詹金斯SMTP TLS [英] Jenkins SMTP TLS

问题描述

我正在尝试将Jenkins设置为使用我们公司的SMTP服务器通过电子邮件发送构建通知.我们正在使用TLS作为端口587上的加密方法.不过，我似乎无法使电子邮件通知正常工作.

I'm trying to setup Jenkins to use our company's SMTP server to email build notifications. We are using TLS as the encryption method on port 587. I can not seem to get the email notification to work properly though.

这是我的Hudson.Tasks.Mailer.xml文件，因此您可以查看我的配置(我已经删除了SMTP身份验证用户和密码，并稍稍更改了smtpHost以防万一)

Here is my Hudson.Tasks.Mailer.xml file so you can see my config (I've removed the SMTP auth user and password and changed the smtpHost slightly just in case)

<hudson.tasks.Mailer_-DescriptorImpl>
  <helpRedirect/>
  <defaultSuffix></defaultSuffix>
  <hudsonUrl>http://localhost:8080/</hudsonUrl>
  <smtpAuthUsername></smtpAuthUsername>
  <smtpAuthPassword></smtpAuthPassw$
  <adminAddress></adminAddress>
  <smtpHost>pod#####.outlook.com</smtpHost>
  <useSsl>true</useSsl>
  <smtpPort>587</smtpPort>
  <charset>UTF-8</charset>
</hudson.tasks.Mailer_-DescriptorImpl>

这似乎是一个已知问题，来自 http://issues.hudson- ci.org/browse/HUDSON-2206

It looks like this is a known issue, from http://issues.hudson-ci.org/browse/HUDSON-2206

我对Apple OS(运行Jenkins的计算机)不是很熟悉，但是我认为我可以使用上述解决方法解决问题.但我不确定要在哪里放置该解决方法，因此我尝试将其放在这里: /Library/Application Support/Jenkins/jenkins-runner.sh

I am not very familiar with Apple OS (which is the machine that is running Jenkins) but I thought I could resolve the issue using the workaround mentioned. I wasn't exactly sure where to put that workaround though, so I tried putting it here: /Library/Application Support/Jenkins/jenkins-runner.sh

defaults="defaults read /Library/Preferences/org.jenkins-ci"

war=`$defaults war` || war="/Applications/Jenkins/jenkins.war"

javaArgs="-Dmail.smtp.starttls.enable=\"true\""
heapSize=`$defaults heapSize` && javaArgs="$javaArgs -Xmx${heapSize}"
permGen=`$defaults permGen` && javaArgs="$javaArgs -XX:MaxPermSize=${permGen}"

home=`$defaults JENKINS_HOME` && export JENKINS_HOME="$home"

add_to_args() {
  val=`$defaults $1` && args="$args --${1}=${val}"
}

args=""
add_to_args prefix
add_to_args httpPort
add_to_args httpListenAddress
add_to_args httpsPort
add_to_args httpsListenAddress
add_to_args ajp13Port
add_to_args ajp13ListenAddress

echo "JENKINS_HOME=$JENKINS_HOME"
echo "Jenkins command line for execution"
echo /usr/bin/java $javaArgs -jar "$war" $args
exec /usr/bin/java $javaArgs -jar "$war" $args

这似乎无法解决.启动Jenkins时，我可以在控制台中看到该调用，但是当我尝试测试配置电子邮件时，出现以下错误:

That didn't appear to resolve it. I can see that call in the console when Jenkins is started up, but when I try a test configuration email I get the following error:

Failed to send out e-mail

javax.mail.MessagingException: Could not connect to SMTP host: pod#####.outlook.com, port: 587;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
at javax.mail.Service.connect(Service.java:317)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)

我还有什么可以尝试的想法?我已经尝试过将电子邮件帐户切换为使用gmail的smtp服务器，并且可以正常工作，但是如果可以的话，我宁愿使用我们的smtp服务器.

Any ideas on what else I can try? I've tried switching the email account to use gmail's smtp server and that works fine, but I'd rather have it using our smtp server if I can.

推荐答案

将SMTP端口从587更改为465为我解决了此问题:

Changing the SMTP port from 587 to 465 resolved this issue for me:

SMTP server:               smtp.mandrill.com
Use SMTP Authentication:   true
Use SSL:                   true
SMTP Port:                 465

据我所知(免责声明:我绝不是哈德森/詹金斯专家) Hudson/Jenkins电子邮件插件支持SSL加密的SMTP通信-但是，此实现要求从一开始就对通信进行加密.

From what I can tell (disclaimer: I am by no means a Hudson/Jenkins expert) the Hudson/Jenkins email plugin supports SSL encrypted SMTP communication - however this implementation requires that communications are encrypted from the get go.

在端口587上连接时，另一端的服务器可能期望使用STARTTLS命令(请参见

When connecting on port 587, the server on the other end may expect a STARTTLS command (see this SSL vs TLS vs STARTTLS article). This command is sent using plain-text to 'upgrade' the connection to use SSL/TLS.

Hudson/Jenkins尝试尝试在端口587上开始协商SSL，该端口被迅速拒绝，从而导致以下错误:

Hudson/Jenkins instead attempts to start negotiating SSL on port 587, which is promptly rejected, resulting in the following error:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

我尝试添加建议的JAVA选项"-Dmail.smtp.starttls.enable = true"以启用TLS:

I tried adding the suggested JAVA options "-Dmail.smtp.starttls.enable=true" to enable TLS:

JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"

不幸的是，这并不能为我解决问题.

Unfortunately this didn't resolve the issue for me.

将端口更改为465后，SSL协商正确发生，并且通信成功.

After changing the port to 465, the SSL negotiation occurred correctly and the communication succeeded.

希望有帮助.

注意:当您为任何"SSL-465端口"或非SSL-端口587"选中使用SMTP身份验证"选项时，Jenkins电子邮件插件始终需要SMTP凭据，这些凭据通常是发件人的电子邮件凭据配置.

Note: Jenkins email plugin always needs SMTP credentials that are often sender's email credentials when you checkmark "Use SMTP Authentication" option for any "SSL - port 465" or "non SSL - port 587" configuration.

这篇关于詹金斯SMTP TLS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！