OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.5.2
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #620
#620  Mail settings (not working?)
Closed
Ruben Flinterman opened 2 years ago

I'm using Cyberpanel with the mail server solution called Rainloop to host my websites but I can't seem to connect my mail to OneDev.

I'm getting the following output:

Please wait...
java.lang.RuntimeException: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.projectsincluded.com:587
    	at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:259)
    	at io.onedev.server.web.page.admin.mailsetting.MailSettingPage$2.runTask(MailSettingPage.java:151)
    	at io.onedev.server.web.component.taskbutton.TaskButton$2.call(TaskButton.java:173)
    	at io.onedev.server.web.component.taskbutton.TaskButton$2.call(TaskButton.java:144)
    	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    	at io.onedev.server.security.SecurityUtils$1.run(SecurityUtils.java:338)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at java.lang.Thread.run(Thread.java:748)
    Caused by: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.projectsincluded.com:587
    	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1469)
    	at org.apache.commons.mail.Email.send(Email.java:1496)
    	at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:257)
    	... 8 more
    Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
      nested exception is:
    	javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2064)
    	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:724)
    	at javax.mail.Service.connect(Service.java:388)
    	at javax.mail.Service.connect(Service.java:246)
    	at javax.mail.Service.connect(Service.java:195)
    	at javax.mail.Transport.send0(Transport.java:254)
    	at javax.mail.Transport.send(Transport.java:124)
    	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1459)
    	... 10 more
    Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.ssl.Alert.createSSLException(Alert.java:131)
    	at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
    	at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
    	at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
    	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
    	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
    	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
    	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
    	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
    	at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
    	at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
    	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:598)
    	at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:525)
    	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2059)
    	... 17 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
    	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
    	at sun.security.validator.Validator.validate(Validator.java:271)
    	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
    	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
    	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
    	... 30 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
    	... 36 more

There is a valid SSL certificate on the mail server and rDNS is enabled.
Robin Shen commented 2 years ago

Looks like that the certificate is not recognized by the JVM running OneDev. Are your mail server using a self-signed certificate?
Ruben Flinterman commented 2 years ago

No, I'm using a certificate generated by Cloudflare.
Robin Shen commented 2 years ago
How are you running OneDev? Via docker or via JVM?
Ruben Flinterman commented 2 years ago

I'm currently running it with JVM though I'm thinking about docker.
Robin Shen commented 2 years ago
Please make sure to run OneDev with latest Java 17 LTS version to see if it recognizes your CA. 
Ruben Flinterman commented 2 years ago

I'm currently running

openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
OpenJDK 64-Bit Server VM (build 25.312-b07, mixed mode)

According to java -version (I'm not sure how to update the Java version)

I was able to get it to work on port 25 without StartTLS enabled, though the secure ports are still giving the same error (In the case I use a secured port I enable StartTLS).
Robin Shen commented 2 years ago

JDK 1.8 is pretty old, and it may not include latest CA root certificates. Try JDK 17 if you want to enable TLS.
Robin Shen changed state to 'Closed' 2 years ago
Previous Value Current Value 
Open
 
Closed
Robin Shen commented 2 years ago

How are you running OneDev? Via docker or via JVM?
Robin Shen commented 2 years ago

Please make sure to run OneDev with latest Java 17 LTS version to see if it recognizes your CA. 
issue 1 of 1
Type
Question
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
onedev/server#620
Please wait...
Page is in error, reload to recover