No SSL With ColdFusion's CFPOP?

Posted At : March 28, 2008 8:04 AM
Related Categories: ColdFusion

I was very surprised to find out that ColdFusion's CFPOP tag does not support POP3 SSL. ColdFusion is over 10 years old now...you've got to add that in, Adobe!

Anyway, I did some digging around, and thanks to a comment on another blog by Darin Tyler, I found an easy fix. You can use some simple Java commands to "force" cfpop to use SSL. In my testing, I used Gmail, and the code is below:

<cfset javaSystem = createObject("java", "java.lang.System") />
<cfset javaSystemProps = javaSystem.getProperties() />
<cfset javaSystemProps.setProperty("mail.pop3.socketFactory.class", "javax.net.ssl.SSLSocketFactory") />

<cfpop
   server="pop.gmail.com"
   action="getAll"
   name="popMessages"
   port="995"
   username="myemailaddress@gmail.com"
   password="i'mnotgoingtotellyou">

Comments (14) | Print | del.icio.us | Digg It! | Linking Blogs | 6502 Views
Comments
[Add Comment]
Jake, I definitely share the frustration that CFPOP doesn't let you specify the use of SSL. They implemented SSL (as well as TLS) in CFMAIL, so why not in CFPOP?

The Java call is the way to go, and I wanted to share one additional technique I've used with it: you'll want to turn SSL off if the user turns it off to access another POP account, or if the same application serves multiple users who don't all use SSL. So after you turn SSL on with the line:

<cfset javaSystemProps.setProperty("mail.pop3.socketFactory.class", "javax.net.ssl.SSLSocketFactory") />

You can turn it off with:

<cfset javaSystemProps.setProperty("mail.pop3.socketFactory.class", "javax.net.SocketFactory") />
# Posted By Tom Mollerus | 3/28/08 10:29 AM
Thank you blog and thank you commenter!
# Posted By Philip | 8/5/08 12:14 AM
Hey Jake,

I'm actually trying this out but coming up with a few issues. Just tried writing a sample block that will connect to gmail but the server is returning

An exception occurred when setting up mail server parameters.
This exception was caused by: javax.mail.MessagingException: Connect failed; nested exception is: javax.net.ssl.SSLException: untrusted server cert chain.

I'm guessing since the SSL cert was not explicitly accepted, the security sandbox blocks this. Any workaround for this ?

The codes are:

<CFTRY>
   <CFSET javaSystem = createObject("java", "java.lang.System") />
   <CFSET javaSystemProps = javaSystem.getProperties() />
   <CFSET javaSystemProps.setProperty("mail.pop3.socketFactory.class", "javax.net.ssl.SSLSocketFactory") />

   <CFPOP name = "rsCheckNew" action = "getHeaderOnly"
   server = "pop.gmail.com" port = "995" timeout = "10"
   username = "myusername" password = "mypassword">
   
<CFCATCH type="any">
   <CFSET msg = "Error Checking POP3 Account.">
</CFCATCH>
</CFTRY>
# Posted By Michael | 10/30/08 6:38 PM
Michael,

I can't see a difference between your code and the code I put in my blog entry. Not sure what's going on, unless Google changed things on their end. I wrote this a few months ago and haven't tried this code since, so maybe Google doesn't allow this anymore?
# Posted By Jake Munson | 10/30/08 6:51 PM
Worked perfectly thanks.
# Posted By Paul | 12/1/08 6:42 PM
just found this, tested, worked like a charm. Thanks!
# Posted By walt | 1/10/09 12:52 PM
Solve my problem.. Thanks a lot.
# Posted By Pritesh | 9/8/09 9:48 PM
@Jacob: You ROCK!
# Posted By Sam Farmer | 10/6/09 12:10 PM
One thing to note...I am working on a project today using the above code, and it is not working for me. I'm trying to go against an MS Exchange server, and it looks like I need to install the SSL certificate in my JVM key store. I haven't received the certificate from the Exchange admins yet...if I get it working, I'll probably create another blog entry referencing this one, explaining what I found.
# Posted By Jake Munson | 10/6/09 1:29 PM
You guys are awesome! This worked like a charm!
# Posted By Peter Theodoropoulos | 10/16/09 9:07 AM
The only thing that slowed me up was switching to the correct port for Gmail (995). After I found that it worked like a charm. Thanks.
# Posted By Brian Lang | 5/20/10 8:49 AM
I tried this for a similar issue and it worked great.
Thanks
# Posted By Armando | 12/3/11 8:56 AM
Hi Jake, I'm getting the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

My guess is this is has to do with the missing cert you mentioned a few comments above. Did you write that 2nd blog post on how to connect to MS Exchange?
Thanks,
Eric
# Posted By Eric Davis | 1/24/12 2:41 PM
Hi Eric,

I don't remember if I ever wrote that second post, but I definitely needed the Exchange guys to work with me on the SSL issue. It's been so long ago now that I can't remember everything we did...but it does work for us. I use the above code, and with the SSL certs in their proper places I'm able to use SSL POP to pull messages from an Exchange mailbox.
# Posted By Jake Munson | 1/24/12 3:03 PM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9. Contact Blog Owner