aspose file tools*
The moose likes Other JSE/JEE APIs and the fly likes JavaMail and security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "JavaMail and security" Watch "JavaMail and security" New topic
Author

JavaMail and security

Saeed Amer
Ranch Hand

Joined: Jan 20, 2004
Posts: 140
Hi

I have few questions. Let me being like this.
I wanted to write code to send email using JavaMail API. I searched internet and found some good examples.
I picked one and modified it a bit. Here is the code:



This code worked as-is when I used it with GMail's SMTP server ("smtp.gmail.com").

Question# 1:

When I changed the code (smtp_host_name, smtp_port properties and authentication UserID/Pwd) to send email through the SMTP server of my ISP provider, this code failed with following error:



After a bit of struggle, I found that if I comment out following line, code worked just fine:



Can anyone shed some light what caused this error?

2nd question:

What is the effect of following line in above code (highlighted in bold above):



And on another site (java-email-example), I found following line of code (instead of the one I have listed above):



What is the effect of this line on the functionality of the code (and/or SMTP server being used) and how is it different from the line I listed just above?

Question# 3

When I do not provide following properties, the code (given at the top) still works:



Are these optional or what?

Question# 4

I am not sure how to phrase this question but here I go: Should I use SSL or not? Does SSL make the emails being sent secure (encrypted)?

Thanks a bunch in advance!

Saeed
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42292
    
  64
When I changed the code (smtp_host_name, smtp_port properties and authentication UserID/Pwd) to send email through the SMTP server of my ISP provider, this code failed with following error:

DEBUG SMTP: exception reading response: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

After a bit of struggle, I found that if I comment out following line, code worked just fine:

props.put("mail.smtp.socketFactory.class", SSL_FACTORY);

I'd guess that the error message means that your provider doesn't support SSL for SMTP connections. That line of code turns on SSL, so removing it causes JavaMail to not use SSL.


What is the effect of following line in above code (highlighted in bold above):

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

In all likelihood, nothing at all. It was necessary years ago, when the JDK didn't by default ship with SSL enabled. But ever since Java 1.4 (I think) the standard JDK knows about SSL, and the Sun SSL provider is already enabled. (If you search through your JDK installation for a file called "java.security" you'll see how that works.)

SecurityManager security = System.getSecurityManager()

What is the effect of this line on the functionality of the code (and/or SMTP server being used) and how is it different from the line I listed just above?

None, because nothing is done with the security manager. In all likelihood, it's null anyway. Not sure what you mean by "how is it different" - the two lines do completely different things.


When I do not provide following properties, the code (given at the top) still works:

mail.smtp.auth
mail.debug
mail.smtp.socketFactory.port
mail.smtp.socketFactory.fallback
mail.smtp.starttls.enable

The easy way to find out what these do is to leave them out and observe what happens. You may want to leave "mail.debug" in until last, because that causes all that debugging output to be generated. I'm surprised that it still works if "mail.smtp.auth" is removed - usually that's required to turn on authentication.

Should I use SSL or not? Does SSL make the emails being sent secure (encrypted)?

SSL is used only for the connection to your mail provider (Google in this case). If you want to secure the transfer of the email, then SSL is useful. But it does not encrypt the email while it's stored at your provider, or on its way from your provider to the recipient's provider, or from the recipient's provider to the recipient.
You should use it if you don't trust your network or your ISP provider. But it you want the message contents to be safe from snooping by everybody, then you need to use PGP/GPG or S/MIME.


Ping & DNS - my free Android networking tools app
Saeed Amer
Ranch Hand

Joined: Jan 20, 2004
Posts: 140
Thank you so much Ulf for your time and the detailed response to answer my questions.

Regards
Saeed
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JavaMail and security