Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47939

Unable to send mail to smtp.office365.com, port 587, using TLS

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • mailer-plugin
    • None
    • Windows 7 platform (64 bit). Jenkins version 2.88. Oracle JRE 8.0_151, running Jenkins directly, using Chrome web browser (62.0.3202.89).
      mailer plugin (1.20)

      I have scoured the internet for solutions to this particular issue, but none of the suggested solutions solves the problem.  I have also looked at the same issues raised here in the Jenkins Jira.

      The smtp.office365.com site is using TLS on port 587.

      This is what has been attempted to date. In Jenkins System Configuration for E-mail Notification. The MyName@mydomain.com represents a valid user in the mailing system.
      (Invalid user or password results in Authentication error instead of what is reported below)

      1.  User Name:  MyName@mydomain.com
       	Password:   •••••••••••••
       	Use SSL:    Checked
       	SMTP Port:  587
              Test e-mail recipient: MyName@mydomain.com
      
      Results:
          Failed to send out e-mail
          javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
      
      When 'Use SSL' is unchecked, results are
          Failed to send out e-mail
          com.sun.mail.smtp.SMTPSendFailedException: \
              550 5.7.60 SMTP; Client does not have permissions to send as this sender
      
      2. Placing -Dmail.smtp.starttls.enable=true into jenkins.xml then restart Jenkins. 
      
      	User Name:  MyName@mydomain.com
       	Password:   •••••••••••••
       	Use SSL:    Checked  (then unchecked)
       	SMTP Port:  587
              Test e-mail recipient: MyName@mydomain.com
      

      This gives the identical results mentioned in the first testing attempt.
      As mentioned on Stack OverFlow and the Jenkins Jira issues, I have even added the following to jenkins.xml with the same results.

        -Djava.awt.headless=true 
        -Dmail.smtp.starttls.enable=true 
        -Dmail.smtp.socketFactory.fallback=true
      

      Note, on this same machine, I can use a Powershell Send-MailMessage command which succeeds in its intended operation. This at least tells me that the account, port and SSL usage are all appropriate settings. ($mycred holds MyName@mydomain.com and Password)

      Send-MailMessage 
        -to "MyName@mydomain.com" 
        -from "MyName@mydomain.com" 
        -Subject "mailTest" 
        -credential $mycred
        -smtpserver smtp.office365.com 
        -port 587 
        -usessl
      

          [JENKINS-47939] Unable to send mail to smtp.office365.com, port 587, using TLS

          Steven Haehn added a comment -

          After a weeks worth of experimentation, frustration and reading, the problem can be solved without code modification, but this is truly an annoyance of poor documentation (making users wade through countless different web sites to glean out what is truly needed), and perhaps poor user interface.

          The solution to this particular problem, on the Windows platform, requires modification of the jenkins.xml file (adding -Dmail.smtp.starttls.enable=true to the java "arguments" XML node) and settings within two areas of the Jenkins overall configuration, at the "Jenkins Location" section and the "E-mail Notification" section (see enclosed attachments).

          For TLS (Transport Layer Security) to work on smtp.office365.com, the additional following settings must be part of the Jenkins configuration (select Manage Jenkins>Configure System).

          Jenkins Location:
              System Admin e-mail address:  
                   ValidAdmin@mydomain.com
              
          E-Mail Notification:
              SMTP server: smtp.office365.com
              
              [Under Advanced...]
              Use SMTP Authentication: checked
                  User Name: ValidUser@mydomain.com
                  Password:  [ValidUser's email password]
                  Use SSL:   [UNCHECKED!!]
                  SMTP Port:  587
          

          It is IMPORTANT to note that BOTH the "E-mail Notification" section User Name AND the "Jenkins Location" section System Admin e-mail address must be valid smtp.office365.com users. If either one is not found in smtp.office365.com, you will get a "Client does not have permissions to send as this sender" error, but won't know which one is causing the problem. (Now why would one expect the System Admin e-mail address to be involved in this transaction when the focus is on the E-mail Notification User for SMTP Authentication? Coding defect perhaps?)

          It is also important that the "Use SSL" element is UNCHECKED (SSL is not TLS, even though some programming references confuse the matter). If "Use SSL" is checked, the error "Unrecognized SSL message, plaintext connection?" will be generated.

          --------------------------------------------------------------

          Improving the Mailer plugin interface would go a long way to avoiding this general frustration.

          First, the User Name under SMTP Authentication should be the sole entry which represents the "From" field (owner) of the message. That is, it should override the usage the System Admin e-mail address. Perhaps, when the User Name field is empty, it should contain 'hint' text of what is to be used (eg. System Admin e-mail, or the actual value of that entry). A help circle explaining the default contents of the field would be useful too, telling the user where the contents of the field is being obtained.

          Second, replace the "Use SSL" checkbox with a "Security Protocol" dropDown/comboBox with the choices of SSL and TLS (spelled out perhaps too). The selection of SSL would modify the "Port" entry to the standard default of 465. The selection of TLS would modify the "Port" entry to the standard default of 587. (The "Port" field would still be able to be manually modified.) If placing values into "Port" field is not palatable, certainly explain which default port will be used for which protocol in help documentation.

          These changes would keep the users out of hacking at the java command line.

          Steven Haehn added a comment - After a weeks worth of experimentation, frustration and reading, the problem can be solved without code modification, but this is truly an annoyance of poor documentation (making users wade through countless different web sites to glean out what is truly needed), and perhaps poor user interface. The solution to this particular problem, on the Windows platform, requires modification of the jenkins.xml file (adding -Dmail.smtp.starttls.enable=true to the java "arguments" XML node) and settings within two areas of the Jenkins overall configuration, at the "Jenkins Location" section and the "E-mail Notification" section (see enclosed attachments). For TLS (Transport Layer Security) to work on smtp.office365.com, the additional following settings must be part of the Jenkins configuration (select Manage Jenkins>Configure System). Jenkins Location: System Admin e-mail address: ValidAdmin@mydomain.com E-Mail Notification: SMTP server: smtp.office365.com [Under Advanced...] Use SMTP Authentication: checked User Name: ValidUser@mydomain.com Password: [ValidUser's email password] Use SSL: [UNCHECKED!!] SMTP Port: 587 It is IMPORTANT to note that BOTH the "E-mail Notification" section User Name AND the "Jenkins Location" section System Admin e-mail address must be valid smtp.office365.com users. If either one is not found in smtp.office365.com, you will get a " Client does not have permissions to send as this sender " error, but won't know which one is causing the problem. (Now why would one expect the System Admin e-mail address to be involved in this transaction when the focus is on the E-mail Notification User for SMTP Authentication? Coding defect perhaps?) It is also important that the "Use SSL" element is UNCHECKED (SSL is not TLS, even though some programming references confuse the matter). If "Use SSL" is checked, the error " Unrecognized SSL message, plaintext connection? " will be generated. -------------------------------------------------------------- Improving the Mailer plugin interface would go a long way to avoiding this general frustration. First, the User Name under SMTP Authentication should be the sole entry which represents the "From" field (owner) of the message. That is, it should override the usage the System Admin e-mail address. Perhaps, when the User Name field is empty, it should contain 'hint' text of what is to be used (eg. System Admin e-mail, or the actual value of that entry). A help circle explaining the default contents of the field would be useful too, telling the user where the contents of the field is being obtained. Second, replace the "Use SSL" checkbox with a "Security Protocol" dropDown/comboBox with the choices of SSL and TLS (spelled out perhaps too). The selection of SSL would modify the "Port" entry to the standard default of 465. The selection of TLS would modify the "Port" entry to the standard default of 587. (The "Port" field would still be able to be manually modified.) If placing values into "Port" field is not palatable, certainly explain which default port will be used for which protocol in help documentation. These changes would keep the users out of hacking at the java command line.

          Steven Haehn added a comment -

          See my previous comment.

          Steven Haehn added a comment - See my previous comment.

          Cosmin Banciu added a comment -

          I experienced the same issue. The System Admin email address i specified in the Jenkins config did not exist in office 365. Thank you for posting the solution and saving me hours of troubleshooting. 

          Cosmin Banciu added a comment - I experienced the same issue. The System Admin email address i specified in the Jenkins config did not exist in office 365. Thank you for posting the solution and saving me hours of troubleshooting. 

          Rakesh S added a comment -

          Hi shaehn,

          I am getting the same error even after adding java arguement -Dmail.smtp.starttls.enable=true and admin email "myemail@company.com".

          Could you please help me. attaching the screenshot.

          Thanks,

          Rakesh

           

          Rakesh S added a comment - Hi shaehn , I am getting the same error even after adding java arguement -Dmail.smtp.starttls.enable=true and admin email "myemail@company.com". Could you please help me. attaching the screenshot. Thanks, Rakesh  

          Hello,

          I also faced this problem and it greatly helped to reach success with the test email.

          Unfortunately, from within a job, I don't have the save behavior.   I get this error:

                       

           

          Any ideas?

          Thanks,

          Patrick

           

           

           

          Patrick Leveille added a comment - Hello, I also faced this problem and it greatly helped to reach success with the test email. Unfortunately, from within a job, I don't have the save behavior.   I get this error:                 Any ideas? Thanks, Patrick      

            shaehn Steven Haehn
            shaehn Steven Haehn
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: