Configuring the Mail Module

Before you can send an email, you must use the the System_Mail_Configure Process Definition to configure the Mail Module to use your mail server and a default From: address. In addition, there is some additional configuration you may need to do.

Note: Previous versions of RunMyJobs allowed more than one mail server to be specified. However, this version allows only one mail server.

Setting the Mail Server and Default From Address

To set the mail server and default From: address, submit the System_Mail_Configure Process Definition. Enter the From: address in the From field, and the FQDN of the SMTP server (for example, smtp.gmail.com) in the Server field.

Tip: The Mail Module includes a basic SMTP server detection mechanism, which requires only the default From: email address to retrieve the address of the mail server. To use this service, leave the Server field blank. If the Process is unable to detect your mail server, it will be set to status Error, and you will be asked for the mail server hostname or IP address in addition to the From: address.

Note: You must have a Secure Gateway to use your internal SMTP server, but it is not required for publicly accessible SMTP servers.

Configuring SMTP Authentication

Redwood Server supports SMTP authentication for situations where the SMTP username and password are stored in a Credential using the SMTP credential protocol. Redwood Server looks up the Credential with the virtual user, which must be set to default, and the SMTP server (endpoint), which must match the value in the /configuration/mail/Server registry entry (the match is case-sensitive). You must create the smtp credential protocol (the name is case-sensitive) before you create the credential.

To configure SMTP authentication:

1. Navigate to Security > Credentials.
2. Click .
3. Choose smtp from the Protocol dropdown list.
4. Enter default in the virtual user field.
5. Enter the SMTP server hostname in the Endpoint field. Note that this value must match the value in the /configuration/mail/Server registry entry (case-sensitive).
6. Enter the username in the Real User field.
7. Enter the password in the Password field.
8. Enter the SMTP server hostname in the Endpoint field. Note that this value must match the value in the /configuration/mail/Server registry entry (case-sensitive).
9. Enter default in the Virtual User field.
10. Click Save & Close.

Configuration Registry Entries

The Mail Module uses the following registry entries.

• /configuration/mail/Server: The FQDN of the SMTP server. Optional.
• /configuration/mail/Transport: The transport to use. Required.
• /configuration/mail/Port: The SMTP port. The default is 25. Optional.
• /configuration/mail/From: The default From value for email. Optional.
• /configuration/mail/User: The user to use for the connection. Optional.
• /configuration/mail/AttachmentError: The behavior for emails when attachment files are not found. Optional.
• /configuration/mail/ConnectionSecurity: The connection security setting for the connection. Optional.
• /configuration/mail/AccessiblePath: The base path on the server that mail attachments can be read from. Optional.
• /configuration/mail/SendPartial: Controls whether to send email if one of the recipients is invalid. Optional.
• /configuration/mail/JavaMail: The Java mail properties for custom configuration options when sending email. Optional.

Setting JavaMail SMTP Properties

To set properties such as mail.smtp.timeout, mail.smtp.connectiontimeout, and mail.smtp.port, create a child key under the registry entry /configuration/mail/JavaMail. The name of the registry entry must match the name of the property (for example, /configuration/mail/JavaMail/mail.smtp.timeout).

Note: Setting mail.smtp.host has no effect. Instead, use /configuration/mail/Server.

Alternatively, you can set the port for the connection in the following locations. The first location found is the one that RunMyJobs uses. RunMyJobs searches in this order:

1. /configuration/mail/Port
2. /configuration/mail/JavaMail/mail.smtp.port
3. /configuration/mail/Port

STARTTLS and TLS

If you establish a secure connection to an SMTPS server, RunMyJobs verifies the chain of trust for the public certificate presented by the secure server. The verification is performed by combining the presented server certificate with a chain of certificates that signed the server certificate, leading up to a Root Certificate Authority (Root CA). Trust of a certificate is established when the system trusts the Root CA.

The Java SDK contains a Java KeyStore that contains a generally accepted list of trusted Root CAs, such as DigiCert, GoDaddy, Google, and various national authorities. The Java system administrator can add extra certificates to this KeyStore. You can also add Credentials of type X509_TrustedCertificate via the user interface. If your connections are to servers that are issued by one or more private Root CAs, you only need to create a Credential for each Root CA. If your connections are to servers that use self-signed certificates, you create a Credential for every self-signed certificate.

If TLS.VerifyServerCertificateTrust is set to the default value of Verify, the system will verify that certificates presented by SMTPS servers are trusted. It is possible to set this value to DontVerify to allow all certificates, but this is not recommended.

Using STARTTLS

If you want to use an email service that supports STARTTLS, you must set the following registry entries to true. The port defaults to 587.

• /configuration/mail/JavaMail/mail.smtp.starttls.required

• /configuration/mail/JavaMail/mail.smtp.starttls.enabled

If you require authentication, set /configuration/mail/Transport to smtps.

Using TLS

RunMyJobs supports straight TLS, although it is not RFC compliant. The default port is 465.

To determine which versions of TLS are supported by your instance of RunMyJobs, navigate to Scripting > Shell, enter the following code, and then click Submit command.

import javax.net.ssl.SSLContext;
{
  String protocols = String.join(" ", 
    SSLContext
        .getDefault()
        .getSupportedSSLParameters()
        .getProtocols()
);
  jcsOut.println(protocols);
}

To enable TLS on the connection, set the /configuration/mail/JavaMail/mail.smtps.ssl.enable registry entry to true.

The /configuration/mail/JavaMail/mail.smtps.ssl.trust registry entry might be required, depending on the configuration of the SMTP server. It should be set to the trusted third-party (usually the FQDN of the SMTP server).

Configuration Examples

Gmail Service

The following table lists the registry entries that are needed to connect to the Gmail service.

In addition to the registry entries, you must create an application password in the account profile of the account used to connect, and create a Credential with the following properties:

Office 365 Service

Office 365 has a direct send service (which uses encryption without authentication), which can be used to send emails limited to recipients within your organization.

To use this service, first locate the FQDN of the mail server for your domain (example.com in this example) using nslookup on the command line:

nslookup
> set type=MX
> example.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
example.com     mail exchanger = 10 example-com.mail.protection.outlook.com

In this case, the SMTP server to use is example-com.mail.protection.outlook.com.

Because this is the only SMTP server used at Example Inc, you can specify the registry entries directly under /configuration/mail: