通过具有自签名SSL证书的邮件服务器从.net应用程序发送电子邮件
[英]Sending email from a .net application via a mail server with a self-signed SSL certificate
问题描述
I installed hmailserver 5.3.2 and configured it. 
我安装了hmailserver 5.3.2并对其进行了配置。 It receives and sends emails normally, but I wanted to use it to send emails from a .net/C# application located in another server, and for that I wanted to use SSL communication. 它正常接收和发送电子邮件,但是我想使用它从位于另一台服务器上的.net / C#应用程序发送电子邮件,为此,我想使用SSL通信。 Before, the application was configured to send emails via gmail, on port 587 and it worked ok, but now we want to use our own mail server. 以前,该应用程序被配置为通过gmail在端口587上发送电子邮件,并且工作正常,但现在我们要使用自己的邮件服务器。 We first configured the application to connect on smtp.domain.com on port 25 and that works, it sends the email. 我们首先将应用程序配置为在端口25上的smtp.domain.com上连接,并且该应用程序正常工作,它会发送电子邮件。
Then we created a self signed certificate to test the if we could send the message through a secure channel.I created the certificate with openSSL setting common name as: mail.domain.com, smtp.domain.com, *.domain.com, domain.com. 然后,我们创建了一个自签名证书来测试是否可以通过安全通道发送邮件。我使用openSSL设置了证书的通用名称,设置为:mail.domain.com,smtp.domain.com,*。domain.com, domain.com。 I opened port 587 on the firewall and configured hmailserver to use a certificate for inbound connections on that port. 我在防火墙上打开了端口587,并将hmailserver配置为对该端口上的入站连接使用证书。 None of the certificates I created worked (I tried one and then created another one and so on), generating the following (generic) exception in the application: 我创建的证书均无效(我尝试了一个,然后又创建了另一个,依此类推),在应用程序中生成以下(通用)异常:
System.Exception: _COMPlusExceptionCode = -532459699
Of course I also tried to connect via telnet: telnet smtp.domain.com 587, and I just got a blank screen. 当然,我也尝试通过telnet进行连接:telnet smtp.domain.com 587,但我只有一个黑屏。 It is not a firewall issue since when I disable the ssl on port 587 I can connect normally. 这不是防火墙问题,因为当我禁用端口587上的SSL时,我可以正常连接。 Looking at the log doesn't even show an attempt to connect when using 587 with SSL. 使用587和SSL时,查看日志甚至都没有显示尝试连接。
I already checked these questions: Getting SmtpClient to work with a self signed SSL certificate and Using a self-signed certificate with .NET's HttpWebRequest/Response , but it didn't solve my problem. 我已经检查了以下问题:使SmtpClient与自签名SSL证书一起 使用,以及使自签名证书与.NET的HttpWebRequest / Response一起使用 ,但这不能解决我的问题。 The approach with ServerCertificateValidationCallback didn't have any influence. ServerCertificateValidationCallback的方法没有任何影响。
I tried with ports 25 (which is also proposed in one of the questions above), 465, 587, and with all 3 it happens the same: The initial handshake (SYN / SYN-ACK / ACK) and after about 80s the connection is closed (FIN), nothing in between. 我尝试使用端口25(也在上面的问题之一中提出),465、587,并且在所有3个端口中都发生了相同的情况:初始握手(SYN / SYN-ACK / ACK),大约80秒钟后,连接为封闭(FIN),两者之间没有任何关系。
Do I have to install that certificate somewhere so the .net application sees it as trusted? 我是否必须将证书安装在某个地方,以便.net应用程序将其视为受信任的证书? I mean, I already installed it as a Trusted Root Certification Authority and could check by running mmc, so I have no idea where to go now... 我的意思是,我已经将其安装为受信任的根证书颁发机构,并且可以通过运行mmc进行检查,所以我不知道现在要去哪里。
Thanks for the help! 谢谢您的帮助!
PS: Not sure if this belongs to ServerFault since it concerns a C# application but also a mail server... PS:不确定这是否属于ServerFault,因为它既涉及C#应用程序,也涉及邮件服务器...
EDIT: Code sample: 编辑:代码示例:
ServicePointManager.ServerCertificateValidationCallback =
(sender, certificate, chain, sslPolicyErrors) => true;
SmtpClient mailClient = new SmtpClient("smtp.domain.com");
mailClient.Credentials = new NetworkCredential("username@domain.com", "pwd");
mailClient.Port = 587;
mailClient.EnableSsl = true;
MailMessage mailMessage = new MailMessage("mailAddressFrom", "mailAddressTo", "subject", "body");
mailMessage.IsBodyHtml = true;
mailClient.Send(mailMessage);
EDIT 2: Log (Based on Ramunas' suggestion): 编辑2:日志(基于Ramunas的建议):
"TCPIP" 3588 "2010-06-23 10:02:49.685" "TCPConnection - Posting AcceptEx on 0.0.0.0:465"
"DEBUG" 3588 "2010-06-23 10:02:49.809" "Creating session 24039"
"TCPIP" 772 "2010-06-23 10:04:29.639" "TCPConnection - SSL handshake with client failed. Error code: 2, Message: End of file, Remote IP: X"
"DEBUG" 772 "2010-06-23 10:04:29.639" "Ending session 24039"
5 个解决方案
解决方案1
1 2014-10-08 09:18:48
As gerryLowry said: 正如gerryLowry所说:
c# 4/.NET 4 will only send using TLS and port 587;
hMailServer does not currently support STARTTLS
You can update your hMailServer to hMailServer 5.5.1 (BETA) here 您可以在此处将hMailServer更新为hMailServer 5.5.1(BETA)
It now supports STARTTLS and with port 587 all is working correctly. 现在,它支持STARTTLS,并且使用端口587可以正常工作。
解决方案2
1 2011-12-04 20:09:28
currently, you can not send mail using c# 4/.NET 4 to a hMailServer regardless whether the certificate used by hMailServer is purchased or self-signed. 当前,无论使用hMailServer所使用的证书是购买的还是自签名的,都无法使用c#4 / .NET 4将邮件发送到hMailServer。
the problem is two part AFAIK ... c# 4/.NET 4 will only send using TLS and port 587; 问题是两部分AFAIK ... c#4 / .NET 4仅使用TLS和端口587发送; hMailServer does not currently support STARTTLS. hMailServer当前不支持STARTTLS。 c# 4/.NET 4 does not support the alternative of 465/SSL. c#4 / .NET 4不支持替代465 / SSL。
see this thread "configuring SSL confusion ..." at hMailServer's forum. 请参阅hMailServer论坛上的“配置SSL混乱...”线程。
"SmtpClient.EnableSsl Property " : “ SmtpClient.EnableSsl属性” :
"An alternate connection method is where an SSL session is established up front before any protocol commands are sent. This connection method is sometimes called SMTP/SSL, SMTP over SSL, or SMTPS and by default uses port 465. This alternate connection method using SSL is not currently supported." “另一种连接方法是在发送任何协议命令之前预先建立SSL会话。这种连接方法有时称为SMTP / SSL,基于SSL的SMTP或SMTPS,默认情况下使用端口465。这种使用SSL的替代连接方法目前不受支持。” -- MSDN -MSDN
解决方案3
0 2014-02-27 19:04:09
I have port 25 as normal SMTP open on my hMailServer as well as port 465 for SSL, so I had to change my code to point to the normal SMTP configuration. 我在hMailServer上打开了与普通SMTP一样的端口25,并为SSL打开了465端口,因此我不得不更改代码以指向普通的SMTP配置。 It should work after that. 在那之后它应该工作。 As for SSL, sorry, it won't work on hMailServer... 至于SSL,抱歉,在hMailServer上将无法使用...
MailMessage message = new MailMessage();
message.From = new MailAddress("me@myself.home", "Me");
message.Body = "hello, World!";
message.To.Add(new MailAddress("you@myself.home", "You"));
SmtpClient client = new SmtpClient("secure.myself.home", 25);
client.EnableSsl = false;
client.UseDefaultCredentials = false;
client.Credentials = new NetworkCredential("me@myself.home", "pwd");
client.Send(message);
解决方案4
0 2010-06-22 19:13:22
This is a sophisticated mechanism but in simple words client (computer you're making connection from) should know about WHO is certificate issuer (in your case your server is certificate issuer). 这是一种复杂的机制,但是用简单的话来说,客户端(您正在与之建立连接的计算机)应该知道谁是谁是证书颁发者(在您的情况下,您的服务器是证书颁发者)。 If it does not find it in it's Trusted Root Certificate Authorities list then it considers this connection to be unsafe. 如果在“受信任的根证书颁发机构”列表中找不到它,则认为此连接不安全。 (I bet you've seen browser warning you about unsafe request to some https://.... site). (我敢打赌,您已经看到浏览器警告您有关对某些https:// ....网站的不安全请求)。
Open Certificates snap-in in your Microsoft management console on a client computer and try to add the same self signed certificate to a Trusted Root Certificate Authorities list. 在客户端计算机上的Microsoft管理控制台中打开“证书”管理单元,然后尝试将相同的自签名证书添加到“受信任的根证书颁发机构”列表中。
解决方案5
0 2010-06-22 22:50:57
I installed hMailServer, created self signed certificate, added it to hMailServer and was not able to send mail via it, too. 我安装了hMailServer,创建了自签名证书,将其添加到hMailServer中,也无法通过它发送邮件。 Though I was successful while sending emails without certificate. 虽然我在发送没有证书的电子邮件时很成功。
I enabled logging on hMailServer (for everything) and tried again with no luck. 我启用了对hMailServer的登录(适用于所有功能),然后再次尝试没有任何运气。 But I saw an error in a log file stating 但是我在日志文件中看到一个错误,指出
"Severity: 2 (High), Code: HM5113, Source: TCPServer::Run(), Description: Failed to load certificate file. Path: <...>test.cer, Address: 0.0.0.0, Port: 25, Error: An invalid argument was supplied"
Maybe this is a case on your hMailServer also? 也许在您的hMailServer上也是这种情况?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.