詹金斯 SMTP TLS [英] Jenkins SMTP TLS

问题描述

我正在尝试设置 Jenkins 以使用我们公司的 SMTP 服务器来通过电子邮件发送构建通知.我们在端口 587 上使用 TLS 作为加密方法.但我似乎无法让电子邮件通知正常工作.

这是我的 Hudson.Tasks.Mailer.xml 文件，所以你可以看到我的配置(我已经删除了 SMTP 身份验证用户和密码，并稍微更改了 smtpHost 以防万一)

<helpRedirect/><defaultSuffix></defaultSuffix><hudsonUrl>http://localhost:8080/</hudsonUrl><smtpAuthUsername></smtpAuthUsername><smtpAuthPassword></smtpAuthPassw$<adminAddress></adminAddress><smtpHost>pod#####.outlook.com</smtpHost><useSsl>true</useSsl><smtpPort>587</smtpPort><charset>UTF-8</charset></hudson.tasks.Mailer_-DescriptorImpl>

看起来这是一个已知问题，来自 文章).此命令使用纯文本发送，以升级"连接以使用 SSL/TLS.

Hudson/Jenkins 尝试在端口 587 上开始协商 SSL，但很快被拒绝，导致以下错误:

javax.net.ssl.SSLException:无法识别的 SSL 消息，纯文本连接?

我尝试添加建议的 JAVA 选项-Dmail.smtp.starttls.enable=true"；启用 TLS:

JENKINS_JAVA_OPTIONS=-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true";

不幸的是，这并没有解决我的问题.

将端口改为465后，SSL协商正确，通信成功.

希望有所帮助.

注意: Jenkins 电子邮件插件始终需要 SMTP 凭据，当您选中使用 SMTP 身份验证"时，这些凭据通常是发件人的电子邮件凭据.任何SSL - 端口 465"的选项；或非 SSL - 端口 587"；配置.

I'm trying to setup Jenkins to use our company's SMTP server to email build notifications. We are using TLS as the encryption method on port 587. I can not seem to get the email notification to work properly though.

Here is my Hudson.Tasks.Mailer.xml file so you can see my config (I've removed the SMTP auth user and password and changed the smtpHost slightly just in case)

<hudson.tasks.Mailer_-DescriptorImpl>
  <helpRedirect/>
  <defaultSuffix></defaultSuffix>
  <hudsonUrl>http://localhost:8080/</hudsonUrl>
  <smtpAuthUsername></smtpAuthUsername>
  <smtpAuthPassword></smtpAuthPassw$
  <adminAddress></adminAddress>
  <smtpHost>pod#####.outlook.com</smtpHost>
  <useSsl>true</useSsl>
  <smtpPort>587</smtpPort>
  <charset>UTF-8</charset>
</hudson.tasks.Mailer_-DescriptorImpl>

It looks like this is a known issue, from http://issues.hudson-ci.org/browse/HUDSON-2206

I am not very familiar with Apple OS (which is the machine that is running Jenkins) but I thought I could resolve the issue using the workaround mentioned. I wasn't exactly sure where to put that workaround though, so I tried putting it here: /Library/Application Support/Jenkins/jenkins-runner.sh

defaults="defaults read /Library/Preferences/org.jenkins-ci"

war=`$defaults war` || war="/Applications/Jenkins/jenkins.war"

javaArgs="-Dmail.smtp.starttls.enable="true""
heapSize=`$defaults heapSize` && javaArgs="$javaArgs -Xmx${heapSize}"
permGen=`$defaults permGen` && javaArgs="$javaArgs -XX:MaxPermSize=${permGen}"

home=`$defaults JENKINS_HOME` && export JENKINS_HOME="$home"

add_to_args() {
  val=`$defaults $1` && args="$args --${1}=${val}"
}

args=""
add_to_args prefix
add_to_args httpPort
add_to_args httpListenAddress
add_to_args httpsPort
add_to_args httpsListenAddress
add_to_args ajp13Port
add_to_args ajp13ListenAddress

echo "JENKINS_HOME=$JENKINS_HOME"
echo "Jenkins command line for execution"
echo /usr/bin/java $javaArgs -jar "$war" $args
exec /usr/bin/java $javaArgs -jar "$war" $args

That didn't appear to resolve it. I can see that call in the console when Jenkins is started up, but when I try a test configuration email I get the following error:

Failed to send out e-mail

javax.mail.MessagingException: Could not connect to SMTP host: pod#####.outlook.com, port: 587;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
at javax.mail.Service.connect(Service.java:317)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)

Any ideas on what else I can try? I've tried switching the email account to use gmail's smtp server and that works fine, but I'd rather have it using our smtp server if I can.

解决方案

Changing the SMTP port from 587 to 465 resolved this issue for me:

SMTP server:               smtp.mandrill.com
Use SMTP Authentication:   true
Use SSL:                   true
SMTP Port:                 465

From what I can tell (disclaimer: I am by no means a Hudson/Jenkins expert) the Hudson/Jenkins email plugin supports SSL encrypted SMTP communication - however this implementation requires that communications are encrypted from the get go.

When connecting on port 587, the server on the other end may expect a STARTTLS command (see this SSL vs TLS vs STARTTLS article). This command is sent using plain-text to 'upgrade' the connection to use SSL/TLS.

Hudson/Jenkins instead attempts to start negotiating SSL on port 587, which is promptly rejected, resulting in the following error:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

I tried adding the suggested JAVA options "-Dmail.smtp.starttls.enable=true" to enable TLS:

JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"

Unfortunately this didn't resolve the issue for me.

After changing the port to 465, the SSL negotiation occurred correctly and the communication succeeded.

Hope that helps.

Note: Jenkins email plugin always needs SMTP credentials that are often sender's email credentials when you checkmark "Use SMTP Authentication" option for any "SSL - port 465" or "non SSL - port 587" configuration.

这篇关于詹金斯 SMTP TLS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！