All geek questions in one place

Sending email from .net application through a mail server with a self-signed SSL certificate

I installed hmailserver 5.3.2 and configured it. It usually receives and sends, but I wanted to use it to send letters from an .net / C # application located on another server, and for this I wanted to use SSL. Before that, the application was configured to send email via gmail, on port 587, and it worked fine, but now we want to use our own mail server. First, we configured the application to connect smtp.domain.com to port 25, and it works, it sends an email.

Then we created a self-signed certificate to check if we can send a message through a secure channel. I created a certificate using openSSL that sets the common name as: mail.domain.com, smtp.domain.com, * .domain.com, domain.com. I opened port 587 on the firewall and configured hmailserver to use a certificate for incoming connections to this port. None of the certificates I created (I tried one, and then created another one, etc.), throwing the following (general) exception in Application:

System.Exception: _COMPlusExceptionCode = -532459699

Of course, I also tried to connect via telnet: telnet smtp.domain.com 587, and I just got a blank screen. This is not a firewall problem, because when I disable ssl on port 587, I can connect normally. Looking at the log, I do not even see an attempt to connect when using 587 with SSL.

I already checked the following questions: Getting SmtpClient to work with a self-signed SSL certificate and Using a self-signed certificate with .NET HttpWebRequest / Response , but this did not solve my problem. The approach with ServerCertificateValidationCallback had no effect.

I tried with ports 25 (which is also suggested in one of the questions above), 465, 587, and the same thing happens with all 3: the initial handshake (SYN / SYN-ACK / ACK) and after about 80 seconds the connection is closed (FIN ), there is nothing between them.

Should I install this certificate somewhere so that the .net application considers it reliable? I mean, I already installed it as a trusted root certification authority and could verify by running mmc, so I have no idea where to go now ...

Thanks for the help!

PS: Not sure if this applies to ServerFault, since it applies to a C # application, but also to a mail server ...

EDIT: Code Example:

 ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true; SmtpClient mailClient = new SmtpClient("smtp.domain.com"); mailClient.Credentials = new NetworkCredential(" username@domain.com ", "pwd"); mailClient.Port = 587; mailClient.EnableSsl = true; MailMessage mailMessage = new MailMessage("mailAddressFrom", "mailAddressTo", "subject", "body"); mailMessage.IsBodyHtml = true; mailClient.Send(mailMessage);

EDIT 2: Journal (at the suggestion of Ramunas):

 "TCPIP" 3588 "2010-06-23 10:02:49.685" "TCPConnection - Posting AcceptEx on 0.0.0.0:465" "DEBUG" 3588 "2010-06-23 10:02:49.809" "Creating session 24039" "TCPIP" 772 "2010-06-23 10:04:29.639" "TCPConnection - SSL handshake with client failed. Error code: 2, Message: End of file, Remote IP: X" "DEBUG" 772 "2010-06-23 10:04:29.639" "Ending session 24039"
+4
source share
5 answers

you can currently not send mail using C # 4 / .NET 4 to hMailServer, regardless of whether you purchased or the certificate used by hMailServer itself.

the problem consists of two parts: AFAIK ... C # 4 / .NET 4 will only send TLS and port 587; hMailServer does not currently support STARTTLS. C # 4 / .NET 4 does not support the 465 / SSL alternative.

see this topic "Configuring SSL Confusion ..." on the hMailServer forum.

"SmtpClient.EnableSsl Property" :
"An alternative connection method is when an SSL session is established before sending protocol commands. This connection method is sometimes called SMTP / SSL, SMTP over SSL or SMTPS and uses port 465 by default. This alternative connection method using SSL is currently not supported. " - MSDN

+1
source

As gerryLowry said:

C # 4 / .NET 4 will only send TLS and port 587; hMailServer does not currently support STARTTLS

You can upgrade your hMailServer to hMailServer 5.5.1 (BETA) here
Now it supports STARTTLS, and port 587 is working correctly.

+1
source

This is a complex mechanism, but in simple words, the client (the computer from which you are connecting) should know that WHO is the issuer of the certificate (in your case, your server is the issuer of certificates). If he does not find a list of trusted root certificates in it, he considers this connection unsafe. (I bet you saw how the browser warns you about an unsafe request on some site https: // ....).

Open the Certificates snap-in on the Microsoft Management Console on the client computer and try adding the same self-signed certificate to the list of trusted root certificates.

0
source

I installed hMailServer, created my own certificate, added it to hMailServer and could not send mail through it. Although I was successful in sending emails without a certificate.

I turned on logging on hMailServer (for everything) and tried again with no luck. But I saw an error in the log file indicating

"Severity: 2 (high), code: HM5113, Source: TCPServer :: Run (), Description: The certificate file could not be downloaded. Track: <...> test.cer, Address: 0.0.0.0, Port: 25, Error: Invalid argument "

Perhaps this also applies to your hMailServer?

0
source

I have port 25, like regular SMTP, open on my hMailServer, and also port 465 for SSL, so I had to change my code to point to the normal SMTP configuration. After that, it should work. Regarding SSL, sorry, it will not work on hMailServer ...

  MailMessage message = new MailMessage(); message.From = new MailAddress(" me@myself.home ", "Me"); message.Body = "hello, World!"; message.To.Add(new MailAddress(" you@myself.home ", "You")); SmtpClient client = new SmtpClient("secure.myself.home", 25); client.EnableSsl = false; client.UseDefaultCredentials = false; client.Credentials = new NetworkCredential(" me@myself.home ", "pwd"); client.Send(message);
0
source

Source: https://habr.com/ru/post/1313552/

More articles:


All Articles