I have a CF10 server running on Windows 2008 r2. JVM is 1.80_91. I have configured the Mail settings in CFAdmin to our Office 365 instance, I have a relay account we are using configured. When I send test emails they are only TLSv1.0 to Office365. I read a couple of forums and found the Dhttps settings which I have put into Java and JVM in CFAdmin. I restart the CF service and still the test messages are TLSv1.0. I even went into the javacpl.exe and unchecked TLS 1.0 and TLS 1.1 in Advanced.
What am I missing? Based on what I have been reading, this should work correctly.
Do you have CF10 configured with tick in Server Settings > Mail > Enable TLS connection to mail server?
You mention Dhttps setting. Is CF JVM configured with -Dhttps.protocols=TLSv1.2 ?
Sorry more questions than answers, Carl.
Yes I have the checkbox checked to make TLS connections and I have -Dhttps.protocols=TLSv1.2 in the Java and JVM variables section.
Given our current deployment of CF, using Windows SMTP is impractical, sorry.
How about other dedicated SMTP relays on the local network? I've used Apache JAMES for this quite a bit, and it's pretty easy and reliable.
Dave Watts, Fig Leaf Software
We have our primary outbound SMTP mail server on the same local network as the ColdFusion server and that wasn't enough. Every once in a while, an email message would get "dropped"... not logged by CF, no spool file, no error & no SMTP connection. I'm not sure what the issue was.
Others had reported similar behavior too on this form (or the forum before this one) and their solution was to run a simple SMTP proxy on localhost and use it to process remote connections to non-local SMTP servers. This was the only thing that we found that worked dependably (as well as quickly since the messages were being delivered locally.) Since you control the local connection, you can restrict it to only allow email to be sent from localhost and not require secure connections when accepting messages.
The best approach that we've been able to determine when using Windows/IIS (even w/CF10) is to use Windows SMTP Virtual Server and have it relay all mail to your remote mail server. This will remove any SSL/TLS issues (since none is required locally) and also spool your mail faster & more reliably since CF can always connect to 127.0.0.1. We then have all outbound email relay from CF to local Windows SMTP Service and then to our outbound SMTP mail server. (All of our CFMail issues disappeared overnight when we switched to this method.)
We tried using SparkPost's SMTP service, but they use round-robin DNS for their SMTP servers and since the IPs can change at any time, we were frequently restarting the ColdFusion service to force DNS lease renewals. We tried CFHTTP with their Rest API and encountered the same CF "DNS=FOREVER" issue. To overcome this using ColdFusion 9 - 2018, we switched to using the Rest API with CFX_HTTP5, a C++ module that honors DNS TTL and has much better SSL support since it uses whatever the regular Windows services is currently able to access. (This CFX tag been a major game changer and allowed us to continue to access PayPal, Authorize.net, etc using CF10.)
Have you applied the latest updates of ColdFusion 10?
rwood56847, are you SURE that you are using Java 1.8? Are you saying that appears as the value in the CF Admin "settings summary" page? Sometimes people judge their JVM version by running that very javacpl.exe you refer to (or opening it from Windows Control Panel), but that's for any jvm implemented as the "public jre" on your machine.
As you may know, one can install another JVM (and of course CF comes with its own), and CF can be told to point to that other jvm. As all of them have a jre/bin/javacpl.exe, its just not clear which one you're referring to for what you modified.