Sending email via C# Mailkit / Mimekit but server certificate error comes in

Asked 26/9, 2017 at 8:23 Answered 3/11, 2017 at 5:36

0 Code in Visual Studio 2015

1 I am using Mailkit latest version (1.18.1.1) for sending an email from my own email server.

2 The email server is having a self signed certificate, which is not TRUSTED.

3 I have added both of the following lines in my code, to ignore the SERVER CERTIFICATE error:

client.ServerCertificateValidationCallback = (mysender, certificate, chain, sslPolicyErrors) => { return true; };
client.CheckCertificateRevocation = false;

4 But my program still crashes.

5 In email server logs it shows the error:

SSL_accept error from unknown[xxx.xxx.xxx.xxx]: Connection reset by peer

which I guess is coming because of the Server Certificate issue. Because in Wireshark capture, as soon as I get the SERVER certificate the connection is terminated.

6 I have also installed the UNTRUSTED certificate of email server in my system but still the problem persists.

7 Following is the detailed screenshot of error

8 Complete code:

using (var client = new SmtpClient(new ProtocolLogger("logging.log")))

                    {

                        // For demo-purposes, accept all SSL certificates (in case the server supports STARTTLS)
                        client.ServerCertificateValidationCallback = (mysender, certificate, chain, sslPolicyErrors) => { return true; };
                        client.CheckCertificateRevocation = false;



                        client.Connect("xxx.com", 465, true);
                        // Note: since we don't have an OAuth2 token, disable
                        // the XOAUTH2 authentication mechanism.
                        client.AuthenticationMechanisms.Remove("XOAUTH2");

                        // Note: only needed if the SMTP server requires authentication
                        client.Authenticate("[email protected]","123456");

                        client.Send(message);
                        client.Disconnect(true);
}

Myna answered 26/9, 2017 at 8:23 Comment(12)

Does your server require a client SSL certificate? – Der 28/9, 2017 at 16:43

Actually, "Connection reset by peer" suggests that your network connection got broken somehow and is not SSL-related. – Der 28/9, 2017 at 16:43

how do I know that my server requires client ssl certificate ? – Myna 3/10, 2017 at 5:1

Actually, "Connection reset by peer" suggests that your network connection got broken somehow and is not SSL-related But how can connection gets broken everysingle time i try to use it ? – Myna 3/10, 2017 at 5:2

what i think of connection reset by peer means that my program/application didnt accept the server certificate (it was self signed) and immediately closed the connection. – Myna 3/10, 2017 at 5:47

The server ssl certificate is accepted or rejected by SslStream. – Der 12/10, 2017 at 11:10

@Der the certificate is not accepted by C# application. i ran the same code with a trusted certificate and it worked ??? – Myna 13/10, 2017 at 3:47

No, because you set the remote certificate validation callback to always accept the certificate. – Der 13/10, 2017 at 11:50

then whats causing this issue? – Myna 16/10, 2017 at 4:40

same error comes if I try to use the IMAP client to retrieve my email inbox? however, the email works fine with THUNDERBIRD .... i have run wireshark and my client (C# app) sends 21 ciphers, then server sends 'server hello done' packet and chooses the cipher 'Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)' immediately after that CLIENT sends FIN ACK and the connection gets closed ??? – Myna 2/11, 2017 at 10:26

Sounds like a bug in SslStream, you should file a bug report against it. – Der 2/11, 2017 at 14:28

You could also try playing with this: mimekit.net/docs/html/P_MailKit_MailService_SslProtocols.htm - by default, MailKit disables SSLv3. – Der 2/11, 2017 at 14:38

My problem is resolved. I have added the following line my code, before CONNECT command and the APP (c#) has started working !!!

client.SslProtocols = System.Security.Authentication.SslProtocols.Tls11;

Myna answered 3/11, 2017 at 5:36 Comment(6)

Glad you found you way! You might want to check if Tls12 also works, since protocols before TLS1.2 are now being considered unsecure.. client.SslProtocols = System.Security.Authentication.SslProtocols.Tls12; a mixed approach could be enabling both 1.1 and 1.2, although I don't recommend it:

client.SslProtocols = System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls12;

– Brainsick 6/11, 2017 at 13:7

Yes, you are right, this worries me that only TLS1.1 works, both of the following command does not work, I have tested both of them: client.SslProtocols = System.Security.Authentication.SslProtocols.Tls12; System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls12; i guess some kind of issue with SSL cipher. – Myna 7/11, 2017 at 5:4

Remember that both the client and the server must support TLS1.2, otherwise it will not be considered an option.. – Brainsick 7/11, 2017 at 15:56

i have used the same server with Thunderbird Email client and it runs perfectly with TLS1.2, so the issue is at the client side. – Myna 7/11, 2017 at 16:19

which .NET framework are you targetting? AFAIK .NET 4.7 defaults to TLS1.2, if you want to try... – Brainsick 9/11, 2017 at 9:14

i dont get your point, the MAILKIT uses its own TLS cipher suites ? doesnt it ? – Myna 10/11, 2017 at 4:54

If you control both ends of the connection, you might want to first check sending without TLS, to be sure the problem only happens when using TLS.

Also try running without wireshark, fiddler or other man-in-the-middle sniffers/proxies, to ensure there is not a problem reaching the server in a secure way. Check your antivirus or internet security system is not closing your connection because of the untrusted certificate.

Another thing you might want to ensure is that both your client and your server share the same protocols: I know older TLS and SSL protocols have become deprecated, so it is possible that there is no common protocol between the client and the server.

You can also try enabling system.net tracing (available since .NET 2.0) and see if you get some more specific insight from the (very detailed) logs you get: https://blogs.msdn.microsoft.com/dgorti/2005/09/18/using-system-net-tracing/

System.Net tracing is 1) Per process 2) Shows threads 3) Works for SSL 4) Works for Loopback. 5) You don't need to recompile the code

[Edit]

Your question seems a little too broad for me to guess the problem, please try narrowing down the problem.. For instance:

try connecting without TLS;
try connecting to a different SMTP server (use one you know a standard mail client can connect to);
try connecting to your server with a different client (use thunderbird for instance..)
try running both client and server on the same machine;
try the same on a clean virtual machine

By the way SSPI seems to be related to trusted security issues, so also double-check you don't have configured your server to only accept trusted users..

[/Edit]

I will try to update my answer if this is not enough =)

HTH

Brainsick answered 31/10, 2017 at 15:52 Comment(1)

its not the error. its had to do with cipher suites offered or accepted . iam not sure and still stuck, have nothing to do with antivirus or other software ... – Myna 1/11, 2017 at 9:50

Recommended topics

Hot tags