I recently updated our company’s JIRA installation to the latest version, JIRA 5. I was very excited to see the new sharing/mentioning features in JIRA. Unfortunately, I found that I had some initial problems getting the new features to work with our Exchange environment.
Here are the solutions to those problems.
Changes to SMTP settings
First off, they made some changes to the email system that broke my SMTP settings. The exchange system replied with something like “User could not be authenticated”. Whatever changes they made behind the scenes, seemed to be causing my Exchange environment to reject the authentication method I was using. Prior to the JIRA update, my SMTP settings were set to use port 25 of the Exchange system. After I upgraded, I had to change the port to 587 and turn on TLS. This made authentication work again.
Can’t send on as other users…
After my SMTP settings were authenticating again, I ran into the next issue. My regular notifications worked just fine, but sharing/mentioning did not. The Exchange server was rejecting the emails because JIRA uses the logged in user’s email address in the “FROM:” address, rather than the default “jira@myorganization.com” email address that is setup in SMTP settings. So, in my example, it was trying to send email FROM sean@myorganization.com, rather than jira@myorganization.com. This was a big issue beacuse the default settings for Exchange do not allow authenticated users to send as just anyone… It only allows the authenticated user to send as themselves.
I searched for several hours trying to figure out how to get my jira email address to be allowed to send as anyone… There were solutions on a per-user basis, where I could assign my “sean@myorganization.com” user specific security privileges for the jira@myorganization.com user to send mail as me… But this isn’t what I wanted. For one, we have many users and I don’t want to have to go through each user and give jira the ability to send email as them. For two, we have several users of JIRA who are external to the organization and don’t have an @myorganization.com email. I wanted my Exchange environment to allow JIRA to relay email for anyone of these internal OR external users.
The solution took a while to figure out, and a little debugging. I found one post that showed how to setup the Exchange receive connector (on port 587) to allow anonymous users to send email as anyone. But I definately don’t want that… By using the Exchange Monitor I was able to figure out the right settings that I needed to apply to the receive connector to allow my jira@myorganization.com user to send emails as anyone. Here it is:
Get-ReceiveConnector “My Internal Receive Connector on Port 587” | Add-AdPermission -User jira@myorganization.com -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-SMTP-Accept-Any-Recipient,ms-Exch-SMTP-Accept-Any-Sender,ms-Exch-SMTP-Accept-Exch50,ms-Exch-Bypass-Anti-Spam,ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
The last option was one of the critical options that ended up making the whole thing work. Once I applied these security settings to my receive connector for the JIRA user, everything worked just fine.
One thing to note: I am using a VERY complicated password for the jira@myorganization.com user… You wouldn’t want this JIRA account to get hacked, because it would allow that person to send email on behalf of anyone in the organization.