• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JavaMail and security

 
Ranch Hand
Posts: 140
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

I have few questions. Let me being like this.
I wanted to write code to send email using JavaMail API. I searched internet and found some good examples.
I picked one and modified it a bit. Here is the code:



This code worked as-is when I used it with GMail's SMTP server ("smtp.gmail.com").

Question# 1:

When I changed the code (smtp_host_name, smtp_port properties and authentication UserID/Pwd) to send email through the SMTP server of my ISP provider, this code failed with following error:



After a bit of struggle, I found that if I comment out following line, code worked just fine:



Can anyone shed some light what caused this error?

2nd question:

What is the effect of following line in above code (highlighted in bold above):



And on another site (java-email-example), I found following line of code (instead of the one I have listed above):



What is the effect of this line on the functionality of the code (and/or SMTP server being used) and how is it different from the line I listed just above?

Question# 3

When I do not provide following properties, the code (given at the top) still works:



Are these optional or what?

Question# 4

I am not sure how to phrase this question but here I go: Should I use SSL or not? Does SSL make the emails being sent secure (encrypted)?

Thanks a bunch in advance!

Saeed
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

When I changed the code (smtp_host_name, smtp_port properties and authentication UserID/Pwd) to send email through the SMTP server of my ISP provider, this code failed with following error:

DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

After a bit of struggle, I found that if I comment out following line, code worked just fine:

props.put("mail.smtp.socketFactory.class", SSL_FACTORY);


I'd guess that the error message means that your provider doesn't support SSL for SMTP connections. That line of code turns on SSL, so removing it causes JavaMail to not use SSL.


What is the effect of following line in above code (highlighted in bold above):

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());


In all likelihood, nothing at all. It was necessary years ago, when the JDK didn't by default ship with SSL enabled. But ever since Java 1.4 (I think) the standard JDK knows about SSL, and the Sun SSL provider is already enabled. (If you search through your JDK installation for a file called "java.security" you'll see how that works.)

SecurityManager security = System.getSecurityManager()

What is the effect of this line on the functionality of the code (and/or SMTP server being used) and how is it different from the line I listed just above?


None, because nothing is done with the security manager. In all likelihood, it's null anyway. Not sure what you mean by "how is it different" - the two lines do completely different things.


When I do not provide following properties, the code (given at the top) still works:

mail.smtp.auth
mail.debug
mail.smtp.socketFactory.port
mail.smtp.socketFactory.fallback
mail.smtp.starttls.enable


The easy way to find out what these do is to leave them out and observe what happens. You may want to leave "mail.debug" in until last, because that causes all that debugging output to be generated. I'm surprised that it still works if "mail.smtp.auth" is removed - usually that's required to turn on authentication.

Should I use SSL or not? Does SSL make the emails being sent secure (encrypted)?


SSL is used only for the connection to your mail provider (Google in this case). If you want to secure the transfer of the email, then SSL is useful. But it does not encrypt the email while it's stored at your provider, or on its way from your provider to the recipient's provider, or from the recipient's provider to the recipient.
You should use it if you don't trust your network or your ISP provider. But it you want the message contents to be safe from snooping by everybody, then you need to use PGP/GPG or S/MIME.
 
Saeed Amer
Ranch Hand
Posts: 140
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you so much Ulf for your time and the detailed response to answer my questions.

Regards
Saeed
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic