> For the complete documentation index, see [llms.txt](https://docs.fortifiedid.se/smtp/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.fortifiedid.se/smtp/smtp.md). # SMTP ## Introduction Platform module for application outbound SMTP requests. Multiple instances of the module can be configured to support outbound request with different properties, like timeouts, proxies or SSL/TLS settings. Callers targets the requested instance by its name which must be configuration unique. Messages kan be sent in plain text or HTML format. ## Configuration {% hint style="info" %} **Module name:** `SmtpClient` {% endhint %} {% tabs %} {% tab title="Properties" %}
NameDescriptionDefault valueMandatory
nameDestination name. Unique identifier for a specific configuration/connection/service. This value must be unique for all smtpclient configurations."default"false
hostSMTP server host.N/Atrue
portSMTP server port.N/Atrue
fromWho is the message from."noreply@fortifiedid.se"false
user_nameUser name when identifying against SMTP server.N/Afalse
passwordUsed when authenticating against SMTP server.N/Afalse
start_tlsDefines if communications must use TLS. Allowed values are : "OPTIONAL", "DISABLED" or "REQUIRED""OPTIONAL"false
keep_aliveShould a pool be used keeping connections open. truefalse
reconnect_intervalvalue for reconnect interval in ms.1000false
keep_alive_timeoutThis value determines how long a connection remains unused, in seconds, in the pool before being evicted and closed.600false
connect_timeoutHow many milliseconds before a connect attempt fails.5000false
disable_esmtpset if ESMTP should be tried as first command (EHLO), rfc 1896truefalse
idle_timeoutTimeout in seconds.600false
loginpossible options for a login into a SMTP server either "DISABLED", "NONE", "REQUIRED" or "XOAUTH2""NONE"false
reconnect_attemptsNumber of reconnect attempts.3false
use_alpnWhether to use or not Application-Layer Protocol Negotiation.falsefalse
ssl_trust_allIgnore SSL validation.falsefalse
ssl_handshake_timeoutthe SSL handshake timeout in ms.10false
use_sslis SSL/TLS enabled.falsefalse
proxy_hostHost for proxying.N/Afalse
proxy_portPort for proxying.N/Afalse
proxy_userN/Afalse
proxy_passwordN/Afalse
auth_methodsAuthentication methods supported by the SMTP server. The following are supported: "XOAUTH2, DIGEST-MD5, CRAM-SHA256, CRAM-SHA1, CRAM-MD5, PLAIN, LOGIN". Use "" if you are unsure of which auth methods are supported. "DIGEST-MD5, CRAM-SHA256, CRAM-SHA1, CRAM-MD5, PLAIN, LOGIN"false
slow_mail_warning_msLogs a warning if SMTP send is still in progress after this many milliseconds. 0 or lower disables the warning timer.5000false
send_timeout_msLocal timeout for the entire SMTP request, including attachment preparation. 0 means disabled0false
log_activityEnables "low-level" mail activity logging.falsefalse
{% endtab %} {% tab title="Example" %} ```json { "name": "SmtpClient", "enabled": true, "config": { "name": "smtp01", "host": "smpt.acme.org", "port": 25, "user_name": "smtp_user", "password": "smtp_password", "auth_methods": "DIGEST-MD5, CRAM-SHA256, LOGIN" } } ``` {% endtab %} {% endtabs %} ## OAuth 2.0 OAuth 2.0 allows an SMTP client to authenticate by using a short-lived access token instead of a static password. In practice, the client first obtains a token from an identity provider, such as Microsoft Entra ID, and then uses that token with the SMTP server, typically through XOAUTH2. This improves security by reducing reliance on long-lived credentials and allowing authentication to be controlled through modern identity and access policies. #### To use OAuth 2.0 : `disable_esmtp` and `keep_alive` must be `false`. `auth_methods` must be `XOAUTH2`. `password` must not be set. A separate `oauth2` configuration block must be added. {% tabs %} {% tab title="oauth2 properties" %}
NameDescriptionDefault valueMandatory
http_destinationName of the HttpClient module that should be used to fetch the token.true
token_urlFull token endpoint URL, for example an Entra token endpoint.true
token_parametersKey/value parameters sent in the token request body. Typical examples: grant_type, client_id, client_secret, scope.true
token_headersExtra HTTP headers to include in the token request.false
access_token_fieldName of the field in the token response that contains the access token."access_token"false
expires_in_fieldName of the field in the token response that contains token lifetime in seconds."expires_in"false
expires_at_fieldName of the field in the token response that contains an absolute expiry timestamp (epoch seconds). If configured and present, it takes precedence over expires_in_field.false
refresh_skew_secondsSafety margin before expiry. The token will be refreshed before its actual expiry time.60false
http_timeout_msTimeout for the token HTTP request.5000false
{% endtab %} {% tab title="Example" %} ```json5 { "name": "default", "host": "smtp.example.com", "port": 587, "start_tls": "REQUIRED", "user_name": "sender@example.com", "disable_esmtp": false, "keep_alive": false, "oauth2": { "http_destination": "oauth-http", "token_url": "https://login.example.com/oauth2/token", "token_parameters": { "grant_type": "client_credentials", "client_id": "...", "client_secret": "...", "scope": "https://outlook.office365.com/.default" }, "token_headers": { "Accept": "application/json" }, "access_token_field": "access_token", "expires_at_field": "expires_at", "expires_in_field": "expires_in", "refresh_skew_seconds": 60, "http_timeout_ms": 5000 } } ``` {% endtab %} {% endtabs %} ## Troubleshooting To enable more information in logs use these loggers in the log4j2.xml file: ``` ``` or for a broader scope use: ``` ``` For low-level logging with `log_activity` set to `true`, use this logger: ``` ``` Required level by message type: * `DEBUG` * request received * request prepared * attachment preparation * attachment file read * SMTP send start * `INFO` * SMTP send success * `WARN` * slow send warning from `slow_mail_warning_ms` * late SMTP success ignored after timeout * late SMTP failure ignored after timeout * `ERROR` * local SMTP timeout * SMTP send failure * request preparation failure * `TRACE` * full Vert.x mail response payload Practical guidance: * use `DEBUG` for normal SMTP troubleshooting * use `WARN` if the focus is only slow/hanging mail behavior * use `TRACE` if response payload details are needed ## Metrics This module produces metrics for each request. {% tabs %} {% tab title="Naming" %}
namefortified.internal.smtpclient_<metric-name>
tagsname=<instance-name>
{% endtab %} {% tab title="Metric" %}
NameTypeDescription
pendinggaugeNumber of pending requests
successcounterNumber of successful request
failurecounterNumber of failed request
requesttimerRequest time in ms
{% endtab %} {% tab title="JMX example" %} ``` / JMX name for HttpClient request failure counter on ``` ``` // module instance "smtp01" ``` ``` metrics:name=fortifiedInternalHttpclient_failure.name.smtp01,type=meters ``` {% endtab %} {% endtabs %} ## Events When sending e-mail using following events are possible * `SMTP001` - Mail sent * traceID if present * to - comma separated list * cc - comma separated list * bcc - comma separated list * subject - message subject * `SMTP002` - Mail could not be sent * traceID if present * subject - message subject * `SMTP003` - Mail send timed out * traceID if present * subject - message subject * Note: local timeout in SMTP module; final delivery outcome may still be unknown. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fortifiedid.se/smtp/smtp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.