I wrote a java program to implement smtp.
My input consists of five arguments:
localhost 25 localhost.com loaclhost.com "hellooo"
I am getting the following error:
D:trying to connect to server
D:connected
D:response: 220 localhost ESMTP server ready.
D:sending command: HELO SRIJA-PC
D:response: 250 localhost Hello, SRIJA-PC.
D:sending command: MAIL from: localhost.com
D:response: 250 Sender OK - send RCPTs.
D:sending command: RCPT to: localhost.com
D:response: 553 Invalid RFC821 mailbox specification.
Error while sending: Error while executing cmd RCPT to: localhost.com:553-Invalid RFC821 mailbox specification.
Can you please help me to solve the error?
The error message states, that your command RCPT to: localhost.com was faulty.
RFC821 ist the specification for the SMTP protocol.
The error code 553 represents the following:
553 Requested action not taken: mailbox name not allowed [E.g., mailbox syntax incorrect]
So you simply did not enter a correct recipient. Try to enter a full e-mail address which contains a # symbol.
This is a simple example taken from the RFC821 showing how to send an e-mail correctly:
R: 220 BBN-UNIX.ARPA Simple Mail Transfer Service Ready
S: HELO USC-ISIF.ARPA
R: 250 BBN-UNIX.ARPA
S: MAIL FROM:<Smith#USC-ISIF.ARPA>
R: 250 OK
S: RCPT TO:<Jones#BBN-UNIX.ARPA>
R: 250 OK
S: RCPT TO:<Green#BBN-UNIX.ARPA>
R: 550 No such user here
S: RCPT TO:<Brown#BBN-UNIX.ARPA>
R: 250 OK
S: DATA
R: 354 Start mail input; end with <CRLF>.<CRLF>
S: Blah blah blah...
S: ...etc. etc. etc.
S: .
R: 250 OK
S: QUIT
R: 221 BBN-UNIX.ARPA Service closing transmission channel
The RCPT to: command is supposed to contain the email address of the intended recipient, e.g. a.user#localhost.com, but you appear to have entered RCPT to: localhost.com. See Section 3.3 of RFC 5321 (https://www.rfc-editor.org/rfc/rfc5321#section-3.3):
The second step in the procedure is the RCPT command. This step of
the procedure can be repeated any number of times.
RCPT TO:<forward-path> [ SP <rcpt-parameters> ] <CRLF>
The first or only argument to this command includes a forward-path
(normally a mailbox and domain, always surrounded by "<" and ">" brackets) identifying one recipient.
"localhost.com" is not a valid email address, hence the mail server is replying with "Invalid RFC821 mailbox specification".
Related
I am trying to upload file to ftp server using Java.
What i got so far is
fun uploadData(): Boolean {
val ftpClient = FTPSClient()
ftpClient.addProtocolCommandListener(
PrintCommandListener(PrintWriter(OutputStreamWriter(System.out, "UTF-8")), true)
)
ftpClient.connect(ftpProperties.server)
try {
ftpClient.enterLocalPassiveMode()
ftpClient.login(ftpProperties.username, ftpProperties.password).takeIf { !it }?.let {
log.error("cannot login to ftp")
throw Exception("cannot login to ftp")
}
ftpClient.enterLocalPassiveMode()
ftpClient.soTimeout = 10000
ftpClient.dataTimeout = Duration.ofSeconds(10)
ftpClient.execPBSZ(0)
ftpClient.execPROT("P")
ftpClient.changeWorkingDirectory("/")
ftpClient.setFileType(FTP.BINARY_FILE_TYPE)
ftpClient.enterLocalPassiveMode()
} catch (ie: IOException) {
log.error("ftp initialization error", ie)
throw Exception("ftp initialization error")
}
val remoteFile = "top.txt.gz"
val data = FileInputStream(File("top.txt.gz"))
var done = false
try {
done = ftpClient.storeFile(remoteFile, data)
} catch (e: Exception) {
log.error(e) { "error" }
}
data.close()
if (done) {
return true
}
log.error { "${ftpClient.replyCode} ${ftpClient.replyString}" }
throw RuntimeException("File not stored $remoteFile")
}
Code does not seem to be working properly. After starting it i get error code on line with code:
done = ftpClient.storeFile(remoteFile, data)
org.apache.commons.net.io.CopyStreamException: IOException caught while copying.
Caused by: java.net.SocketException: Connection reset by peer
I could not find anything wrong in ftp log
220 Private FTP server
AUTH TLS
234 Proceed with negotiation.
USER *******
331 Please specify the password.
PASS *******
230 Login successful.
PBSZ 0
200 PBSZ set to 0.
PROT P
200 PROT now Private.
CWD /
250 Directory successfully changed.
TYPE I
200 Switching to Binary mode.
PASV
227 Entering Passive Mode (x,x,x,x,x,x).
STOR top.txt.gz
150 Ok to send data.
I am able to connect and upload files to that ftp server from the same machine that i start Java/Kotlin code, using filezilla.
Filezilla log looks like that:
Status: Connection established, waiting for welcome message...
Response: 220 Private FTP server
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Command: USER k8s_search
Response: 331 Please specify the password.
Command: PASS ******************
Response: 230 Login successful.
Status: Server does not support non-ASCII characters.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Logged in
Status: Starting upload of /home/x/x/top.txt.gz
Command: CWD /
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (x,x,x,x,x,x).
Command: STOR top.txt.gz
Response: 150 Ok to send data.
Response: 226 Transfer complete.
Status: File transfer successful, transferred 2.6 MB in 1 second
I connot figure out if problem is in my code or is it anything else. Filezilla working correctly indicates that problem lies in code.
I'm troubleshooting some SSL/TLS problems, with -Djavax.net.debug on the command line and it would help immensely to have some logging where the server certificate is logged in a format which can be parsed and read.
I tried following debug settings:
-Djavax.net.debug=ssl:record:plaintext
-Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager
-Djavax.net.debug=ssl:handshake:verbose
The closed I came was with the last statement which logs the following:
10/11/2021 10:27:36 "version" : "v3",
10/11/2021 10:27:36 "serial number" : "I8 00 00 00 00 D2 91 BH 88 A4 10 58 00 00 02 00 04 9E 4B",
10/11/2021 10:27:36 "signature algorithm": "SHA256withRSA",
10/11/2021 10:27:36 "issuer" : "CN=test, DC=test, DC=test, DC=com",
10/11/2021 10:27:36 "not before" : "2021-07-23 17:38:30.000 UTC",
10/11/2021 10:27:36 "not after" : "2026-07-22 17:38:30.000 UTC",
10/11/2021 10:27:36 "subject" : "CN=CNTest, OU=TIS, O="ACME Inc", L=France, ST=Paris, C=EU",
10/11/2021 10:27:36 "subject public key" : "RSA",
10/11/2021 10:27:36 "extensions" : [
...
]
Which is already useful but it would help immensely to have the server certificate in a readable format to further troubleshoot the problem. It would help to compare the certificate we received with the actual that is on the server.
I already tried to use the openssl tooling to print the certificates. But the Java application is also using queues which seems to use different certificates than I was supplied and isn't easy to extract the queue certificates with the openssl tooling.
The above assumption was an incorrect assumption. I found the problem, we only supplied 1 ciphersuite on clientHello. One ciphersuite the server didn't support so that's why the handshaking failed:
11/9/2021 3:24:03 PMSession ID: {}
11/9/2021 3:24:03 PMCipher Suites: [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256]
11/9/2021 3:24:03 PMCompression Methods: { 0 }
...
READ: TLSv1.2 Alert, length = 2
RECV TLSv1.2 ALERT: fatal, handshake_failure
called closeSocket()
handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
But still the original question stands and would be useful for debugging.
sources:
https://colinpaice.blog/2020/04/05/using-java-djavax-net-debug-to-examine-data-flows-including-tls/
https://access.redhat.com/solutions/973783
Using openssl to get the certificate from a server
https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
For the old stack (below 8u261 or 11) in all cases, and the new stack when the protocol used (negotiated) is TLS1.2 or below, javax.net.debug=ssl:handshake:packet will show you a 'raw write' for each outgoing record with (all) the data in hex and ASCII, and at least two 'raw read' for each incoming record (one for the header of 5 bytes, and one or more for the data) ditto. The fields going into an outgoing record are shown before the record, while the fields decoded from an incoming record are shown after it. For example on a connection to https://example.com after (build and) write the ClientHello and read (and decode) the ServerHello, I get for the Certificate message/record this pastebin (otherwise exceeds Stack size limit).
Take the body data (only) and on Unix, or WSL, run it through cut -c9-58 <hex | xxd -r -p >bin (for old stack -c7-56). The file bin now contains the Certificate message exactly as received: the first byte is 0B, the next three bytes are the (bigendian) length of the body of the message, the next three bytes are the length of the certificate list, and the next three are the length of the first certificate. To separate out that first certificate, do tail -c+11 bin | head -c$((0x$(xxd -p -s7 -l3 bin))) >cert1. You can now convert the cert to PEM with openssl x509 -inform d <cert1 or examine it with any other x509 options, or examine it with keytool -printcert -file cert1, or any other suitable tool. If you want (all or some of) the other cert(s) in the chain, it's a little more complicated.
TLS1.3, in new stack only, is slightly different. It encrypts the Certificate message and may have a hello-retry cycle, may have an early CCS, and will have an EncryptedExtensions message before the Certificate. Add :plaintext to the sysprop and for each incoming record you get a raw read of the header (5 bytes) in clear, a raw read of the body in cipher, and a decryption of the body, like this for the Certificate message/record.
This message differs slightly from the previous protocol version by having one byte of 00 between the message length and the certificate-list length, so change to: tail -c+12 bin | head -c$((0x$(xxd -p -s8 -l3 bin))).
Note some servers may combine messages in one handshake record (or encrypted handshake record), rather than using a separate record for each as example.com did, which will require a slight variation. If you have an example (accessible) of such, I will adjust.
However, I have no idea what you mean by 'queues' in an SSL/TLS connection, and why the much easier openssl s_client isn't usable. If you mean virtual hosting with the server choosing among multiple certificates using SNI, see the man page description of the -servername x option.
It is not possible to get the server certificate as pem with javax.net.debug You can try the following snippet which I also use for my own project:
Map<String, List<String>> certificates = CertificateUtils.getCertificateAsPem(
"https://github.com/",
"https://stackoverflow.com/");
It will extract all the certificates for the given urls in pem format. It is available within my own library which is publicly available here: GitHub - SSLContext Kickstart
Or you can also do the same with a CLI, see here: GitHub - Certificate Ripper Below is an example of the snippet above:
crip print -u=https://github.com -u=https://stackoverflow.com -f=pem
Please let me know if this is something which will do the trick for you
I changed the MQIVP sample in MQ with a server connection channel of my own local.server.con and it is working fine. But I tried connecting to the same channel with PCFMessageAgent and the connection is failing with errors in MQ log. What is the relation between my channel and SYSTEM.DEFAULT.MODEL.QUEUE which gives the error.
C:\Program Files\IBM\WebSphere MQ\Tools\wmqjava\samples>java -Djava.library.path="C:\Program Files\IBM\WebSphere MQ\java\lib" MQIVPMod
Websphere MQ for Java Installation Verification Program
5724-B4 (C) Copyright IBM Corp. 2002, 2014. All Rights Reserved.
================================================================
Please enter the IP address of the MQ server :10.40.1.16
Please enter the port to connect to : (1414)1415
Please enter the server connection channel name :local.server.con
Please enter the user name (or RETURN for none) :test
Please enter the password for the user :test123
Please enter the queue manager name :local
Success: Connected to queue manager.
Success: Opened SYSTEM.DEFAULT.LOCAL.QUEUE
Success: Put a message to SYSTEM.DEFAULT.LOCAL.QUEUE
Success: Got a message from SYSTEM.DEFAULT.LOCAL.QUEUE
Success: Closed SYSTEM.DEFAULT.LOCAL.QUEUE
Success: Disconnected from queue manager
Tests complete -
SUCCESS: This MQ Transport is functioning correctly.
Press Enter to continue ...
My PCFMessageAgent code and error:
new PCFMessageAgent(host, Integer.parseInt(port), channelName); // connect
com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2035'.
at com.ibm.mq.MQDestination.open(MQDestination.java:323)
at com.ibm.mq.MQQueue.<init>(MQQueue.java:236)
at com.ibm.mq.MQQueueManager.accessQueue(MQQueueManager.java:2674)
at com.ibm.mq.pcf.PCFAgent.open(PCFAgent.java:448)
at com.ibm.mq.pcf.PCFAgent.open(PCFAgent.java:394)
at com.ibm.mq.pcf.PCFAgent.connect(PCFAgent.java:287)
at com.ibm.mq.pcf.PCFAgent.<init>(PCFAgent.java:190)
at com.ibm.mq.pcf.PCFMessageAgent.<init>(PCFMessageAgent.java:157)
at test.wmq.PCFTest.main(PCFTest.java:49)
And the MQ log :
5/2/2017 14:01:31 - Process(6048.60) User(MUSR_MQADMIN) Program(amqzlaa0.exe)
Host(BLR_SWG_N09505) Installation(Installation1)
VRMF(8.0.0.4) QMgr(local)
AMQ8077: Entity 'test#blr_swg_n09505' has insufficient authority to access
object 'SYSTEM.DEFAULT.MODEL.QUEUE'.
EXPLANATION:
The specified entity is not authorized to access the required object. The
following requested permissions are unauthorized: get
ACTION:
Ensure that the correct level of authority has been set for this entity against
the required object, or ensure that the entity is a member of a privileged
group.
----- amqzfubn.c : 518 --------------------------------------------------------
5/2/2017 14:01:32 - Process(8004.41) User(MUSR_MQADMIN) Program(amqrmppa.exe)
Host(BLR_SWG_N09505) Installation(Installation1)
VRMF(8.0.0.4) QMgr(local)
AMQ9208: Error on receive from host BLR_SWG_N09505 (10.40.1.16).
EXPLANATION:
An error occurred receiving data from BLR_SWG_N09505 (10.40.1.16) over TCP/IP.
This may be due to a communications failure.
ACTION:
The return code from the TCP/IP recv() call was 10054 (X'2746'). Record these
values and tell the systems administrator.
----- amqccita.c : 4076 -------------------------------------------------------
5/2/2017 14:01:32 - Process(8004.41) User(MUSR_MQADMIN) Program(amqrmppa.exe)
Host(BLR_SWG_N09505) Installation(Installation1)
VRMF(8.0.0.4) QMgr(local)
AMQ9999: Channel 'local.server.con' to host '10.40.1.16' ended abnormally.
EXPLANATION:
The channel program running under process ID 8004(7988) for channel
'local.server.con' ended abnormally. The host name is '10.40.1.16'; in some
cases the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 930 --------------------------------------------------------
You need to go and read up on MQ permissions (i.e. authorizations). It is best to do permissions on the group rather than principle (UserId).
setmqaut -m {QM_NAME} -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -g {GROUP} +put +inq +dsp
setmqaut -m {QM_NAME} -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -g {GROUP} +get +inq +dsp
There is no relation between channels and model queues.
But I think, that the PCFMessageAgent is trying to create a dynamic queue to use as a ReplyToQ to receive responses, and it seems it tries to create the dynamic queue by opening the SYSTEM.DEFAULT.MODEL.QUEUE.
I am experiencing weird problems over IMAP in JavaMail.
I already know alot in terms of JavaMail and I also know where to look for Questions/Answers, yet I cannot find a solution for this issue.
I have IMAP channel, on which I can set SSL enabled or disabled.
When I create new email message (let's say, Subject: "TEST", Body: "HELLO") and send it from Thunderbird client, to be able to download it with my IMAP channel, things are getting weird.
On SSL ENABLED, everything works fine. (in my IMAP channel) I get message from email folder, after successfuly connecting to the store, then i getContent() from this message (it is ALWAYS String type, not MimeMultipart or Multipart), and output is "HELLO".
However, on SSL DISABLED, everything also works fine, but I receive different body. It looks like whole message parsed (look below)
message.getContent().toString(); using SSL
HELLO
message.getContent().toString(); NOT using SSL
Return-Path: and#127.0.0.1
Received: from [127.0.0.1] (localhost [127.0.0.1]) by PC ; Wed, 22 Jan 2014 13:23:17 +0100
Message-ID: <52DFB835.9020300#127.0.0.1>
Date: Wed, 22 Jan 2014 13:23:17 +0100
From: "and#127.0.0.1" <and#127.0.0.1>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: and#127.0.0.1
Subject: TEST
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Does anyone have any idea what's going on? Below are fragments of my code (to show you most important parts:
// properties used to create session
String protocol = useSSL ? "imaps" : imap";
properties.setProperty("mail.store.protocol", protocol);
properties.setProperty("mail." + protocol + ".host", ...);
properties.setProperty("mail." + protocol + ".user", ...);
properties.setProperty("mail." + protocol + ".port", ...);
properties.setProperty("mail." + protocol + ".password", ...);
// only when using ssl
properties.setProperty("mail.imaps.auth", "true");
properties.setProperty("mail.imaps.starttls.enable", "true");
properties.setProperty("mail.imaps.ssl.checkserveridentity", "true");
properties.setProperty("javax.net.ssl.trustStore", ...);
properties.setProperty("javax.net.ssl.trustStorePassword", ...);
// get store and other important things
Store store = this.session.getStore(protocol);
Folder folder = store.getFolder("INBOX");
folder.open(Folder.READ_WRITE);
Message[] newMessages = folder.getMessages();
for (Message newMessage : newMessages) {
Object o = newMessage.getContent();
System.out(o.toString()); // should write "HELLO", but instead it parses whole message (only on NON SSL MODE!)
}
// edit : added debug info
// edit 2 : debug info contains now full details with fetching folder, using { CONTENT_INFO, FLAGS, ENVELOPE }
DEBUG: getProvider() returning javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc]
DEBUG: mail.imap.fetchsize: 16384
DEBUG: protocolConnect returning false, host=127.0.0.1, user=and#127.0.0.1, password=<null>
* OK IMAPrev1
A0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL NAMESPACE RIGHTS=texk
A0 OK CAPABILITY completed
DEBUG: protocolConnect login, host=127.0.0.1, user=and#127.0.0.1, password=<non-null>
A1 LOGIN and#127.0.0.1 password
A1 OK LOGIN completed
DEBUG: connection available -- size: 1
A2 SELECT INBOX
* 1 EXISTS
* 0 RECENT
* FLAGS (\Deleted \Seen \Draft \Answered \Flagged)
* OK [UIDVALIDITY 1378802425] current uidvalidity
* OK [UNSEEN 50167] unseen messages
* OK [UIDNEXT 50168] next uid
* OK [PERMANENTFLAGS (\Deleted \Seen \Draft \Answered \Flagged)] limited
A2 OK [READ-WRITE] SELECT completed
A3 SEARCH UNSEEN ALL
* SEARCH 1
A3 OK Search completed
A4 FETCH 1 (BODYSTRUCTURE)
* 1 FETCH (UID 50167 BODYSTRUCTURE ("TEXT" "PLAIN" ("CHARSET" "UTF-8") NIL "test" "7bit" 7 2))
A4 OK FETCH completed
A5 FETCH 1 (BODY[TEXT]<0.7>)
* 1 FETCH (UID 50167 ENVELOPE ("Tue, 28 Jan 2014 15:08:59 +0100" "test" (("and#127.0.0.1" NIL "and" "127.0.0.1")) (("and#127.0.0.1" NIL "and" "127.0.0.1")) (("and#127.0.0.1" NIL "and" "127.0.0.1")) (("and#127.0.0.1" NIL "and" "127.0.0.1")) NIL NIL NIL "<52E7B9FB.2030409#127.0.0.1>") BODY[HEADER] {479}
Return-Path: and#127.0.0.1
Received: from [127.0.0.1] (localhost [127.0.0.1]) by A-PC ; Tue, 28 Jan 2014 15:08:59 +0100
Message-ID: <52E7B9FB.2030409#127.0.0.1>
Date: Tue, 28 Jan 2014 15:08:59 +0100
From: "and#127.0.0.1" <and#127.0.0.1>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: and#127.0.0.1
Subject: test
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
BODY[TEXT]<0> {7}
HELLO
)
A5 OK FETCH completed
A6 FETCH 1 (FLAGS)
* 1 FETCH (UID 50167 FLAGS (\Seen))
A6 OK FETCH completed
A7 FETCH 1 (ENVELOPE INTERNALDATE RFC822.SIZE FLAGS BODYSTRUCTURE)
* 1 FETCH (UID 50167 RFC822.SIZE 462 FLAGS (\Seen) INTERNALDATE "28-Jan-2014 15:08:59 +0100" ENVELOPE ("Tue, 28 Jan 2014 15:08:59 +0100" "test" (("and#127.0.0.1" NIL "and" "127.0.0.1")) (("and#127.0.0.1" NIL "and" "127.0.0.1")) (("and#127.0.0.1" NIL "and" "127.0.0.1")) (("and#127.0.0.1" NIL "and" "127.0.0.1")) NIL NIL NIL "<52E7B9FB.2030409#127.0.0.1>") BODYSTRUCTURE ("TEXT" "PLAIN" ("CHARSET" "UTF-8") NIL "test" "7bit" 7 2))
A7 OK FETCH completed
A8 STORE 1 +FLAGS (\Seen)
* 1 FETCH (FLAGS (\Seen) UID 50167)
A8 OK STORE completed
A9 CLOSE
A9 OK CLOSE completed
DEBUG: added an Authenticated connection -- size: 1
IMAP DEBUG: IMAPProtocol noop
A10 NOOP
A10 OK NOOP completed
DEBUG: connection available -- size: 1
A11 SELECT INBOX
* 1 EXISTS
* 0 RECENT
* FLAGS (\Deleted \Seen \Draft \Answered \Flagged)
* OK [UIDVALIDITY 1378802425] current uidvalidity
* OK [UIDNEXT 50168] next uid
* OK [PERMANENTFLAGS (\Deleted \Seen \Draft \Answered \Flagged)] limited
A11 OK [READ-WRITE] SELECT completed
A12 SEARCH UNSEEN ALL
* SEARCH
A12 OK Search completed
A13 CLOSE
A13 OK CLOSE completed
DEBUG: added an Authenticated connection -- size: 1
IMAP DEBUG: IMAPProtocol noop
A14 NOOP
A14 OK NOOP completed
A15 LOGOUT
* BYE Have a nice day
A15 OK Logout completed
DEBUG: IMAPStore connection dead
DEBUG: IMAPStore cleanup, force false
DEBUG: IMAPStore cleanup done
server is hMailServer, running on 127.0.0.1 with SSL and NONSSL ports enabled.
It appears, that I get only headers from mail, but not the body..
Thanks for any suggestions, have a great day!
I fixed the problem. The bug I have encountered was linked to the "Unable to load BODYSTRUCTURE" error (links below - read about IMAP complexity).
https://java.net/projects/javamail/pages/Exchange
http://www.oracle.com/technetwork/java/javamail/faq/index.html#imapserverbug
All that had to be done, to get proper body message, was creating copy of the message, using MimeMessage constructor.
// newMessages - it is array of messages from the mail inbox
// create copy of the message using MimeMessage constructor
MimeMessage message = new MimeMessage(newMessages[0]); // without it, the content was as in my first post
// get content from the mssage
Object messageContent = message.getContent();
// output it as a string
System.out.println(messageContent.toString());
The problem is solved, now I receive what I want and what I should. The only thing left is, why there was a difference between SSL and NONSSL message content? Maybe antivirus problem?
Thanks for help and interest.
Have a great day.
I am writing some Java code that authenticates to Active Directory using SASL GSSAPI. Mostly this code is working fine but for one user I am getting the response:
javax.naming.AuthenticationException: [LDAP: error code 49 - 8
0090304: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 568,
v1772 ]
I know that 49 means this is an authentication failure, and that the relevant sub code is 568, but I am only aware of the following meanings for that data:
525 - user not found
52e - invalid credentials
530 - not permitted to logon at this time
532 - password expired
533 - account disabled
701 - account expired
773 - user must reset password
So far I am unable to find an authorative source of these error codes from Microsoft (this list is pieced together from forum posts) and I can't find anything for that 568 error.
Does anyone know what it means?
EDIT: It looks like the source of this list comes from this documentation from IBM
This and this list contain error codes that seem to correspond to the above numbers, viz.
ERROR_NO_SUCH_USER 1317 (0x525) The specified account does not exist.
ERROR_LOGON_FAILURE 1326 (0x52E) Logon failure: unknown user name or bad password.
ERROR_INVALID_LOGON_HOURS 1328 (0x530) Logon failure: account logon time restriction violation.
ERROR_PASSWORD_EXPIRED 1330 (0x532) Logon failure: the specified account password has expired.
ERROR_ACCOUNT_DISABLED 1331 (0x533) Logon failure: account currently disabled.
ERROR_ACCOUNT_EXPIRED 1793 (0x701) The user's account has expired.
ERROR_PASSWORD_MUST_CHANGE 1907 (0x773) The user's password must be changed before logging on the first time.
From this list it appears that this error code means:
ERROR_TOO_MANY_CONTEXT_IDS 1384 (0x568) During a logon attempt, the user's security context accumulated too many security IDs.
It turns out that this account has 2000 group memberships which are overrunning an internal Active Directory limit. You may only have 1015 or so group memberships otherwise login will fail.
More information is available on this error at: http://go.microsoft.com/fwlink/?LinkId=146571.