startTLS for Enforce notifications
search cancel

startTLS for Enforce notifications

book

Article ID: 409208

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

DLP is failing to use startTLS for Enforce notifications.

The SymantecDLPManager.log shows startTLS succeeds:

INFO   | jvm 1    | 2025/08/06 10:06:57 | DEBUG: setDebug: JavaMail version 1.6.1
INFO   | jvm 1    | 2025/08/06 10:06:57 | DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Oracle]
INFO   | jvm 1    | 2025/08/06 10:06:57 | DEBUG SMTP: useEhlo true, useAuth true
INFO   | jvm 1    | 2025/08/06 10:06:57 | DEBUG SMTP: trying to connect to host "mail host", port 587, isSSL false
INFO   | jvm 1    | 2025/08/06 10:06:57 | DEBUG SocketFetcher: getSocket, host mail host, port 587, prefix mail.smtp, useSSL false
INFO   | jvm 1    | 2025/08/06 10:06:57 | DEBUG SocketFetcher: create socket: prefix mail.smtp, localaddr null, localport 0, host mail host, port 587, connection timeout 30000, timeout -1, socket factory null, useSSL false
INFO   | jvm 1    | 2025/08/06 10:06:57 | DEBUG SocketFetcher: connecting...
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SocketFetcher: success!
INFO   | jvm 1    | 2025/08/06 10:06:58 | 220 outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 6 Aug 2025 16:06:32 +0000 
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: connected to host "mail host", port: 587
INFO   | jvm 1    | 2025/08/06 10:06:58 | EHLO CC-W-ENFORCE
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-outlook.office365.com Hello [###.###.###.###]
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-SIZE 157286400
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-PIPELINING
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-DSN
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-ENHANCEDSTATUSCODES
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-STARTTLS
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-8BITMIME
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-BINARYMIME
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-CHUNKING
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250 SMTPUTF8
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "SIZE", arg "157286400"
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "PIPELINING", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "DSN", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "STARTTLS", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "8BITMIME", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "BINARYMIME", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "CHUNKING", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "SMTPUTF8", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | STARTTLS
INFO   | jvm 1    | 2025/08/06 10:06:58 | 220 2.0.0 SMTP server ready
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SocketFetcher: startTLS host mail host, port 587
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SocketFetcher: SSL enabled protocols before [TLSv1.3, TLSv1.2]
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SocketFetcher: SSL enabled protocols after [TLSv1.3, TLSv1.2]
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SocketFetcher: SSL enabled ciphers after [TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

It then fails for the authentication:

INFO   | jvm 1    | 2025/08/06 10:06:58 | EHLO CC-W-ENFORCE
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-outlook.office365.com Hello [###.###.###.###]
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-SIZE 157286400
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-PIPELINING
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-DSN
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-ENHANCEDSTATUSCODES
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-AUTH LOGIN XOAUTH2
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-8BITMIME
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-BINARYMIME
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250-CHUNKING
INFO   | jvm 1    | 2025/08/06 10:06:58 | 250 SMTPUTF8
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "SIZE", arg "157286400"
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "PIPELINING", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "DSN", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "AUTH", arg "LOGIN XOAUTH2"
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "8BITMIME", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "BINARYMIME", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "CHUNKING", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Found extension "SMTPUTF8", arg ""
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: protocolConnect login, host=mail host, user=username, password=<non-null>
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Attempt to authenticate using mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM XOAUTH2 
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: Using mechanism LOGIN
INFO   | jvm 1    | 2025/08/06 10:06:58 | DEBUG SMTP: AUTH LOGIN command trace suppressed
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: AUTH LOGIN failed

And as a consequence, it tries again without STARTTLS and succeeds:

INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG: setDebug: JavaMail version 1.6.1
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Oracle]
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: useEhlo true, useAuth true
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: trying to connect to host "mail host", port 587, isSSL false
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SocketFetcher: getSocket, host mail host, port 587, prefix mail.smtp, useSSL false
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SocketFetcher: create socket: prefix mail.smtp, localaddr null, localport 0, host mail host, port 587, connection timeout 30000, timeout -1, socket factory null, useSSL false
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SocketFetcher: connecting...
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SocketFetcher: success!
INFO   | jvm 1    | 2025/08/06 10:07:03 | 220 outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 6 Aug 2025 16:06:39 +0000 
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: connected to host "mail host", port: 587
INFO   | jvm 1    | 2025/08/06 10:07:03 | EHLO CC-W-ENFORCE
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-outlook.office365.com Hello [###.###.###.###]
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-SIZE 157286400
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-PIPELINING
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-DSN
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-ENHANCEDSTATUSCODES
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-STARTTLS
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-8BITMIME
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-BINARYMIME
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250-CHUNKING
INFO   | jvm 1    | 2025/08/06 10:07:03 | 250 SMTPUTF8
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "SIZE", arg "157286400"
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "PIPELINING", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "DSN", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "STARTTLS", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "8BITMIME", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "BINARYMIME", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "CHUNKING", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | DEBUG SMTP: Found extension "SMTPUTF8", arg ""
INFO   | jvm 1    | 2025/08/06 10:07:03 | QUIT
INFO   | jvm 1    | 2025/08/06 10:07:04 | 221 2.0.0 Service closing transmission channel



Localhost logs show:

06 Aug 2025 10:07:03,777- Thread: 124 WARNING [com.vontu.enforce.mail.MailClient] SMTP server connection test failed <<=with startTLS
Cause:
javax.mail.AuthenticationFailedException: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information. 
...
06 Aug 2025 10:07:03,783- Thread: 124 FINE [com.vontu.enforce.mail.MailClient] Connecting to mail server (example:587) as <username> <<=without startTLS, success

Environment

Symantec Data Loss Prevention 16.1

Cause

Enforce notifications only check whether startTLS should be enabled when SMTP is configured in the Enforce Console > System > Settings > General.
Upon 'save', DLP will connect to the specified MTA and confirm if startTLS is enabled. If both the TLS handshake and AUTH LOGIN verifications are successful, then startTLS will be enabled for Enforce notification in the database. 

Resolution

The message “SmtpClientAuthentication is disabled for the Tenant” means that basic authentication for SMTP clients (SMTP AUTH) is disabled at the tenant level. 
Reach out to the MTA to confirm SMTP AUTH is enabled for the user set in the Enforce SMTP settings.

Additional Information

Enable the following in ManagerLogging.properties on the Enforce server for additional Enforce Notification SMTP logging:


com.symantec.dlp.incidentdomainservices.IncidentEmailService.level = FINEST
com.vontu.enforce.mail.MailClient.level = FINEST
mail.socket.debug=true

Powered by Wolken Software