If my application sends out sensitive info about a severe/fatal application state via log4j, I don't want eavesdropping attackers to learn about that! see also Bug 24969 for an RFE re SMTP AUTH
Good news is that the current JavaMail API 1.3.2 Release now supports STARTTLS! There remains one minor issue that for doing so, you most likely need to change the trust-store for your entire JVM (http://forum.java.sun.com/thread.jspa?threadID=615422).
This would be good to have as Google Mail requires this to be used as a SMTP server. Has anybody made this work yet?
bug 45053 might have some code relevant for this
Clearing NEEDINFO. Any code involving encryption must be reviewed for export issues prior to committing to the SVN. Any code on this issue should be attached as a patch first and reviewed by the PMC before committing. See http://www.apache.org/dev/crypto.html.
Created attachment 22697 [details] Adds SMTPProtocol and SMTPPort properties to SMTPAppender Set SMTPProtocol to smtps to use SMTP+SSL.
After soliciting comments from legal-discuss, committed patch in rev 703261.