Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-3912

Fisheye mail doesn't work with SMTPS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • 2.7.10, 4.5.3
    • None

      Currently you can configure Fisheye to use TLS as we set mail.smtp.starttls.enable to TLS

      But if you're using SMTPS we need to set mail.smtp.ssl.enable value.

      This means Fisheye won't work with Amazon's SES SMTP gateway

      Workaround

      Option #1

      Use an SMTP proxy. Examples:

      Option #2

      Configure mail library using system properties. Steps:

      1. Create a javamail.address.map file in the JAVA_HOME/lib directory. Content of the file should be as follows. This file will switch default email protocol from smtp to smtps:

      rfc822=smtps

      Keep in mind that this will affect all Java applications running on this machine. In case Fisheye/Crucible is not the only one, consider installing another, dedicated JRE for Fisheye/Crucible with this file present.

      2. Set the following JVM properties in FISHEYE_OPTS 

      -Dmail.smtp.ssl.enable=true -Dmail.smtps.auth=true -Dmail.smtps.host=smtp.gmail.com -Dmail.smtps.port=465
      • mail.smtp.ssl.enable - this will enable SMTPS instead of StartTLS
      • mail.smtps.auth - to require authentication for SMTPS
      • mail.smtps.host / mail.smtps.port - values from the 'Administration > Server > Mail server' page will be ignored when SMTPS is enabled, therefore you have to provide them using these flags; use your server address and port, the example above works with GMail

      You may also want to add the following ones:

      -Dmail.debug=true -Dmail.smtp.ssl.protocols=TLSv1.2
      • mail.debug - extra debug logging for troubleshooting
      • mail.smtp.ssl.protocols=TLSv1.2 - restrict protocol to TLS v 1.2

      3. Configure other mail settings on the 'Administration > Server > Mail server > Edit config' page

      • Use TLS/SSL = set to false, as you will be connecting via SMTPS, not StartTLS
      • Username / Password = put credentials

            [FE-3912] Fisheye mail doesn't work with SMTPS

            Craig Solinski added a comment -

            This worked great for us, our shop requires TLS1.2 or TLS1.3 be used with Mail.

            Change javamail jar from the ancient 1.4 delivered with fisheye to 1.6.2 (most recent available online). Simply remove the one and add the other.
            Add Fisheye OPT: -Dmail.smtp.ssl.protocols=TLSv1.2
            Works fine now...
            And I've requested Atlassian implement in there next release. I can hardly believe they are still sending out the ancient 1.4 mail jar...

            Craig Solinski added a comment - This worked great for us, our shop requires TLS1.2 or TLS1.3 be used with Mail. Change javamail jar from the ancient 1.4 delivered with fisheye to 1.6.2 (most recent available online). Simply remove the one and add the other. Add Fisheye OPT: -Dmail.smtp.ssl.protocols=TLSv1.2 Works fine now... And I've requested Atlassian implement in there next release. I can hardly believe they are still sending out the ancient 1.4 mail jar...

            Marek Parfianowicz added a comment - - edited

            Hello everyone, I have a question. Did you try to set the -Dmail.smtp.ssl.enable=true JVM property (e.g. in FISHEYE_OPTS) along with other properties (like user, host, port ...)?

            See list of properties here:
            https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html

            Note that if you're using the "smtps" protocol to access SMTP over SSL, all the properties would be named "mail.smtps.*".

            https://www.oracle.com/technetwork/java/sslnotes-150073.txt

            Marek Parfianowicz added a comment - - edited Hello everyone, I have a question. Did you try to set the -Dmail.smtp.ssl.enable=true JVM property (e.g. in FISHEYE_OPTS) along with other properties (like user, host, port ...)? See list of properties here: https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html Note that if you're using the "smtps" protocol to access SMTP over SSL, all the properties would be named "mail.smtps.*". https://www.oracle.com/technetwork/java/sslnotes-150073.txt

            Marek Parfianowicz added a comment -

            Proposed solution: on the "Server settings" page, change the existing "Use SSL/TLS" toggle to have three options:

            • none
            • STARTTLS (which will set mail.smtp.starttls.enable property)
            • SMTPS (which will set mail.smtp.ssh.enable property)

            Marek Parfianowicz added a comment - Proposed solution: on the "Server settings" page, change the existing "Use SSL/TLS" toggle to have three options: none STARTTLS (which will set mail.smtp.starttls.enable property) SMTPS (which will set mail.smtp.ssh.enable property)

            Raven Ng added a comment -

            It is unlikely for our email provider to support STARTTLS since it already supports SMTPS.

            If possible, we would like to embrace a consistent deployment model across all Atlassian products.

            It is pretty awkward to preach Atlassian products to a technical work group.
            "Atlassian products are really easily to setup and maintain. Except for that 1 product.... that needs an additional email relay"

            Raven Ng added a comment - It is unlikely for our email provider to support STARTTLS since it already supports SMTPS. If possible, we would like to embrace a consistent deployment model across all Atlassian products. It is pretty awkward to preach Atlassian products to a technical work group. "Atlassian products are really easily to setup and maintain. Except for that 1 product.... that needs an additional email relay"

            Gary Steffens added a comment -

            David,
            We're running FishEye/Crucible on a Windows Server 2003 system. I was able to get around this by installing hMailServer and using it as a local SMTP email relay. It forwards all emails to our email server via SSL/TLS on port 465 and works great.
            If your running under Linux, perhaps you can set up a local email relay.
            Hope that helps,
            Gary

            Gary Steffens added a comment - David, We're running FishEye/Crucible on a Windows Server 2003 system. I was able to get around this by installing hMailServer and using it as a local SMTP email relay. It forwards all emails to our email server via SSL/TLS on port 465 and works great. If your running under Linux, perhaps you can set up a local email relay. Hope that helps, Gary

            ddorsett added a comment -

            Ditto. Need the SSL/TLS and port 465 support fixed!

            ddorsett added a comment - Ditto. Need the SSL/TLS and port 465 support fixed!

            Gary Steffens added a comment -

            I'm having the same problem. Our SMTP server doesn't support STARTTLS and probably won't.
            We really need to have SSL supported as trying to inform people via manual emails is not a good solution.
            Thanks!

            Gary Steffens added a comment - I'm having the same problem. Our SMTP server doesn't support STARTTLS and probably won't. We really need to have SSL supported as trying to inform people via manual emails is not a good solution. Thanks!

              Unassigned Unassigned
              asridhar AjayA
              Affected customers:
              14 This affects my team
              Watchers:
              18 Start watching this issue

                Created:
                Updated: