Reputation: 941
Jenkins SMTP TLS
I'm trying to setup Jenkins to use our company's SMTP server to email build notifications. We are using TLS as the encryption method on port 587. I can not seem to get the email notification to work properly though.
Here is my Hudson.Tasks.Mailer.xml file so you can see my config (I've removed the SMTP auth user and password and changed the smtpHost slightly just in case)
<hudson.tasks.Mailer_-DescriptorImpl>
<helpRedirect/>
<defaultSuffix></defaultSuffix>
<hudsonUrl>http://localhost:8080/</hudsonUrl>
<smtpAuthUsername></smtpAuthUsername>
<smtpAuthPassword></smtpAuthPassw$
<adminAddress></adminAddress>
<smtpHost>pod#####.outlook.com</smtpHost>
<useSsl>true</useSsl>
<smtpPort>587</smtpPort>
<charset>UTF-8</charset>
</hudson.tasks.Mailer_-DescriptorImpl>
It looks like this is a known issue, from http://issues.hudson-ci.org/browse/HUDSON-2206
I am not very familiar with Apple OS (which is the machine that is running Jenkins) but I thought I could resolve the issue using the workaround mentioned. I wasn't exactly sure where to put that workaround though, so I tried putting it here: /Library/Application Support/Jenkins/jenkins-runner.sh
defaults="defaults read /Library/Preferences/org.jenkins-ci"
war=`$defaults war` || war="/Applications/Jenkins/jenkins.war"
javaArgs="-Dmail.smtp.starttls.enable=\"true\""
heapSize=`$defaults heapSize` && javaArgs="$javaArgs -Xmx${heapSize}"
permGen=`$defaults permGen` && javaArgs="$javaArgs -XX:MaxPermSize=${permGen}"
home=`$defaults JENKINS_HOME` && export JENKINS_HOME="$home"
add_to_args() {
val=`$defaults $1` && args="$args --${1}=${val}"
}
args=""
add_to_args prefix
add_to_args httpPort
add_to_args httpListenAddress
add_to_args httpsPort
add_to_args httpsListenAddress
add_to_args ajp13Port
add_to_args ajp13ListenAddress
echo "JENKINS_HOME=$JENKINS_HOME"
echo "Jenkins command line for execution"
echo /usr/bin/java $javaArgs -jar "$war" $args
exec /usr/bin/java $javaArgs -jar "$war" $args
That didn't appear to resolve it. I can see that call in the console when Jenkins is started up, but when I try a test configuration email I get the following error:
Failed to send out e-mail
javax.mail.MessagingException: Could not connect to SMTP host: pod#####.outlook.com, port: 587;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
at javax.mail.Service.connect(Service.java:317)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)
Any ideas on what else I can try? I've tried switching the email account to use gmail's smtp server and that works fine, but I'd rather have it using our smtp server if I can.
Upvotes: 22
Views: 43699
Answers (13)
Reputation: 6753
Fast forward 9 years and no workarounds are needed anymore thanks to Basil Crow.
The E-mail Extension plugin has support for SMTP over TLS and the additional "TLS" configuration checkbox (revealed by clicking on the Advanced button) since v2.83 released in May 2021 (see its release notes). I verified it works with Gmail under latest Jenkins and plugin versions.
Upvotes: 0
Reputation: 46
If Jenkins is configured as a systemd service, it seems that the $JAVA_OPTS are not picked up from /etc/default/jenkins, but rather from the systemd unit file itself.
On Debian, I edited /lib/systemd/system/jenkins.service and modified the JAVA_OPTS environment variable to the following:
Environment="JAVA_OPTS=-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
Then flush systemd and restart the Jenkins service:
sudo systemctl daemon-reload
sudo systemctl restart jenkins
You can verify that the correct options were picked up by navigating to ${JENKINS_BASE_URL}/systemInfo and searching for mail.smtp.starttls.enable
Upvotes: 0
Reputation: 21
Following a statement in @user11791348 's answer resolved the issue for me.
The statement was: "It is IMPORTANT to note that BOTH the "E-mail Notification" section User Name AND the "Jenkins Location" section System Admin e-mail address must be valid smtp.office365.com users. If either one is not found in smtp.office365.com, you will get a "Client does not have permissions to send as this sender" error"
So, I configured System Admin e-mail address in Jenkins, Also my Jenkins.xml contains the line:
<arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djava.awt.headless=true -Dmail.smtp.starttls.enable=true -jar "C:\Program Files\Jenkins\jenkins.war" --httpPort=8080 --webroot="%LocalAppData%\Jenkins\war"</arguments>
Use SSL: Unchecked Use TLS: Unchecked SMTP Port: 587
Upvotes: 0
Reputation: 1
This is the best possible solution in case none of the above solutions work.
https://issues.jenkins-ci.org/browse/JENKINS-47939
Upvotes: 0
Reputation: 7859
With Jenkins 2.134 the following worked for me:
JAVA_TOOL_OPTIONS=-Dmail.smtp.starttls.enable=true- Uncheck
Use SSL!
Upvotes: 0
Reputation: 411
Changing the SMTP port from 587 to 465 resolved this issue for me:
SMTP server: smtp.mandrill.com
Use SMTP Authentication: true
Use SSL: true
SMTP Port: 465
From what I can tell (disclaimer: I am by no means a Hudson/Jenkins expert) the Hudson/Jenkins email plugin supports SSL encrypted SMTP communication - however this implementation requires that communications are encrypted from the get go.
When connecting on port 587, the server on the other end may expect a STARTTLS command (see this SSL vs TLS vs STARTTLS article). This command is sent using plain-text to 'upgrade' the connection to use SSL/TLS.
Hudson/Jenkins instead attempts to start negotiating SSL on port 587, which is promptly rejected, resulting in the following error:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
I tried adding the suggested JAVA options "-Dmail.smtp.starttls.enable=true" to enable TLS:
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
Unfortunately this didn't resolve the issue for me.
After changing the port to 465, the SSL negotiation occurred correctly and the communication succeeded.
Hope that helps.
Note: Jenkins email plugin always needs SMTP credentials that are often sender's email credentials when you checkmark "Use SMTP Authentication" option for any "SSL - port 465" or "non SSL - port 587" configuration.
Upvotes: 26
Reputation: 3949
For Jenkins on Red Hat Enterprise Linux Server release 7.4 (Maipo) edit /etc/sysconfig/jenkins to add
The Jenkins service configuration file requires root access to the machine. In CloudBees Jenkins Enterprise, you can find this file under:
- /etc/default/jenkins: location for most of the Linux distributions.
- /etc/sysconfig/jenkins: location for RedHat/CentOS distribution.
- C:\Program Files\Jenkins\jenkins.xml: default location for Windows
Upvotes: 0
Reputation: 4553
For Jenkins on Ubuntu 16.04:
1 - Edit the config file:
sudo nano /etc/default/jenkins
2 - Comment out existing JAVA_ARGS, add new one shown below:
#JAVA_ARGS="-Djava.awt.headless=true"
JAVA_ARGS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
3 - Restart Jenkins
sudo service jenkins restart
Upvotes: 0
Reputation: 429
For Jenkins on Windows
Open jenkins.xml and modify the arguments node
-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Dmail.smtp.starttls.enable=true -jar "%BASE%\jenkins.war" --httpPort=8080
For smtp.live.com:
Set the SMTP port to 587 and uncheck
Use SSL
Upvotes: 12
Reputation: 18430
Even after setting -Dmail.smtp.starttls.enable=true as mentioned in @nsof's answers in the file /etc/default/jenkins (debian/ubuntu), it did not work for me.
The trick was to set the SMTP port to 587 and uncheck Use SSL as show below, then the email was sent successfully.
Upvotes: 3
Reputation: 101
Adding -Dmail.smtp.starttls.enable=true as arguments of JAVA_OPTS solved my problem
If your jenkins is running in stand alone mode update JAVA_OPTS in /etc/sysconfig/jenkins If your jenkins is running in tomcat update JAVA_OPTS
- catalina.sh for unix
- catalina.bat for windows
Upvotes: 0
Reputation: 3049
I had the same issue with Jenkins but mine is installed on Centos rather than Apple OS. I still thought to post the solution here because A) you might be able to make the needed adjustments to the solution and B) Linux & Jenkins users might benefit from this.
Anyhow, find the Jenkins configuration file (in CENTOS its in /etc/sysconfig/jenkins)
In it locate the JENKINS_JAVA_OPTIONS variable and add the following option "-Dmail.smtp.starttls.enable=true" In my case this is what I had before:
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"
And this is after;
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
restart Jenkins server (in Linux)
/etc/init.d/jenkins restart
Upvotes: 23
Reputation: 35950
Try out the workaround mentioned in the bug itself:
http://issues.hudson-ci.org/browse/HUDSON-2206
In Java:
props.put("mail.smtp.starttls.enable","true");
In Tomcat:
Add JAVA_OPTS=-Dmail.smtp.starttls.enable="true" to tomcat config file.
Upvotes: 1
Related Questions
- Jenkins Email Plugin : Could not connect to SMTP host: smtp.gmail.com, port: 465;
- how to configure email SMTP server in Jenkins?
- Jenkins email configuration
- How to change the security type from SSL to TLS in Jenkins?
- Jenkins - Email-ext plugin - Templates
- Cannot send mail in Jenkins when Running it from war file
- Jenkins console on mail
- Jenkins sending attachments with email plugin
- How to make Jenkins send email for an external test
- Jenkins email plug-in