CFMAIL on port 587 Issues!

November 6, 2019
Newbie 2 posts
Followers: 0 people
1

CFMAIL on port 587 Issues!

Newbie 2 posts
Followers: 0 people
November 6, 2019

So I am being asked if we can run our CF server’s mail sending on port 587 to make it more secure. However, the only way we can get port 587 to work is if I put no credentials in the code or admin and we have TLS and USEHTTPS turned off.  We also have to enable anonymous on port 587 on the mail server.  I downloaded the Cert from the mail server and installed with java keytool, it didn’t help.  No matter what I try all combos’ of options I just get errors in the log.

We tried with username and password
With USETLS = “true”
With USESSL = “true”

Any suggestions on how to make our mail more secure or make this work?

“Error”,”scheduler-2″,”11/05/19″,”15:55:20″,””,”com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM ”
“Error”,”scheduler-2″,”11/05/19″,”15:55:25″,””,”com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM ”
“Error”,”scheduler-2″,”11/05/19″,”16:10:30″,””,”javax.mail.AuthenticationFailedException: 535 5.7.3 Authentication unsuccessful ”
“Error”,”scheduler-2″,”11/05/19″,”16:10:35″,””,”com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM ”
“Error”,”scheduler-2″,”11/05/19″,”16:21:55″,””,”javax.mail.AuthenticationFailedException: 535 5.7.3 Authentication unsuccessful ”
“Error”,”scheduler-2″,”11/05/19″,”16:22:01″,””,”javax.mail.AuthenticationFailedException: 535 5.7.3 Authentication unsuccessful ”
“Error”,”scheduler-2″,”11/05/19″,”16:24:31″,””,”javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
“Error”,”scheduler-0″,”11/05/19″,”16:32:31″,””,”javax.mail.MessagingException: Could not connect to SMTP host: smtp.co.weld.co.us, port: 587; nested exception is: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message”
“Error”,”scheduler-0″,”11/05/19″,”16:33:17″,””,”javax.mail.MessagingException: Could not connect to SMTP host: smtp.co.weld.co.us, port: 587; nested exception is: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message”
“Error”,”scheduler-0″,”11/05/19″,”16:36:02″,””,”javax.mail.MessagingException: Could not connect to SMTP host: smtp.co.weld.co.us, port: 587; nested exception is: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message”
“Error”,”scheduler-0″,”11/05/19″,”16:36:02″,””,”coldfusion.mail.MailImpl$RecipientCertificateException: The recipient certificate is not specified. ”
“Error”,”scheduler-0″,”11/05/19″,”16:36:02″,””,”coldfusion.mail.MailImpl$RecipientCertificateException: The recipient certificate is not specified. ”
“Error”,”scheduler-0″,”11/05/19″,”16:36:02″,””,”javax.mail.MessagingException: Could not connect to SMTP host: smtp.co.weld.co.us, port: 587; nested exception is: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message”
“Error”,”scheduler-0″,”11/05/19″,”16:38:17″,””,”javax.mail.MessagingExcepti

Comments (1)
2019-11-06 13:16:22
2019-11-06 13:16:22

There can be many explanations for what’s amiss, but I will offer two that are rather common for ssl-related issues in CF, and then close with a couple other possibilities.

First, you say you imported a cert using keytool. Ok, but let’s talk about WHERE you put that cert.

Note that you need to put it in the /lib/security/cacerts of wherever cf is naming its jvm to be. And that may not be the jre folder under the cf folder, though many resources show (including from Adobe) will presume to show using the keytool to put a cert there.

The thing is, if someone may have changed cf since installation to use a new jvm, then your cf admin jvm page will show it pointing elsewhere, and you need to import the cert into the /lib/security/cacerts of THAT folder instead. And when you may change jvm’s in the future, don’t forget to bring the certs along, though only if still needed. See my next point.

Second and speaking of changing the jvm, somemes such a cert import is NOT needed after all, to fix ssl-related problems.

You may simply need to update the jvm that cf is using. For more, see my post:

https://coldfusion.adobe.com/2019/06/error-calling-cf-via-https-solved-updating-jvm/

Indeed, some folks have been importing certs over and over as they DID move to new jvm’s (see above) when in fact the cert was no longer really needed.

Hope that’s helpful. Let us know if you resolve things or not.

If not, then consider finally the possibility of conflicts on that port 587 either from a firewall or anti-virus tool. And then do clarify whether those messages above were all from when things were configured one way or another. If from when configured one way, are they different when things are configured another?

Like
(1)
Add your comment