Troubleshooting

How to Fix CFMAIL Not Sending Emails

by Aaron Longnion
8 min read
Contents show

Overview of the Problem

When cfmail is Not sending emails, it means ColdFusion (or Lucee CFML) is failing to deliver messages via the configured SMTP server. You may see no emails arriving, messages stuck in the spool/queue, bounce-backs, or errors in logs. This happens due to misconfiguration (SMTP settings, TLS/SSL, Authentication), network/firewall issues, mail server rejections (SPF/DKIM/DMARC), large attachments, or runtime errors in code. Because email delivery involves multiple layers—application code, ColdFusion/Lucee mail service, network, SMTP server, and recipient policies—isolating the exact cause requires a systematic approach.

Possible Causes

  • Misconfigured SMTP server/port or wrong credentials
  • TLS/SSL mismatch or certificate trust errors
  • Firewall or outbound network blocks to SMTP ports
  • Spooler disabled or queue jammed in ColdFusion/Lucee
  • Message rejected due to SPF/DKIM/DMARC, relay/anti-spam rules
  • Invalid From/To addresses or disallowed sender domain
  • Large attachments, unsupported content types, or malformed MIME
  • Java version/TLS protocol incompatibility (e.g., TLS 1.2 required)
  • Rate limiting, blacklisting, or throttling on the SMTP/relay provider
  • Code-level exceptions or tag misuse around

Quick reference (Cause → Solution):

  • Wrong SMTP host/port → Verify in Administrator; test connectivity with telnet/openssl
  • Auth failure → Re-check username/password; use OAuth2/app passwords where required
  • TLS error → Enable STARTTLS; add truststore; set mail.smtp.ssl.protocols=TLSv1.2
  • Queue stuck → Ensure spooler is enabled; clear corrupted items; restart mail service
  • SPF/DMARC fail → Fix DNS records; align From domain; sign with DKIM
  • Oversized emails → Reduce attachments; raise size limits on server if allowed
  • Firewall block → Open outbound ports 25/465/587; allow SMTP relay host
  • Code error → Wrap in cftry/cfcatch; simplify to a minimal message for testing
See also  How to Fix Missing CFIDE Folder Errors

Step-by-Step Troubleshooting Guide

1) Check for Application-Level Errors First

  • Wrap your call in cftry/cfcatch to surface exceptions.
  • Log cfcatch.message and cfcatch.detail. Enable throwonerror-like behavior by inspecting exceptions immediately.

Example:



Hello, this is a cfmail test.




If you see no exception but emails still don’t arrive, the message may be in the spool or rejected downstream.

2) Verify Mail Settings in ColdFusion/Lucee Administrator

  • Open ColdFusion Administrator > Server settings > Mail (Lucee: Services > Mail).
  • Confirm:
    • SMTP Server/Host is correct.
    • Port matches your provider: 25, 465 (SSL), or 587 (STARTTLS).
    • Authentication (username/password) is correct.
    • TLS/SSL settings match your provider (e.g., STARTTLS on port 587).
    • Timeout is reasonable (e.g., 60 seconds).
    • Spooler is enabled.
    • Advanced properties if needed (see advanced section).

Tip: If you’re setting server/port at the tag level (server, port, username, password, usetls/usessl), be consistent—avoid conflicting Administrator vs tag-level settings.

3) Inspect the Mail Spool and Logs

  • Check the spool directories to see if messages are queued, stuck, or undeliverable:
    • Adobe ColdFusion (default): cfusion/mail/spool, cfusion/mail/undelivr
    • Lucee (typical): {lucee-server}/context/spool or {web-context}/WEB-INF/lucee/spool
  • Review logs:
    • Adobe ColdFusion: cfusion/logs/mail.log, application.log, exception.log
    • Lucee: WEB-INF/lucee/logs/mail.log, exception.log
  • Typical errors include:
    • 535 Authentication failed
    • 454/530 Must issue STARTTLS first
    • 550 5.7.1 Relay access denied
    • 552 Message size exceeds fixed limit
    • TLS handshake/cert trust errors

Example mail.log entries:

“AuthenticationFailedException: 535 5.7.3 Authentication unsuccessful”
“MessagingException: Could not convert socket to TLS”
“SendFailedException: Invalid Addresses; nested exception is: 550 5.7.1 Relaying denied”

4) Test SMTP Connectivity From the Server

  • Test network reachability to the SMTP host and port:
    • Linux:
      • telnet smtp.example.com 587
      • openssl s_client -starttls smtp -connect smtp.example.com:587 -crlf
    • Windows:
      • PowerShell: Test-NetConnection smtp.example.com -Port 587
  • If connection fails, fix DNS, routing, or firewall rules.
  • If TLS negotiation fails in openssl, you may need updated protocols/ciphers or truststore adjustments.

5) Confirm TLS/SSL and Java Compatibility

  • Many SMTP providers require TLS 1.2+. Ensure the JVM used by ColdFusion/Lucee supports it.
  • For Adobe CF, add JVM args in jvm.config if needed:

-Dmail.smtp.ssl.protocols=TLSv1.2
-Dhttps.protocols=TLSv1.2

  • If you have a certificate trust issue, import the SMTP server’s certificate chain into the JVM truststore (cacerts) or a custom truststore ColdFusion uses.
  • For implicit SSL (port 465), use usessl=”true”. For STARTTLS (port 587), use usetls=”true” and ensure the server advertises STARTTLS.

6) Validate Authentication and Sender Policies

  • For Microsoft 365:
    • Use smtp.office365.com:587 with STARTTLS.
    • Basic auth is often disabled; use OAuth2 or SMTP AUTH where allowed, or a relay connector for server IPs.
  • For Gmail/Google Workspace:
    • smtp.gmail.com:587 with STARTTLS.
    • Use 2FA + App Password or OAuth2; “less secure apps” is deprecated.
  • Align the From domain with SPF and DMARC policies:
    • SPF: Include your SMTP provider or IP in your TXT record, e.g.:
      v=spf1 include:sendgrid.net include:_spf.google.com -all
    • DKIM: Sign outbound mail if supported by your relay.
    • DMARC: Set a policy and monitor rejections; align From with SPF/DKIM.
See also  How to Fix Query of Queries Errors

If you send from no-reply@yourdomain.com through a third-party relay, the domain must authorize that relay via SPF and ideally DKIM.

7) Review Message Content, Addresses, and Size

  • Use a legitimate From and Reply-To; avoid bare IPs or unqualified hostnames.
  • Validate recipient addresses; malformed emails cause SendFailedException.
  • Keep messages small; large attachments often trigger 552 errors.
  • Use cfmailparam for attachments and content-type control:


Please find the report attached.

  • Avoid mixed charsets or invalid headers; set charset=”UTF-8″ consistently when needed.

8) Check Receiving Server Responses and Bounces

  • If “failto” is set, review bounce notifications.
  • Examine SMTP responses for policy rejections like:
    • 550 5.7.1 Message rejected as spam
    • 554 5.7.1 PTR record missing
  • Ensure your server’s public IP has proper reverse DNS (PTR) if sending directly.

9) Look for Rate Limits, Throttling, and Blacklisting

  • Many providers throttle or block spikes. Review provider dashboards for limits/blocks.
  • Check blacklists using a tool like MXToolbox for your sending IP or domain.
  • If throttled, implement Rate limiting in your app or via the mail service’s scheduling.

10) Retest With a Minimal Known-Good Example

  • Temporarily bypass advanced logic and prove basics work:

<cfmail to=”your.personal.address@example.com”
from=”no-reply@yourdomain.com”
subject=”Minimal Test”
server=”smtp.yourrelay.com”
port=”587″
username=”smtpuser”
password=”smtppass”
usetls=”true”
type=”text”>
This is a minimal test.

  • If this sends successfully, reintroduce complexity (attachments, HTML, CC/BCC, dynamic recipients) incrementally.

Configuration Examples

ColdFusion Administrator (Adobe CF) – Typical

  • SMTP Server: smtp.office365.com
  • Server Port: 587
  • Enable TLS/SSL: TLS
  • Username/Password: your SMTP credentials
  • Timeout: 60
  • Spooler: Enabled
  • Optional mail properties (Administrator “Additional JavaMail Properties”):
    • mail.smtp.auth=true
    • mail.smtp.starttls.enable=true
    • mail.smtp.ssl.protocols=TLSv1.2
    • mail.smtp.quitwait=false

Lucee CFML – Typical

  • Services > Mail: host, port, username, password.
  • Use TLS (STARTTLS) for port 587 or SSL for 465.
  • Verify the Lucee log “mail.log” and spool directories.
  • Advanced properties can be added under “Mail Settings” or at tag level.

Advanced JavaMail Properties (when needed)

mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.ssl.protocols=TLSv1.2
mail.smtp.connectiontimeout=15000
mail.smtp.timeout=60000
mail.smtp.writetimeout=60000
mail.smtp.sendpartial=true
mail.smtp.localhost=app.yourdomain.com

  • sendpartial allows delivery to valid recipients even if some are invalid.
  • localhost sets the HELO/EHLO name; use a resolvable FQDN.

Common mistakes and How to Avoid Them

  • Using SSL on port 587 or TLS on port 465 incorrectly
    • Avoid mismatch; 465 is implicit SSL (usessl), 587 uses STARTTLS (usetls).
  • Conflicting settings between Administrator and tag
    • Choose one source of truth; tag-level overrides can confuse Troubleshooting.
  • Sending from unauthorized domains
    • Align with SPF/DKIM/DMARC or use a verified sender identity at your relay.
  • Ignoring spool and logs
    • Always check mail.log and spool/undelivr for clues.
  • Oversized or malformed messages
    • Compress or link large files; ensure proper MIME headers and charset.
  • Relying on deprecated auth methods
    • Use OAuth2 or app passwords where basic auth is disabled (O365/Gmail).
  • Stale JVM lacking TLS 1.2 support
    • Update JDK/JRE bundled with CF/Lucee; set TLS protocol properties explicitly.
See also  How to Fix Datasource Connection Failure in ColdFusion

Prevention Tips / Best practices

  • Keep ColdFusion/Lucee and the JVM updated to support modern TLS/ciphers.
  • Use a reputable SMTP relay (e.g., M365, Google Workspace, SendGrid, Mailgun) with proper sender authentication.
  • Enforce standardized mail settings via environment variables or central config to avoid drift.
  • Implement monitoring:
    • Alert if spool grows beyond a threshold.
    • Parse mail.log for repeated delivery failures.
  • Rate-limit/batch large campaigns to avoid throttling.
  • Validate addresses before sending; guard against injection in headers.
  • Implement retries with exponential backoff for transient errors.
  • Maintain SPF/DKIM/DMARC and monitor DMARC reports.
  • Use dedicated From domains for automated mail (e.g., no-reply@notify.yourdomain.com) and keep DNS records clean.
  • Document your SMTP settings and rotate credentials securely.

Key Takeaways / Summary Points

  • CFMAIL delivery issues usually stem from SMTP Configuration, TLS/auth problems, or content/policy rejections.
  • Start with logs and spool inspection, then verify connectivity and TLS with openssl or telnet.
  • Align sender identity with SPF/DKIM/DMARC to avoid rejections.
  • Keep JVM and Server settings current for TLS 1.2+; set JavaMail properties if needed.
  • Test with a minimal message, then add complexity, monitoring for failures.

FAQ

How can I see exactly why CFMAIL failed if nothing shows on the page?

  • Use cftry/cfcatch around and log cfcatch.message/detail.
  • Check mail.log and exception.log. Many SMTP errors never surface to the browser and are only in logs/spool.

What’s the difference between usetls and usessl in ?

  • usetls uses STARTTLS (explicit TLS) typically on port 587 after EHLO.
  • usessl uses implicit SSL from the start, typically port 465. Don’t mix them with the wrong port.

Why do emails send locally but not to external domains?

  • Likely a relay restriction or SPF/DMARC failure. Your SMTP may allow local/domain emails but block external relays. Check SMTP server policy and enable authenticated relay or use an approved relay service.

Can I send to many recipients at once without being blocked?

  • Use batching and rate limiting to avoid throttling. Consider mail.smtp.sendpartial=true to deliver to valid recipients even if some addresses are invalid. A dedicated ESP (SendGrid/Mailgun) is recommended for bulk sends.

About the author

Aaron Longnion

Aaron Longnion

Hey there! I'm Aaron Longnion — an Internet technologist, web software engineer, and ColdFusion expert with more than 24 years of experience. Over the years, I've had the privilege of working with some of the most exciting and fast-growing companies out there, including lynda.com, HomeAway, landsofamerica.com (CoStar Group), and Adobe.com.

I'm a full-stack developer at heart, but what really drives me is designing and building internet architectures that are highly scalable, cost-effective, and fault-tolerant — solutions built to handle rapid growth and stay ahead of the curve.

View all posts

You may also like