CFMAIL and TLS

Report · Apr 03, 2014

Hi all,

I am attempting SMTP authentication in my script and the email provider (Office365) is using TLS. When I use the attribute useTLS="yes", CF throws a validation error. I am running MX 6.1 and assuming the useTLS attribute is not supported. Is there another way anyone can recommend sending TLS?

I'm not sure if this is related, but when I take out useTLS to get the script to run, the email is immediately moved to CF's Undelivr folder. If Office365 was rejecting the email for lack of TLS, it wouldn't be moved to the Undelivr folder, right?

Here's my script, FYI:

<cfmail type="plain"

to="user@domain.com"

from="Webmaster<webmaster@domain.org>"

subject="This is a test!"

server="smtp.office365.com" port="587"

username="myusername"

password="mypassword">

Test email on #Dateformat(Now(), 'mm/dd/yyyy')#

</cfmail>

Thank you!

Report · Apr 03, 2014

If ColdFusion can't establish connection with the email server (in your case smtp.office365.com), then it will put the email in the "undelivr" folder. As for whether or not TLS works in ColdFusion MX6.1, I can't say as I never used it back when I was running CF6. You might consider setting up a temporary installation of ColdFusion 10 Developer Edition and then test whether you can send emails with TLS. Since SSL/TLS versions have progressed forward since MX6.1 was released or last updated, it's quite possible that whatever SSL/TLS support is in that version is no longer compatible with the security requrements of more modern services like Office365, GMail, etc.

-Carl V.

Report · Apr 03, 2014

ColdFusion version MX6.1 was much too early for TLS. The cfmail attributes, useSSL (use Secure Sockets Layer) and useTLS (use Transport Level Security), were designed into ColdFusion from version 8.

The problem you are having with undelivered mail might simply have been caused by the useTLS setting causing the mail program to stall. I would test by restarting the server and running the script, without the TLS attribute, naturally.

Report · Apr 05, 2014

Thank you Carl and BKBK for your responses. I ended up installing CF 10 Developer on my local machine to test TLS and what I was trying to do worked perfectly. I'm not completely clear on the different versions of CF--my organization runs Enterprise 6.1, but it's an environment I inherited. I think standard would be fine for us. What are the limitations of continuing to run Developer so my script calling for TLS works? Forgive my possible ignorance here, but if all I need to do is call cfml pages, define datasources, send mail and run scheduled tasks, do I really need to use anything other than Developer? We're hosting about 5, relatively small websites with CF functionality.

Thanks again for the help!

Report · Apr 05, 2014

I would agree it is a good idea to move to ColdFusion 10. The ColdFusion platform has been seeing a lot of change in recent years. CF8 has reached end-of-life, with CF9 to follow in a matter of months.

The name says it all. CF 10 Developer is for developing development sites, not for publishing public websites. It is fully functional, with the exception of a number of limitations, or annoyances, depending on your point of view.

For example, PDFs created using cfdocument are emblazoned with a severe "Trial Version" watermark. Nevertheless, the most important limitation is access: a CF 10 Developer server cannot be simultaneously accessed by more than 2 external IP addresses. It has been designed such that, if you try to hot-wire the 2-IP limit, the draw-bridges will go up, denying further access. It therefore follows that you have to use a licensed version even for a tiny public website.

Adobe Community

CFMAIL and TLS