Bug 25355 - allow to require "TLS/SSL only" for outgoing mails of your SMTPAppender
allow to require "TLS/SSL only" for outgoing mails of your SMTPAppender
Product: Log4j
Classification: Unclassified
Component: Appender
Other other
: P3 enhancement
: ---
Assigned To: log4j-dev
Depends on:
Blocks: 49563
  Show dependency tree
Reported: 2003-12-09 09:15 UTC by Ralf Hauser
Modified: 2010-07-06 17:04 UTC (History)
0 users

Adds SMTPProtocol and SMTPPort properties to SMTPAppender (3.65 KB, patch)
2008-10-08 15:24 UTC, Curt Arnold
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf Hauser 2003-12-09 09:15:07 UTC
If my application sends out sensitive info about a severe/fatal application
state via log4j, I don't want eavesdropping attackers to learn about that!

see also Bug 24969  for an RFE re SMTP AUTH
Comment 1 Ralf Hauser 2005-04-25 17:47:54 UTC
Good news is that the current JavaMail API 1.3.2 Release now supports STARTTLS!

There remains one minor issue that for doing so, you most likely need to change
the trust-store for your entire JVM
Comment 2 Thorbjørn Ravn Andersen 2008-08-03 03:33:34 UTC
This would be good to have as Google Mail requires this to be used as a SMTP server.

Has anybody made this work yet?
Comment 3 Ralf Hauser 2008-08-06 05:21:50 UTC
bug 45053 might have some code relevant for this
Comment 4 Curt Arnold 2008-08-06 07:33:47 UTC
Clearing NEEDINFO.

Any code involving encryption must be reviewed for export issues prior to committing to the SVN.  Any code on this issue should be attached as a patch first and reviewed by the PMC before committing.   See http://www.apache.org/dev/crypto.html.
Comment 5 Curt Arnold 2008-10-08 15:24:41 UTC
Created attachment 22697 [details]
Adds SMTPProtocol and SMTPPort properties to SMTPAppender

Set SMTPProtocol to smtps to use SMTP+SSL.
Comment 6 Curt Arnold 2008-10-09 14:14:03 UTC
After soliciting comments from legal-discuss, committed patch in rev 703261.