Mailer error - must issue a STARTTLS command first

[Danny]

I'm attempting to send mail from my Play 2.1.0 application. 

The external mail server is configured for TLS on, SSL off on Port 587.

I have my application.conf configuration set as follows:

#smtp config

smtp.host=mail.xxx.xxx

smtp.port=587

smtp.ssl=no

smtp.tls=no

#smtp.channel=starttls

smtp.starttls=yes

smtp.user="x...@yyy.com"

smtp.password="xxx"

my play-plugins references the commons mailer plugin:

1500:com.typesafe.plugin.CommonsMailerPlugin

When I try to send a simple outgoing email, my console is complaining about starting STARTTLS

Here's an excerpt from the trace:

Caused by: javax.mail.MessagingException: 530 5.7.0 Must issue a STARTTLS command first

        at com.sun.mail.smtp.SMTPTransport.issueCommand(SMTPTransport.java:1481) ~[mail-1.4.1.jar:1.4.1]

        at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1512) ~[mail-1.4.1.jar:1.4.1]

        at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1054) ~[mail-1.4.1.jar:1.4.1]

        at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:634) ~[mail-1.4.1.jar:1.4.1]

        at javax.mail.Transport.send0(Transport.java:189) ~[mail-1.4.1.jar:1.4.1]

        at javax.mail.Transport.send(Transport.java:118) ~[mail-1.4.1.jar:1.4.1]

I've tried with a few variations of smtp.starttls=yes, smtp.starttls=true, smtp.channel=starttls all with the same result.

I'm assuming the starttls negotiation requires that I set smtp.tls=no.  If I set it to yes, I get a different exception:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.7.0_25]

        at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.7.0_25]

        at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.7.0_25]

        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.7.0_25]

        at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.7.0_25]

        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[na:1.7.0_25]

Has anyone used the commons mailer for a server requiring STARTTLS or can anyone suggest how to debug this problem?

thanks for any suggestions or example configurations for this case.

Danny

[Johan Andren]

The error you get when you have smtp.tls=yes the error you get is what you get when Java does not know about the certificate chain on the other chain, so I think that means that TLS is successful but you might have to add the certificate to your java keychain for TLS to work (the other end might either have a self signed certificate or not have the entire certificate chain up to the certificate authority as it should).

There are ways to register a certificate validator or whatever it is called that will just ignore the certificate chain and just use the cert for encryption if that is all you care about. Search the interwebs with the second error and you will find info about how.

[Danny]

thanks Johan,

that was correct advice, the second error was indicating that the jre had no access to the certificate and the solution is to get the certificate (in my case I used Chrome to browse to the site directly, was alerted that the certificate was self signed thus untrustworthy, then clicked on the lock with the red X, then I exported/saved "copy to File" the cert to a local drive and went to my jre/lib/security folder to add it to cacerts using a import method of keytools.

Danny