Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-78939

Jira attempts to authenticate with the SMTP server even though authentication is not configured

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Low Low
    • None
    • 9.4.30, 10.3.6
    • Mail Server
    • None

      Issue Summary

      When connecting to a SMTP server without any credentials configured by the admin, if the SMTP server requests authentication, Jira will always attempt authentication - using a username and password corresponding to the Jira service account name.

      This is not expected as the admin did not configure auth, and the SMTP server would otherwise accept the mail had the client proceeded without attempting auth.

      Steps to Reproduce

      To save time configuring a mail server, we can simulate the flow using Jira and nc :

      1. Under Jira Admin - Logging and Profiling, enable mail debug, and add DEBUG on package com.sun.mail.smtp
      2. nc -l -p 25
      3. Jira Admin -> Outgoing Mail -> Create new
      4. Simulate an unauthenticated mail server by specifying Authentication method: Password (basic authentication) and do not provide an optional username or password:
      5. Click Test
      6. In your nc console, respond with 
        220 myhost Microsoft ESMTP MAIL Service ready at Tue, 1 Jul 2025 13:21:52 +1200
      7. When Jira EHLO you, respond including an AUTH response: 
        250-myhost Hello [10.1.1.1]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH PLAIN
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8

      Expected Results

      Jira does not attempt a login flow, rather, proceeds with it's business - NOOP for test connection, or FROM: blah when sending a mail.

      Some mail servers (cited "Microsoft ESMTP MAIL Service") can provide AUTH but still accept anonymous connection.

      Actual Results

      Jira tries to auth with the username and password both set to the Linux/Windows username that Jira runs as. If "jira", Jira will respond with:

      AUTH PLAIN amlyYQBqaXJhAA==

      The debug logs on Jira side reveal:

      cat atlassian-jira-outgoing-mail.log  | grep -Po "c.atlassian.mail.outgoing\] \K.*"
 DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Oracle]
 DEBUG SMTP: useEhlo true, useAuth false
 DEBUG SMTP: trying to connect to host "linux-105119.prod.atl-cd.net", port 25, isSSL false
 220 linux-105119.prod.atl-cd.net Microsoft ESMTP MAIL Service ready at Tue, 1 Jul 2025 13:21:52 +1200
 DEBUG SMTP: connected to host "linux-105119.prod.atl-cd.net", port: 25
 EHLO 3210c393505e
 250-linux-105119.prod.atl-cd.net Hello [10.1.1.1]
 250-SIZE 37748736
 250-PIPELINING
 250-DSN
 250-ENHANCEDSTATUSCODES
 250-STARTTLS
 250-AUTH PLAIN
 250-8BITMIME
 250-BINARYMIME
 250-CHUNKING
 250 SMTPUTF8HELO 3210c393505e
 DEBUG SMTP: Found extension "SIZE", arg "37748736"
 DEBUG SMTP: Found extension "PIPELINING", arg ""
 DEBUG SMTP: Found extension "DSN", arg ""
 DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
 DEBUG SMTP: Found extension "STARTTLS", arg ""
 DEBUG SMTP: Found extension "AUTH", arg "PLAIN"
 DEBUG SMTP: Found extension "8BITMIME", arg ""
 DEBUG SMTP: Found extension "BINARYMIME", arg ""
 DEBUG SMTP: Found extension "CHUNKING", arg ""
 DEBUG SMTP: Found extension "SMTPUTF8HELO", arg "3210c393505e"
 DEBUG SMTP: protocolConnect login, host=linux-105119.prod.atl-cd.net, user=jira, password=<non-null>
 DEBUG SMTP: Attempt to authenticate using mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM XOAUTH2
 DEBUG SMTP: mechanism LOGIN not supported by server
 DEBUG SMTP: Using mechanism PLAIN
 DEBUG SMTP: AUTH PLAIN command trace suppressed
 DEBUG SMTP: bad server response:
 DEBUG SMTP: AUTH PLAIN failed

      How other products behave

      Confluence 9.2.3 performs as expected:

      220 linux-105119.prod.atl-cd.net Microsoft ESMTP MAIL Service ready at Tue, 1 Jul 2025 13:21:52 +1200
EHLO 7d1b1e4a7796
250-linux-105119.prod.atl-cd.net Hello [10.1.1.1]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH PLAIN
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
MAIL FROM:<conf@conf.local>

      Workaround

      If the SMTP server supports it, one can force the extended hello off which forces off authentication.

      1. Add the system property 
        -Dmail.smtp.ehlo=false
      2. Restart Jira

        1. image-2025-07-04-11-45-16-833.png
          270 kB
          Alex [Atlassian,PSE]

              Unassigned Unassigned
              allewellyn@atlassian.com Alex [Atlassian,PSE]
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: