I’m trying to send an email on runtime Mule using an SMTPS connector running on a AWS EC2 Lynx machine to AWS SES but I keep getting a ‘Unable to connect to mail transport’ Mule exception.
I can Telnet from the EC2 machine to the AWS SES endpoint but cannot get EHLO to work, I may be doing something wrong there. I can successfully send the email to AWS SES from my own PC running my app on Anypoint using the same SMTPS connector and the same AWS SES credentials so I know everything is good there.
I’m thinking there must be a difference between Anypoint and runtime Mule?
Here is my connector code, do I need to add a trust store for it to work on runtime?
<smtps:connector name="SMTPS" contentType="text/html" validateConnections="true" doc:name="SMTPS">
<smtps:tls-client />
<smtps:tls-trust-store />
</smtps:connector>
Here is the relevant part of the log
INFO org.mule.lifecycle.AbstractLifecycleManager - Initialising: 'SMTPS.dispatc her.1395684883'. Object is: SmtpMessageDispatcher 2016-11-08 16:30:25,149 [[feecalculator].HTTP_Listener_Configuration.worker.01] INFO org.mule.api.security.tls.TlsPropertiesMapper - Defaulting mule.email.smtp s trust store to client Key Store 2016-11-08 16:30:25,361 [[feecalculator].HTTP_Listener_Configuration.worker.01] INFO org.mule.api.security.tls.TlsProperties - Loading configuration file: tls- default.conf 2016-11-08 16:30:25,620 [[feecalculator].HTTP_Listener_Configuration.worker.01] ERROR org.mule.exception.CatchMessagingExceptionStrategy -
Message : Unable to connect to mail transport.
Element : /sendEmailFlow/processors/0/0/0 @ feecalculator:sendEmai l.xml:22 (Prod SMTPS)
Exception stack is: Unable to connect to mail transport. (org.mule.api.endpoint.EndpointException)
The difference on my local machine is 'tls-default.conf not found' :
INFO 2016-11-08 16:19:16,533 [[feecalculator].HTTP_Listener_Configuration.worker.08] org.mule.lifecycle.AbstractLifecycleManager: Initialising: 'SMTPS.dispatcher.1555978287'. Object is: SmtpMessageDispatcher INFO 2016-11-08 16:19:16,539 [[feecalculator].HTTP_Listener_Configuration.worker.08] org.mule.api.security.tls.TlsPropertiesMapper: Defaulting mule.email.smtps trust store to client Key Store WARN 2016-11-08 16:19:16,574 [[feecalculator].HTTP_Listener_Configuration.worker.08] org.mule.api.security.tls.TlsProperties: File tls-default.conf not found, using default configuration. INFO 2016-11-08 16:19:20,100 [[feecalculator].HTTP_Listener_Configuration.worker.08] org.mule.lifecycle.AbstractLifecycleManager: Starting: 'SMTPS.dispatcher.1555978287'. Object is: SmtpMessageDispatcher
Solved:
On my development machine Anypoint defaults to the JRE 1.8 installed ‘cacerts’ trust store in the ‘security’ folder which contains a trust for AWS SES whereas the AWS EC2 Lynx openJDK 1.8 either does not have a trust installed or Mule CE does not default to the installed trust store, I’m not sure which. This explains why my development machine could send an mail via SES but the production system could not.
The solution is to use openssl to create a trust store file for the SES domain certificate and specify the trust file in the SMTPS connector (smtps:tls-trust-store). If a file path is not specified, the trust file needs to be added to the Mule project src/main/resources folder for the project domain or project application when no project domain exists.
This issue is further complicated by a difference between Anypoint and Mule CE, Anypoint requires SES endpoint declarations that contain ‘special characters’ to be double escaped where as Mule CE does not.