james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Kaegi" <...@brainware.ch>
Subject RE: javax.mail.Session access protection (part IV),
Date Mon, 11 Mar 2002 16:08:53 GMT
... from scratch.

Test case:

It's the JAMES default javax.mail.Session secure? I think no!

Test environment: 

OS: MS Windows 2000
JDK: 1.3
JAMES: James 2.0a2

Test description:

- Install and configure JAMES (only DNS must be set).
- Run JAMES.
- View JAMESMailSessionHackTest source code. No SMTP host, user or 
password will be set to connect to the SMTP server (in our case JAMES). 
Because no SMTP host is set the default will be used and this is 
- Run JAMESMailSessionHackTest as first argument you must specify an 
recipient email address.
- Check if the recipient has received an email from 'jmsht@brainware.ch' 
with the subject: 'JAMESMailSessionHackTest....!!!!!!!!!!!!!!!!!!!'. In my 
case is it like that.

JAMESMailSessionHackTest source code:

import java.util.*;

import javax.mail.*;
import javax.mail.internet.*;

 * This class gets the default mail session from JAMES
 * and sends an email to specified recipient.
 * @author  Michael Kaegi (kam@brainware.ch)
 * @version 1.0
public class JAMESMailSessionHackTest {

    private Session session;

    public static void main(String[] args) {

        JAMESMailSessionHackTest jt = new JAMESMailSessionHackTest();

    private void getMailSession() {

        Properties props = new Properties();
        session = Session.getDefaultInstance(props, null);

    private void sendMail(String recipient) {

        try {

            System.out.println("Session mail.smtp.host: " + 
            System.out.println("Session mail.user: " + 

            MimeMessage mm = new MimeMessage(session);
            mm.setFrom(new InternetAddress("jmsht@brainware.ch"));
            mm.addRecipient(Message.RecipientType.TO, new 

        } catch(Exception e) {

            System.out.println("Exception: ");

Question: Why you can get the JAMES default javax.mail.Session without a 
valid authentication? See JavaMail specification.

Question: Why is the JAMES default javax.mail.Session not protected with 
an authentication? 

Question: Is this a JAMES Bug, Feature or?

Thanx ?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message