Sending email via C# Mailkit / Mimekit but server certificate error comes in

Fuzed Mass picture Fuzed Mass · Sep 26, 2017 · Viewed 8.2k times · Source

0 Code in Visual Studio 2015

1 I am using Mailkit latest version (1.18.1.1) for sending an email from my own email server.

2 The email server is having a self signed certificate, which is not TRUSTED.

3 I have added both of the following lines in my code, to ignore the SERVER CERTIFICATE error:

client.ServerCertificateValidationCallback = (mysender, certificate, chain, sslPolicyErrors) => { return true; };
client.CheckCertificateRevocation = false;

4 But my program still crashes.

5 In email server logs it shows the error:

SSL_accept error from unknown[xxx.xxx.xxx.xxx]: Connection reset by peer

which I guess is coming because of the Server Certificate issue. Because in Wireshark capture, as soon as I get the SERVER certificate the connection is terminated.

6 I have also installed the UNTRUSTED certificate of email server in my system but still the problem persists.

7 Following is the detailed screenshot of error enter image description here

8 Complete code:

using (var client = new SmtpClient(new ProtocolLogger("logging.log")))

                    {

                        // For demo-purposes, accept all SSL certificates (in case the server supports STARTTLS)
                        client.ServerCertificateValidationCallback = (mysender, certificate, chain, sslPolicyErrors) => { return true; };
                        client.CheckCertificateRevocation = false;



                        client.Connect("xxx.com", 465, true);
                        // Note: since we don't have an OAuth2 token, disable
                        // the XOAUTH2 authentication mechanism.
                        client.AuthenticationMechanisms.Remove("XOAUTH2");

                        // Note: only needed if the SMTP server requires authentication
                        client.Authenticate("[email protected]","123456");

                        client.Send(message);
                        client.Disconnect(true);
}

Answer

Luke picture Luke · Oct 31, 2017

If you control both ends of the connection, you might want to first check sending without TLS, to be sure the problem only happens when using TLS.

Also try running without wireshark, fiddler or other man-in-the-middle sniffers/proxies, to ensure there is not a problem reaching the server in a secure way. Check your antivirus or internet security system is not closing your connection because of the untrusted certificate.

Another thing you might want to ensure is that both your client and your server share the same protocols: I know older TLS and SSL protocols have become deprecated, so it is possible that there is no common protocol between the client and the server.

You can also try enabling system.net tracing (available since .NET 2.0) and see if you get some more specific insight from the (very detailed) logs you get: https://blogs.msdn.microsoft.com/dgorti/2005/09/18/using-system-net-tracing/

System.Net tracing is 1) Per process 2) Shows threads 3) Works for SSL 4) Works for Loopback. 5) You don't need to recompile the code

[Edit]

Your question seems a little too broad for me to guess the problem, please try narrowing down the problem.. For instance:

  • try connecting without TLS;
  • try connecting to a different SMTP server (use one you know a standard mail client can connect to);
  • try connecting to your server with a different client (use thunderbird for instance..)
  • try running both client and server on the same machine;
  • try the same on a clean virtual machine

By the way SSPI seems to be related to trusted security issues, so also double-check you don't have configured your server to only accept trusted users..

[/Edit]

I will try to update my answer if this is not enough =)

HTH