SSL Problem with MailQueue
52 views
Skip to first unread message
OldShatterhand
Dec 23, 2014, 8:35:50 AM12/23/14
to manydesign...@googlegroups.com
Hi Guys,
I just tried to setup the mailing functionality of Portofino.
Unfortuanely I'm getting a SSL error with the SMTP Server I need to use!
I get the following errors in my logs:
org.apache.commons.mail.EmailException: Sending the email to the following server failed : (mailserver:port <- log displays the real server here)
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1242) ~[commons-email-1.2.jar:1.2]
at org.apache.commons.mail.Email.send(Email.java:1267) ~[commons-email-1.2.jar:1.2]
at com.manydesigns.mail.sender.DefaultMailSender.send(DefaultMailSender.java:217) ~[portofino-mail-4.1.1.jar:4.1.1]
at com.manydesigns.mail.sender.DefaultMailSender.runOnce(DefaultMailSender.java:103) ~[portofino-mail-4.1.1.jar:4.1.1]
at com.manydesigns.mail.stripes.SendMailAction.execute(SendMailAction.java:70) ~[portofino-mail-4.1.1.jar:4.1.1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_32]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.6.0_32]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.6.0_32]
at java.lang.reflect.Method.invoke(Method.java:622) ~[na:1.6.0_32]
at net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:456) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158) ~[stripes-1.5.8.jar:1.5.8]
at com.manydesigns.portofino.interceptors.GuardsInterceptor.intercept(GuardsInterceptor.java:61) ~[portofino-base-4.1.1.jar:4.1.1]
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:454) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:278) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.DispatcherServlet.service(DispatcherServlet.java:160) ~[stripes-1.5.8.jar:1.5.8]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) ~[servlet-api.jar:na]
at net.sourceforge.stripes.controller.DynamicMappingFilter$2.doFilter(DynamicMappingFilter.java:453) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:260) ~[stripes-1.5.8.jar:1.5.8]
at net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(DynamicMappingFilter.java:440) ~[stripes-1.5.8.jar:1.5.8]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ~[catalina.jar:7.0.56]
at com.manydesigns.portofino.servlets.I18nFilter.doFilter(I18nFilter.java:60) ~[portofino-base-4.1.1.jar:4.1.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ~[catalina.jar:7.0.56]
at net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:260) ~[stripes-1.5.8.jar:1.5.8]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ~[catalina.jar:7.0.56]
at com.manydesigns.portofino.servlets.CleanupFilter.doFilter(CleanupFilter.java:47) ~[portofino-database-4.1.1.jar:4.1.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ~[catalina.jar:7.0.56]
at com.manydesigns.portofino.servlets.DispatcherFilter.doFilter(DispatcherFilter.java:61) ~[portofino-pageactions-4.1.1.jar:4.1.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ~[catalina.jar:7.0.56]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ~[catalina.jar:7.0.56]
at com.manydesigns.elements.servlet.ElementsFilter.doHttpFilter(ElementsFilter.java:132) ~[elements-4.1.1.jar:4.1.1]
at com.manydesigns.elements.servlet.ElementsFilter.doFilter(ElementsFilter.java:83) ~[elements-4.1.1.jar:4.1.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) ~[catalina.jar:7.0.56]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) ~[catalina.jar:7.0.56]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) ~[catalina.jar:7.0.56]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) ~[catalina.jar:7.0.56]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) ~[catalina.jar:7.0.56]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) ~[catalina.jar:7.0.56]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) ~[tomcat-coyote.jar:7.0.56]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) ~[tomcat-coyote.jar:7.0.56]
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) ~[tomcat-coyote.jar:7.0.56]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146) ~[na:1.6.0_32]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ~[na:1.6.0_32]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-coyote.jar:7.0.56]
at java.lang.Thread.run(Thread.java:701) ~[na:1.6.0_32]
Caused by: javax.mail.MessagingException: Exception reading response
at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1611) ~[mail-1.4.1.jar:1.4.1]
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1369) ~[mail-1.4.1.jar:1.4.1]
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:412) ~[mail-1.4.1.jar:1.4.1]
at javax.mail.Service.connect(Service.java:310) ~[mail-1.4.1.jar:1.4.1]
at javax.mail.Service.connect(Service.java:169) ~[mail-1.4.1.jar:1.4.1]
at javax.mail.Service.connect(Service.java:118) ~[mail-1.4.1.jar:1.4.1]
at javax.mail.Transport.send0(Transport.java:188) ~[mail-1.4.1.jar:1.4.1]
at javax.mail.Transport.send(Transport.java:118) ~[mail-1.4.1.jar:1.4.1]
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1232) ~[commons-email-1.2.jar:1.2]
... 64 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.6.0_32]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1715) ~[na:1.6.0_32]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:257) ~[na:1.6.0_32]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:251) ~[na:1.6.0_32]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1168) ~[na:1.6.0_32]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.6.0_32]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609) ~[na:1.6.0_32]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:545) ~[na:1.6.0_32]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:963) ~[na:1.6.0_32]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1208) ~[na:1.6.0_32]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:838) ~[na:1.6.0_32]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:94) ~[na:1.6.0_32]
at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:110) ~[mail-1.4.1.jar:1.4.1]
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) ~[na:1.6.0_32]
at java.io.BufferedInputStream.read(BufferedInputStream.java:254) ~[na:1.6.0_32]
at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:88) ~[mail-1.4.1.jar:1.4.1]
at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1589) ~[mail-1.4.1.jar:1.4.1]
... 72 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324) ~[na:1.6.0_32]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224) ~[na:1.6.0_32]
at sun.security.validator.Validator.validate(Validator.java:235) ~[na:1.6.0_32]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147) ~[na:1.6.0_32]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230) ~[na:1.6.0_32]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270) ~[na:1.6.0_32]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1147) ~[na:1.6.0_32]
... 84 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197) ~[na:1.6.0_32]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255) ~[na:1.6.0_32]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319) ~[na:1.6.0_32]
... 90 common frames omitted
Do you have any idea what the problem might be? The Certificate of the mailserver should normally work without problems, it is recognized by all my browsers and Thunderbird as valid!
Also is there a chance that the Mail Function will support STARTTLS in the future? Another Mail account I tested with requires this and doesn't allow normal SSL/TLS.
Regards
Tobias
Angelo Lupo
Dec 26, 2014, 12:17:57 PM12/26/14
to manydesign...@googlegroups.com
Hi Tobias,
have you checked the certificate?
Your problem is not in Portofino. You can start from here
Best regards,
Angelo
--
You received this message because you are subscribed to the Google Groups "manydesigns-portofino" group.
To unsubscribe from this group and stop receiving emails from it, send an email to manydesigns-port...@googlegroups.com.
To post to this group, send email to manydesign...@googlegroups.com.
Visit this group at http://groups.google.com/group/manydesigns-portofino.
For more options, visit https://groups.google.com/d/optout.
OldShat...@gmx-topmail.de
Jan 5, 2015, 12:43:49 PM1/5/15
to manydesign...@googlegroups.com
Hi Angelo,
sorry for my long delay in answering. Haven't got time to look at this over the Christmas and New-Years Days.
Yes I've checked the Certificate, it also works without flaws
(confirming requests etc.) in all of my Browsers and Thunderbird.
Problem seems to be the same or somilar to that posted here:
http://serverfault.com/questions/391487/why-is-my-rapidssl-certificate-chain-is-not-trusted-on-ubuntusorry for my long delay in answering. Haven't got time to look at this over the Christmas and New-Years Days.
I'm getting the exactly! same Problem like shown there (even with the same Root Certificate!) when I try to check with openssl on our Dev.Server and also on my private Linux machine. Strangely on my private machine everything works fine in browsers as already said above... just openssl and java fail.
So it seems like the chain is not resolved properly and/or the Equifax Root CA is not installed in the keystore of our Development Server.
Guess I'll just have to order our Server Admin to import the Equifax Certificate into the keystore (I don't have root access to the server), even if still appears strange to me that the certificate works everywhere but in openssl and java.
Regards
Tobias
------ Original-Nachricht / Original-Message ------
Von / From: Angelo Lupo <angel...@gmail.com>
An / To: manydesign...@googlegroups.com
Gesendet / Sent: Fr 26 Dez 2014 18:17:56 CET (UTC +0100)
Betreff / Subject: Re: SSL Problem with MailQueue
You received this message because you are subscribed to a topic in the Google Groups "manydesigns-portofino" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/manydesigns-portofino/11Gjh5AbNjc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to manydesigns-port...@googlegroups.com.
OldShat...@gmx-topmail.de
Jan 5, 2015, 2:55:06 PM1/5/15
to manydesign...@googlegroups.com
Hi,
I just found out the real Problem and fixed it (temporary) for my dev-evirorment.
Problem was that the mailserver gives back the full certificate chain when accessed through port 443 (for webmail etc.)
But for the actual smtp port it just gives back the actual mailserver certificate. Which java obviously cant verify then.
So I now temporarily created an own, local keystore and imported the mailserver cert in there. Works but is of course only a temporary solution.
And my words in the last mail about failing on openssl in general were just a mistake... just forgot to supply openssl with a CApath to test.
Regards
Tobias
I just found out the real Problem and fixed it (temporary) for my dev-evirorment.
Problem was that the mailserver gives back the full certificate chain when accessed through port 443 (for webmail etc.)
But for the actual smtp port it just gives back the actual mailserver certificate. Which java obviously cant verify then.
So I now temporarily created an own, local keystore and imported the mailserver cert in there. Works but is of course only a temporary solution.
And my words in the last mail about failing on openssl in general were just a mistake... just forgot to supply openssl with a CApath to test.
Regards
Tobias
------ Original-Nachricht / Original-Message ------
Von / From: OldShat...@gmx-topmail.de
An / To: manydesign...@googlegroups.com
Gesendet / Sent: Mo 05 Jan 2015 18:43:45 CET (UTC +0100)
An / To: manydesign...@googlegroups.com
Gesendet / Sent: Mo 05 Jan 2015 18:43:45 CET (UTC +0100)
Reply all
Reply to author
Forward
0 new messages