We just installed Lucee 5.3.2.77 that uses Apache Tomcat/9.0.20 and AdoptOpenJdk 11.0.3 64 bit.
I also have an existing application that is currently running in a DMZ on
ColdFusion 11 Standard edition in production
ColdFusion 11 Enterprise on QA and local.
We also have another Lucee Server running Lucee 5.3.1.102 and Oracle Java 1.8.0_181, on which we are doing our testing and changes.
On all of the boxes, when an email is generated, it only generates the email once. However, on the new Lucee box with OpenJDK, the email is generated and a .tsk file is created in this folder
c:$\inetpub\wwwroot\webdir\sitename\WEB-INF\lucee\remote-client\open
The problem is the file stays there. The next time an email task is run another .tsk file is created and both emails are sent. Wash, rinse, repeat. So if 3 emails are generated, then
The first person will receive 3 emails
The second, 2 emails
The third, 1 email.
For testing, we generated the first email, waited a few minutes. Generated a second, waited. Then generated a third. Has anyone come across this?
I added server="mail server" to the cfmail tag
<cfmail from="appointments#xyz.com" to="<twright#xyz.com>"
subject="Appointment Test" type="HTML" server="<mail.xyz.com>">
<html>
<head><title>Appointment Test</Title>
</head>
<body>
Your appointment has been scheduled at TEST
Number: 123456
Net Weight: 25000
Appointment Date: 08/16/2019
Appointment Time: 1800
Appointment Number: 111111111
</body>
</html>
</cfmail>
So I would expect 1 email to be sent when executed. In this case, as stated above, each time the page is called it generates the email and then resends for all the others in the C:\inetpub\wwwroot\WEB-INF\lucee\remote-client\open folder. If it matters, the email is being sent through Office 365.
Go into the lucee admin mail services - Mail
If the Spool enable is checked, uncheck it and update.
Delete any files in the open folder.
Related
One of our datacenters hosts a webapplication written in CFML / Lucee. It sends mails to customers, but the mails have a high X-Barracuda-Spam-Score. Especially on the Message-Id:
pts rule name description
2.60 INVALID_MSGID_2 Message-Id is not valid, according to RFC 2822
The message-Id looks like this:
<844275327.4929.1591341519768.JavaMail."LOCAL SERVICE"#servername>
When reading the RFC, it looks like the quotes are the problem.
The question is: is there a way to alter this "LOCAL SERVICE" part? The cfmail tag does not give any control over the Message-Id, nor do I find any setting in Lucee. Lucee uses JavaMail for sending messages.
The specs of out Lucee server are:
Lucee Versio 5.3.5.92
Tomcat 9.0.31
Java 11.0.6
Windows Server 2016 (10) 64 BIT
One of our customers uses Coldfusion 9,0,0,251028. The Message-Id of their mails looks like:
<170351411.4299.1591215728394.JavaMail.ServerName$#mailrelay.company.local>
Thanks!
The session property mail.from can be used to control the user account name that is encoded in the Message-Id.
If you can't set the from address you can set the session property for mail.user to change the messageid and use the mail.<protocol>.user to switch back to the correct userid.
The session also supports a value of user.name which can be used to change the user name.
Make sure that you are running the latest version of JavaMail as there are some fixes related to this issue. Mainly versions 1.5.3 and newer remove the user name from the message id.
Another option is to subclass MimeMessage to override the messageID computation.
My company just turned on sender validation for the SMTP relay. So in the old days, I could send an email to nobody#company.com and it would not result in any error. Now, that email results in this:
"Error","scheduler-2","10/31/16","09:04:49",,
"com.sun.mail.smtp.SMTPSendFailedException:
250 2.0.0 xxxxxxxx-1 Message accepted for delivery ;
nested exception is: com.sun.mail.smtp.SMTPAddressFailedException:
550 5.1.1 User Unknown on Mail Relay"
Is there anything I can do via JVM arguments or anything else to ignore these errors and consider the email sent? There's a box where we send out 2-3K emails a day and there's about 1K of "undelivered" emails now on a daily basis. :(
The exception SMTPAddressFailedException is a result of a failed authentication on the mail server, so this is not related to the JVM configuration at all. ColdFusion simply builds mail content and adds it to the mail spooler. Due to the async. nature of a spooler, you cannot catch these errors at runtime.
Your only option is to communicate with the actual mail server before using cfmail (and ask if the sender is legit). However, as far as I know there is no built-in function/tag/tool in CF to do so.
I am having some trouble holding onto session when opening an initial new tab (target _blank) from IE11.
When I close all instances of IE11 and then open a fresh browser and navigate to the test webpage (default.aspx) the page stores a value in session and displays the session ID on the page. If I refresh the page the session ID stays the same. The page has a link to itself (default.aspx) with a target of _blank. If I click this link a new tab is opened, but the session ID is different. If I then refresh the original window the session ID now matches the new window.
<%# Page Language="C#" AutoEventWireup="true" Inherits="System.Web.UI.Page" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<% Session["StoredValue"]="Test"; %>
<div>SessionID: <%=Session.SessionID%></div>
New Window
3rd Party Window
</body>
</html>
It appears this problem only occurs for the first window on the same domain opened in a new tab (I have verified the problem with both target="_blank" and by holding CTRL while clicking the link).
When I watch the cookie traffic with Fiddler I can see that the
session cookie is sent normally in the initial request from
default.aspx. When I click the link to open the page in a new tab
the session cookie is not being sent in the request headers.
If I restart the browser, go to the test page, open a new tab
manually and paste the link destination into it the cookie is sent
correctly in the request headers and the session from the new tab
matches the original tab as expected.
If I restart the browser, go to the test page, open google from a
link targeting _blank in the test page, and then click the link
opening the test page in a new tab the cookie is also sent correctly
in the request headers and the session from the new window matches
the original window as expected.
I believe this to be a client side issue but the site is running from Windows Server Standard 2008 R2 SP 1 in a 4.0 Integrated website with .NET 4.51 installed (also tried with only 4.5 installed).
The client is Windows 7 64-bit running IE11 (11.0.9600.16476). I have verified the problem on other machines running Windows 7 from IE11 and confirmed that it is not a problem in IE10 from Windows 8 in desktop mode. Everything works as expected in Chrome and Firefox.
I have verified the problem persists even if I:
Move security from Medium High to Medium
Disable Protected Mode
Change privacy to Accept all Cookies
Add the site to either the Local Intranet or Trusted Sites zone website list
Set a P3P compact privacy policy in the response headers stating no information is collected or used.
Set a P3P compact privacy policy in the response headers that would typically be accepted to allow 3rd party cookies within an iframe in past versions of IE.
Change the website ASP.NET session state settings to cookieless="UseCookies" or "false" or remove the attribute altogether (ASP.NET State Server).
Any ideas? Has anyone else seen this issue or similar?
This is an active bug according to microsoft. There is apparently no server-side way to fix this.
Link to bug report
Not a solution, but a clue:
We noticed similar behavior and tracked it down to requests to root/browserconfig.xml causing user to become unauthenticated. Server sent a new session cookie because Windows was not sending the existing one. Subsequent requests then sent the new session cookie value. We changed our server to look for this request and not set response cookies.
This is not a solution, but:
Try middle click instead. If that works for you 100% of the time(it did for me)
js: links with target='_blank' on ie remove defaultBehaviour and trigger middle click.
Problem solved.
Same issue coming for my login,But we tried it to resolve it by changing some setting in IE11 or other problematic browsers.
Goto tools=> Internet options=> Privacy
There click on Sites button. There add mydomain.com & click on Allow button.
Restart your browser.
Is there a way to prevent websphere from sending cookies in a response on a per request/url basis?
Our users get a link which allows them to download a file. Works fine in all major browsers except for IE8 & IE7. In IE7 & IE8, the file download breaks when cookies are sent with the response.
When a new session is created, the WebSphere sends a JSESSIONID cookie, and sets Cache-control to no-cache=set-cookie. This causes the download process to break in IE8 and lower.
Things I tried:
1) I know that no-cache=set-cookie can be turned off in Websphere admin console, but it's not an option.
2) The websphere is fronted by a web server, so the response headers can be changed using the web server, but it's not really an option.
3) I created a servlet filter, but it seems like whatever websphere does happens after the filter runs.
4) I created a JSP page that would prompt file download on load. The idea was that the cookie will be exchanged on page load, so that it won't interfere with the download. Unfortunately, because the download is triggered through JavaScript, IE blocks the download, and a user needs to manually approve it.
Is there any way to make it work?
IE8 has bug that may connected with your problem. Bug description. stackoverflow
I solved similar problem using good article.
I am currently in the finishing stages of building an application and have asked the user group to perform production-level usage testing on the application. My application is a makeshift order management system that sends an email to a customer when an order is saved that includes an invoice.
I ran into a problem yesterday when I was doing some testing; this environment currently contains production-quality data, including old customer records. I processed a few orders and forgot about the functionality, and the customer who I did the orders for received emails saying the order is complete. Good that it worked, bad that it lead to this confusion.
The action I would prefer would be to set something somewhere within the application that forces all emails, regardless of the to recipient, to be sent to a specific address, though I would settle for simply being able to turn it off for this application alone. Turning it off on the server level is available not a preferred option due to the need to perform testing on other applications that process email, but are not populated with production-quality data.
Are there any specific flags or code I can use to override server settings in the application to only send email to a certain address based on how we identify our environment, or to not send email altogether?
Reference this page:
http://cookbooks.adobe.com/post_How_can_I_use_Application_level_SMTP_Server_Settin-16469.html
For testing purposes you could set the SMTP server to a non existant IP address. The cfmail routine will still work and coldfusion will move it to an undeliverable folder.
You could add <cfif> statements around it to determine if your on a production URL or dev URL so that it uses the right server while on the production server, or uses the "fake" server while on your development server. OR while on the production server, have an on/off variable that you could use to test emails through your smtp server or shut off emails and route them to the fake SMTP server.
If your on version 8.0 or older, you can setup an application level variable for your mail server and modify your cfmail tags to reference:
<cfmail server="#application.mailserver#" to="" from="" subject="">
This solution presumes you use the same mail server but just want to swap emails to a test address (perhaps yours, so you can see the result). It also presumes your live server name resolves to something that has 'www.something.somethong.' and your dev/test/qa etc servers do not.
In your Application cfc onApplicationStart() try this:
<cfscript>
if(listFirst(CGI.SERVER_NAME,'.') != 'www') {
Application.szEmailToTestEnv = 'test#somewhere.com'; // Use your test email here
}
</cfscript>
Then where you send the email have a bit of logic infront of your mail param such that:
<cfscript>
if(isDefined('Application.szEmailToTestEnv') && len(Application.szEmailToTestEnv)) {
Variables.szEmailTo = Application.szEmailToTestEnv;
} else Variables.szEmailTo = Variables.qCustomerEmail;
</cfscript>
And then in your cfmail:
<cfmail to="#Variables.szEmailTo#"....
Adjust scopes and variable names and value as necessary.
Essentially, any 'site' (say dev.yoursite.com) that is not your live site will then use the test email you set at app startup to send the email and live will continue to use the correct customer email with no code changes between your live and test code.