File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Java in General and the fly likes Problem With SMTP Server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Problem With SMTP Server" Watch "Problem With SMTP Server" New topic

Problem With SMTP Server

John Ray Allen
Ranch Hand

Joined: Jan 06, 2005
Posts: 50
I have a problem regarding on the authentication of Emails on my application. Is it OK if my Java Program will be the one who will validate and authenticate the Email instead of the SMTP server? If it is possible how can I do that guys...I need to hear your opinions regarding on this matter guys..Thanks!
M Beck
Ranch Hand

Joined: Jan 14, 2005
Posts: 323
it's not exactly clear what you're trying to ask, but... most SMTP servers aren't going to care what your Java program does or does not do. if the SMTP server is set up to authenticate senders, then it'll do that, likely regardless of what your program has done before. if the server isn't configured for authentication, then it won't... do you have control over this SMTP server to change its configuration?

(also, i could ask what you mean by "authenticate [a] sender". there are several different strategies a SMTP server can use for that, depending on who or what is considered "authorized" to be sending email through the SMTP server in question. what role, if any, is your program supposed to play in that larger picture?)
[ February 07, 2005: Message edited by: M Beck ]
John Ray Allen
Ranch Hand

Joined: Jan 06, 2005
Posts: 50
What I mean is that not all SMTP servers are designed to authenticate can connect to the server with all permissions reagrdless of whatever process you are conducting..How can I enhanced my JAVA PROGRAM especially if it is connecting to a SMTP server that permits all connection? For security reasons..I think you would agree to me that I should have the validation or authentication on my application for users if I would use that kind of SMTP server..In need of your opinions..Thanks!
Paul Sturrock

Joined: Apr 14, 2004
Posts: 10336

Yes, don't rely on your SMTP server for authentication, since the SMTP standard does not included a reliable authentication mechanism. There is an extension "standard" called ESMTP that does specify a route to proper authentication, but JavaMail doesn't have any Transport class for this protocol. Its a better practice to properly secure your SMTP server as part of your infrastructure, and handle authentication to it in your app server. That way you at least have a single point of configuration, which helps reduce the risk of securing holes creaping in.

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
I agree. Here's the link:
subject: Problem With SMTP Server
It's not a secret anymore!