Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47939

Unable to send mail to smtp.office365.com, port 587, using TLS

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Component/s: mailer-plugin
    • Labels:
      None
    • Environment:
      Windows 7 platform (64 bit). Jenkins version 2.88. Oracle JRE 8.0_151, running Jenkins directly, using Chrome web browser (62.0.3202.89).
      mailer plugin (1.20)
    • Similar Issues:

      Description

      I have scoured the internet for solutions to this particular issue, but none of the suggested solutions solves the problem.  I have also looked at the same issues raised here in the Jenkins Jira.

      The smtp.office365.com site is using TLS on port 587.

      This is what has been attempted to date. In Jenkins System Configuration for E-mail Notification. The MyName@mydomain.com represents a valid user in the mailing system.
      (Invalid user or password results in Authentication error instead of what is reported below)

      1.  User Name:  MyName@mydomain.com
       	Password:   •••••••••••••
       	Use SSL:    Checked
       	SMTP Port:  587
              Test e-mail recipient: MyName@mydomain.com
      
      Results:
          Failed to send out e-mail
          javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
      
      When 'Use SSL' is unchecked, results are
          Failed to send out e-mail
          com.sun.mail.smtp.SMTPSendFailedException: \
              550 5.7.60 SMTP; Client does not have permissions to send as this sender
      
      2. Placing -Dmail.smtp.starttls.enable=true into jenkins.xml then restart Jenkins. 
      
      	User Name:  MyName@mydomain.com
       	Password:   •••••••••••••
       	Use SSL:    Checked  (then unchecked)
       	SMTP Port:  587
              Test e-mail recipient: MyName@mydomain.com
      

      This gives the identical results mentioned in the first testing attempt.
      As mentioned on Stack OverFlow and the Jenkins Jira issues, I have even added the following to jenkins.xml with the same results.

        -Djava.awt.headless=true 
        -Dmail.smtp.starttls.enable=true 
        -Dmail.smtp.socketFactory.fallback=true
      

      Note, on this same machine, I can use a Powershell Send-MailMessage command which succeeds in its intended operation. This at least tells me that the account, port and SSL usage are all appropriate settings. ($mycred holds MyName@mydomain.com and Password)

      Send-MailMessage 
        -to "MyName@mydomain.com" 
        -from "MyName@mydomain.com" 
        -Subject "mailTest" 
        -credential $mycred
        -smtpserver smtp.office365.com 
        -port 587 
        -usessl
      

        Attachments

          Activity

          Hide
          shaehn Steven Haehn added a comment -

          After a weeks worth of experimentation, frustration and reading, the problem can be solved without code modification, but this is truly an annoyance of poor documentation (making users wade through countless different web sites to glean out what is truly needed), and perhaps poor user interface.

          The solution to this particular problem, on the Windows platform, requires modification of the jenkins.xml file (adding -Dmail.smtp.starttls.enable=true to the java "arguments" XML node) and settings within two areas of the Jenkins overall configuration, at the "Jenkins Location" section and the "E-mail Notification" section (see enclosed attachments).

          For TLS (Transport Layer Security) to work on smtp.office365.com, the additional following settings must be part of the Jenkins configuration (select Manage Jenkins>Configure System).

          Jenkins Location:
              System Admin e-mail address:  
                   ValidAdmin@mydomain.com
              
          E-Mail Notification:
              SMTP server: smtp.office365.com
              
              [Under Advanced...]
              Use SMTP Authentication: checked
                  User Name: ValidUser@mydomain.com
                  Password:  [ValidUser's email password]
                  Use SSL:   [UNCHECKED!!]
                  SMTP Port:  587
          

          It is IMPORTANT to note that BOTH the "E-mail Notification" section User Name AND the "Jenkins Location" section System Admin e-mail address must be valid smtp.office365.com users. If either one is not found in smtp.office365.com, you will get a "Client does not have permissions to send as this sender" error, but won't know which one is causing the problem. (Now why would one expect the System Admin e-mail address to be involved in this transaction when the focus is on the E-mail Notification User for SMTP Authentication? Coding defect perhaps?)

          It is also important that the "Use SSL" element is UNCHECKED (SSL is not TLS, even though some programming references confuse the matter). If "Use SSL" is checked, the error "Unrecognized SSL message, plaintext connection?" will be generated.

          --------------------------------------------------------------

          Improving the Mailer plugin interface would go a long way to avoiding this general frustration.

          First, the User Name under SMTP Authentication should be the sole entry which represents the "From" field (owner) of the message. That is, it should override the usage the System Admin e-mail address. Perhaps, when the User Name field is empty, it should contain 'hint' text of what is to be used (eg. System Admin e-mail, or the actual value of that entry). A help circle explaining the default contents of the field would be useful too, telling the user where the contents of the field is being obtained.

          Second, replace the "Use SSL" checkbox with a "Security Protocol" dropDown/comboBox with the choices of SSL and TLS (spelled out perhaps too). The selection of SSL would modify the "Port" entry to the standard default of 465. The selection of TLS would modify the "Port" entry to the standard default of 587. (The "Port" field would still be able to be manually modified.) If placing values into "Port" field is not palatable, certainly explain which default port will be used for which protocol in help documentation.

          These changes would keep the users out of hacking at the java command line.

          Show
          shaehn Steven Haehn added a comment - After a weeks worth of experimentation, frustration and reading, the problem can be solved without code modification, but this is truly an annoyance of poor documentation (making users wade through countless different web sites to glean out what is truly needed), and perhaps poor user interface. The solution to this particular problem, on the Windows platform, requires modification of the jenkins.xml file (adding -Dmail.smtp.starttls.enable=true to the java "arguments" XML node) and settings within two areas of the Jenkins overall configuration, at the "Jenkins Location" section and the "E-mail Notification" section (see enclosed attachments). For TLS (Transport Layer Security) to work on smtp.office365.com, the additional following settings must be part of the Jenkins configuration (select Manage Jenkins>Configure System). Jenkins Location: System Admin e-mail address: ValidAdmin@mydomain.com E-Mail Notification: SMTP server: smtp.office365.com [Under Advanced...] Use SMTP Authentication: checked User Name: ValidUser@mydomain.com Password: [ValidUser's email password] Use SSL: [UNCHECKED!!] SMTP Port: 587 It is IMPORTANT to note that BOTH the "E-mail Notification" section User Name AND the "Jenkins Location" section System Admin e-mail address must be valid smtp.office365.com users. If either one is not found in smtp.office365.com, you will get a " Client does not have permissions to send as this sender " error, but won't know which one is causing the problem. (Now why would one expect the System Admin e-mail address to be involved in this transaction when the focus is on the E-mail Notification User for SMTP Authentication? Coding defect perhaps?) It is also important that the "Use SSL" element is UNCHECKED (SSL is not TLS, even though some programming references confuse the matter). If "Use SSL" is checked, the error " Unrecognized SSL message, plaintext connection? " will be generated. -------------------------------------------------------------- Improving the Mailer plugin interface would go a long way to avoiding this general frustration. First, the User Name under SMTP Authentication should be the sole entry which represents the "From" field (owner) of the message. That is, it should override the usage the System Admin e-mail address. Perhaps, when the User Name field is empty, it should contain 'hint' text of what is to be used (eg. System Admin e-mail, or the actual value of that entry). A help circle explaining the default contents of the field would be useful too, telling the user where the contents of the field is being obtained. Second, replace the "Use SSL" checkbox with a "Security Protocol" dropDown/comboBox with the choices of SSL and TLS (spelled out perhaps too). The selection of SSL would modify the "Port" entry to the standard default of 465. The selection of TLS would modify the "Port" entry to the standard default of 587. (The "Port" field would still be able to be manually modified.) If placing values into "Port" field is not palatable, certainly explain which default port will be used for which protocol in help documentation. These changes would keep the users out of hacking at the java command line.
          Hide
          shaehn Steven Haehn added a comment -

          See my previous comment.

          Show
          shaehn Steven Haehn added a comment - See my previous comment.
          Hide
          ccbanciu Cosmin Banciu added a comment -

          I experienced the same issue. The System Admin email address i specified in the Jenkins config did not exist in office 365. Thank you for posting the solution and saving me hours of troubleshooting. 

          Show
          ccbanciu Cosmin Banciu added a comment - I experienced the same issue. The System Admin email address i specified in the Jenkins config did not exist in office 365. Thank you for posting the solution and saving me hours of troubleshooting. 

            People

            • Assignee:
              shaehn Steven Haehn
              Reporter:
              shaehn Steven Haehn
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: