Jenkins SMTP TLS

Question

I'm trying to setup Jenkins to use our company's SMTP server to email build notifications. We are using TLS as the encryption method on port 587. I can not seem to get the email notification to work properly though.

Here is my Hudson.Tasks.Mailer.xml file so you can see my config (I've removed the SMTP auth user and password and changed the smtpHost slightly just in case)

<hudson.tasks.Mailer_-DescriptorImpl>   <helpRedirect/>   <defaultSuffix></defaultSuffix>   <hudsonUrl>http://localhost:8080/</hudsonUrl>   <smtpAuthUsername></smtpAuthUsername>   <smtpAuthPassword></smtpAuthPassw$   <adminAddress></adminAddress>   <smtpHost>pod#####.outlook.com</smtpHost>   <useSsl>true</useSsl>   <smtpPort>587</smtpPort>   <charset>UTF-8</charset> </hudson.tasks.Mailer_-DescriptorImpl> 

It looks like this is a known issue, from http://issues.hudson-ci.org/browse/HUDSON-2206

I am not very familiar with Apple OS (which is the machine that is running Jenkins) but I thought I could resolve the issue using the workaround mentioned. I wasn't exactly sure where to put that workaround though, so I tried putting it here: /Library/Application Support/Jenkins/jenkins-runner.sh

defaults="defaults read /Library/Preferences/org.jenkins-ci"  war=`$defaults war` || war="/Applications/Jenkins/jenkins.war"  javaArgs="-Dmail.smtp.starttls.enable=\"true\"" heapSize=`$defaults heapSize` && javaArgs="$javaArgs -Xmx${heapSize}" permGen=`$defaults permGen` && javaArgs="$javaArgs -XX:MaxPermSize=${permGen}"  home=`$defaults JENKINS_HOME` && export JENKINS_HOME="$home"  add_to_args() {   val=`$defaults $1` && args="$args --${1}=${val}" }  args="" add_to_args prefix add_to_args httpPort add_to_args httpListenAddress add_to_args httpsPort add_to_args httpsListenAddress add_to_args ajp13Port add_to_args ajp13ListenAddress  echo "JENKINS_HOME=$JENKINS_HOME" echo "Jenkins command line for execution" echo /usr/bin/java $javaArgs -jar "$war" $args exec /usr/bin/java $javaArgs -jar "$war" $args 

That didn't appear to resolve it. I can see that call in the console when Jenkins is started up, but when I try a test configuration email I get the following error:

Failed to send out e-mail  javax.mail.MessagingException: Could not connect to SMTP host: pod#####.outlook.com, port: 587; nested exception is: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638) at javax.mail.Service.connect(Service.java:317) at javax.mail.Service.connect(Service.java:176) at javax.mail.Service.connect(Service.java:125) at javax.mail.Transport.send0(Transport.java:194) 

Any ideas on what else I can try? I've tried switching the email account to use gmail's smtp server and that works fine, but I'd rather have it using our smtp server if I can.

Answer 1

Changing the SMTP port from 587 to 465 resolved this issue for me:

SMTP server:               smtp.mandrill.com Use SMTP Authentication:   true Use SSL:                   true SMTP Port:                 465 

From what I can tell (disclaimer: I am by no means a Hudson/Jenkins expert) the Hudson/Jenkins email plugin supports SSL encrypted SMTP communication - however this implementation requires that communications are encrypted from the get go.

When connecting on port 587, the server on the other end may expect a STARTTLS command (see this SSL vs TLS vs STARTTLS article). This command is sent using plain-text to 'upgrade' the connection to use SSL/TLS.

Hudson/Jenkins instead attempts to start negotiating SSL on port 587, which is promptly rejected, resulting in the following error:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? 

I tried adding the suggested JAVA options "-Dmail.smtp.starttls.enable=true" to enable TLS:

JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true" 

Unfortunately this didn't resolve the issue for me.

After changing the port to 465, the SSL negotiation occurred correctly and the communication succeeded.

Hope that helps.

Note: Jenkins email plugin always needs SMTP credentials that are often sender's email credentials when you checkmark "Use SMTP Authentication" option for any "SSL - port 465" or "non SSL - port 587" configuration.