Please be advised that this website is now read-only and will be shut down soon.
      Please use, going forward.
More...If you are searching in Tracker for old issues created through bugbase, you can search by the <project_key>-<old bugbase number>.
<project_key> is mapped as:
ColdFusion         : CF     
ColdFusion Builder : CFB    
Framemaker         : FRMAKER
RoboHelp           : RH     
Adobe AIR          : AIR    
Adobe Flash Player : FP     

ColdFusion 9.0.1  -  Bug 3369472

Created on Wednesday, November 21, 2012

Login for more options


CFMAIL Keep sessions alive


Problem Description: when using CFMAIL and specifying an smtp server, username and password, the spool manager does not consider the username/password when the keep mail connection check box is checked in administrator.

Steps to Reproduce: Setup 2 cfmail based on a query with 1000+ records. set both cfmail tags to the same SMTP server, but use a different username/password for each... example tag 1: username: password:, tag2: username: password:

Actual Result: You will find that when "keep connection alive" is checked, it is entirely possible for emails from user2 to be sent through user1's account.

Expected Result: User1's emails sent only through user1's account and user2's emails be send through their account.

Any Workarounds: in my DNS, I created a cname to point to my smtp server addresses so that both websites were looking at different domain names rather than the same one. the unique domain name is enough to force coldfusion to create a new connection rather than use the same one.

Test Configuration

My Hardware and Environment details:

App Language(s) English
OS Language(s) English
Platform(s) Win 2008 Server x64
Browser(s) Browsers All

Notes (4)

  • Aaron Neff

    4:27:37 AM GMT+00:00 Nov 22, 2015

    Verified this is fixed in CF11 Update 5 (build 11,0,05,293506). I did the steps in "Steps to Reproduce" exactly, w/ the "Maintain connection to mail server" setting enabled. In CF11 Update 4 (build 11,0,04,293328), 600 emails were sent thru user1 and 1400 emails were sent thru user2. In CF11 Update 5 (build 11,0,05,293506), 1000 emails were sent thru user1 and 1000 emails were sent thru user2.


  • CFwatson User

    6:58:25 AM GMT+00:00 Feb 20, 2015

    The fix for this bug is available in the pre-release build of ColdFusion 11 Update 5 and ColdFusion 10 Update 16

  • Russ Michaels

    4:22:56 PM GMT+00:00 Aug 21, 2013

    Just to clarify my workaround as I don;t think it has been explained properly.

    the issue is going to occur if multiple users/sites send mail through the same smtp server, e.g., so the workaround is to use a unique SMTP server.
    To do this simply create a DNS record using your own domain name which points to the SMTP server, this way you will not be using anyone else's existing connection.
    so in the case of gmail, create a CNAME record for pointing at

  • Steven Weiner

    7:10:07 AM GMT+00:00 Nov 21, 2012

    I host 2 different clients that both use for email relay. When I logged in to review activity I found that emails from client 1 were being sent through client 2's account. I double checked my code, and then contacted sendgrid who verified that client 1 and client 2 were both sending emails at approximately the same time, and that the client only authenticated once and was sending emails through the wrong account.

Duplicate ID
Reported By Steven Weiner


State Closed
Status Fixed


Priority 3-High
Frequency All users will encounter
Failure Type Incorrect w/Workaround
Product Area Net Protocols


Found In Build 9.0.1
Fixed In Build CF11 Update5,CF10 Update16

Attachments (0)

No Files Attached

Votes (2)

  • Russ Michaels

    4:23:31 PM GMT+00:00 Aug 21, 2013

    Presumably this issue has been around a long time, but probably only being noticed now as more people send mail through gmail

  • Steve Durette

    7:31:29 AM GMT+00:00 Aug 21, 2013

    This bug impacts security. It inhibits Confidentiality, Integrity and Accountability when it comes to that security. It also could inhibit secure communications where content is encrypted based on one email address, but then sent out by another.

Your session has expired! Click to login
Current form data will be preserved