6 Replies Latest reply: Aug 6, 2012 8:57 AM by 953262 RSS

    How to use Javamail for accessing additional mailboxes -IMAP, Exchange 2010

    953262
      hi,

      I want to access a shared mailbox (NOT FOLDER) via Javamail API (1.4.5) using IMAP(s) with plain logon. The mailserver is a Exchange Server 2010.

      User: user1 (user1@domain.com)
      pwd: xxxx
      shared mailbox: shared_MB@domain.com

      Properties:

      mail.imaps.socketFactory.port = 993
      mail.imaps.starttls.enable = true
      mail.imaps.socketFactory.class = javax.net.ssl.SSLSocketFactory
      mail.imaps.socketFactory.fallback = false
      username = user1@domain.com
      password = xxxx


      I´ve managed to get access to the user1 - mailbox:

      Session session = Session.getInstance(properties, new ExchangeAuthenticator(username, password));
      session.setDebug(true);
      Store store = session.getStore("imaps");
      store.connect(imapHost, username, password);

      --> this works just fine! But now i want to access the additional mailbox by changing the login-String:
      username=user1@domain.com/shared_MB (user@domain/additional_MB)


      --> unfortunately I´m getting an "NO AUTHENTICATE" message:

      DEBUG: setDebug: JavaMail version 1.4.5
      DEBUG: getProvider() returning javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc]
      DEBUG: mail.imap.fetchsize: 16384
      DEBUG: mail.imap.statuscachetimeout: 1000
      DEBUG: mail.imap.appendbuffersize: -1
      DEBUG: mail.imap.minidletime: 10
      DEBUG: trying to connect to host "host.domain.com", port 993, isSSL true
      * OK The Microsoft Exchange IMAP4 service is ready.
      A0 CAPABILITY
      * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
      A0 OK CAPABILITY completed.
      DEBUG IMAP: AUTH: NTLM
      DEBUG IMAP: AUTH: GSSAPI
      DEBUG IMAP: AUTH: PLAIN
      DEBUG: protocolConnect login, host=host.domain.com, user=user1@domain.com/shared_MB, password=<non-null>
      DEBUG IMAP: AUTHENTICATE PLAIN command trace suppressed
      DEBUG IMAP: AUTHENTICATE PLAIN command result: A1 NO AUTHENTICATE failed.
      javax.mail.AuthenticationFailedException: AUTHENTICATE failed.

      I was able to get access with Thunderbird and also with the Exchange OWA-Client, so I think there is something missing in my code...
      or is it just impossible to get access to a different mailbox using javamail and plain-auth?

      Thank you in advance.
        • 1. Re: How to use Javamail for accessing additional mailboxes -IMAP, Exchange 2010
          gimbal2
          Silly as I am, when I run into an error I can't explain I just copy/paste it into Google. Just like that, what a sneaky devil I am! Of course some careful examination of the logging is required before you know what part may be interesting. In this case "A1 NO AUTHENTICATE failed" tickles my fancy. Now normally I would put "java" in front of it, but in this case it seems like an error message that Exchange itself would return, so I just keep it general.

          And what do you know, plenty of search results come up. This one in particular looks interesting:

          https://confluence.atlassian.com/pages/viewpage.action?pageId=185401613
          • 2. Re: How to use Javamail for accessing additional mailboxes -IMAP, Exchange 2010
            Bill Shannon-Oracle
            I suppose it's possible that Exchange 2010 has the same bug as Exchange 2007 with plain authentication.

            Also see this page for more notes about using JavaMail with Exchange:
            http://kenai.com/projects/javamail/pages/Exchange
            • 3. Re: How to use Javamail for accessing additional mailboxes -IMAP, Exchange 2010
              953262
              Thanks for your response.
              I´ve tried that before with the same result:

              DEBUG IMAP: AUTHENTICATE NTLM command result: A1 NO AUTHENTICATE failed.

              btw. Plain-Auth is working for usernames like: domain/user1 or user1@domain.

              Unfortunatly a "fully qualified" string like user1@domain/mailbox isnt...

              And what really "tickles me fancy" is that the guys from Thunderbird somehow managed to get access to those mailboxes.

              It seems I only have three options to solve that problem:

              1. using some .net - stuff
              2. figuring out how to handle webservices implemented in Exchange-Server 2010
              3. asking my Mailbox-Operator again and again to give me the password for a direct-access to the mailbox (he won´t)

              but thanks again for your help.
              • 4. Re: How to use Javamail for accessing additional mailboxes -IMAP, Exchange 2010
                Bill Shannon-Oracle
                Try turning on protocol logging for Thunderbird as described here:
                https://wiki.mozilla.org/MailNews:Logging
                If it shows you how Thunderbird is authenticating, you should be
                able to replicate that with JavaMail.
                • 5. Re: How to use Javamail for accessing additional mailboxes -IMAP, Exchange 2010
                  953262
                  Thanks bshannon, that was a great idea!

                  I haven´t found an solution yet, but I have maybe identified the real problem:

                  Here is some interessting Thunderbird - Logging stuff:


                  744[7161040]: try to log in
                  744[7161040]: IMAP auth: server caps 0x1187235, pref 0x1006, failed 0x0, avail caps 0x1004
                  744[7161040]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000
                  744[7161040]: trying auth method 0x1000
                  744[7161040]: got new password
                  744[7161040]: IMAP: trying auth method 0x1000
                  744[7161040]: PLAIN auth
                  744[7161040]: 7082000:xmail.domain.com:NA:SendData: 2 authenticate plain

                  744[7161040]: ReadNextLine [stream=7ec9e88 nb=3 needmore=0]
                  744[7161040]: 7082000:xmail.domain.com:NA:CreateNewLineFromSocket: +
                  744[7161040]: 7082000:xmail.domain.com:NA:SendData: Logging suppressed for this command (it probably contained authentication information)
                  744[7161040]: ReadNextLine [stream=7ec9e88 nb=27 needmore=0]
                  744[7161040]: 7082000:xmail.domain.com:NA:CreateNewLineFromSocket: 2 NO AUTHENTICATE failed.

                  744[7161040]: authlogin failed
                  744[7161040]: marking auth method 0x1000 failed

                  ---> okay, so PLAIN AUTH is failing.....


                  744[7161040]: IMAP auth: server caps 0x1187235, pref 0x1006, failed 0x1000, avail caps 0x4
                  744[7161040]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000
                  744[7161040]: trying auth method 0x4
                  744[7161040]: got new password
                  744[7161040]: IMAP: trying auth method 0x4
                  744[7161040]: old-style auth
                  744[7161040]: 7082000:xmail.xmail.domain.com:NA:SendData: Logging suppressed for this command (it probably contained authentication information)
                  744[7161040]: ReadNextLine [stream=7ec9e88 nb=23 needmore=0]
                  744[7161040]: 7082000:xmail.domain.com:NA:CreateNewLineFromSocket: 4 OK LOGIN completed.

                  744[7161040]: login succeeded

                  --> okay, so Thunderbird is using "old-style IMAP login" and is successful.

                  Unfortunately I have no idea what that actually means or how to use it in Javamail (is it even supported?). Any suggestions?
                  • 6. Re: How to use Javamail for accessing additional mailboxes -IMAP, Exchange 2010
                    953262
                    okay... The answer was kind of "simple":

                    Deactivate every AUTH - Method which are published by the Exchange Server and you are able to logon to shared mailboxes like this:

                    user1@domain.com/sharedMB .... Damn this was such a pain!


                    In my case I´ve had to deny following AUTH-Methods

                         props.put("mail.imaps.auth.plain.disable", "true");
                         props.put("mail.imaps.auth.ntlm.disable", "true");
                         props.put("mail.imaps.auth.gssapi.disable", "true");


                    Cheers!

                    Gerd

                    Edited by: 950259 on 06.08.2012 06:56