Java Mail : Unable to initiate SMTPS protocol via TLS on port 587

Question

I would like to send SMTPS mail via TLSv1.2/TLSv1.3 on port 587.

I use Axigen as a mail server, with the following configuration:

listeners ssl : 465 / 587
ssl configuration : TLS 1.2 / TLS 1.3

EXAMPLE WITH PORT 587

Here is the java debug trail :

DEBUG SMTP: need username and password for authentication
DEBUG SMTP: protocolConnect returning false, host=192.168.59.99, user="user", password=<null>
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "192.168.59.99", port 587, isSSL true
220 axigen Axigen ESMTP ready
DEBUG SMTP: connected to host "192.168.59.99", port: 587
EHLO "DOMAIN"
250-axigen Axigen ESMTP hello
...
DEBUG SMTP: STARTTLS requested but already using SSL
DEBUG SMTP: protocolConnect login, host=192.168.59.99, user=jacques.durand@ca.lan, password=<non-null>
DEBUG SMTP: Attempt to authenticate using mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM XOAUTH2 
DEBUG SMTP: Using mechanism LOGIN
DEBUG SMTP: AUTH LOGIN command trace suppressed
DEBUG SMTP: AUTH LOGIN succeeded
DEBUG SMTP: use8bit false
MAIL FROM:<jacques.durand@ca.lan>
250 Sender accepted
RCPT TO:<jacques.durand@ca.lan>
250 Recipient accepted
DEBUG SMTP: Verified Addresses
DEBUG SMTP:   jacques.durand@ca.lan
DATA
354 Ready to receive data; remember <CRLF>.<CRLF>
Date: Tue, 7 Feb 2023 10:03:25 +0100 (CET)
From: jacques.durand@ca.lan
To: jacques.durand@ca.lan
Message-ID: <947679291.0.1675760605998@192.168.59.99>
Subject: TestMail
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

TestMail
.
250 Mail queued for delivery
DEBUG SMTP: message successfully delivered to mail server
QUIT
221-axigen Axigen ESMTP is closing connection
221 Good bye

Process finished with exit code 0

I use wireshark to see the exchanges on the mail server.

On port 587 the protocol used is TCP/SMTP, but it is not SMTPS.

EXAMPLE WITH PORT 465

Java debug trail :

DEBUG SMTP: need username and password for authentication
DEBUG SMTP: protocolConnect returning false, host=192.168.59.99, user="user", password=<null>
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "192.168.59.99", port 465, isSSL true
220 axigen Axigen ESMTP ready
DEBUG SMTP: connected to host "192.168.59.99", port: 465
EHLO "DOMAIN"
250-axigen Axigen ESMTP hello
...
DEBUG SMTP: STARTTLS requested but already using SSL
DEBUG SMTP: protocolConnect login, host=192.168.59.99, user=jacques.durand@ca.lan, password=<non-null>
DEBUG SMTP: Attempt to authenticate using mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM XOAUTH2 
DEBUG SMTP: Using mechanism LOGIN
DEBUG SMTP: AUTH LOGIN command trace suppressed
DEBUG SMTP: AUTH LOGIN succeeded
DEBUG SMTP: use8bit false
MAIL FROM:<jacques.durand@ca.lan>
250 Sender accepted
RCPT TO:<jacques.durand@ca.lan>
250 Recipient accepted
DEBUG SMTP: Verified Addresses
DEBUG SMTP:   jacques.durand@ca.lan
DATA
354 Ready to receive data; remember <CRLF>.<CRLF>
Date: Tue, 7 Feb 2023 10:58:52 +0100 (CET)
From: jacques.durand@ca.lan
To: jacques.durand@ca.lan
Message-ID: <947679291.0.1675763932670@192.168.59.99>
Subject: TestMail
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

TestMail
.
250 Mail queued for delivery
DEBUG SMTP: message successfully delivered to mail server
QUIT
221-axigen Axigen ESMTP is closing connection
221 Good bye

Process finished with exit code 0

On wireshark with port 465, we can see that the protocol used is TLSv1.3.

Below is the Java code for sending mail : (I have used all combinations of java smtp/smtps properties without success)

import com.sun.mail.smtp.SMTPTransport;
import jakarta.mail.*;
import jakarta.mail.internet.InternetAddress;
import jakarta.mail.internet.MimeBodyPart;
import jakarta.mail.internet.MimeMessage;
import jakarta.mail.internet.MimeMultipart;

public class SendMail {

    public static void main(String[] args) throws MessagingException {

        Session session = null;

        Properties properties = System.getProperties();

        properties.put("mail.debug", "true");

        properties.put("mail.transport.protocol", "smtp");
        properties.put("mail.host", "192.168.59.99");
        properties.put("mail.smtp.auth", "true");
        properties.put("mail.smtp.port", "587");

        // Enable STARTTLS
        properties.put("mail.smtp.starttls.enable", "true");
        properties.put("mail.smtp.starttls.required", "true");

        // Accept only TLS 1.1 and 1.2
        properties.setProperty("mail.smtp.ssl.enable", "true");
        properties.setProperty("mail.smtp.ssl.trust", "192.168.59.99");
        properties.setProperty("mail.smtp.ssl.protocols", "TLSv1.2 TLSv1.3");


       // properties.put("mail.transport.protocol.rfc822", "smtp");

        session = Session.getInstance(properties, new Authenticator() {
            @Override
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication("jacques.durand@ca.lan", "us3r");
            }
        });

        if (session == null) {
            throw new RuntimeException("Error creating mail session.");
        }

        session.setDebug(true);

        // message
        Message message = new MimeMessage(session);
        message.setFrom(new InternetAddress("jacques.durand@ca.lan"));
        message.setRecipients(Message.RecipientType.TO,   InternetAddress.parse("jacques.durand@ca.lan"));
        message.setSubject("TestMail");
        message.setText("TestMail");

        Transport.send(message);

    }

}

Unsuccessful java properties :

    Properties properties = System.getProperties();
    properties.setProperty("mail.smtp.host", "192.168.59.99");
    properties.setProperty("mail.smtp.port", "587");
    properties.put("mail.smtp.auth", true);
    properties.put("mail.smtp.socketFactory.port", "587");
    properties.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
    properties.put("mail.smtp.socketFactory.fallback", "false");
    properties.put("mail.smtp.ssl.enable", "true");
    properties.put("mail.smtp.ssl.protocols", "TLSv1.2");
    properties.put("mail.smtp.starttls.enable", "true");
    properties.put("mail.smtp.starttls.required", "true");
    ////
    properties.put("mail.smtps.host", "192.168.59.99");
    properties.put("mail.smtps.port", "587");
    properties.put("mail.smtps.socketFactory.port", "587");
    properties.put("mail.smtps.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
    properties.put("mail.smtps.socketFactory.fallback", "false");
    properties.put("mail.transport.protocol", "smtps");
    properties.put("mail.smtps.ssl.enable","true");
    properties.put("mail.smtps.starttls.enable","false");
    properties.put("mail.smtps.auth", "true");
    properties.put("mail.smtps.ssl.protocols", "TLSv1.2");
    ///
    properties.put("mail.transport.protocol.rfc822", "smtp");

The librairies I tried :

javax.mail : 1.5.0-b01
javax.mail : 1.6.2
jakarta.mail : 2.0.1

I would like to force the TLSv1.2 or TLSv1.3 protocol on port 587.

In short: you use port 587 with implicit SSL, even though the port is reserved for explicit SSL (i.e. STARTTLS). Wireshark tries to implement the data like they are supposed to be at this port, which explains the strange commands shown. To make Wireshark interpret the traffic in a different way you have to enforce this non-standard interpretation with "Decode As ..." — Steffen Ullrich, Feb 07 '23 at 12:16

Java Mail : Unable to initiate SMTPS protocol via TLS on port 587

0 Answers0