CFMAIL - SMTP / HELO - 550 5.7.1 Error - Not RFC 2821 Compliant

I am running into an issue where the SMTP server I am using is rejecting connections from CFMAIL for non compliant HELO request.

I get the following errror:

com.sun.mail.smtp.SMTPAddressFailedException: 550 5.7.1 <>: Helo command rejected: Your software is not RFC 2821 compliant

Reading RFC 2821 it appears the server wants the IP address enclosed in brackets instead of <>

Any ideas on how to get around this issue?

In this instance I am running:

Lucee installed on Windows 11
SMTP Server Required SSL and TLS

I have tried running this through both Tomcat and IIS

I have tried using submitting the request from a page accessed by IP address and DNS name - neither make a difference to the HELO error…

Any insight would be much appreciated!

Thanks in advance!

I broke down and downloaded ColdFusion 2023 and encountered the same error there too.

In doing research, this seems to either be a bug in the BouncyCastle or JavaMail jar files.

Version history notes that JavaMail 1.4.3 fixed an issue with RFC2821 Incorrect HELO - but I can’t figure out how to update that piece of Lucee.


While I’ve never seen that particular error, I will note that since you’re using tls/SSL, the error could be a misnomer–with the real problem instead being about the Java version underlying Lucee/its config, or the tls/SSL supported by your mail server. Also, the error you see may be preceded or followed immediately by another, pointing elsewhere.

If you or others don’t solve your problem otherwise, first what IS the Java version (not what your box is using generally but what lucee is using specifically)?

Second, if you run the ssllabs free online scan against the mail server domain, what’s it supporting in terms of tls?

Finally, there is also available Java tls debugging one can enable, but it’s verbose and all the harder to read if there’s more than one request being made at a time. Let’s hear what else you may find, or others may offer, before going down that path.

I’m pretty sure its not an issue in Javamail with the brackets IP-Address. Such an issue would have tons of entries alI over the internet. I’d say its an configuration issue. i have some questions:

  1. Is this a new setup? Or is this an issue that suddenly popped up?
  2. Because you’ve said “the SMTP server that I’m using”… Have you tried verbose logging on your SMTP server? What does it say?
  3. I’d say your SMTP isn’t liking the IP address at all for some reason, the rejjection implies that It expects a valid host name in the helo command.
  4. Have you tried some type of authentication or is your smtp server seup as relay?
  5. is a special address that’s not a localhost. That really should be a host name. Have you setup a valid hostname for that machine that is accessible to the machine hosting your SMTP server?

yeah, I think this is basically a 401 from the mail server

Lucee already uses java mail 1.6.2

Hey Charlie!

As for versions of Java:

Lucee is using 11.0.20+8
ColdFusion 2023 is using 17.0.6+9

On CF2023, I also tried to upgrade to 20.0.2+9. No such luck, same results.

As for TLS:

This server is not publicly accessible, so I did an nmap scan instead to confirm that it’s only supporting TLS1.2

And on a side note… I’m humbled (and shocked) to have THE Charlie Arehart respond to one of my posts!!! hehe… I’ve been using Cold Fusion since Allaire 2.0 and have been following you for years!!! #ImNotWorthy hehe…

Andreas -

This is the first time I’ve worked with this particular network / server. This is also the first time I’ve ever tried to use SSL and TLS to connect - so I have several unknowns I’m dealing with.

In working with the server admin I am being told:

1 - the server is expecting brackets instead of greater-than/less-than signs

2 - the server does not like my IP address. This connection is being accessed through a IKE VPN but Lucee sends my private IP instead of the IP address of the VPN adapter.

I’ve tried using WireShark on the request, but being an IKE VPN - everything is encapsulated and cannot be viewed.

I have tried running my script/URL from LocalHost, my private “172” IP address, and the VPN assigned IP - Lucee and CF2023 always sends my private IP. Is there maybe a way to specify what address it sends?

It is a little hard for me to believe it doesn’t like the 172 address, because both addresses in question are in the IANA reserved address range. (But I’ve seen weirder things happen!)

I am able to run a Thunderbird email client on the same machine and it connects just fine. (However, in the server logs, my connection shows up using brackets and the VPN assigned IP address)

I have also attempted to access the script via a DNS name - that didn’t work either - the server still sent my private 172 address in the HELO command

I am authenticating to the server directly, no relays are being used. I originally questioned if I was successfully authenticating. I assume I am due to the fact that I am getting to the HELO stage.

Does anyone know if there is a way to 1) specify a different source IP, or 2) use brackets in the HELO command?

Sounds like more logs are in my foreseeable future!!!

Hey Zackster -

Would I be getting a HELO error if I wasn’t authenticated already?

Based on my previous experience of unencrypted/unauthenticated SMTP - I didn’t think I would even get to HELO if I didn’t pass authentication.

Also - I did purposely change my password to test that the authentication theory - when I do that I get a authentication error instead…

Ok, good debugging

Any idea what mail server we are dealing with?

We added debugging for cfmail a while back [LDEV-3754] - Lucee you could try that

Also java 17 isn’t fully supported, 11 is recommended YMMV

Hey Zackster -

The server being used is Postfix…

I have enabled the debugging flag in my CFMAIL tag, but’ I’m not seeing any extra information show up anywhere?

Also - just to clarify - I’ve never received an actual error on the page itself. The page executes as normal and I get my typical “SENT” message I throw up on the screen after the CFMAIL tag executes - but the message never arrives.

I’ve been getting all of my info from the “mail.log” file located in the “C:\lucee\tomcat\webapps\ROOT\WEB-INF\lucee\logs” folder.

I have all debugging settings enabled in the Lucee console…

Here is the complete error from mail.log:

> "ERROR","Thread-3914","09/05/2023","14:19:25","mail","Invalid Addresses;lucee.runtime.exp.NativeException: Invalid Addresses
> 	at com.sun.mail.smtp.SMTPTransport.rcptTo(
> 	at com.sun.mail.smtp.SMTPTransport.sendMessage(
> 	at
> Caused by: javax.mail.SendFailedException: Invalid Addresses;
>   nested exception is:
> 	com.sun.mail.smtp.SMTPAddressFailedException: 550 5.7.1 <>: Helo command rejected: Your software is not RFC 2821 compliant
> 	... 3 more
> Caused by: com.sun.mail.smtp.SMTPAddressFailedException: 550 5.7.1 <>: Helo command rejected: Your software is not RFC 2821 compliant
> 	at com.sun.mail.smtp.SMTPTransport.rcptTo(
> 	... 2 more
> "

I was also curious about the Invalid Addresses / rcptTo / SMTPAddressFailedException error. Playing around with that I have formatted my to/from addresses in a couple of different formats - i.e. -

* ""
* "John Doe <>"
* "<>"

But of course have not had any success in doing that either…

Is there a way to overwrite or change the CGI variables Lucee is using?

It appears that it might be using CGI.LOCAL_ADDR variable as the address it’s passing to the SMTP server.

In a CFDUMP - this is the only variable that reflects my local address, and not the VPN IP the traffic is routed through…

Quick update - although I was not able to solve the original issue per se - I did come up with a work-around…

I simply modified my local “host” file by adding a dummy host name (not FQDN) that resolved to the private IP address Lucee kept sending to the server in the HELO statement. Lucee01

After doing that, Lucee passed the value of “Lucee01” in the HELO statement instead of <>

I appreciated all the input, help, and suggestions from everyone! Thanks!!!

Sincerely, SMTP is a very old protocol and extremly misused for spamming. Not supplying a FQDN in the Helo command is a very coommon practice for spammers (ratware).As an SMTP admin I would not allow a pure IP address and reject it also in brackets. I’m asking myself why is your machine inot submitting its FQDN (usually its submits from the OS)? Have you defined the IP address as string for your machines name at OS level? I know that’s not to your satisfaction, sorry for that.