OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.1.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-620
Mail settings (not working?) (OD-620)
Ruben Flinterman opened 4 years ago

I'm using Cyberpanel with the mail server solution called Rainloop to host my websites but I can't seem to connect my mail to OneDev.

I'm getting the following output:

Please wait...
java.lang.RuntimeException: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.projectsincluded.com:587
    	at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:259)
    	at io.onedev.server.web.page.admin.mailsetting.MailSettingPage$2.runTask(MailSettingPage.java:151)
    	at io.onedev.server.web.component.taskbutton.TaskButton$2.call(TaskButton.java:173)
    	at io.onedev.server.web.component.taskbutton.TaskButton$2.call(TaskButton.java:144)
    	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    	at io.onedev.server.security.SecurityUtils$1.run(SecurityUtils.java:338)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at java.lang.Thread.run(Thread.java:748)
    Caused by: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.projectsincluded.com:587
    	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1469)
    	at org.apache.commons.mail.Email.send(Email.java:1496)
    	at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:257)
    	... 8 more
    Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
      nested exception is:
    	javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2064)
    	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:724)
    	at javax.mail.Service.connect(Service.java:388)
    	at javax.mail.Service.connect(Service.java:246)
    	at javax.mail.Service.connect(Service.java:195)
    	at javax.mail.Transport.send0(Transport.java:254)
    	at javax.mail.Transport.send(Transport.java:124)
    	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1459)
    	... 10 more
    Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.ssl.Alert.createSSLException(Alert.java:131)
    	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
    	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
    	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
    	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
    	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
    	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
    	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
    	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
    	at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
    	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
    	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:598)
    	at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:525)
    	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2059)
    	... 17 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
    	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
    	at sun.security.validator.Validator.validate(Validator.java:271)
    	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
    	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
    	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
    	... 30 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
    	... 36 more

There is a valid SSL certificate on the mail server and rDNS is enabled.

  • Robin Shen commented 4 years ago

    Looks like that the certificate is not recognized by the JVM running OneDev. Are your mail server using a self-signed certificate?

  • Ruben Flinterman commented 4 years ago

    No, I'm using a certificate generated by Cloudflare.

  • Robin Shen commented 4 years ago
    How are you running OneDev? Via docker or via JVM?
  • Ruben Flinterman commented 4 years ago

    I'm currently running it with JVM though I'm thinking about docker.

  • Robin Shen commented 4 years ago
    Please make sure to run OneDev with latest Java 17 LTS version to see if it recognizes your CA. 
  • Ruben Flinterman commented 4 years ago

    I'm currently running

    openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
OpenJDK 64-Bit Server VM (build 25.312-b07, mixed mode)

    According to java -version (I'm not sure how to update the Java version)

    I was able to get it to work on port 25 without StartTLS enabled, though the secure ports are still giving the same error (In the case I use a secured port I enable StartTLS).

  • Robin Shen commented 4 years ago

    JDK 1.8 is pretty old, and it may not include latest CA root certificates. Try JDK 17 if you want to enable TLS.

  • Robin Shen changed state to 'Closed' 4 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • Robin Shen commented 4 years ago

    How are you running OneDev? Via docker or via JVM?

  • Robin Shen commented 4 years ago

    Please make sure to run OneDev with latest Java 17 LTS version to see if it recognizes your CA. 

issue 1/1
Type
Question
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
OD-620
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover