org.simplejavamail.mailer

Class MailerHelper

java.lang.Object

org.simplejavamail.mailer.MailerHelper

public class MailerHelper
extends Object

If you don't need to actually connect to a server and/or send anything, then this class still provides you with some functionality otherwise triggered only by a Mailer.

Constructor Summary

Constructors

Constructor and Description
MailerHelper()

Method Summary

Modifier and Type	Method and Description
static void	scanForInjectionAttack(@Nullable String value, String valueLabel)
static void	scanForInjectionAttacks(@NotNull org.simplejavamail.api.email.Email email) Checks the following headers for suspicious content (newlines and characters): subject every header name and value every attachment name, nested datasource name and description every embedded image name, nested datasource name and description from recipient name and address replyTo recipient name and address, if provided bounceTo recipient name and address, if provided every TO/CC/BCC recipient name and address disposition-notification-to recipient name and address, if provided return-receipt-to recipient name and address, if provided
static jakarta.mail.internet.MimeMessage	signAndOrEncryptMessageWithSmime(@NotNull jakarta.mail.Session session, @NotNull jakarta.mail.internet.MimeMessage messageToProtect, @NotNull org.simplejavamail.api.email.Email emailContainingSmimeDetails, @Nullable org.simplejavamail.api.mailer.config.Pkcs12Config defaultSmimeSigningStore) Depending on the Email configuration, signs and then encrypts message (both steps optional), using the S/MIME module.
static jakarta.mail.internet.MimeMessage	signMessageWithDKIM(@NotNull jakarta.mail.internet.MimeMessage messageToSign, @NotNull org.simplejavamail.api.email.Email emailContainingSigningDetails)
static boolean	validate(@NotNull org.simplejavamail.api.email.Email email, @Nullable com.sanctionco.jmail.EmailValidator emailValidator) Delegates to all other validations for a full checkup.
static void	validateAddresses(@NotNull org.simplejavamail.api.email.Email email, @Nullable com.sanctionco.jmail.EmailValidator emailValidator) If email validator is provided, checks: from recipient all TO/CC/BCC recipients reply-to recipient, if provided bounce-to recipient, if provided disposition-notification-to recipient, if provided return-receipt-to recipient, if provided
static void	validateCompleteness(@NotNull org.simplejavamail.api.email.Email email) Checks whether: there are recipients if there is a sender if there is a disposition notification TO if flag is set to use it if there is a return receipt TO if flag is set to use it
static boolean	validateLenient(@NotNull org.simplejavamail.api.email.Email email, @Nullable com.sanctionco.jmail.EmailValidator emailValidator) Lenient validation only checks for missing fields (which implies incorrect configuration or missing data), but only warns for invalid address and suspected CRLF injections.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MailerHelper

public MailerHelper()

Method Detail

validate

public static boolean validate(@NotNull
                               @NotNull org.simplejavamail.api.email.Email email,
                               @Nullable
                               @Nullable com.sanctionco.jmail.EmailValidator emailValidator)
                        throws org.simplejavamail.MailException

Delegates to all other validations for a full checkup.

Throws:

org.simplejavamail.MailException

See Also:

validateCompleteness(Email), validateAddresses(Email, EmailValidator), scanForInjectionAttacks(Email)

validateLenient

public static boolean validateLenient(@NotNull
                                      @NotNull org.simplejavamail.api.email.Email email,
                                      @Nullable
                                      @Nullable com.sanctionco.jmail.EmailValidator emailValidator)
                               throws org.simplejavamail.MailException

Lenient validation only checks for missing fields (which implies incorrect configuration or missing data), but only warns for invalid address and suspected CRLF injections.

Throws:

org.simplejavamail.MailException

See Also:

validateCompleteness(Email), validateAddresses(Email, EmailValidator), scanForInjectionAttacks(Email)

validateCompleteness

public static void validateCompleteness(@NotNull
                                        @NotNull org.simplejavamail.api.email.Email email)

Checks whether:

1. there are recipients
2. if there is a sender
3. if there is a disposition notification TO if flag is set to use it
4. if there is a return receipt TO if flag is set to use it

validateAddresses

public static void validateAddresses(@NotNull
                                     @NotNull org.simplejavamail.api.email.Email email,
                                     @Nullable
                                     @Nullable com.sanctionco.jmail.EmailValidator emailValidator)

If email validator is provided, checks:

1. from recipient
2. all TO/CC/BCC recipients
3. reply-to recipient, if provided
4. bounce-to recipient, if provided
5. disposition-notification-to recipient, if provided
6. return-receipt-to recipient, if provided

scanForInjectionAttacks

public static void scanForInjectionAttacks(@NotNull
                                           @NotNull org.simplejavamail.api.email.Email email)

Checks the following headers for suspicious content (newlines and characters):

1. subject
2. every header name and value
3. every attachment name, nested datasource name and description
4. every embedded image name, nested datasource name and description
5. from recipient name and address
6. replyTo recipient name and address, if provided
7. bounceTo recipient name and address, if provided
8. every TO/CC/BCC recipient name and address
9. disposition-notification-to recipient name and address, if provided
10. return-receipt-to recipient name and address, if provided

See Also:

scanForInjectionAttack(java.lang.String, java.lang.String)

scanForInjectionAttack

public static void scanForInjectionAttack(@Nullable
                                          @Nullable String value,
                                          String valueLabel)

Parameters:

value - Value checked for suspicious newline characters "\n", "\r" and the URL-encoded newline "%0A" (as acknowledged by SMTP servers).

valueLabel - The name of the field being checked, used for reporting exceptions.

See Also:

Email Header Injection security, StackExchange - What threats come from CRLF in email generation?, OWASP - Testing for IMAP SMTP Injection, CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

signMessageWithDKIM

public static jakarta.mail.internet.MimeMessage signMessageWithDKIM(@NotNull
                                                                    @NotNull jakarta.mail.internet.MimeMessage messageToSign,
                                                                    @NotNull
                                                                    @NotNull org.simplejavamail.api.email.Email emailContainingSigningDetails)

See Also:

DKIMModule.signMessageWithDKIM(MimeMessage, DkimConfig, Recipient)

signAndOrEncryptMessageWithSmime

public static jakarta.mail.internet.MimeMessage signAndOrEncryptMessageWithSmime(@NotNull
                                                                                 @NotNull jakarta.mail.Session session,
                                                                                 @NotNull
                                                                                 @NotNull jakarta.mail.internet.MimeMessage messageToProtect,
                                                                                 @NotNull
                                                                                 @NotNull org.simplejavamail.api.email.Email emailContainingSmimeDetails,
                                                                                 @Nullable
                                                                                 @Nullable org.simplejavamail.api.mailer.config.Pkcs12Config defaultSmimeSigningStore)

Depending on the Email configuration, signs and then encrypts message (both steps optional), using the S/MIME module.

See Also:

SMIMEModule.signAndOrEncryptEmail(Session, MimeMessage, Email, Pkcs12Config)