tags:

views:

3558

answers:

2
Q: 

Exchange server will not accept username/password provided with javax.mail API

I have a lovely little Java client that sends signed email messages. We have an Exchange server that requires username/password authentication to send a message.

When I connect to the exchange server, I get this error:

avax.mail.AuthenticationFailedException: failed to connect
        at javax.mail.Service.connect(Service.java:322)
        at javax.mail.Service.connect(Service.java:172)

When I connect to other servers (Unix servers), I have no problem.

Below is the full debug trace. I can't figure it out. 

DEBUG: JavaMail version 1.4.2
DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
DEBUG: Tables of loaded providers
DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPSSLTransport=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SM}
DEBUG: Providers Listed By Protocol: {imaps=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc], }
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "SERVER", port 25, isSSL false
220 SERVER ESMTP (deca81216f2ecf4fd6fedb030e3dcfd0)
DEBUG SMTP: connected to host "SERVER", port: 25

EHLO CLIENT
250-SERVER Hello CLIENT [192.1.1.1], pleased to meet you
250-STARTTLS
250-PIPELINING
250-SIZE 100000000
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-8BITMIME
250 HELP
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "100000000"
DEBUG SMTP: Found extension "AUTH", arg "LOGIN PLAIN"
DEBUG SMTP: Found extension "AUTH=LOGIN", arg "PLAIN"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
STARTTLS
220 Ready to start TLS
EHLO CLIENT
250-SERVER Hello CLIENT [192.1.1.1], pleased to meet you
250-PIPELINING
250-SIZE 100000000
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-8BITMIME
250 HELP
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "100000000"
DEBUG SMTP: Found extension "AUTH", arg "LOGIN PLAIN"
DEBUG SMTP: Found extension "AUTH=LOGIN", arg "PLAIN"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
DEBUG SMTP: Attempt to authenticate
DEBUG SMTP: check mechanisms: LOGIN PLAIN DIGEST-MD5 
AUTH LOGIN
334 VXNlcn5hbWU6
RVJOXHNsK2FyZmlu
334 UGFzc3dvcmQ6
UVdFUnF3ZXIxMjM0IUAjJA==
535 Error: authentication failed
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "SERVER", port 25, isSSL false
220 SERVER ESMTP (deca81216f2ecf4fd6fedb030e3dcfd0)
DEBUG SMTP: connected to host "SERVER", port: 25

EHLO CLIENT
250-SERVER Hello CLIENT [192.1.1.1], pleased to meet you
250-STARTTLS
250-PIPELINING
250-SIZE 100000000
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-8BITMIME
250 HELP
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "100000000"
DEBUG SMTP: Found extension "AUTH", arg "LOGIN PLAIN"
DEBUG SMTP: Found extension "AUTH=LOGIN", arg "PLAIN"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
STARTTLS
220 Ready to start TLS
EHLO CLIENT
250-SERVER Hello CLIENT [192.1.1.1], pleased to meet you
250-PIPELINING
250-SIZE 100000000
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-8BITMIME
250 HELP
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "100000000"
DEBUG SMTP: Found extension "AUTH", arg "LOGIN PLAIN"
DEBUG SMTP: Found extension "AUTH=LOGIN", arg "PLAIN"
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "HELP", arg ""
DEBUG SMTP: Attempt to authenticate
DEBUG SMTP: check mechanisms: LOGIN PLAIN DIGEST-MD5 
AUTH LOGIN
334 VXNlcm5hbWU6
RVJOXHNsZ2FyZmlu
334 UGFzc3dvcmQ6
UVdFUnF3ZXIxMjM0IUAjJA==
535 Error: authentication failed
Error sending mail: failed to connect
javax.mail.AuthenticationFailedException: failed to connect
        at javax.mail.Service.connect(Service.java:322)
        at javax.mail.Service.connect(Service.java:172)
        at SignMessage.sendSigned(SignMessage.java:248)
        at SignMessage.main(SignMessage.java:340
A: 

Apparently, MS Exchange SSL connection is not established properly by Java Mail API. It relies on using SSLSocketFactory for that, but, if I remember correctly, MS Exchange requires a somewhat mixed approach.

Anyway, I have this piece of code in one of my projects:

public class ExchangeSSLSocketFactory extends SSLSocketFactory {

private SSLSocketFactory sslSocketFactory;
private SocketFactory socketFactory;

public ExchangeSSLSocketFactory() {
    try {
        socketFactory = SocketFactory.getDefault();

        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, new TrustManager[] { new EmptyTrustManager() }, null);
        sslSocketFactory = (SSLSocketFactory)context.getSocketFactory();
    }
    catch (Exception e) {
        throw new RuntimeException(e);
    }
}

private final class EmptyTrustManager implements X509TrustManager {
    public void checkClientTrusted(X509Certificate[] cert, String authType) throws CertificateException {}

    public void checkServerTrusted(X509Certificate[] cert, String authType) throws CertificateException {}

    public X509Certificate[] getAcceptedIssuers() {
        return new java.security.cert.X509Certificate[0];
    }
}

public static SocketFactory getDefault() {
    return new ExchangeSSLSocketFactory();
}

@Override
public Socket createSocket(Socket socket, String s, int i, boolean flag) throws IOException {
    return sslSocketFactory.createSocket(socket, s, i, flag);
}

@Override
public Socket createSocket(InetAddress inaddr, int i, InetAddress inaddr1, int j) throws IOException {
    return socketFactory.createSocket(inaddr, i, inaddr1, j);
}

@Override
public Socket createSocket(InetAddress inaddr, int i) throws IOException {
    return socketFactory.createSocket(inaddr, i);
}

@Override
public Socket createSocket(String s, int i, InetAddress inaddr, int j) throws IOException {
    return socketFactory.createSocket(s, i, inaddr, j);
}

@Override
public Socket createSocket(String s, int i) throws IOException {
    return socketFactory.createSocket(s, i);
}

@Override
public Socket createSocket() throws IOException {
    return socketFactory.createSocket();
}

@Override
public String[] getDefaultCipherSuites() {
    return sslSocketFactory.getSupportedCipherSuites();
}

@Override
public String[] getSupportedCipherSuites() {
    return sslSocketFactory.getSupportedCipherSuites();
}

}

You tell the Java Mail API to use this socket factory by setting following properties:

  • ssl.SocketFactory.provider
  • mail.smtp.socketFactory.class

to full class name of ExchangeSSLSocketFactory

From your debug output, it seems that you already have:

  • mail.smtp.starttls.enable set to true

With all this in place, the problem should be solved.

javashlook  2009-08-02 21:45:49
Thanks. Unfortunately that didn't do it. I have two Exchange servers available, they are both configured differently, and the both behave the same way with your code as they did with my code. In both cases the servers are saying they can do GSSAPI NTLM and LOGIN and my system is saying LOGIN PLAIN DIGEST-MD5, so the javax.mail system is trying to do AUTH LOGIN and that is failing. It's weird. It work on every other system, just not exchange.Is there a GSSAPI implementation that I can use?
vy32  2009-08-03 04:12:30
A: 

I had the same issues. Now it works properly. I disabled the antivirus (McAfee) and corrected the user name (I unnecessarily gave the domain whereas it was not required).

 2009-09-16 08:25:44
Interesting, but I think that you are experiencing bystander effect. That is, I don't think that the changes you made resulted in the effect that you observed.
vy32  2009-09-16 10:17:42
I think it was due to disabling McAfee. At my workplace McAfee has build in firewall (I have no idea whether it is the way McAfee is bundled) and the firewall was blocking some of the applications.
 2010-01-04 13:04:53

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java