dar...@domaine.de |
| 2023-06-17 11:11:50.206 +0200 - org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler [ip=] - AUTH method LOGIN failed from Username{localPart=monitor, domainPart=Optional[Domain :domaine.de]}@45.129.14.40 |
| 2023-06-17 11:11:50.206 +0200 - org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler [ip=] - AUTH method LOGIN failed from Username{localPart=monitor, domainPart=Optional[Domain :domaine.de]}@45.129.14.41 |
| 2023-06-17 11:11:52.206 +0200 - org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler [ip=45.129.14.30] - Rejected message. Unknown user: dar...@domaine.de |
| 2023-06-17 11:11:53.206 +0200 - org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler [ip=45.129.14.31] - Rejected message. Unknown user: dar...@domaine.de |
| 2023-06-17 11:11:50.206 +0200 - org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler [ip=] - AUTH method LOGIN failed from Username{localPart=monitor, domainPart=Optional[Domain :domaine.de]}@45.129.14.40 |
| 2023-06-17 11:11:50.206 +0200 - org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler [ip=] - AUTH method LOGIN failed from Username{localPart=monitor, domainPart=Optional[Domain :domaine.de]}@45.129.14.41 |
| </code></pre></div></div> |
| |
| <h2 id="setting-up-filters">Setting up filters</h2> |
| |
| <p>We create the file “/etc/fail2ban/filter.d/james.conf” with the following content:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Definition] |
| failregex = |
| ^.-.org.apache.james.protocols.smtp.core.fastfail.AbstractValidRcptHandler.\ |
| [ip=&lt;HOST&gt;\].-.Rejected message. Unknown user.*$ |
| ^.-.org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.\[ip=\].-.AUTH |
| method LOGIN failed from Username.*\@&lt;HOST&gt;$ |
| ignoreregex = |
| </code></pre></div></div> |
| <p>We see 2 regular expressions there. The first looks at the „AbstractValidRcptHandler“ class. The IP |
| address is filled via the James variable. The IP address is recognized with the placeholder <HOST>.</HOST></p> |
| |
| <p>The second looks at the “AuthCmdHandler” class, the IP address is at the end of the line.</p> |
| |
| <h2 id="setup-jail">Setup Jail</h2> |
| |
| <p>We create the file “/etc/fail2ban/jail.d/james.conf” with the following content:</p> |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[james] |
| enabled = true |
| filter = james |
| logpath = /opt/james/log/james.log |
| bantime = 120m |
| findtime = 20m |
| maxretry = 2 |
| </code></pre></div></div> |
| |
| <p>This completes the setup. The service must be restarted for the changes to take effect:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">sudo systemctl restart fail2ban</code></p> |
| |
| <h2 id="testing-the-settings">Testing the settings</h2> |
| |
| <p>The “fail2ban-regex” program can be used for testing. It is called with the information about the log |
| and filter files:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">fail2ban-regex /opt/james/log/james.log /etc/fail2ban/filter.d/james.conf</code></p> |
| |
| <p>All lines should be recognized and evaluated, the result should look like this at the end:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">Lines: 8 lines, 0 ignored, 8 matched, 0 missed</code></p> |
| |
| <p>Lines that are not evaluated are displayed. In this case check your filter file. |
| At the end restart James with the new log configuration, after restart fail2ban. If you use your own |
| firewall script, this should be started beforehand. James condition can be checked as follows:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">sudo fail2ban-client status james</code></p> |
| |
| <h2 id="conclusion">Conclusion</h2> |
| |
| <p>Fail2ban is a very powerful program and can help keep James running more safely. But it is only |
| one element of security. A coordinated firewall and constant monitoring of the server must continue |
| to be guaranteed.</p> |
| |
| </description> |
| <pubDate>Wed, 17 May 2023 01:16:30 +0200</pubDate> |
| <link>http://james.apache.org/james/update/2023/05/17/fail2ban.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2023/05/17/fail2ban.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James Server 3.8.0</title> |
| <description><p>The Apache James developers are pleased to announce James server 3.8.0 release.</p> |
| |
| <p>Early adopters can <a href="http://james.apache.org/download.cgi#Apache_James_Server">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/JAMES">tracker</a>.</p> |
| |
| <p>The Apache James PMC would like to thank all contributors who made this release possible!</p> |
| |
| <h2 id="announcement">Announcement</h2> |
| |
| <p>This release brings the following significant changes:</p> |
| |
| <ul> |
| <li>Upgrade TCP protocols to Netty 4</li> |
| <li>Migrate IMAP protocol as reactive</li> |
| <li>Multiple additional IMAP extensions are implemented</li> |
| <li>Upgrade to Cassandra driver 4</li> |
| <li>Migrate to OpenSearch</li> |
| <li>Review our threading model to cap threads performing blocking tasks</li> |
| <li>Implement official JMAP quotas specification</li> |
| </ul> |
| |
| <h2 id="release-changelog">Release changelog</h2> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#380---2023-05-17">CHANGELOG</a>.</p> |
| |
| </description> |
| <pubDate>Wed, 17 May 2023 01:16:30 +0200</pubDate> |
| <link>http://james.apache.org/james/update/2023/05/17/james-3.8.0.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2023/05/17/james-3.8.0.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James Server 3.7.4</title> |
| <description><p>The Apache James developers are pleased to announce James server 3.7.4 release.</p> |
| |
| <p>Early adopters can <a href="http://james.apache.org/download.cgi#Apache_James_Server">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/JAMES">tracker</a>.</p> |
| |
| <p>The Apache James PMC would like to thanks all contributors who made this release possible!</p> |
| |
| <h2 id="announcement">Announcement</h2> |
| |
| <p>This release comprise minor bug fixes enhancing Apache James stability.</p> |
| |
| <h2 id="release-changelog">Release changelog</h2> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#374---2023-03-20">CHANGELOG</a>.</p> |
| |
| </description> |
| <pubDate>Mon, 20 Mar 2023 00:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2023/03/20/james-3.7.4.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2023/03/20/james-3.7.4.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James MIME4J 0.8.9</title> |
| <description><p>The Apache James developers are pleased to announce the 0.8.9 release of the MIME4J library.</p> |
| |
| <p>Early adopters can <a href="https://james.apache.org/download.cgi#Apache_Mime4J">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/MIME4J">tracker</a>.</p> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md">CHANGELOG</a>.</p> |
| |
| <p>The Apache James PMC would like to thanks all contributors who made this release possible!</p> |
| |
| </description> |
| <pubDate>Fri, 30 Dec 2022 02:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2022/12/30/mime4j-0.8.9.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2022/12/30/mime4j-0.8.9.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James Server 3.7.3</title> |
| <description><p>The Apache James developers are pleased to announce James server 3.7.3 release.</p> |
| |
| <p>Early adopters can <a href="http://james.apache.org/download.cgi#Apache_James_Server">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/browse/JAMES">tracker</a>.</p> |
| |
| <p>The Apache James PMC would like to thanks all contributors who made this release possible!</p> |
| |
| <h2 id="announcement">Announcement</h2> |
| |
| <p>This release fixes CVE-2022-45935: Temporary File Information Disclosure in Apache JAMES.</p> |
| |
| <p>This release proposes stability related bug fixes and updates some dependencies for security reasons.</p> |
| |
| <h2 id="release-changelog">Release changelog</h2> |
| |
| <p>The full changes included in this release can be seen in the <a href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#373---2022-12-30">CHANGELOG</a>.</p> |
| |
| </description> |
| <pubDate>Fri, 30 Dec 2022 00:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2022/12/30/james-3.7.3.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2022/12/30/james-3.7.3.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| <item> |
| <title>Apache James JSPF 1.0.3</title> |
| <description><p>The Apache James developers are pleased to announce the 1.0.3 release of the JSPF library.</p> |
| |
| <p>Early adopters can <a href="https://james.apache.org/download.cgi#Apache_jSPF">download it</a>, any issue can be reported on our issue <a href="https://issues.apache.org/jira/projects/JSPF/issues">tracker</a>.</p> |
| |
| <p>This release fixes error management for DSNJava asynchronous capabilities</p> |
| |
| <p>The Apache James PMC would like to thanks all contributors who made this release possible!</p> |
| |
| </description> |
| <pubDate>Fri, 30 Dec 2022 00:16:30 +0100</pubDate> |
| <link>http://james.apache.org/james/update/2022/12/30/jspf-1.0.2.html</link> |
| <guid isPermaLink="true">http://james.apache.org/james/update/2022/12/30/jspf-1.0.2.html</guid> |
| |
| |
| <category>james</category> |
| |
| <category>update</category> |
| |
| </item> |
| |
| </channel> |
| </rss> |