Why are email features not working in a Tomcat web app

When email features stop working in a Tomcat web app, the cause is usually not Tomcat itself. In most hosting setups, a Java application can send mail only if the SMTP server, DNS records, SSL/TLS settings, and application configuration are all correct. If one of these layers is wrong, login forms, password reset emails, notification jobs, or contact forms may fail even though the web app is otherwise running normally.

In a managed hosting environment with Plesk and a Java hosting extension such as My App Server, the application may run inside its own Tomcat and private JVM, but email is still handled by the surrounding mail service. That means you should check both the Java application and the hosting account configuration. This article explains the most common reasons why email functionality fails in a Tomcat web app and how to troubleshoot them step by step.

Why Tomcat email features fail even when the app is online

Tomcat is a servlet container, not a mail server. Your application usually sends email through an external SMTP service or the hosting platform’s mail server. If your app depends on:

SMTP authentication
SSL/TLS certificates
MX and SPF/DKIM DNS records
correct hostname and port settings
network access to the SMTP server

then any problem in those areas can break email delivery.

Typical symptoms include:

registration or password reset emails never arrive
the app shows “authentication failed” or “connection timed out”
mail sends in development but not on the hosting account
emails are rejected by the recipient server
JavaMail throws SSL or certificate errors

Check whether the application is using the correct SMTP settings

The first thing to verify is the mail configuration inside your application. Many Tomcat apps store SMTP values in a properties file, environment variable, or application settings panel. Common fields are:

SMTP host
SMTP port
username
password
from address
SSL or STARTTLS option

Common configuration mistakes

Using the wrong SMTP host, such as localhost when the mail server is external
Using port 25 instead of the required submission port, often 587 or 465
Forgetting to enable authentication
Using a From address that does not exist on the domain
Mixing SSL and STARTTLS settings incorrectly

If your hosting provider gives you a mail server hostname, use that exact value. Do not assume the application should send mail directly from the Tomcat server unless the hosting platform explicitly allows it.

Confirm the SMTP port and encryption mode

Email in modern hosting environments is usually sent through a secure SMTP submission port. The most common options are:

Port 587 with STARTTLS
Port 465 with implicit SSL/TLS

If your app is configured for the wrong mode, JavaMail may fail with handshake errors or authentication errors. A common issue is enabling SSL in the application while the server expects STARTTLS, or the reverse.

How to verify the correct mode

Check your hosting control panel mail settings
Look for the recommended SMTP submission port
Confirm whether the server expects STARTTLS or SSL
Test the same account from an email client such as Outlook or Thunderbird

If an external client can send mail with the same account, but the Tomcat app cannot, the issue is more likely in the application’s JavaMail settings or certificate trust.

Review DNS records for the sending domain

Email delivery depends heavily on DNS. Even if the SMTP connection works, recipient servers may reject or filter messages if the domain is missing the right records.

Important DNS records include:

MX for receiving mail
SPF to authorize the sending server
DKIM to sign outgoing messages
DMARC to define policy and reporting
A/AAAA records for the mail hostname if applicable

What can go wrong

The app sends as [email protected], but the domain has no SPF record
The SMTP server hostname does not resolve correctly
The domain’s DKIM setup is incomplete, so messages land in spam
DNS changes were made recently and have not fully propagated

In a managed hosting environment, the domain often has mail configured through Plesk or a similar control panel. Make sure the domain’s mail DNS records match the service actually used by the application.

Check SSL/TLS certificate trust in Java

One of the most common Tomcat-specific causes of mail failure is a Java trust problem. If your app connects to an SMTP server over SSL/TLS, Java must trust the certificate presented by that server. If the certificate is self-signed, expired, mismatched, or issued by a CA not trusted by the JVM, the connection may fail.

Typical Java mail SSL errors

PKIX path building failed
unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException
certificate_unknown

In Java hosting with a private JVM, the Java runtime version and trust store matter. A newer or custom Java version may have a different CA bundle than the one used in testing. If you installed a Tomcat version through My App Server, confirm that the JVM and the mail server certificate chain are compatible.

What to do

Verify the SMTP server certificate in a browser or mail client
Make sure the hostname in the app matches the certificate CN or SAN
Check whether the hosting provider recommends STARTTLS instead of implicit SSL
If using a custom certificate, ensure the full chain is installed correctly

Do not disable certificate validation in production unless you fully understand the risk. It may make testing easier, but it weakens security and can create hidden failures later.

Verify that the hosting service allows outbound SMTP

Some hosting plans restrict direct outbound email connections to reduce abuse and protect deliverability. If your Tomcat app tries to connect directly to port 25 or to an external SMTP server without permission, the connection may be blocked.

This is especially relevant for shared hosting accounts, where network policies may limit how apps can send mail. In a Tomcat hosting setup, the safest approach is usually to use the approved SMTP service provided by the hosting platform or a trusted third-party mail provider.

Things to check

Does your plan allow outbound SMTP connections?
Is port 25 blocked?
Are you required to use authenticated submission on 587 or 465?
Is there any firewall rule preventing the JVM from reaching the mail server?

If the app can reach other external services but not SMTP, ask support to confirm the allowed ports and recommended mail relay settings.

Make sure the “From” address matches the domain rules

Many applications fail to send mail correctly because the sender address is not valid for the domain or not aligned with the SMTP account. Some mail servers reject messages if the From address does not belong to the authenticated mailbox or the sending domain.

Good practice

Use a valid mailbox such as [email protected]
Make sure the domain exists in the hosting control panel
Use the same domain in the SMTP login and sender address if possible
Set a separate Reply-To if users should respond elsewhere

If the app sends as a free mailbox provider or a different domain, recipient filters may mark the message as suspicious or reject it completely.

Test the mail service outside the Tomcat application

Before changing application code, confirm whether the mail server itself is working. In a Plesk-based hosting environment, you can usually test mail by:

sending a message from webmail
configuring the same mailbox in a desktop email client
checking outgoing mail logs if available
verifying that the mailbox can authenticate successfully

If mail fails even outside the app, the problem is likely with the mail account, DNS, or server-side configuration rather than Tomcat.

Useful isolation test

Try these three checks in order:

Send mail through webmail or a desktop client using the same account.
Test SMTP connection from the application configuration with the same host, port, username, and password.
Review the Tomcat application logs for JavaMail exceptions.

This helps separate account-level problems from application-level problems.

Review Tomcat and application logs for mail errors

If the mail service appears correct, check the application logs. JavaMail usually writes clear exceptions when a connection, authentication, or SSL issue occurs. In Tomcat hosting, logs are often available through the hosting panel or the application’s log files.

What to look for in logs

authentication failures
connection refused or timeout errors
SSL handshake failures
invalid recipient or sender errors
message rejected by remote server

Common patterns include:

Could not connect to SMTP host
535 authentication failed
Connection timed out
550 relay denied

If you use My App Server, the advantage is that you can keep the Tomcat service and the private JVM isolated from other applications, which makes troubleshooting easier. A problem in one app does not necessarily affect another app hosted on the same account.

Check whether the app is using the right Java version

Different Java versions can handle TLS and certificate validation differently. If your Tomcat app was developed against one Java release but is running on another, mail code may break even if the rest of the app works.

Examples

older applications may depend on outdated TLS settings
newer JVMs may reject weak certificates or older ciphers
custom app server setups may require a specific Java version

In Java hosting with selectable Tomcat and JVM versions, confirm that the runtime matches the application requirements. If you recently switched Java versions, retest the email flow.

Check application-specific mail libraries and configuration

Sometimes the hosting platform is fine, but the app itself has a bug or incorrect dependency. Java applications often use Jakarta Mail or JavaMail, and misconfiguration there can stop mail sending entirely.

Application issues to review

missing mail library dependency
wrong property names in the mail configuration
hardcoded SMTP values from a development environment
incorrect encoding or MIME settings for message content
timeouts too short for the hosting network

If your app was moved from local testing to managed hosting, make sure it no longer references local SMTP settings such as a developer machine, local relay, or an internal mail service that does not exist on the server.

Practical troubleshooting checklist

If email features are not working in your Tomcat web app, use this checklist in order:

Confirm the SMTP hostname, port, username, password, and encryption mode.
Verify that the From address belongs to the domain and is allowed by the mail server.
Test the same mailbox outside the app using webmail or an email client.
Check DNS records such as MX, SPF, DKIM, and DMARC.
Review Java/Tomcat logs for SSL, authentication, or timeout errors.
Confirm that the JVM trusts the SMTP certificate chain.
Make sure outbound SMTP is allowed on the hosting account.
Test again after any Java version or DNS changes.

Example of a healthy SMTP setup for a Tomcat app

A typical working configuration in a hosting environment might look like this:

SMTP host: the mail server hostname provided by the control panel
Port: 587
Encryption: STARTTLS
Authentication: enabled
Username: full mailbox address
From address: the same domain as the mailbox

This setup is generally easier to support than direct unauthenticated sending. It also improves deliverability because the mail server can sign, route, and control the messages properly.

When to contact hosting support

Contact support if:

the SMTP server rejects connections from the Tomcat app but works in an email client
you see firewall or network timeout errors
the certificate chain looks correct, but Java still reports trust failures
mail works intermittently and you suspect server-side restrictions
DNS or mail routing was changed and needs verification

When you contact support, include the SMTP host, port, error message, exact time of failure, and a screenshot or copy of the log line if available. This makes diagnosis much faster.

FAQ

Why can my Tomcat app send mail locally but not on hosting?

Local environments often use a different SMTP server, fewer security restrictions, and a trust store that matches your development setup. On hosting, the app must use the platform’s approved mail settings and the server’s certificate must be trusted by the JVM.

Is Tomcat responsible for sending email?

No. Tomcat runs the application, but email is usually sent through SMTP using a separate mail service. If the SMTP server, DNS, or TLS setup fails, Tomcat alone cannot fix it.

Why do I get SSL handshake errors when sending mail from Java?

Usually because the SMTP certificate is not trusted by the JVM, the hostname does not match the certificate, or the app is using the wrong encryption mode for the selected port.

Do I need SPF, DKIM, and DMARC for a Tomcat app?

They are not required for the app to send mail, but they are strongly recommended for deliverability. Without them, messages may be rejected or marked as spam.

Can I use the same mailbox for SMTP login and From address?

Yes, and in many cases that is the safest setup. Using the same authenticated mailbox and sender domain often reduces relay and policy issues.

What if my app uses a third-party email service?

Then verify the service’s SMTP settings, API keys if applicable, rate limits, and TLS requirements. The hosting platform still needs outbound network access and the JVM still needs to trust the remote certificate.

Conclusion

When email features do not work in a Tomcat web app, the root cause is usually outside the application code itself. The problem is often in SMTP configuration, SSL/TLS trust, DNS records, outbound network rules, or the hosting mailbox setup. In a managed Java hosting environment with My App Server, Tomcat runs your application, but mail delivery still depends on the surrounding services being configured correctly.

Start with the SMTP settings, then check DNS, certificates, logs, and hosting restrictions. In most cases, a careful review of these layers will identify the issue quickly and restore email functionality without changing the core application.

Why are email features not working in a Tomcat web app?