0

i have been trying to send an email from my servlet. I tried to see how this can be done in the internet. But, in all the codes that I came across, none of them used the senders password to send the mail.

This means anyone can send an email from anyone's account. have I got it wrong or what is the actual matter?

Exception in thread "main" javax.mail.MessagingException: Could not connect to S
MTP host: localhost, port: 465;
  nested exception is:
        java.net.ConnectException: Connection refused: connect
        at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1391)
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:41
2)
        at javax.mail.Service.connect(Service.java:288)
        at javax.mail.Service.connect(Service.java:169)
        at javax.mail.Service.connect(Service.java:189)
        at Email1.main(Email1.java:19)
Caused by: java.net.ConnectException: Connection refused: connect
        at java.net.DualStackPlainSocketImpl.connect0(Native Method)
        at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketI
mpl.java:69)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.ja
va:339)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocket
Impl.java:200)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java
:182)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:157)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
        at java.net.Socket.connect(Socket.java:579)
        at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:612)
        at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160
)
        at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:233)
        at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:189)
        at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1359)
Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
Ashwin
  • 12,691
  • 31
  • 118
  • 190

2 Answers2

2

You're right in a way. Anyone can send am email pretending to be anybody else if smtp server doesn't require authentication ;-) Fortunately most servers out there do require authentication.

I didn't quite get what you're trying to achieve here. Do you have your own smtp server, or do you want to allow users to send mail from an account they already have (e.g. from gmail.com). In both cases you'll probably like to see JavaMail API documentation. There is even a sample JavaMailServlet you may use as reference.

Here's a simple program that sends an email and uses user/pass to authenticate to smtp server (based on examples in JavaMail):

import java.util.Properties;

import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;

public class Mail
{
    public static void main(String[] args) throws MessagingException
    {
        Properties props = new Properties();
        props.setProperty("mail.smtp.host", "smtp.example.com");
        // props.setProperty("mail.smtp.auth", "true"); // not necessary for my server, I'm not sure if you'll need it
        Session session = Session.getInstance(props, null);
        Transport transport = session.getTransport("smtp");
        transport.connect("user", "password");

        Message message = new MimeMessage(session);
        message.setSubject("Test");
        message.setText("Hello :)");
        message.setFrom(new InternetAddress("you@example.com"));
        message.setRecipient(Message.RecipientType.TO, new InternetAddress("your-friend@example.com"));
        transport.sendMessage(message, message.getAllRecipients());
    }
}
Bartosz Moczulski
  • 1,209
  • 9
  • 18
  • :I don't have my own smptp server or something like that. I get the clients email id into my servlet and want to send an email to the client for verification. I want to send it from my gmail account. Is it possible. – Ashwin Feb 26 '12 at 02:49
  • Sure it is, but gmail requires TLS connection. So instead of `smtp` you need to use `smtps` (secure). All you need to change in the above code is `props.setProperty("mail.smtps.host", "smtp.gmail.com");` and `session.getTransport("smtps");`. Then use your own login and password in `connect()` method. – Bartosz Moczulski Feb 26 '12 at 09:07
  • I tried you code with the changes you mentioned. But I am getting exceptions. Please see the question for the exceptions. – Ashwin Feb 26 '12 at 11:32
  • @user1139023 Do you have a SMTP server running on localhost? If not, make sure you actually configure the right hostname (and use the right property if you are using smtps) – Mark Rotteveel Feb 26 '12 at 11:40
  • @Bartosz Moczulski: Can't I use the google's smpt server while authenticating myself. Is it necessary to have my own smtp server. – Ashwin Feb 26 '12 at 11:46
  • If you set "mail.smtp(s).host" property then you don't need smtp server at localhost - you use the one set in the property, in this case Google's. – Bartosz Moczulski Feb 26 '12 at 15:31
0

Sending an e-mail from a servlet is something you might do when you have code that is running a report or needs to notify you of some event, in which case, that e-mail will be from a generic service account. If you want to use a client's e-mail credentials, you will have to request them or have an UI that allows your users to enter contact information. I think it is kind of iffy to be asking anyone for their e-mail password, however. I know I would not enter that information into someone's website, no matter how much I trusted their service. So I think you need to think more about your design and what your expecations are as opposed to simply how to do it with code.

  • I am sending and email to client from my email address. This requires only my password. Why would I want the clients password. I only need the client's email address, which I can get from the client itself. – Ashwin Feb 26 '12 at 02:46