commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Siegfried Goeschl <>
Subject Re: [email] embed/include dynamic Java Server Pages content in email/NTLM Authentication to Exchange Server
Date Wed, 18 Aug 2010 21:56:56 GMT
Hi Ferindo,

you are not annoying anyone ... :-) ... I will add your information to 
the FAQ section since information regarding NTLM setup are hard to find 
and I'm glad you take all the time to prepare the information.


Siegfried Goeschl

On 17.08.10 05:10, Ferindo Middleton wrote:
> I finally figured out how to get the emails sent using NTLM authentication
> to a MS Exchange server for my webapps on my Tomcat servlet container again.
> Using the new NTLM support provided in the JavaMail API, I was able to
> configure a JNDI resource in the Tomcat server.xml file to be used by the
> mailer 1.1 taglib. I originally started using commons-email because I
>   thought it was a viable option I could use to support sending emails from
> my JSPs with the same dynamic content provided by the JSP but I later
> discovered that commons-email would not provide the integration I needed
> with my JSPs for rapid development. While possible, it would require a whole
> lot of java coding that I just don't have the time for. I'll paste the
> config below because I think someone replied to previous posts I made
> indicating that it would be useful for further integration for commons-email
> package to know what my NTLM config required in order to work. Please note
> that I realize some of this isn't necessarily required for the NTLM
> authentication to work and there are a couple lines, maybe 3, that I hadn't
> tried just leaving out, but just my preference in total config options for
> JavaMail. This below works for my Tomcat JNDI resource config (I'm using
> JavaMail 1.4.3): (I know this isn't exactly the right list but in caase
> you'd like to know, I tested what I write below on both Tomcat 5 and 6 and
> works)
>   <Context path=".......Tomcat configuration for my webapp goes here)
> <Resource name=".... (I setup a database resource for this webapp here)
> <!-- JavaMail Configuration starts here -->
> <Resource name="mail/Session" auth="Container"
>              type="javax.mail.Session"
>              mail.smtp.from="
>              username="useridthatwillautheicatetoexchangeservertosendmessage"
>              password="passwordofuseraccountabove"
>              mail.transport.protocol="smtp"
>              mail.smtp.auth="true"
> mail.smtp.auth.ntlm.domain="thenetworkidofexchangeserveronthenetwork"
>    "thenetworkidofexchangeserveronthenetwork"
>              mail.smtp.port="25"
> mail.smtp.user="useridthatwillautheicatetoexchangeservertosendmessage"
>              mail.smtp.password="passwordofuseraccountabove"
>              mail.debug="true"
>    "*"
>              mail.smtp.starttls.enable="true"
>              mail.smtp.dsn.notify="FAILURE,DELAY"
>              mail.smtp.dsn.ret="FULL"
>              mail.smtp.sendpartial="true"
> I used the documentation provided for Package com.sun.mail.smtp located
> here:
> I also had to download the latest jcifs jar file from the JCIFS site:
> which is available under the LGPL license and of
> course include that in the server's Classpath along with the JavaMail .jar
> I imagine that if you're using commons-email, you'd need to include it in
> your path as well.  Note that the 1.2.x versions JCIFS won't work as the API
> has apparently changed incompatibly so you have to use versions released
> after 1.2. The SMTP and IMAP providers in the JavaMail download support the
> use of NTLM with the following properties used to configure the NTLM
> support:
> mail.<protocol>.auth.ntlm.domain
>      The NTLM authentication domain.
> mail.<protocol>.auth.ntlm.flags
>      NTLM protocol-specific flags.
>      See for details.
> So the main part of my Tomcat configuration above actually turning on the
> NTLM support is the "mail.smtp.auth.ntlm.domain" part but I imagine of
> course  I do still need to provide login credentials... and I think I also
> needed to specify that auth is true and the"*" I think
> was especially important because, in previous testing, I noted how JavaMail
> was apparently unable to trust the Exchange server's certificate.... the
>"*" says to just trust everybody. This option takes a
> white-space separated list of hosts, those hosts are trusted so I guess I
> could've just put the servers network id there (the same serverid I provided
> in "mail.smtp.auth.ntlm.domain") but I was unsure if it would simply work so
> I just said trust everybody and I think it's pretty safe to do that here
> though because this webapp is behind a pretty secure firewall.
> For some odd reason, I did have to include the authentication credentials
> above twice as I did in the config above but I think that is just because
> the actual Mailer Taglib I'm using requires login credentials for
> authentication to the server and for some reason the "mail.smtp.user"&
> "mail.smtp.password" lines weren't enough to make the authentication happen.
> I did have to specify the port to use but I'm not really sure if I needed
> "" as I did say "mail.smtp.auth.ntlm.domain=xxxxx" which
> is absolutely necessary for NTLM but the server network id is just exactly
> the same for both these options... It worked so I left it.
> Luckily, I didn't even have to use the "flags" options above in my config
> (the flags seemed very very complicated but I guess if this Exchange
> server's configuration was more sophisticated, I might have had to spend
> another month trying to figure out the flags which are apparently included
> in the header and setting them here I suppose would provide other options
> not present in the standard JavaMail API)
> They noted in the documentation for NTLM that this capability is very new
> and has NOT been thoroughly tested and the APIs and properties used to
> control it should be considered EXPERIMENTAL. They may be changed in the
> future in ways that are incompatible with applications using the current
> APIs and properties.
> I'm just glad that support for Microsoft's proprietary NTLM authentication
> mechanism is supported and that I am able to configure the the JavaMail at
> the Tomcat server level so I could continue using this old unsupported
> Mailer 1.1 taglib (
> instead of heavy Java coding with commons-email.... Now all I've got to do
> is figure out how to attach a file from the database resource in my config
> above to the emails (I was able to get past alot of Java coding to get the
> email sent but I think I'm going to have to actually develop some Java code
> still because the Mailer tag doesn't have very good API for including
> attachments from a database in the tag)
> Hope my info above helps with commons-email integration with JavaMail NTLM
> authentication and doesn't annoy anyone... I'll stop posting here now
> because I'm really not using commons-email anymore but I'll keep it in mind
> if I have to send a more simple non-JSP-integrated email messages using java
> technology on a future project.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message