This security enhancement ensures that sending email communications remain safeguarded against potential threats and unauthorized access.

By default clients and SMTP servers negotiate SSL/TLS versions they can both use. Most systems don’t allow SSL 3.0, TLS 1.0, 1.1 anymore and Mail.dll SMTP component simply uses the most recent TLS version.

TLS 1.2 and 1.3 are the most secure versions of TLS protocols. It is easy to force the connection to use it.

All you need to do is to set Smtp.SSLConfiguration.EnabledSslProtocols property to SslProtocols.Tls12 before issuing ConnectSSL or Connect and StartTLS sequence:

// C#

using (Smtp smtp = new Smtp())
{
    smtp.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    smtp.ConnectSSL("smtp.example.com");

    smtp.UseBestLogin("user","password");

    // ... 

    smtp.Close();
}

' VB.NET

Using smtp As New Smtp()
	smtp.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	smtp.ConnectSSL("smtp.example.com")

	smtp.UseBestLogin("user@example.com", "password")

	'...

	smtp.Close()
End Using

Explicit SSL/TLS (STARTTLS)

For explicit SSL/TLS, code is almost the same. You first connect to a default, non-secure SMTP email submission port (587) and secure the connection using Smtp.StartTLS method:

// C#

using (Smtp smtp= new Smtp())
{
    smtp.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    smtp.Connect("smtp.example.com");
    smtp.StartTLS();

    smtp.UseBestLogin("user@example.com","password");

    // ... 

    smtp.Close();
}

' VB.NET

Using smtp As New Smtp()
	smtp.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	smtp.Connect("smtp.example.com")
	smtp.StartTLS()

	smtp.UseBestLogin("user@example.com", "password")

	'...

	smtp.Close()
End Using

Older .NET framework versions

To use TLS 1.2 in SMTP client at least .NET Framework 4.5+ must be installed on your machine and your application should target .NET 4.5+.

It is possible to use TLS 1.2 in applications targeting earlier .NET framework versions, but 4.5 must be installed on the machine. After you have .NET 4.5 installed, your 2.0 – 4.0 app will use the 4.5 System.dll and you can enable TLS 1.2 using this code:

// C#

smtp.SSLConfiguration.EnabledSslProtocols = 
    (SecurityProtocolType)3072;

The post Using TLS 1.2 with .NET SMTP client first appeared on Blog | Limilabs.

This security enhancement ensures that receiving emails via POP3 remain safeguarded against potential threats and unauthorized access.

By default clients and POP3 servers negotiate SSL/TLS versions they can both use. Most systems don’t allow SSL 3.0, TLS 1.0, 1.1 anymore and Mail.dll POP3 component simply uses the most recent TLS version.

TLS 1.2 and 1.3 are the most secure versions of TLS protocols. It is easy to force the connection to use it.

All you need to do is to set Pop3.SSLConfiguration.EnabledSslProtocols property to SslProtocols.Tls12 before issuing ConnectSSL or Connect and StartTLS sequence:

// C#

using (Pop3 pop3 = new Pop3())
{
    pop3.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    pop3.ConnectSSL("pop.example.com");

    pop3.UseBestLogin("user","password");

    // ... 

    pop3.Close();
}

' VB .NET

Using pop3 As New Pop3()
	pop3.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	pop3.ConnectSSL("pop.example.com")

	pop3.UseBestLogin("user@example.com", "password")

	'...

	pop3.Close()
End Using

For explicit SSL/TLS, code is almost the same. You first connect to a default, non-secure POP3 port and secure the connection using Pop3.StartTLS method:

// C#

using (Pop3 pop3 = new Pop3())
{
    pop3.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    pop3.Connect("pop.example.com");
    pop3.StartTLS();

    pop3.UseBestLogin("user@example.com","password");

    // ... 

    pop3.Close();
}

' VB.NET

Using pop3 As New Pop3()
	pop3.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	pop3.Connect("pop.example.com")
	pop3.StartTLS()

	pop3.UseBestLogin("user@example.com", "password")

	'...

	pop3.Close()
End Using

Older .NET framework versions

To use TLS 1.2 in POP3 client at least .NET Framework 4.5+ must be installed on your machine and your application should target .NET 4.5+.

It is possible to use TLS 1.2 in applications targeting earlier .NET framework versions, but 4.5 must be installed on the machine. After you have .NET 4.5 installed, your 2.0 – 4.0 apps will use the 4.5 System.dll and you can enable TLS 1.2 using this code:

// C#

pop3.SSLConfiguration.EnabledSslProtocols = 
    (SecurityProtocolType)3072;

The post Using TLS 1.2 with .NET POP3 client first appeared on Blog | Limilabs.

Please note that protocols that were considered secure some time ago, like SSL 3.0, are no longer considered secure. New OS updates may disable some protocols or cipher versions. On Windows this is done via registry settings.

SSL version status

The token supplied to the function is invalid

Full exception looks like this:

System.Security.Authentication.AuthenticationException :
A call to SSPI failed, see inner exception.
----> System.ComponentModel.Win32Exception :
The token supplied to the function is invalid

Most likely your client tries to use TLS 1.2 but you are using old certificate on the server (e.g. signed using md5RSA algorithm).

There are 2 options for you:

1. Regenerate the certificate (especially if it’s self-signed).
2. Use older TLS/SSL version (TLS 1.1, TLS 1.0, SSL 3.0). You can force Mail.dll or Ftp.dll to use it using following code:

   using (XXX client = new XXX())
   {
       client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls11;
       //client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls; // TLS 1.0
       //client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;
   
       client.ConnectSSL("host");
   
       client.Close();
   }
   
   

   Please contact your server administrator as TLS 1.1, TLS 1.0 and SSL 3.0 aren’t considered secure anymore.

The client and server cannot communicate, because they do not possess a common algorithm

Full exception looks like this:

System.Security.Authentication.AuthenticationException :
A call to SSPI failed, see inner exception.
----> System.ComponentModel.Win32Exception :
The client and server cannot communicate, because they do not possess a common algorithm

There are 2 possible scenarios:

1. In most cases this means that the client is trying to use older SSL protocols like SSL 3.0, TLS 1.0 or TLS 1.1, but the remote server requires modern protocol – TLS 1.2.

   By default all our clients support TLS 1.2. Some older versions need to be told to use TLS 1.2, it is also a good practice to force TLS 1.2 only:

   using (XXX client = new XXX())
   {
       client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;
   
       client.ConnectSSL("host");
   
       client.Close();
   }
   

2. Second option is the server is not supporting TLS 1.2 – you’ll need to use older protocol (TLS 1.1, TLS 1.0, SSL 3.0):

   using (XXX client = new XXX())
   {
       client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls11;
       // client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls; // TLS 1.0
       // client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3; 
   
       client.ConnectSSL("host");
   
       client.Close();
   }
   

   Please contact your server administrator as TLS 1.1, TLS 1.0 and SSL 3.0 aren’t considered secure anymore.

The message received was unexpected or badly formatted

Full exception looks like this:

System.Security.Authentication.AuthenticationException :
A call to SSPI failed, see inner exception.
----> System.ComponentModel.Win32Exception :
The message received was unexpected or badly formatted

This error generally means that something is incorrectly configured on your machine.

What you should try:

1. Try forcing the latest TLS version (TLS 1.2):

   using (XXX client = new XXX())
   {
       client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;
   
       client.ConnectSSL("host");
   
       client.Close();
   }
   

2. Use older TLS/SSL version (TLS 1.1, TLS 1.0, SSL 3.0). You can force Mail.dll or Ftp.dll to use it using following code:

   using (XXX client = new XXX())
   {
       client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls11;
       //client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls; // TLS 1.0
       //client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;
   
       client.ConnectSSL("host");
   
       client.Close();
   }
   
   

   Please contact your server administrator as TLS 1.1, TLS 1.0 and SSL 3.0 aren’t considered secure anymore.

3. Finally you can download IISCrypto and review “Schannel” and “Cipher Suites” tabs.

   For example we have seen clients that have TLS 1.0 turned on, but have TLS_RSA_WITH_3DES_EDE_CBC_SHA cypher suite turned off. If server requires this cypher, you’ll get this error message.

   Selecting “Best Practices” and restarting, should solve the issue. You may need to select additional protocol suites depending on what your server requires

   Please note that using TLS 1.2 and forcing your server administrator to enable TLS 1.2 is the only correct and secure way to go.

One or more of the parameters passed to the function was invalid

Full exception looks like this:

System.Security.Authentication.AuthenticationException:
A call to SSPI failed, see inner exception.
----> System.ComponentModel.Win32Exception:
One or more of the parameters passed to the function was invalid


This error generally means that you are trying to use TLS/SSL protocol version that is not supported on your machine (most likely it was turned off, because it is no longer considered secure)

What you should try:

1. Try forcing the latest TLS version (TLS 1.2):

   using (XXX client = new XXX())
   {
       client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;
   
       client.ConnectSSL("host");
   
       client.Close();
   }
   

2. Use older TLS/SSL version (TLS 1.1, TLS 1.0, SSL 3.0). You can force Mail.dll or Ftp.dll to use it using following code:

   using (XXX client = new XXX())
   {
       client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls11;
       //client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls; // TLS 1.0
       //client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;
   
       client.ConnectSSL("host");
   
       client.Close();
   }
   

3. Try to disable strong crypto using code:

         const string DisableCachingName = @"TestSwitch.LocalAppContext.DisableCaching";
         const string DontEnableSchUseStrongCryptoName = @"Switch.System.Net.DontEnableSchUseStrongCrypto";
         AppContext.SetSwitch(DisableCachingName, true);
         AppContext.SetSwitch(DontEnableSchUseStrongCryptoName, true);
   

   -or- by using app.config file:

   <configuration>
       <runtime>
           <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=true"/>
       </runtime>
   </configuration>
   

   ref: https://msdn.microsoft.com/en-us/library/mt298998(v=vs.110).aspx

4. Finally you can download IISCrypto and review “Schannel” and “Cipher Suites” tabs.

   Selecting “Best Practices” restarting, should solve the issue. You may need to select additional protocol suites depending on what your server requires

   Please note that using TLS 1.2 and forcing your server administrator to enable TLS 1.2 is the only correct and secure way to go.

   Please contact your server administrator as TLS 1.1, TLS 1.0 and SSL 3.0 aren’t considered secure anymore.

The post System.Security.Authentication.AuthenticationException first appeared on Blog | Limilabs.

This security enhancement guarantees the protection of incoming email messages through IMAP, shielding them from potential risks and unauthorized entry.

Typically, clients and IMAP servers engage in a negotiation process to determine compatible SSL/TLS versions. Many systems no longer support SSL 3.0, TLS 1.0, or 1.1. Mail.dll IMAP component automatically uses the latest available TLS version.

TLS 1.2 and 1.3 are the most secure versions of TLS protocols. You can force the connection to use it.

All you need to do is to set Imap.SSLConfiguration.EnabledSslProtocols property to SslProtocols.Tls12 before issuing ConnectSSL or Connect and StartTLS sequence:

// C#

using (Imap imap = new Imap())
{
    imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    imap.ConnectSSL("imap.example.com");

    imap.UseBestLogin("user","password");

    // ... 

    imap.Close();
}

' VB.NET

Using imap As New Imap()
	imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	imap.ConnectSSL("imap.example.com")

	imap.UseBestLogin("user@example.com", "password")

	'...

	imap.Close()
End Using

For explicit SSL/TLS, code is almost the same. You first connect to a default, non-secure IMAP port and secure the connection using Imap.StartTLS method:

// C#

using (Imap imap= new Imap())
{
    imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    imap.Connect("imap.example.com");
    imap.StartTLS();

    imap.UseBestLogin("user@example.com","password");

    // ... 

    imap.Close();
}

' VB.NET

Using imap As New Imap()
	imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	imap.Connect("imap.example.com")
	imap.StartTLS()

	imap.UseBestLogin("user@example.com", "password")

	'...

	imap.Close()
End Using

Older .NET framework versions

To use TLS 1.2 in IMAP client at least .NET Framework 4.5+ must be installed on your machine and your application should target .NET 4.5+.

It is possible to use TLS 1.2 in applications targeting earlier .NET framework versions, but 4.5 must be installed on the machine. After you have .NET 4.5 installed, your 2.0 – 4.0 apps will use the 4.5 System.dll and you can enable TLS 1.2 using this code:

// C#

imap.SSLConfiguration.EnabledSslProtocols = 
    (SecurityProtocolType)3072;

The post Using TLS 1.2 with .NET IMAP client first appeared on Blog | Limilabs.

SSL and TLS

SSL and TLS are cryptographic protocols, both provide a way to encrypt communication channel between two machines over the Internet (e.g. client computer and a server). SSL stands for Secure Sockets Layer and current version is 3.0. TLS stands for Transport Layer Security and the current version is 1.2. TLS is the successor to SSL. The terms SSL and TLS can be used interchangeably, unless you’re referring to a specific protocol version.

Version numbering is inconsistent between SSL and TLSs. When TLS took over SSL as the preferred protocol name, it began with a new version number. The ordering of protocols in terms of oldest to newest is: SSLv2, SSLv3, TLSv1.0, TLSv1.1, TLSv1.2.

STARTTLS and STLS

STARTTLS is a protocol command, that is issued by an email client. It indicates, that the client wants to upgrade existing, insecure connection to a secure connection using SSL/TLS cryptographic protocol. STARTTLS command name is used by SMTP and IMAP protocols, whereas POP3 protocol uses STLS as the command name.

Clear text/Plain text

No security protocol is used at all. All commands, responses and data are transferred in plain text.

client.Connect("mail.example.com");

Implict SSL mode

Implict SSL mode means, that you connect to SSL/TLS encrypted port.

client.ConnectSSL("mail.example.com");

Explicit SSL mode

Explicit SSL mode means, that you connect to plaint text port and secure the connection by issuing STARTTLS (or STLS) command afterwards (you explicitly secure the connection).

client.Connect("mail.example.com");
client.StartTLS();

Securing the connection

Regardless of whether you use implict (connecting to an SSL/TLS encrypted port) or explicit (using STARTTLS to upgrade an existing connection) mode, both sides will negotiate which protocol and which version to use. This negotiation is based on how client and server have been configured and what each side supports.

SSL/TLS support

Support for SSL/TLS is virtually universal, however which versions are supported is variable. Pretty much everything supports SSLv3. Most machines support TLSv1.0.

TLS vs STARTTLS naming problem

One significant complicating factor is that some email software incorrectly uses the term TLS when they should have used “STARTTLS” or “explicit SSL/TLS”. Older versions of Thunderbird used “TLS” to mean “enforce use of STARTTLS to upgrade the connection, and fail if STARTTLS is not supported” and “TLS, if available” to mean “use STARTTLS to upgrade the connection, if the server advertises support for it, otherwise just use an insecure connection” (very problematic, as we’ll see below).

Port numbers

To add security to some existing protocols (IMAP, POP3, SMTP), it was decided to just add SSL/TLS encryption as a layer underneath the existing protocol. However to distinguish that software should talk the SSL/TLS encrypted version of the protocol rather than the plaintext one, a different port number was used for each protocol:

Too many ports? Solution: Plain text + STARTTLS

At some point, it was decided that having 2 ports for every protocol was wasteful.

Instead it’s better to have 1 port, that starts off as plain text, but clients can upgrade the connection to an SSL/TLS encrypted one, using STARTTLS (or STLS for POP3 protocol) command.

STARTTLS problems

There were a few problems with STARTTLS introduction. There exists lots of software, that used the alternate port numbers with pure SSL/TLS connections. Client software can be very long lived, so you can’t just disable the encrypted ports until all software has been upgraded.

Each protocol received mechanisms to tell clients that the server supported upgrading to SSL/TLS (e.g. STARTTLS in IMAP’s CAPABILITY response), and that they should not attempt to login without doing the STARTTLS upgrade (LOGINDISABLED in IMAP’s CAPABILITY response).

This created two unfortunate situations:

• Some software just ignored the “login disabled until upgraded” announcement (LOGINDISABLED, STARTTLS) and just tried to log in anyway, sending the user login name and password over clear text channel. The server rejected the login and password, but the details had already been sent over the Internet in plain text.
• Other software saw the “login disabled until upgraded” announcement, but then wouldn’t upgrade the connection automatically, and thus reported login errors back to the user, which caused confusion about what was wrong.

Both of these problems resulted in significant compatibility issues with existing clients, and so most system administrators continued to just use plain text connections on one port, and encrypted connections on a separate port number.

Disable plain text for IMAP and POP3

Many companies (e.g. Gmail, Outlook.com) disabled plain IMAP (port 143) and plain POP3 (port 110), so people must use a SSL/TLS encrypted connection – this removes the need for having STARTTLS command completely.

SMTP STARTTLS stays

The one real exception to the above is SMTP. Most email software used SMTP on port 25 to submit messages to the email server for onward transmission to the destination. However SMTP was originally designed for transfer, not submission. So yet another port (587) was defined for message submission.

Port 587 doesn’t mandate requiring STARTTLS, however the use of port 587 became popular around the same time as the realization that SSL/TLS encryption of communications between clients and servers was an important issue. The result is that most systems, that offer message submission over port 587 require clients to use STARTLS to upgrade the connection. Login and password to authenticate is also required.

There has been an additional benefit to this approach as well. By moving users away from using port 25 for email submission, ISPs can block outgoing port 25 connections from users’ computers, which were a significant source of spam, due to user computers infected with spam sending viruses.

Further readings

• Using SSL/TLS with IMAP
• Using SSL/TLS with SMTP
• Using SSL/TLS with POP3

The post SSL vs TLS vs STARTTLS – What are those? first appeared on Blog | Limilabs.

It is called explicit SSL mode, because after the connection is established, client explicitly issues a command to the server that initiates SSL/TLS negotiation.

This is in contrast to implicit SSL mode, where SSL negotiation is initiated just after successful connection. In implicit mode server and client knows to use SSL, because client uses default protocol port, that is commonly used for secured traffic.

First try to connect to your server without SSL:

// C#

client.Connect("mail.example.com");

' VB.NET

client.Connect("mail.example.com")

Then, before logging-in, start explicit SSL negotiation. The command name differs for different protocols:

Explicit SSL (aka TLS)

The code is exactly the same no matter which protocol (IMAP, POP3 or SMTP) you use.

// C#

client.Connect("mail.example.com");
client.StartTLS();

' VB.NET

client.Connect("mail.example.com")
client.StartTLS()

StartTLS method negotiates security protocol with the server and secures the channel using SSL or TLS. Now, your connection is secured.

Please note, that your server may not need SSL/TLS at all. In such case simply use Connect method.

Enabled SSL Protocols

On very rare occasions “handshake failed…” error may indicate that TLS is incorrectly configured on the client machine or on the server.

It is possible to force SSL v3.0 usage instead of TLS in explicit mode:

// C#

client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;
client.Connect("mail.example.com");
client.StartTLS();

' VB.NET

client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;
client.Connect("mail.example.com");
client.StartTLS();

It is also possible to force SSL v3.0 usage instead of TLS in implicit mode:

// C#

client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;
client.ConnectSSL("mail.example.com");

' VB.NET

client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;
client.ConnectSSL("mail.example.com");

Self-signed certificates

Remember that you can ignore SSL certificate errors using ServerCertificateValidate event:

// C#

static void Validate(
    object sender,
    ServerCertificateValidateEventArgs e)
{
    const SslPolicyErrors ignoredErrors =
        SslPolicyErrors.RemoteCertificateChainErrors |
        SslPolicyErrors.RemoteCertificateNameMismatch;

    if ((e.SslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
    {
        e.IsValid = true;
        return;
    }
    e.IsValid = false;
}

client.ServerCertificateValidate += Validate;
client.Connect...

' VB.NET

Private Sub ValidateCerificate( _
    ByVal sender As Object, _
    ByVal e As ServerCertificateValidateEventArgs)

    Const ignoredErrors As SslPolicyErrors = _
        SslPolicyErrors.RemoteCertificateChainErrors Or _
        SslPolicyErrors.RemoteCertificateNameMismatch

    If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
        e.IsValid = True
        Return
    End If
    e.IsValid = False
End Sub

AddHandler client.ServerCertificateValidate, AddressOf Validate
client.Connect...

The post The handshake failed due to an unexpected packet format first appeared on Blog | Limilabs.

The fundamental difference is that with System.Net.Mail you can’t receive emails. System.Net.Mail does not have support for POP3 and IMAP protocols – two fundamental protocols for email retrieval, also .NET does not have any classes that would parse received email.

System.Net.Mail is great for sending simple emails, but Mail.dll gives you much more, even in terms of sending. You get appointments (iCal) and vCard support, you can send S/MIME signed and encrypted emails (if you plan to use EDI). It gives you easy to use template engine and VERP support out-of-the-box.

Here’s the comparison chart:

	System.Net.Mail	Mail.dll component
Send emails
SMTP protocol support (over SSL/TLS)
Send emails using VERP
Send S/MIME encrypted emails
Send S/MIME signed emails
Send S/MIME signed emails (detached)
Send DKIM (Domain Key Identified Mail)
Templates support
Receive emails
IMAP protocol support (over SSL/TLS)
POP3 protocol support (over SSL/TLS)
Retrieve and parse emails
Extract HTML, plain text, images
Attachment retrieval
Send and retrieve iCalendar appointments
Send and retrieve vCards
OAuth 1.1a/2.0 support
Spam filter
Bounce handling
Convert HTML only emails to plain text

If you need help or more information about any of these features visit Mail.dll samples.

The post System.Net.Mail vs Mail.dll first appeared on Blog | Limilabs.

Default ports for email protocols are:

Most email providers (like Gmail, Hotmail, Yahoo and others) use default ports. Connect() and ConnectSSL() and fluent interface use those ports by default.

Please ask your email server administrator for server, port, and SSL/TLS usage, if those are not standard there is no way you can guess them.

Please also make sure that:

• your application has enough security permissions to establish connection to the server.
• you are using correct client class with protocol you plan to use (Pop3 class with POP3 protocol, Imap class with IMAP, and Smtp class with SMTP protocol)
• you use correct port numbers, and rely on parameter-less Connect() and ConnectSSL() methods (they use default ports) whenever possible
• you are using ConnectSSL when you require SSL/TLS, and Connect when you don’t
• firewall and antivirus software are disabled or configured correctly (this includes Windows Defender)
• the protocol you are trying to use is enabled on the server. Exchange or Gmail can have some protocols disabled by default

Following articles can help you with that:

• How to enable POP3 in Gmail
• How to enable IMAP in Gmail
• How to enable POP3 in Exchange
• How to enable IMAP in Exchange

Connecting using default ports

Plain text mode

Establishing connection using default port is simple, you just need to use Connect method:

// C#

client.Connect("mail.example.com");

' VB.NET

client.Connect("mail.example.com")

Implicit SSL/TLS mode

If SSL encryption is required, use ConnectSSL method:

// C#

client.ConnectSSL("mail.example.com");

' VB.NET

client.ConnectSSL("mail.example.com")

Explicit SSL mode (aka TLS)

If your server requires explicit SSL/TLS (sometimes called TLS), you need to connect using Connect method and then use StartTLS method:

// C#

client.Connect("mail.example.com");
client.StartTLS();

' VB.NET

client.ConnectSSL("mail.example.com")
client.StartTLS()

Connecting using non-standard ports

If you need to specify different port just use overloaded version of Connect or ConnectSSL method:

// C#

client.Connect("mail.example.com", 999);

' VB.NET

client.Connect("mail.example.com", 999)

If SSL/TLS encryption is required:

// C#

client.ConnectSSL("mail.example.com", 999);

' VB.NET

client.ConnectSSL("mail.example.com", 999)

If you need to specify different port using fluent interface use OnPort() method:

// C# version

Mail.Text(@"Hello")
  .To("to@mail.com")
  .From("from@mail.com")
  .Subject("Subject")
  .UsingNewSmtp()
  .Server(_server)
  .WithSSL()
  .OnPort(443)
  .WithCredentials("user", "password")
  .Send();

SSL/TLS

Please look at following articles for details:

• Use SSL with IMAP
• Use SSL with POP3
• Use SSL with SMTP

Some servers require explicit SSL/TLS (sometimes called TLS). Usually this triggers “The handshake failed due to an unexpected packet format” exception, when you try to connect without SSL/TLS.

If your server uses self-signed certificates you may be getting “The remote certificate is invalid according to the validation procedure” error.

Please read SSL vs TLS vs STARTTLS, if you are confused about those.

Again when in doubt please ask your email server administrator for server, port, and SSL/TLS usage.

The post A connection attempt failed first appeared on Blog | Limilabs.

After regular connection, client explicitly asks the server to secure the connection. “AUTH TLS” command is used to do that.
As the SSL/TLS protocols self-negotiate their levels, there is no need to distinguish between SSL and TLS.

You should use AuthTLS method to enable TLS/SSL for both data channel and control channel:

// C# version

using (Ftp client = new Ftp())
{
    client.Connect("ftp.example.org");

    client.AuthTLS();

    client.Login("username", "password");

    foreach (FtpItem item in client.GetList())
    {
        if (item.IsFolder == true)
            Console.WriteLine("[{0}]", item.Name);
        else
            Console.WriteLine("{0}", item.Name);
    }
    client.Close();
}

' VB.NET version

Using client As New Ftp()

    client.Connect("ftp.example.org")

    client.AuthTLS()

    client.Login("username", "password")

    For Each item As FtpItem In client.GetList()
        If item.IsFolder = True Then
            Console.WriteLine("[{0}]", item.Name)
        Else
            Console.WriteLine("{0}", item.Name)
        End If
    Next
    client.Close()
End Using

If your FTP server is using other port than standard 21, you need to use overloaded version of Connect

// C# version

client.Connect("ftp.example.org", 999);

' VB.NET version

client.Connect("ftp.example.org", 999)

The last sample shows how to deal with self-signed certificates:

// C# version

using (Ftp client = new Ftp())
{
    // Use this line to validate self-signed certificates:
    client.ServerCertificateValidate += ValidateCertificate;

    client.Connect("ftp.example.org");
    client.AuthTLS();
    client.Login("username", "password");

    foreach (FtpItem item in client.GetList())
    {
        if (item.IsFolder == true)
            Console.WriteLine("[{0}]", item.Name);
        else
            Console.WriteLine("{0}", item.Name);
    }
    client.Close();
}

private static void ValidateCertificate(
    object sender,
    ServerCertificateValidateEventArgs e)
{
    const SslPolicyErrors ignoredErrors =
        SslPolicyErrors.RemoteCertificateChainErrors |
        SslPolicyErrors.RemoteCertificateNameMismatch;

    if ((e.SslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
    {
        e.IsValid = true;
        return;
    }
    e.IsValid = false;
}

' VB.NET version

Using client As New Ftp()
    ' Use this line to validate self-signed certificates:
    AddHandler client.ServerCertificateValidate, AddressOf ValidateCerificate

    client.Connect("ftp.example.org")
    client.AuthSSL()
    client.Login("username", "password")

    For Each item As FtpItem In client.GetList()
        If item.IsFolder = True Then
            Console.WriteLine("[{0}]", item.Name)
        Else
            Console.WriteLine("{0}", item.Name)
        End If
    Next
    client.Close()
End Using

Private Sub ValidateCerificate( _
    ByVal sender As Object, _
    ByVal e As ServerCertificateValidateEventArgs)

    Const ignoredErrors As SslPolicyErrors = _
        SslPolicyErrors.RemoteCertificateChainErrors Or _
        SslPolicyErrors.RemoteCertificateNameMismatch

    If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
        e.IsValid = True
        Return
    End If
    e.IsValid = False
End Sub

Here you can download Ftp.dll: .NET FTP/FTPS component.

The post Use SSL with FTP (Explicit) first appeared on Blog | Limilabs.

There are two modes in which Mail.dll can work:

• Implicit – where Mail.dll SMTP client immediately connects using secure channel,
• Explicit – where Mail.dll SMTP client connects on unsecured channel first and then secures the communication by issuing STARTTLS command. This mode is sometimes called TLS.

In both cases, by default, Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0, 1.1, 1.2, 1.3 are acceptable for secure communication. You can change the defaults using Smtp.SSLConfiguration property.

Smtp client may decide to secure the channel, if SMTP server explicitly forbids logging-in on unsecured channel and you are using UseBestLogin method.

SMTP implicit TLS/SSL mode

Mail.dll SMTP component connects using secure TLS/SSL channel. You need to know in advance if, the server supports TLS/SSL connections – ask your administrator. Typically, SMTP over TLS/SSL is associated with port 465, but this is not always the case. You can always specify different, then standard port, using ConnectSSL method overload.

// C# version

using Limilabs.Mail;
using Limilabs.Client.POP3;

class Program
{
    static void Main(string[] args)
    {
        using (Smtp smtp = new Smtp())
        {
            smtp.ConnectSSL("mail.example.com");

            smtp.UseBestLogin("user", "password");

            MailBuilder builder = new MailBuilder();
            builder.Text = "text";
            builder.From.Add(new MailBox("from@example.com"));
            builder.To.Add(new MailBox("to@example.com"));

            IMail email = builder.Create();

            smtp.SendMessage(email);

            smtp.Close();
        }
    }
};

' VB.NET version

Imports Limilabs.Mail
Imports Limilabs.Client.SMTP

Public Module Module1
    Public Sub Main(ByVal args As String())

        Using smtp As New Smtp()

            smtp.ConnectSSL("mail.example.com")

            smtp.UseBestLogin("user", "password")

            Dim builder As New MailBuilder()
            builder.Text = "text"
            builder.From.Add(New MailBox("from@example.com"))
            builder.[To].Add(New MailBox("to@example.com"))

            Dim email As IMail = builder.Create()

            smtp.SendMessage(email)

            smtp.Close()
        End Using

    End Sub
End Module

SMTP explicit TLS/SSL mode

Mail.dll SMTP component connects using clear text channel and secures the channel using TLS/SSL by issuing STARTTLS command. Typically standard SMTP ports: 25 or 587 are used, but this is not always the case. You can always specify different then standard port using Connect method overloads. By default 587 port is used.

// C# version

using Limilabs.Mail;
using Limilabs.Mail.Headers;
using Limilabs.Client.SMTP;

class Program
{
    static void Main(string[] args)
    {
        using (Smtp smtp = new Smtp())
        {
            smtp.Connect("mail.example.com");

            smtp.StartTLS();

            smtp.UseBestLogin("user", "password");

            MailBuilder builder = new MailBuilder();
            builder.Text = "text";
            builder.From.Add(new MailBox("from@example.com"));
            builder.To.Add(new MailBox("to@example.com"));

            IMail email = builder.Create();

            smtp.SendMessage(email);

            smtp.Close();
        }
    }
};

' VB.NET version

Imports Limilabs.Mail
Imports Limilabs.Mail.Headers
Imports Limilabs.Client.SMTP

Public Module Module1
    Public Sub Main(ByVal args As String())

        Using smtp As New Smtp()
            smtp.Connect("mail.example.com")

            smtp.StartTLS()

            smtp.UseBestLogin("user", "password")

            Dim builder As New MailBuilder()
            builder.Text = "text"
            builder.From.Add(New MailBox("from@example.com"))
            builder.[To].Add(New MailBox("to@example.com"))

            Dim email As IMail = builder.Create()

            smtp.SendMessage(email)

            smtp.Close()
        End Using

    End Sub
End Module

After you connect, you can check, if your SMTP server supports explicit TLS/SSL using following code:

// C# version

bool supportsStartTLS = smtp.SupportedExtensions()
   .Contains(SmtpExtension.StartTLS);

' VB.NET version

Dim supportsStartTLS As Boolean = smtp.SupportedExtensions() _
   .Contains(SmtpExtension.StartTLS)

You can read more here on how to know which extensions does your server support.

Self-signed certificates

If you are using self-signed certificates you may encounter this error: The remote certificate is invalid according to the validation procedure.

The post Use TLS/SSL with SMTP in .NET first appeared on Blog | Limilabs.