This guide aims to be an entry-point to the James documentation for user managing a distributed Guice James server.
It includes:
In order to not duplicate information, existing documentation will be linked.
Please note that this product is under active development, should be considered experimental and thus targets advanced users.
Guice distributed James server intends to provide a horizontally scalable email server.
In order to achieve this goal, this product leverages the following technologies:
A docker-compose file is available to allow you to quickly deploy locally this product.
A toolbox is available to help an administrator diagnose issues:
Read this page regarding setting up structured logging.
We recommend to closely monitoring ERROR and WARNING logs. Those logs should be considered not normal.
If you encounter some suspicious logs:
Leveraging filters in Kibana discover view can help filtering out “already known” frequently occurring logs.
When reporting ERROR or WARNING logs, consider adding the full logs, and related data (eg the raw content of a mail triggering an issue) to the bug report in order to ease resolution.
James keeps tracks of various metrics and allow to easily visualize them.
Read this page for explanations on metrics.
Here is a list of available metric boards
Monitoring these graphs on a regular basis allows diagnosing early some performance issues.
If some metrics seem abnormally slow despite in depth database performance tuning, feedback is appreciated as well on the bug tracker, the user mailing list or our Gitter channel (see our community page) . Any additional details categorizing the slowness are appreciated as well (details of the slow requests for instance).
James webadmin API allows to run healthChecks for a quick health overview.
Here is related webadmin documentation
Here are the available checks alongside the insight they offer:
Mail processing allows to take asynchronously business decisions on received emails.
Here are its components:
spooler takes mail out of the mailQueue and executes mail processing within the mailet container.mailet container synchronously executes the user defined logic. This ‘logic’ is written through the use of
mailet, matcher and processor.mailet represents an action: mail modification, envelop modification, a side effect, or stop processing.matcher represents a condition to execute a mailet.processor is a flow of pair of matcher and mailet executed sequentially. The ToProcessor mailet is a goto
instruction to start executing another processormail repository allows storage of a mail as part of its processing. Standard configuration relies on the
following mail repository:
cassandra://var/mail/error/ : unexpected errors that occurred during mail processing. Emails impacted by
performance related exceptions, or logical bug within James code are typically stored here. These mails could be
reprocessed once the cause of the error is fixed. The Mail.error field can help diagnose the issue. Correlation
with logs can be achieved via the use of the Mail.name field.cassandra://var/mail/address-error/ : mail addressed to a non-existing recipient of a handled local domain.
These mails could be reprocessed once the user is created, for instance.cassandra://var/mail/relay-denied/ : mail for whom relay was denied: missing authentication can, for instance,
be a cause. In addition to prevent disasters upon miss configuration, an email review of this mail repository can
help refine a host spammer blacklist.cassandra://var/mail/rrt-error/ : runtime error upon Recipient Rewritting occurred. This is typically due to a
loop. We recommend verifying user mappings via User Mappings webadmin API
then once identified break the loop by removing some Recipient Rewrite Table entry via the
Delete Alias,
Delete Group member,
Delete forward,
Delete Address mapping,
Delete Domain mapping or
Delete Regex mapping APIs (as needed). The Mail.error field can
help diagnose the issue as well. Then once the root cause has been addressed, the mail can be reprocessed.Read this to discover mail processing configuration, including error management.
Currently, an administrator can monitor mail processing failure through ERROR log review. We also recommend watching
in Kibana INFO logs using the org.apache.james.transport.mailets.ToProcessor value as their logger. Metrics about
mail repository size, and the corresponding Grafana boards are yet to be contributed.
WebAdmin exposes all utilities for reprocessing all mails in a mail repository or reprocessing a single mail in a mail repository.
In order to prevent unbounded processing that could consume unbounded resources. We can provide a CRON with limit parameter.
Ex: 10 reprocessed per minute
Note that it only support the reprocessing all mails.
Also, one can decide to delete all the mails of a mail repository or delete a single mail of a mail repository.
Performance of mail processing can be monitored via the mailet grafana board and matcher grafana board.
James relies on an event bus system to enrich mailbox capabilities. Each operation performed on the mailbox will trigger related events, that can be processed asynchronously by potentially any James node on a distributed system.
Many different kind of events can be triggered during a mailbox operation, such as:
MailboxEvent: event related to an operation regarding a mailbox:
MailboxDeletion: a mailbox has been deletedMailboxAdded: a mailbox has been addedMailboxRenamed: a mailbox has been renamedMailboxACLUpdated: a mailbox got its rights and permissions updatedMessageEvent: event related to an operation regarding a message:
Added: messages have been added to a mailboxExpunged: messages have been expunged from a mailboxFlagsUpdated: messages had their flags updatedMessageMoveEvent: messages have been moved from a mailbox to an otherQuotaUsageUpdatedEvent: event related to quota updateMailbox listeners can register themselves on this event bus system to be called when an event is fired, allowing to do different kind of extra operations on the system, like:
It is possible for the administrator of James to define the mailbox listeners he wants to use, by adding them in the listeners.xml configuration file. It's possible also to add your own custom mailbox listeners. This enables to enhance capabilities of James as a Mail Delivery Agent. You can get more information about those here.
Currently, an administrator can monitor listeners failures through ERROR log review.
Metrics regarding mailbox listeners can be monitored via
mailbox_listeners grafana board
and mailbox_listeners_rate grafana board.
Upon exceptions, a bounded number of retries are performed (with exponential backoff delays). If after those retries the listener is still failing to perform its operation, then the event will be stored in the Event Dead Letter. This API allows diagnosing issues, as well as redelivering the events.
To check that you have undelivered events in your system, you can first run the associated with event dead letter health check .You can explore Event DeadLetter content through WebAdmin. For this, list mailbox listener groups you will get a list of groups back, allowing you to check if those contain registered events in each by listing their failed events.
If you get failed events IDs back, you can as well check their details.
An easy way to solve this is just to trigger then the redeliver all events task. It will start reprocessing all the failed events registered in event dead letters.
In order to prevent unbounded processing that could consume unbounded resources. We can provide a CRON with limit parameter.
Ex: 10 redelivery per minute
If for some other reason you don't need to redeliver all events, you have more fine-grained operations allowing you to redeliver group events or even just redeliver a single event.
A projection of messages is maintained in OpenSearch via a listener plugged into the mailbox event bus in order to enable search features.
You can find more information about OpenSearch configuration here.
As explained in the Mailbox Event Bus section, processing those events can fail sometimes.
Currently, an administrator can monitor indexation failures through ERROR log review. You can as well
list failed events by looking with the group called
org.apache.james.mailbox.opensearch.events.OpenSearchListeningMessageSearchIndex$OpenSearchListeningMessageSearchIndexGroup.
A first on-the-fly solution could be to just
redeliver those group events with event dead letter.
If the event storage in dead-letters fails (for instance in the face of Cassandra storage exceptions), then you might need to use our WebAdmin reIndexing tasks.
From there, you have multiple choices. You can reIndex all mails, reIndex mails from a mailbox or even just reIndex a single mail.
When checking the result of a reIndexing task, you might have failed reprocessed mails. You can still use the task ID to reprocess previously failed reIndexing mails.
Sometimes you might need to update index settings. Cases when an administrator might want to update index settings include:
In order to achieve such a procedure, you need to:
mailboxReadAlias) and one for writing (mailboxWriteAlias).
First add an alias mailboxWriteAlias to that new index,
so that now James writes on the old and new indexes, while only keeping reading on the first one_source field being present)mailboxReadAlias alias to the new indexopensearch.index.mailbox.name to the name of your new index. This is to avoid that James
re-creates index upon restartNote: keep in mind that reindexing can be a very long operation depending on the volume of mails you have stored.
Cassandra backend uses data duplication to workaround Cassandra query limitations. However, Cassandra is not doing transaction when writing in several tables, this can lead to consistency issues for a given piece of data. The consequence could be that the data is in a transient state (that should never appear outside of the system).
Because of the lack of transactions, it's hard to prevent these kind of issues. We had developed some features to fix some existing cassandra inconsistency issues that had been reported to James.
Here is the list of known inconsistencies:
When you read a Jmap message, some calculated properties are expected to be fast to retrieve, like preview, hasAttachment.
James achieves it by pre-calculating and storing them into a caching table (message_fast_view_projection).
Missing caches are populated on message reads and will temporary decrease the performance.
You can watch the MessageFastViewProjection health check at webadmin documentation.
It provides a check based on the ratio of missed projection reads.
Since the MessageFastViewProjection is self healing, you should be concerned only if
the health check still returns degraded for a while, there's a possible thing you
can do is looking at James logs for more clues.
mailboxPath and mailbox tables share common fields like mailboxId and mailbox name.
A successful operation of creating/renaming/delete mailboxes has to succeed at updating mailboxPath and mailbox table.
Any failure on creating/updating/delete records in mailboxPath or mailbox can produce inconsistencies.
If you found the suspicious MailboxNotFoundException in your logs.
Currently, there's no dedicated tool for that, we recommend scheduling
the SolveInconsistencies task below for the mailbox object on a regular basis,
avoiding peak traffic in order to address both inconsistencies diagnostic and fixes.
An admin can run offline webadmin solve Cassandra mailbox object inconsistencies task in order to sanitize his mailbox denormalization.
In order to ensure being offline, stop the traffic on SMTP, JMAP and IMAP ports, for example via re-configuration or firewall rules.
James maintains a per mailbox projection for message count and unseen message count. Failures during the denormalization process will lead to incorrect results being returned.
Incorrect message count/message unseen count could be seen in the Mail User Agent (IMAP or JMAP). Invalid values are reported in the logs
as warning with the following class org.apache.james.mailbox.model.MailboxCounters and the following message prefix: Invalid mailbox counters.
Execute the [recompute Mailbox counters task](manage-webadmin.html#Recomputing mailbox counters). This task is not concurrent-safe. Concurrent increments & decrements will be ignored during a single mailbox processing. Re-running this task may eventually return the correct result.
Messages are denormalized and stored in both imapUidTable (source of truth) and messageIdTable. Failure in the denormalization
process will cause inconsistencies between the two tables.
User can see a message in JMAP but not in IMAP, or mark a message as ‘SEEN’ in JMAP but the message flag is still unchanged in IMAP.
Execute the solve Cassandra message inconsistencies task.
This task is not concurrent-safe. User actions concurrent to the inconsistency fixing task could result in new inconsistencies
being created. However the source of truth imapUidTable will not be affected and thus re-running this task may eventually
fix all issues.
User can monitor the amount of space and message count he is allowed to use, and that he is effectively using. James relies on an event bus and Cassandra to track the quota of an user. Upon Cassandra failure, this value can be incorrect.
Incorrect quotas could be seen in the Mail User Agent (IMAP or JMAP).
Execute the [recompute Quotas counters task](manage-webadmin.html#Recomputing current quotas for users). This task is not concurrent-safe. Concurrent operations will result in an invalid quota to be persisted. Re-running this task may eventually return the correct result.
rrt and mappings_sources tables store information about address mappings.
The source of truth is rrt and mappings_sources is the projection table containing all
mapping sources.
Right now there's no tool for detecting that, we're proposing a development plan.
By the mean time, the recommendation is to execute the SolveInconsistencies task below
in a regular basis.
Execute the Cassandra mapping SolveInconsistencies task described in webadmin documentation
When a Cassandra cluster is serving more than a James cluster, the keyspaces need isolation. It can be achieved by configuring James server with credentials preventing access or modification of other keyspaces.
We recommend you to not use the initial admin user of Cassandra and provide a different one with a subset of permissions for each application.
We're gonna use the Cassandra super users to create roles and grant permissions for them. To do that, Cassandra requires you to login via username/password authentication and enable granting in cassandra configuration file.
For example:
echo -e "\nauthenticator: PasswordAuthenticator" >> /etc/cassandra/cassandra.yaml
echo -e "\nauthorizer: org.apache.cassandra.auth.CassandraAuthorizer" >> /etc/cassandra/cassandra.yaml
Have a look at cassandra documentation section CREATE ROLE for more information
E.g.
CREATE ROLE james_one WITH PASSWORD = 'james_one' AND LOGIN = true;
Have a look at cassandra documentation section CREATE KEYSPACE for more information
The role to be used by James needs to have full rights on the keyspace
that James is using. Assuming the keyspace name is james_one_keyspace
and the role be james_one.
GRANT CREATE ON KEYSPACE james_one_keyspace TO james_one; // Permission to create tables on the appointed keyspace
GRANT SELECT ON KEYSPACE james_one_keyspace TO james_one; // Permission to select from tables on the appointed keyspace
GRANT MODIFY ON KEYSPACE james_one_keyspace TO james_one; // Permission to update data in tables on the appointed keyspace
Warning: The granted role doesn't have the right to create keyspaces, thus, if you haven't created the keyspace, James server will fail to start is expected.
Tips
Since all of Cassandra roles used by different James are supposed to
have a same set of permissions, you can reduce the works by creating a
base role set like typical_james_role with all of necessary permissions.
After that, with each James, create a new role and grant the typical_james_role
to the newly created one. Note that, once a base role set is updated (
granting or revoking rights) all granted roles are automatically updated.
E.g.
CREATE ROLE james1 WITH PASSWORD = 'james1' AND LOGIN = true;
GRANT typical_james_role TO james1;
CREATE ROLE james2 WITH PASSWORD = 'james2' AND LOGIN = true;
GRANT typical_james_role TO james2;
We want a specific role that cannot describe or query the information of other keyspaces or tables used by another application. By default, Cassandra allows every role created to have the right to describe any keyspace and table. There's no configuration that can make effect on that topic. Consequently, you have to accept that your data models are still being exposed to anyone having credentials to Cassandra.
For more information, have a look at cassandra documentation section REVOKE PERMISSION.
Except for the case above, the permissions are not auto available for
a specific role unless they are granted by GRANT command. Therefore,
if you didn't provide more permissions than granting section, there's no need to revoke.
While Distributed James is shipped with default table configuration options, these settings should be refined depending of your usage.
These options are:
The compaction algorithms allow a tradeoff between background IO upon writes and reads. We recommend:
Bloom filters help avoiding unnecessary reads on SSTables. This probabilistic data structure can tell an entry absence from a SSTable, as well as the presence of an entry with an associated probability. If a lot of false positives are noticed, the size of the bloom filters can be increased.
As explained in this post, chunk size used upon compression allows a tradeoff between reads and writes. A smaller size will mean decreasing compression, thus it increases data being stored on disk, but allow lower chunks to be read to access data, and will favor reads. A bigger size will mean better compression, thus writing less, but it might imply reading bigger chunks.
Cassandra enables a key cache and a row cache. Key cache enables to skip reading the partition index upon reads, thus performing 1 read to the disk instead of 2. Enabling this cache is globally advised. Row cache stores the entire row in memory. It can be seen as an optimization, but it might actually use memory no longer available for instance for file system cache. We recommend turning it off on modern SSD hardware.
A review of your usage can be conducted using
nodetool utility. For example
nodetool tablestats {keyspace} allows reviewing the number of SSTables, the read/write ratios, bloom filter efficiency.
nodetool tablehistograms {keyspace}.{table} might give insight about read/write performance.
Table level options can be changed using ALTER TABLE for example with the cqlsh utility. A full compaction might be needed in order for the changes to be taken into account.
An email queue is a mandatory component of SMTP servers. It is a system that creates a queue of emails that are waiting to be processed for delivery. Email queuing is a form of Message Queuing – an asynchronous service-to-service communication. A message queue is meant to decouple a producing process from a consuming one. An email queue decouples email reception from email processing. It allows them to communicate without being connected. As such, the queued emails wait for processing until the recipient is available to receive them. As James is an Email Server, it also supports mail queue as well.
You might often need to check mail queue to make sure all emails are delivered properly. At first, you need to know why email queues get clogged. Here are the two core reasons for that:
Some mailbox providers enforce email rate limits on IP addresses. The limits are based on the sender reputation. If you exceeded this rate and queued too many emails, the delivery speed will decrease.
Another common reason is that your email has been busted by spam filters. The filters will let the emails gradually pass to analyze how the rest of the recipients react to the message. If there is slow progress, it’s okay. Your email campaign is being observed and assessed. If it’s stuck, there could be different reasons including the blockage of your IP address.
However the current design do not implement delays. Delays allow to define the time a mail have to be living in the mailqueue before being dequeued and is used for example for exponential wait delays upon remote delivery retries, or SMTP traffic rate limiting.
In order to adapt mail queue settings to the actual traffic load, an administrator needs to perform fine configuration tunning as explained in rabbitmq.properties.
Be aware that MailQueue::getSize is currently performing a browse and thus is expensive. Size recurring metric
reporting thus introduces performance issues. As such, we advise setting mailqueue.size.metricsEnabled=false.
Managing an email queue is an easy task if you follow this procedure:
In case, you need to clear an email queue because there are only spam or trash emails in the email queue you have this procedure to follow:
A schema version indicates you which schema your James server is relying on. The schema version number tracks if a migration is required. For instance, when the latest schema version is 2, and the current schema version is 1, you might think that you still have data in the deprecated Message table in the database. Hence, you need to migrate these messages into the MessageV2 table. Once done, you can safely bump the current schema version to 2.
Relying on outdated schema version prevents you to benefit from the newest performance and safety improvements. Otherwise, there's something very unexpected in the way we manage cassandra schema: we create new tables without asking the admin about it. That means your James version is always using the last tables but may also take into account the old ones if the migration is not done yet.
When you see in James logs org.apache.james.modules.mailbox.CassandraSchemaVersionStartUpCheck showing a warning like Recommended version is versionX, you should perform an update of the Cassandra schema version.
Also, we keep track of changes needed when upgrading to a newer version. You can read this upgrade instructions.
These schema updates can be triggered by webadmin using the Cassandra backend. Following steps are for updating Cassandra schema version:
Otherwise, if you need to run the migrations to a specific version, you can use Upgrading to a specific version
Deleted Messages Vault is an interesting feature that will help James users have a chance to:
If the Deleted Messages Vault is enabled when users delete their mails, and by that we mean when they try to definitely delete them by emptying the trash, James will retain these mails into the Deleted Messages Vault, before an email or a mailbox is going to be deleted. And only administrators can interact with this component via WebAdmin REST APIs.
However, mails are not retained forever as you have to configure a retention period before using it (with one-year retention by default if not defined). It's also possible to permanently delete a mail if needed and we recommend the administrator to run it in cron job to save storage volume.
To setup James with Deleted Messages Vault, you need to follow those steps:
You need to configure this hook in listeners.xml configuration file. More details about configuration & example can be found at Pre Deletion Hook Configuration
In order to configure the retention time for the Deleted Messages Vault, an administrator needs to perform fine configuration tunning as explained in deletedMessageVault.properties. Mails are not retained forever as you have to configure a retention period (by retentionPeriod) before using it (with one-year retention by default if not defined).
After users deleted their mails and emptied the trash, the admin can use Restore Deleted Messages to restore all the deleted mails.
You can delete all deleted messages older than the configured retentionPeriod by using Purge Deleted Messages. We recommend calling this API in CRON job on 1st day each month.