EricDaugherty.com - Java Email Server (JES)

Java Email Server - Change Log

Introduction - Download - Install - Configuration - License - Change Log - Related Projects

(New Feature) A recipient policy is now offered for all incoming messages originating from local domains. See the rcptPolicy.conf file for details.

Further relaxed the default security settings so that cleartext passwords are accepted.

Unlimited juridstiction cryptography is not required by default anymore.

The digest-MD5 SASL mechanism is off by default now.

Replaced all instances of StringBuffer with StringBuilder

Truly decoupled dependency on log4j. See section "Logging Facility" in AdditionalNotes.txt.

Server instance now uses a singleton pattern.

Added an option ("testing.destination") that, when set, directs all outgoing messages to the destination (currently a folder).

Each domain gets its own default user.

A profile can now be set for the services to be activated at startup. The profile is broken down into Mail Transfer Mode and Mail Retrieval Mode. Resource allocation is affected, but not considerably.

Switched to JDK 1.5 as the source level for JES code.

Maven is now used as the project management system.

Added support for rejecting an incoming SMTP connection based on dnswl/dnsbl rules. Extended coverage in dnsBWLists.conf.

Added support for content-filtering and virus scanning via amavisd-new using a dual-MTA setup. Details in mail.conf. Tested with JES running on a windows box and amavisd-new on an ubuntu hardy one.

Socket ports for the incoming smtp and pop3 requests can now be updated on the fly via mail.conf. Additionally, just after 4AM daily, the server sockets are refreshed to avoid possible issues with winsock connection buffers (this applies to windows machines alone). When running a dual-MTA setup only the receiving-MTA's smtp listening port is altered.

JES can now be run with a security manager, which is off by default. The relative setting must be set to true to enable it. A jes.policy file must be located in the install directory. There are no issues with dynamically updating listening ports since the relative port permission checking is not carried out by the default SecurityManager method.

Due to the legacy approach dnsjava uses to actively acquire nameserver related info from the system the nameserver and search items MUST be declared in wrapper.conf. Otherwise a <> execute permission must be granted (in windows) or a read access to /etc (in linux) which defeats the purpose of minimizing unrestricted access.

The directories for smtp messages, user accounts and messages received from amavis can be defined in mail.conf and need not reside in the JES installation directory. Defaults are always supplied for the two former cases.

SMTPProccessor, POP3Processor, SMTPRemoteSender heavily revised.

SMTPSender is now multithreaded using a threadpool consisting of 4 threads.

Substituted JavaService with Java Wrapper as the former was having issues with Java 6. Java Wrapper however replaces the user.country, user.language, file.encoding and 'operating system' system properties, so these have to be defined in the mail.conf file.

The shutdown process begins simultaneously for all the application modules. All the processes are allowed to shutdown gracefully. The wrapper.jvm_exit.timeout setting in wrapper.conf defines the maximum allowed duration of the shutdown process. When run as a wrapped console application pressing CTRL-C once begins the shutdown process. Pressing it once more terminates the process immediately.

Updated DNSjava to version 2.0.6. Note that the included library is NOT the official pre-compiled one but a slightly amended one. This was necessary to correct a small issue with how DNSjava obtained the DNS servers and search path on a system with more than one network adapters. Further more, a windows installation with a java default system language other than en,de,fr,pl would return no results. This has been corrected for english build windows systems regardless of the regional settings.

Servers (such as hotmail) that use reverseDNS to check the validity of the domain name in the initial greeting can be defined in a file so that mail is successfully delivered. This is extremely useful if JES is operating over a Dynamic IP.

Considerably reduced the memory footprint (especially when dealing with messages containing attachments) by accessing the messages incrementally from the disk and not loading the entire contents in a list. This applies to all the cases when a message is accessed. Thus:

Only the JES inserted smtp message headers are retrieved when smtp messages are being read so as to be queued up for delivery.
When a message is being delivered locally or remotely the message contents are read from disk incrementally.
When a message is being received as part of an SMTP server session, the data sent after the DATA command has been issued are written incrementally to a temporary file.
Prior to this release a pop server session was already feeding the client with data directly from disk as part of a RETR command. This has been altered so that a chunk of data (and not a single line from the file) is read from disk and forwarded to the pop3 client.

The chunk size for all these cases was initially set to 500 lines. This seemed like a nice trade off between disk I/O and memory footprint. While testing a JES server running on a single core pc with 5 SMTPProcessors and 5 POP3Processors by actively engaging all 5 smtp processors, used memory would not exceed 40 MiB during the entire test run. Please note that during the test a password dialog popped up at server start up, thus the max memory size could have been as low as 32 MiB. Unfortunately it would appear that certain SMTP servers employ a particular timeout policy that leads to a dropped connection. The chunk size was reduced to 250 lines and the problem appears to have been addressed.

Mail recipients are now grouped by domain, so that when contacting a remote domain a message is delivered to multiple recipients to that domain.

Added the ability to issue commands to the server from a (internal network only) socket connection. Only a command to add a user has been implemented at this time. See mail.conf.

Added the ability to augment the capabilities of the server by incorporating external modules. These modules have to extend the interfaces defined in com.ericdaugherty.mail.external (only PassReceivedLocalMessage available at this time), contain the line 'public static final String moduleType = "InterfaceName";', the compiled jar file simply has to be placed in the installation 'external' folder and be added to the class path via wrapper.conf in a line like wrapper.java.classpath.x=/external/.jar. In the case of 'PassReceivedLocalMessage' the implementing class MUST be run on a separate thread, otherwise the server will be bogged down. Implement at your own risk.

For already existing JES 1.6.1 installations a migration tool is included to automatically adjust SMTP messages and the user.conf to the version 2 format. Please read the AdditionalNotes.

Under a Unix operating system, JES will start as a privileged user (the root) to bind to ports <1024 (such as the smtp port 25) and drop to the unprivileged jeserver one as soon as startup is complete.

Implemented a high-level testing framework. Such a framework doesn't check the results of low-level operations such as class methods directly. Rather, it establishes fully functional instances of the application and verifies its end products, in this case e-mail messages, for validity and consistency. An altered version of the columba mail client is used as a smtp/pop3 client for the tests.

The keystore password acquisition system has been designed to allow proper JES operation in unix-likes and windows. Possibly along with (a) kerberos 5 principal password(s), they have to be made available to JES through the file explicitly named "password" in the security directory. The format of this file follows Properties file conventions. The keystore password is supplied as keystore=password. The kerberos password(s) is (are) supplied through (a) =password entry(ies). The entry order has no importance. JES reads the password file at startup and if this is the first time recording passwords, it generates a secret key with which it encrypts the password entry(ies) and stores it(them) to a file as a java sealed object. If at a later date (a) password(s) need(s) to be updated then a password file with a password for the entry(ies) of interest need(s) to be supplied. JES always deletes the cleartext password(s) password file and stores the encrypted entries. The key used for encryption is persisted to the security directory and all access to it is restricted to the root user in unix(-likes) or the administrators group and system user in windows. Should there be a need for a password that has not been supplied by a password file JES will display a pop up window requesting the password. But only if Java is not running headless, otherwise a runtime exception is thrown. In this fashion JES can be started as a service not only in windows but also in unix-likes.

A warning message appears on screen whenever a configuration file is updated, asking for confirmation before applying any changes. This option can be disabled using the notify.disable entry in mail.conf, but only under certain restrictions. See the relative entry in mail.conf.

JES can now be configured to inform the default user by e-mail that the user/mail.conf files have been modified.

Added the ability to enable/disable acceptance of the HELO command during a SMTP receiver session. This doesn't contradict the specification since the server still supports the command, but rejects it in order to protect user/message confidentiality. Otherwise, simply accepting it on all occasions cancels any security context.

Significant change to the internal structure of JES. All message persistence code has been detached from the relative mail session classes and now resides in package com.ericdaugherty.mail.server. persistence. This will allow the addition of other persistence mechanisms (such as a JDBC powered one). Furthermore, the authentication granting code has also been moved to a dedicated package (com. ericdaugherty.mail.server.auth). The delivery to local domain users process has been detached from the SMTPSender code as well.

MIME support has been significantly upgraded. Moved the mime processing code to separate classes. Also corrected the handling of nested message mime parts (specifically message/rfc822 which is used when a client forwards a message).

All three modules (SMTP Processor, SMTP Sender, Pop3 Processor) use byte level streams during a session for sending/receiving message data and human-readable streams when exchanging protocol specific messages.

Full support for 8BITMIME. JES declares (and employs) the ability to receive messages using 8BITMIME during a mail transaction as a SMTP server. Moreover if a message is received with a 8BITMIME flag and the server responsible for handling the recipient's messages doesn't support 8BITMIME, JES will transform the 8 bit mime parts on the fly as it transmits them.

User and realm configuration files now support all available character set encodings. This results to attaining the ability to use non latin1(us-ascii,iso-8859-1) characters for passwords and realms. Standard restrictions still apply for usernames and domains.

Refined and augmented the authentication mechanisms. Proper support for LOGIN and PLAIN. Fully implemented the digest-md5 and gssapi (Kerberos 5) sasl authentication mechanisms. Messages exchanged between jes operating as a smtp(pop3) receiver and a smtp(pop3) client can be either integrity or confidentiality protected should the client request it.

How clear text passwords are treated can be defined in mail.conf separately for smtp and pop3 server sessions.

In conjunction with the introduction of the DIGEST-MD5 authentication mechanism, realms have been added. Please take a look at realms.conf.

A delay DSN is sent to the message originator if more than 15 minutes have passed without delivering the message.

The SMTP Server now supports TLS/SSL both for incoming and outgoing mail. The standard port (e.g. 25) will implement a security layer if the handshake succeeds or it will abort the transaction. Take note that if the connecting party doesn't demand/support a secure connection the transaction will proceed without a security layer. A dedicated secure only listening port can be independently setup (usually on port 465).

The POP3 Server now supports TLS/SSL. The standard port (e.g. 110) will implement a security layer if the handshake succeeds or it will abort the transaction. Take note that if the connecting party doesn't demand/support a secure connection the transaction will proceed without a security layer. A dedicated secure only listening port can be independently setup (usually on port 995).

Use of TLS/SSL on standard ports is controlled separately for SMTP and POP3 server sessions.

Control the use of TLS/SSL for all outgoing SMTP sessions.

Added a security policy concerning mail recipients in SMTP server mode.

Added policy control for the number of authentication attempts allowed to a connecting SMTP/POP3 client.

Care has been taken so that header and message integrity is not compromised.

No file locking on mail.conf, user.conf and reverseDNS.conf.

The SMTP Server is RFC2821 compliant and supports the EHLO Mail Service Type for both the incoming and outgoing connections.

The POP3 Server is RFC1939 compliant.

An incoming mail that is only plain/text or mail that (also) contains plain/text sub-bodies that are in a non standard mail character encoding (flagged with a "content transfer encoding: 8bit") is automatically converted to 7bit using base64 encoding unless the server has been configured to accept 8BITMIME messages and the message being received has the corresponding flag.

The keystore holding the certificates used for TLS/SSL can be one placed in the security directory or defined in the mail.conf file. See mail.conf for details.

If the application has initiated shut down, the configuration files are no longer monitored.

Separate thread count for standard and secure services.

Using TLS/SSL on standard services can be turned off.

The dedicated secure SMTP/POP3 modules need not be activated.

Added a maximum count of 3 attempts to validate a username and password in a POP3 session.

The POP3 (POP3processor) and SMTP Server (SMTPProcessor) modules (both standard and secure) monitor the errors of a session and will abort if too many errors are encountered (the maximum error count is defined in mail.conf).

No mail bouncing for NULL mails.

Proper session timeouts have been incorporated.

The maximum message size is now used during a SMTP session via the SIZE extension and an added MAIL FROM: argument.

Added a module monitor that logs active application modules every 5 minutes.

Various bug fixes.

Various additions, remedies or alterations to increase conformity to the acceptable standards.

Updated mail.conf to remove extra trailing semicolin from "smtpdelivery.threshold=10" Thanks to Siegfried Goeschl (siegfried.goeschl@it20one.at).

Updated mail.sh to accept a configuration directory as a command line parameter. Thanks to Siegfried Goeschl (siegfried.goeschl@it20one.at).

Updated bulid.xml to build with JDK version 1.4 (minimum needed for codebase). Thanks to Siegfried Goeschl (siegfried.goeschl@it20one.at).

Fixed error in SMTPRemoteSender introduced in release 1.5. Server would fail to look up MX entries when not using a default SMTP server. Thanks to Philipp Hagemeister for tracking this issue down.

Server adds FROM address if message is received without one (unknown@example.com). Server would accept the messages but throw errors when it tried to deliver them: "Unable to parse the address from the stored file." Thanks to Matthew Lohbihler of Serotonin Software (serotoninsoftware.com) for providing this fix.

Added socket timeout to SMTP processor sockets. This may address issues with threads getting hung in socket.read calls. Thanks to Matthew Lohbihler of Serotonin Software (serotoninsoftware.com) for providing this fix.

Added the ability to use a default SMTP server that requires authentication. This can be useful if your ISP prohibits outbound connections on port 25 and forces you to authenticate with their default SMTP server. Thanks to Matthew Lohbihler of Serotonin Software (serotoninsoftware.com) for adding this feature.

Added the option to limit the maximum size for incoming messages. The configuration parameter is in megabytes (2^10) and defaults to 5.

Added the ability to specify a port number for the outgoing SMPT servers. Thanks to Philippe Reverdy http://preverdy.free.fr/preverdy/utilities.html

Added new configuration option to allow relaying based on 'from' email address. This can be used to easily allow relaying for users based their address or an entire domain. However, this can be risky and should be used with cation as there is no protection from others 'spoofing' the from address to send spam. Thanks to Philippe Reverdy http://preverdy.free.fr/preverdy/utilities.html

Added a maximum delivery attempts configuration property before a message fails. Message re-delivery attempt intervals are exponentially increased, up to a maximum interval of 17 hours (1024 minutes). Thanks to Al Lieb. Thanks also to Andrei Makalski.

Miscellaneous code cleanup: Cleaned up SMTPSender try/catch block. Added logic to handle null result of DNS Lookup. Fixed issue with MX entry sorting. Thanks to Al Lieb.

Addes a new header "X-DeliveredTo: admin@mydomain.com" to locally delivered email. This allows users who use multiple local addresses that are delivered to a single mail box to track which user the message was addressed to. Thanks to Shmuel Siegel.

Fixed error with delivery address resolution. SourceForge Bug #848417 The resolution of the local address was also incorrect and has been fixed. Thanks to Shmuel Siegel.

Fixed handling of blank listenAddress. Previous version default to the localhost loopback, while the new version uses the simpler ServerSocket constructor. Thanks to Shmuel Siegel.

Added test DNS lookup utility and additional site documentation. Thanks to Martin Cordova.

Added ability to bind JES to a single IP address.

Resolved an issue with the loading of forward addresses from the user.conf file.

Forward Addresses are now resolved when the message is received. Previously, message delivery to forwarded addresses could be unpredictable of one of the multiple forward addresses failed.

Added better logging to SMTPSender class

The login scheme was broken when the username was saved in the configuration file in uppercase. This is now fixed.

Fixed issue that caused a configuration error when the default smtp server property was set.

Utilize Jakarta commons-logging to remove required dependency of Log4j. Default Logger just writes to the console and also can write to a file. Log4j is still used by default. Log4j configuration can now be controlled using log.conf, and updated while the server is running. Support for NT Service! A batch file has been included in the bin directory to install JES as a NT Service. Thanks to Paul Thordarson

Reworked configuration. Configuration is now split into three files: mail.conf, user.conf, log.conf. mail.conf and user.conf files will be reloaded automatically after a change while the server is running. The user.conf file can be edited with plaintext passwords, and they will be hashed and resaved by the server automatically. This removes the need for the GUI configuration tool, which is now gone. Added support for multiple SMTP Relay rules. Can now enable POP Before SMTP and IP based relaying individually or together. IP Based relaying now also supports wildcards. These settings can be changed without restarting the server.

The SMTP Server would accept the data command even if the client had not specified any valid recipients. This has been fixed.

Added entry: Delivery.smtprelaytype=NONE to the default configuration file. This addresses bug: 768385. Thanks to mariusz_grey.

Upgraded DNSJava library to 1.3.3. Enhanced DNS lookups to order MX Entries.

Added Socket Timeout for SMTP Delivery. This addresses bug: 783119.

Added client IP address based SMTP Relaying. Users can now configured a list of IP addresses that are allowed to relay mail. Thanks to Scott Schrecken

Fixed JavaDoc tags and included JavaDoc comments in release.

Updated UNIX/Linux shell scripts.

Resolved Linux compatability issue. Incorrect line termination was being used by the println method. Thanks to B0NFiRE (www.fdns.net).

Integrated newest release of DaughertyLib (2.0) to enable JDK 1.4 Support. Improved implementation of the shutdown() method. Thanks to Siegfried Goeschl.

Added runtime hook to call the shutdown method when the VM is shutdown (CRTL-C from the command line). Thanks to Siegfried Goeschl.

Resolved NullPointerException in DNSService that occured when no MX Entries were found.

Now allow empty MAIL FROM: command.

Resolved case sensitivity in email addresses.

Added hook to shutdown server gracefully. Static shutdown() method added to Mail class. However, this feature is not currently exposed. Users may wrap the Mail class to provide their own shutdown triggers.

Fixed Config Tool. Default User Combo Box did not refresh when a new user is added.

Fixed SMTP Sender. Was unable to handle servers with multi-line responses.

Fixed POP Server. did not respond to RSET command.

Added implementation of optional UIDL and TOP commands in the POP server.

Initial Release