Jenkins "Not sending mail to unregistered user"

The problem was (for me):

 SECURITY-372 (advisory) Emails were sent to addresses not associated with
 actual users of Jenkins.

I am using Jenkins with a Gerrit trigger for newly created Patchsets or published drafts. With this security "fix", Jenkins will try to "guess" the Username from the name before the email address. For Example in "Name Surname ", the "Name Surname" part will be the Username jenkins tries to lookup in the Jenkins UserDB, but that combination is not the same identifier that is used in our LDAP and thus, jenkins will not send emails....unless:

https://wiki.jenkins.io/display/JENKINS/Email-ext+plugin#Email-extplugin-2.57.2(April10,2017)

If the security fix is undesirable in a particular instance, it can be disabled with either or both of the following two system properties:

    -Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS=true: send mail to build culprits even if they do not seem to be associated with a valid Jenkins login.
    -Dhudson.tasks.MailSender.SEND_TO_USERS_WITHOUT_READ=true: send mail to build culprits associated with a valid Jenkins login even if they would not otherwise have read access to the job.

These JAVA_ARGS can be added in /etc/default/jenkins or /etc/sysconfig/jenkins, depending on your distribution.


To clarify Matthias' answer: Even if a user account is created during a build (as the SCM provides information about the committer(s)), it is still an 'unregistered user' to Jenkins. Thus, no emails will be sent to that user.

If you navigate to the respective user account at <your-jenkins-URL>/asynchPeople/ you can configure this user account and enter a password for it. Theoretically, the user could login to Jenkins using this password, now. And as soon as a Jenkins user account has a password associated, it is no longer considered 'unregistered'. And will receive email notifications. Voila.


There's Allow sending to unregistered users setting under Configure System menu at least in Jenkins >= 2.150.1.


From the OP it's not clear if they use LDAP, but here is some information that solved it for me and that I haven't found anywhere, including the Jenkins JIRA.

The following suggestion:

-Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS=true

as well as:

Allow sending to unregistered users

and:

Create committer as Jenkins user

did not work for me. The first answer did put me on the track to a solution, though. It turns out that when using LDAP, Jenkins actually matches against the user name of the git committer. So if the git commit message is:

Committer: John Doe <[email protected]>  2019-05-27 19:12:00

Jenkins will take "John Doe", convert it to "john.doe" and try to match against LDAP. Now, if your LDAP user name is "john.doe" you're good, but in my case the company standard is "doejohn", which will lead to the dreaded message:

Not sending mail to unregistered user [email protected]

This message is very misleading since it shows the correct e-mail address instead of mentioning the invented (non-existing) user name. The solution for me was to configure the git user name to "doejohn":

$ git config --global user.name "doejohn"

Tags:

Jenkins