3 Replies Latest reply on Jul 28, 2016 11:21 AM by ctomc

Jndi mail inyection and authentication.

carlosmarind Jul 27, 2016 1:05 PM

hi guys,

Im trying to inject a jndi resource pointing to an email with the following definition in my standalone-full.xml :

<mail-session name="alertas" from="alertas@binaryoss.com" jndi-name="java:/mail/alertasMail" debug="true">

<custom-server name="mailAlertas" password="#######" username="alertas@binaryoss.com" outbound-socket-binding-ref="mail-smtp">

</custom-server>

</mail-session>

</subsystem>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

<outbound-socket-binding name="mail-smtp">

<remote-destination host="mail.binaryoss.com" port="25"/>

</outbound-socket-binding>

</socket-binding-group>

the problem is that my mail server needs authentication for sending mails, and with this config no authentication is provided so the server complains about "relaying denied" when i send an email to another domain. I know that is because no authentication is submited and therefore no external domain is allowed to be mailed. ( only internal are permitted).

how can i provide authentication username and password with this jndi resource?

i leave a code segment for example:

	@Resource(name = "java:/mail/alertasMail")
	private Session mailSession;

public boolean sendMail(Parameters params) {

try {

			MimeMessage m = new MimeMessage(this.mailSession);
			InternetAddress[] to = new InternetAddress[] { new InternetAddress("carlosmarind@gmail.com") };

			m.setRecipients(Message.RecipientType.TO, to);
			m.setSubject("Alerts");
			m.setSentDate(new java.util.Date());
			m.setText(this.constructContentGeoFence(), "utf-8", "html");

			Transport.send(m);
			System.out.println("email sent");

			return true;
		} catch (Exception e) {
			e.printStackTrace();
			return false;
		}

}

Thank you in advance.

1. Re: Jndi mail inyection and authentication.

mayerw01 Jul 28, 2016 4:29 AM (in response to carlosmarind)

You should configure the authentication via a <smtp-server> element as a child of <mail-session> like

    <mail-session name="alertas" from="alertas@binaryoss.com" jndi-name="java:/mail/alertasMail" debug="true">
        <smtp-server password="myPassword" username="myUsername" tls="true" ssl="true" outbound-socket-binding-ref="mail-smtp"/>
.....
    </mail-session>

The values for tls and ssl depend on your server.
And it might be less error-prone if you do this via cli or web console.
Actions
2. Re: Jndi mail inyection and authentication.

carlosmarind Jul 28, 2016 10:47 AM (in response to mayerw01)

Wolfgang Mayer escribió:

You should configure the authentication via a <smtp-server> element as a child of <mail-session> like

    <mail-session name="alertas" from="alertas@binaryoss.com" jndi-name="java:/mail/alertasMail" debug="true">

        <smtp-server password="myPassword" username="myUsername" tls="true" ssl="true" outbound-socket-binding-ref="mail-smtp"/>

.....

    </mail-session>

The values for tls and ssl depend on your server.

And it might be less error-prone if you do this via cli or web console.

i try that before, but i try it again and give me this error:

11:40:41,407 INFO [stdout] (default task-18) DEBUG SMTP: useEhlo true, useAuth true
11:40:41,407 FINE [com.sun.mail.smtp] (default task-18) useEhlo true, useAuth true
11:40:41,407 INFO [stdout] (default task-18) DEBUG SMTP: trying to connect to host "mail.binaryoss.com", port 25, isSSL false
11:40:41,407 FINE [com.sun.mail.smtp] (default task-18) trying to connect to host "mail.binaryoss.com", port 25, isSSL false
11:40:41,456 INFO [stdout] (default task-18) 220 mail.binaryoss.cl ESMTP Postfix
11:40:41,456 INFO [stdout] (default task-18) DEBUG SMTP: connected to host "mail.binaryoss.com", port: 25
11:40:41,456 INFO [stdout] (default task-18)
11:40:41,456 FINE [com.sun.mail.smtp] (default task-18) connected to host "mail.binaryoss.com", port: 25
11:40:41,477 INFO [stdout] (default task-18) EHLO omgdeb
11:40:41,481 INFO [stdout] (default task-18) 250-mail.binaryoss.cl
11:40:41,481 INFO [stdout] (default task-18) 250-PIPELINING
11:40:41,481 INFO [stdout] (default task-18) 250-SIZE 10240000
11:40:41,482 INFO [stdout] (default task-18) 250-VRFY
11:40:41,482 INFO [stdout] (default task-18) 250-ETRN
11:40:41,482 INFO [stdout] (default task-18) 250-STARTTLS
11:40:41,482 INFO [stdout] (default task-18) 250-ENHANCEDSTATUSCODES
11:40:41,482 INFO [stdout] (default task-18) 250-8BITMIME
11:40:41,482 INFO [stdout] (default task-18) 250 DSN
11:40:41,482 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "PIPELINING", arg ""
11:40:41,483 FINE [com.sun.mail.smtp] (default task-18) Found extension "PIPELINING", arg ""
11:40:41,483 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "SIZE", arg "10240000"
11:40:41,483 FINE [com.sun.mail.smtp] (default task-18) Found extension "SIZE", arg "10240000"
11:40:41,483 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "VRFY", arg ""
11:40:41,483 FINE [com.sun.mail.smtp] (default task-18) Found extension "VRFY", arg ""
11:40:41,483 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "ETRN", arg ""
11:40:41,484 FINE [com.sun.mail.smtp] (default task-18) Found extension "ETRN", arg ""
11:40:41,484 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "STARTTLS", arg ""
11:40:41,484 FINE [com.sun.mail.smtp] (default task-18) Found extension "STARTTLS", arg ""
11:40:41,484 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
11:40:41,484 FINE [com.sun.mail.smtp] (default task-18) Found extension "ENHANCEDSTATUSCODES", arg ""
11:40:41,484 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "8BITMIME", arg ""
11:40:41,485 FINE [com.sun.mail.smtp] (default task-18) Found extension "8BITMIME", arg ""
11:40:41,485 INFO [stdout] (default task-18) DEBUG SMTP: Found extension "DSN", arg ""
11:40:41,485 FINE [com.sun.mail.smtp] (default task-18) Found extension "DSN", arg ""
11:40:41,485 INFO [stdout] (default task-18) STARTTLS
11:40:41,488 INFO [stdout] (default task-18) 220 2.0.0 Ready to start TLS
11:40:41,601 ERROR [stderr] (default task-18) javax.mail.MessagingException: Could not convert socket to TLS;
11:40:41,601 ERROR [stderr] (default task-18)   nested exception is:
11:40:41,601 ERROR [stderr] (default task-18) javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Actions
3. Re: Jndi mail inyection and authentication.

ctomc Jul 28, 2016 11:21 AM (in response to carlosmarind)

Carlos Marin wrote:

11:40:41,601 ERROR [stderr] (default task-18) javax.mail.MessagingException: Could not convert socket to TLS;

11:40:41,601 ERROR [stderr] (default task-18) nested exception is:

11:40:41,601 ERROR [stderr] (default task-18) javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This tells you that server you are connecting to uses SSL certificate that your wildfly server doesn't trust.
You should try adding issuing CA certificate from that server, to your jvm (with which you run wildfly with) truststore. That way jvm will trust your mail server's SSL certificate.
Actions

Go to original post