Login with domain/user/account not working with imap on exchange server using javamail

StackOverflow https://stackoverflow.com/questions/22664008

Question

I'm trying to connect to an exchange mailserver (not sure what version) using javamail.
I have the username and password of an account that can impersonate all other users.
I'm trying to open the store of one of the users. (password unknown)

I did find this question How to use Javamail for accessing additional mailboxes (IMAP, Exchange 2010). It's using [domain]/[user]/[sharedaccount] as login.

The connection is made if I only use [domain]/[user], but with the name of the second account behind it [domain]/[user]/[impersonatedaccount] it won't work.
If I use the same credentials in Thunderbird it does make the connection.

Example:
domain: abc
known username with password: admin
mailbox to connect to: wverleur@abc.com (logs in with wverleur)
Working:
abc/admin
not working:
abc/admin/wverleur

credentials contains the following:
rootUrl: mailserver.abc.com
username: admin
password: password
domain: abc
impersonation: wverleur
getImapUsername() returns domain/username/impersonation

My connection code:

private void login() throws MessagingException {
    // connection properties
    Properties properties = new Properties();

    // TLS & SSL
    properties.setProperty("mail.imaps.starttls.enable", "true");
    properties.setProperty("mail.imaps.ssl.enable", "true");
    properties.setProperty("mail.imaps.ssl.trust", credentials.getRootUrl()); // self signed certificate

    // login settings
    properties.setProperty("mail.imaps.auth.ntlm.disable", "true");
    properties.setProperty("mail.imaps.auth.plain.disable", "true");
    properties.setProperty("mail.imaps.auth.gssapi.disable", "true");


    // retrieve a session
    session = Session.getInstance(properties);

    // retrieve and open a store
    store = session.getStore("imap");


    try {
        store.connect(credentials.getRootUrl(), credentials.getImapUsername(), credentials.getPassword());
    } catch (MessagingException messagingException) {
        throw new MessagingException("Error in storeConnect: " + store.toString(),
                messagingException);
    }
}

Javamail Debug shows the following:
DEBUG IMAP: protocolConnect login, host=[rooturl], user=[domain]\[user]\[impersonate], password=<non-null>

Am I missing something?
Is it even possible at all?

Was it helpful?

Solution

As per request of Bill Shannon I hereby post my answer to the question:

  1. I placed the required certificate in the cacerts file of Java (be sure that you know what you are doing)

  2. I changed my properties to:
    please note that they are now imap and not imaps

    // TLS & SSL
properties.setProperty("mail.imap.starttls.enable", "true");
properties.setProperty("mail.imap.ssl.enable", "false"); // is now false
// removed the trust for ssl

// login settings
properties.setProperty("mail.imap.auth.ntlm.disable", "true");
properties.setProperty("mail.imap.auth.plain.disable", "true");
properties.setProperty("mail.imap.auth.gssapi.disable", "true");

properties.setProperty("mail.user", credentials.getImapUsername());
properties.setProperty("mail.host", credentials.getRootUrl());

And, for me, it works.
As stated before. This is a very server specific answer and question. I hope it can help other people in their effort to connect their program to their exchange server.

EDIT:
Due to the requirement for support of other mail-servers the code changed:

String protocol = "mail.imap";
switch (encryption){  
    case SSL:
        protocol = protocol + "s";
        properties.setProperty(protocol + ".starttls.enable", "false");
        properties.setProperty(protocol + ".ssl.enable", "true");
        break;
    case TLS:
        properties.setProperty(protocol + ".starttls.enable", "true");
        properties.setProperty(protocol + ".ssl.enable", "false");
        break;
    case NONE:
        properties.setProperty(protocol + ".starttls.enable", "false");
        properties.setProperty(protocol + ".ssl.enable", "false");
        break;
}
properties.setProperty(protocol + ".auth.ntlm.disable", "true");
properties.setProperty(protocol + ".auth.plain.disable", "true");
properties.setProperty(protocol + ".auth.gssapi.disable", "true");
// other properties you want to set

SSL uses the mail.imaps and TLS and NONE use the mail.imap

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top