Changing SMTP Server Problems
Application Type
Traditional Web
Platform Version
10.0.1005.2

The mail server in our organization has changed from Microsoft Exchange 2013 to Microsoft Exchange 2019. 

We checked access via telnet on the required port, it exists. 

We checked the connection from OS of front end server to SMTP server by sending mail, and it works: 

echo "Messages smtp server" | mail -s "Test smtp server " -S smtp="10.0.X.X:25" -r APM_test@org.com dimyaz@org.com 

Old SMPT server also works now.

But when we trying to change SMTP server to new one in SC Admin panel, on port 25, we getting errors.

Maybe someone faced the same problem? And why it searchs certificates? if we use 25 port?


Module: Email Message: Error sending email 1143000: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1497)   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)   at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)   at outsystems.hubedition.http.TcpClient.initializeTLS(Unknown Source)   at outsystems.hubedition.smtp.SendMail$SMTPMail.sendMail(Unknown Source)   at outsystems.hubedition.smtp.SendMail.send(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.sendEmail(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.lambda$2(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$$Lambda$67/1286219511.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action0_Lambda.execute(Unknown Source)   at outsystems.hubedition.servercommon.SandboxUtils.executeForSingleSandbox(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.inn... 


Environment Information eSpaceVer: 0 (Id=0, PubId=0, CompiledWith=10.0.1005.2) RequestUrl:  (Method: ) ClassLoader: sun.misc.Launcher$AppClassLoader@18b4aac2(414493378) Path: Locale: DateFormat: yyyy-M-d PID: 31869 ('31869@server', Started='1/27/22 6:47:58 PM', Priv=190Mb, Virt=1510Mb) TID: 41 Thread Name: Email Processor #1 JRE: 25.51-b03 Stack: Error sending email 1143000: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1497)   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)   at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)   at outsystems.hubedition.http.TcpClient.initializeTLS(Unknown Source)   at outsystems.hubedition.smtp.SendMail$SMTPMail.sendMail(Unknown Source)   at outsystems.hubedition.smtp.SendMail.send(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.sendEmail(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.lambda$2(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$$Lambda$67/1286219511.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action0_Lambda.execute(Unknown Source)   at outsystems.hubedition.servercommon.SandboxUtils.executeForSingleSandbox(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.innerExecuteConsumer(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.lambda$1(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$$Lambda$43/1703491774.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action0_Lambda.execute(Unknown Source)   at outsystems.hubedition.servercommon.SandboxUtils.executeInMainSandbox(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.executeConsumer(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$1.executeImpl(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action1.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action1_Lambda.execute(Unknown Source)   at outsystems.hubedition.util.ParameterizedThread.run(Unknown Source) java.lang.IllegalStateException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1497)   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)   at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)   at outsystems.hubedition.http.TcpClient.initializeTLS(Unknown Source)   at outsystems.hubedition.smtp.SendMail$SMTPMail.sendMail(Unknown Source)   at outsystems.hubedition.smtp.SendMail.send(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.sendEmail(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.lambda$2(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$$Lambda$67/1286219511.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action0_Lambda.execute(Unknown Source)   at outsystems.hubedition.servercommon.SandboxUtils.executeForSingleSandbox(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.innerExecuteConsumer(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.lambda$1(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$$Lambda$43/1703491774.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action0_Lambda.execute(Unknown Source)   at outsystems.hubedition.servercommon.SandboxUtils.executeInMainSandbox(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.executeConsumer(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$1.executeImpl(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action1.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action1_Lambda.execute(Unknown Source)   at outsystems.hubedition.util.ParameterizedThread.run(Unknown Source)   at outsystems.hubedition.smtp.SendMail.send(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.sendEmail(Unknown Source)   at outsystems.hubedition.scheduler.EmailJob.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.lambda$2(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$$Lambda$67/1286219511.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action0_Lambda.execute(Unknown Source)   at outsystems.hubedition.servercommon.SandboxUtils.executeForSingleSandbox(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.execute(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.innerExecuteConsumer(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.lambda$1(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$$Lambda$43/1703491774.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action0_Lambda.execute(Unknown Source)   at outsystems.hubedition.servercommon.SandboxUtils.executeInMainSandbox(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer.executeConsumer(Unknown Source)   at outsystems.hubedition.scheduler.SchedulerProducerConsumer$1.executeImpl(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action1.executeImplLambda(Unknown Source)   at outsystems.hubedition.util.delegates.Action$Action1_Lambda.execute(Unknown Source)   at outsystems.hubedition.util.ParameterizedThread.run(Unknown Source) 

Solution

After checking a lot of cases we did the next: 

we compared smtp connection via 25 port on new server with old 

openssl s_client -connect old.post:25 -starttls smtp  

openssl s_client -connect new.post:25 -starttls smtp  

and we obtained, that old server answers that he don't support any starttls, but new server answers, that we use incorrect certificate, and that our certif mismatch with him and wrote in the error the server certifate that we need. we copy this information from this error, and generated assembled by hand new certificate. After adding him to all repositories and restarting application, message sending started to work. 

So, we think that the core mail java lib, somehow checks this information about 25 port, and therefore generated a request with certificate searching by option mail.smtp.starttls.enable=true. because this port also is open, and supports any connections without using any certificates.

Hi,

I never faced nothing like that, but I found something related with that error here:

https://stackoverflow.com/questions/21076179/pkix-path-building-failed-and-unable-to-find-valid-certification-path-to-requ

https://stackoverflow.com/questions/9210514/unable-to-find-valid-certification-path-to-requested-target-error-even-after-c

Maybe the solutions founded in those post can help you to resolve your problem.


Best regards,

Ricardo Pereira

Yes, we also read this posts and did that actions.

we updated java certs, linux certs and jboss certs ))

and this didn't help us.

The main question is, why error is about SSL? we use 25 port, that is open and without any encrytion. Also I don't see any setting I can choose, related with which type of protocol to use with SMTP. May be this property some where in xml configs, but I didn't find them(

Also I installed SMTPClient App from the Forge, and it works.

But root mail sending doesn't.

Solution

After checking a lot of cases we did the next: 

we compared smtp connection via 25 port on new server with old 

openssl s_client -connect old.post:25 -starttls smtp  

openssl s_client -connect new.post:25 -starttls smtp  

and we obtained, that old server answers that he don't support any starttls, but new server answers, that we use incorrect certificate, and that our certif mismatch with him and wrote in the error the server certifate that we need. we copy this information from this error, and generated assembled by hand new certificate. After adding him to all repositories and restarting application, message sending started to work. 

So, we think that the core mail java lib, somehow checks this information about 25 port, and therefore generated a request with certificate searching by option mail.smtp.starttls.enable=true. because this port also is open, and supports any connections without using any certificates.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.