Applications that use the JavaMail Client Service can create secure connections with mail servers instead of plain connections. The security of connections can include the following aspects:
(Mandatory) Certificate-based authentication of the parties
(Optional) Signature and encryption of mail content
Supply a custom certificate in the secure store.
More information: Using the AS Java Key Storage
Note
The supplied certificate must be acceptable by the mail server.
Set the path to that certificate as a value of the sslCertificate property of the JavaMail Client Service.
By default, the value of that property is a test certificate, installed in the secure store.
Recommendation
We recommend that you do not use the default certificate. You have to change the value to point to the real authentication certificate.
More information about managing service properties: Java System Properties
Basically, the procedure requires that you supply the S-protocols (SMTPS, POP3S and IMAPS) instead of the plain ones.
To establish a secure connection with the corresponding server, pass a modified parameter to the getTransport or the getStore methods of the Session object respectively in the following way:
For secure SMTP, use getTransport(“smtps”) instead of getTransport(“smtp”).
For secure POP3, use getStore(“pop3s”) instead of getStore(“pop3”).
For secure IMAP, use getStore(“imaps”) instead of getStore(“imap”).
The following code example illustrates how to establish secure connections.
Syntax
Transport tr = ses.getTransport("smtps"); //... //Send the e-mail messages in the standard way. Store store = ses.getStore("pop3s"); //... //Receive e-mail messages from the server in the standard way.
There are two ways of supplying the mail server host and port information to be used by the mail client application:
By using the JavaMail Client Service configuration properties “as is”
The JavaMail Client Service provides a complete set of configuration properties for specifying the mail server. You can use them “as is” in any mail application, without specifying anything further in the application itself.
More information about the JavaMail Client Service properties: Configuring the JavaMail Client Service
By specifying server settings in the application source code
This approach is useful if you want to specify server properties valid for your application only. Custom server properties defined in the source code override the corresponding server-related properties of the JavaMail Client Service.
The following table summarizes the specific details of using the JavaMail Client Service in your application code.
Server Type |
Method |
Parameters |
---|---|---|
SMTPS |
Use the connect method of the Transport object. |
Note You need to specify these parameters if you do not want to use the default JavaMail Client Service configuration properties. End of the note. host — host name or IP address of the mail server port — port to connect to user — the user name to be used for authentication password — password to be used for authentication |
POP3S or IMAPS |
Use the connect method of the Store object. |
The JavaMail Client Service provides a basic, IAIK-library-based functionality for content encryption with support of the following MIME types:
multipart/signed
application/x-pkcs7-signature
application/x-pkcs7-mime
application/pkcs7-signature
application/pkcs7-mime
On top of this basic support, you can implement your own encryption algorithm to provide encryption, decryption, verifying and signing of the mail content. To do this, you can choose between either of the following options:
Use the Secure Store and Forward (SSF) mechanisms and APIs which are provided by AS Java.
More information: Digital Signatures and Document Encryption API
Use custom libraries.