Search code examples
ssljakarta-mailimap

Javamail and TLS authentication for IMAP

I am trying to connect to a mail server that does not support plain text authentication. I have disabled the plain text authentication in the code by setting in the properties:

    props.put("mail.imap.auth.plain.disable", "true");
    props.put("mail.imap.auth.ntlm.disable", "true");
    props.put("mail.imap.auth.gssapi.disable", "true");

However, when I execute the code looks like plain text authentication is still happening:

A2 OK CAPABILITY completed.
DEBUG IMAP: AUTH: PLAIN

Full log is below...

DEBUG: setDebug: JavaMail version 1.4.7
DEBUG: getProvider() returning javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle]
DEBUG IMAP: mail.imap.fetchsize: 16384
DEBUG IMAP: mail.imap.ignorebodystructuresize: false
DEBUG IMAP: mail.imap.statuscachetimeout: 1000
DEBUG IMAP: mail.imap.appendbuffersize: -1
DEBUG IMAP: mail.imap.minidletime: 10
DEBUG IMAP: disable AUTH=PLAIN
DEBUG IMAP: disable AUTH=NTLM
DEBUG IMAP: enable STARTTLS
DEBUG IMAP: trying to connect to host "imap4.xxx.com", port 143, isSSL false
* OK The Microsoft Exchange IMAP4 service is ready.
A0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS CHILDREN IDLE NAMESPACE LITERAL+
A0 OK CAPABILITY completed.
DEBUG IMAP: protocolConnect login, host=imap4.xxx.com.au, user=testUser, password=<non-null>
A1 STARTTLS
A1 OK Begin TLS negotiation now.
A2 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN CHILDREN IDLE NAMESPACE LITERAL+
A2 OK CAPABILITY completed.
DEBUG IMAP: AUTH: PLAIN
DEBUG IMAP: LOGIN command trace suppressed
DEBUG IMAP: LOGIN command result: A3 NO LOGIN failed.
javax.mail.AuthenticationFailedException: LOGIN failed.
    at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:661)
    at javax.mail.Service.connect(Service.java:295)
    at javax.mail.Service.connect(Service.java:176)

Is there anything else that needs to be done to make sure that plain text authentication does not happen.

PS : I have imported the server's cert into cacerts.

Solution

  • This line:

    * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN CHILDREN IDLE NAMESPACE LITERAL+

    ...means that the server only supports plaintext authentication through the AUTH PLAIN command. No other authentication mechanisms are supported (except LOGIN, of course). Either the server is hopelessly broken or misconfigured, or your assumption that the server doesn't support "plain authentication" is wrong.