Can't verify Identity of server With Trust all hosts.

[MrThreepwood]

I currently have my mailer builder setup to trust all hosts (a temporary work around, or so I thought, to see if mailing was working otherwise). However, even with this setup:

MailerBuilder
            .withSMTPServer("smtp.mailgun.com", 2525, Env.smtpUsername, Env.smtpPassword)
            .withTransportStrategy(TransportStrategy.SMTP_TLS)
            .withSessionTimeout(10 * 1000)
            .withDebugLogging(Env.debug)
            .trustingAllHosts(true)
            .buildMailer()

I'm getting the exception:

Caused by: javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: java.io.IOException: Can't verify identity of server: smtp.mailgun.com at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2140) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:738) at javax.mail.Service.connect(Service.java:388) at javax.mail.Service.connect(Service.java:246) at javax.mail.Service.connect(Service.java:195) at org.simplejavamail.mailer.internal.mailsender.MailSender.sendMailClosure(MailSender.java:265)

I'm not entirely sure what's going on here.

[bbottema]

The error you are seeing is Java Mail not being able to verify the identity, because you are not using a certificate. trustingAllHosts() forces Java Mail to trust the identity without it.

Can you verify that your mailer's session has the following property set?

Mailer yourMailer = MailerBuilder
            ...
            .buildMailer()

String sslTrust = yourMailer.getSession().getProperty("mail.smtp.ssl.trust");
System.out.println(sslTrust);

Should be "*".

If it is not, that's a Simple Java Mail bug. If it is "*", it's an issue with the underlying Java Mail framework. In the case of the latter, you can also try to trust the relevant server specifically:

Mailer yourMailer = MailerBuilder
            ...
            // .trustingAllHosts(true)
            .trustingSSLHosts("smtp.mailgun.com")
            .buildMailer()

[MrThreepwood]

I checked, and it is "*", I also tried previously to trust mailgun specifically, but that didn't work either.

[bbottema]

Have you tried the other ports?

Mailgun supports sending via SMTP. Our servers listen on ports 25, 465 (SSL/TLS), 587 (STARTTLS), and 2525. - (source pdf)

Also, have you tried it with the traditional JavaMail API and a custom session object (so without Simple Java Mail)? I'm wondering if that works (I'm expecting it doesn't if the other ports don't perform better).

[ScottPeterJohnson]

May or may not be helpful: I had a somewhat similar error getting the mailer to trust my localhost mailserver with bogus certificate.
.withProperty("mail.smtp.ssl.checkserveridentity", "false") sufficed to fix it.

[bbottema]

May or may not be helpful: I had a somewhat similar error getting the mailer to trust my localhost mailserver with bogus certificate.
.withProperty("mail.smtp.ssl.checkserveridentity", "false") sufficed to fix it.

Ok, so that turns off host-checks completely. That works if you would use .trustingAllHosts(), but obviously won't work if you need to blind-trust a specific host.

I'm wondering why the property mail.smtp.ssl.trust isn't working as expected in the underlying Java Mail framework. We are missing piece of the puzzle...

It would be great to get an example of a working situation with plain old Java Mail (custom Session object), so we can see how the properties differ from what Simple Java Mail produces.

[ted-dev-42]

same issue here, fixed by adding .withProperty("mail.smtp.ssl.checkserveridentity", "false")

[bbottema]

same issue here, fixed by adding .withProperty("mail.smtp.ssl.checkserveridentity", "false")

Again, that's not a fix, but an insecure work-around.

[bbottema]

Ok, I finally decided to get set up with MailGun myself and test the original case.

I used the following code, like that from the first post:

Mailer mailer = MailerBuilder
	.withSMTPServer("smtp.mailgun.org", 2525, USERNAME, PASSWORD) // also 587
	.withTransportStrategy(TransportStrategy.SMTP_TLS)
	.trustingAllHosts(true)
	.buildMailer();

Email email = EmailBuilder.startingBlank()
	.from("email-I-registered-with-MailGun")
	.to("email-I-registered-with-MailGun")
	.withSubject("Mailgun test")
	.withPlainText("Mailgun body test")
	.buildEmail();

mailer.sendMail(email);

This worked fine for me, using Simple Java Mail 5.0.7. Port 587 worked fine too.

So I don't know what is going on with the other reports here. Perhaps you are using a different JavaMail dependency than Simple Java Mail is developed with (should be javax.mail:1.6.0, check with mvn dependency:tree). Otherwise I can only imagine it's a configuration issue with MailGun and how you set up your domains.

Unless there's a compelling argument that Simple Java Mail actually is bugged, I'm closing this issue for now.

[bbottema]

Related to #221, which might solve this issue.