I am currently trying to get a debug mail up and running. The moment an error occurs it will send a mail with the error to the mail i use. But after letting somebody test it he actually got my mail password and mail out of it and decided to change the password.
public void Send() {
MailMessage MailMesaji = new MailMessage();
MailMesaji.Subject = "subject";
MailMesaji.Body = "mail body";
MailMesaji.From = "sender mail adress";
this.MailMesaji.To.Add(new MailAddress("to mail adress"));
System.Net.Mail.SmtpClient Smtp = new SmtpClient();
Smtp.Host = "smtp.gmail.com"; // for example gmail smtp server
Smtp.EnableSsl = true;
Smtp.Credentials = new System.Net.NetworkCredential("account name", "password");
Smtp.Send(MailMesaji);
}
So i was wondering, is it possible to encrypt the account name and password to prevent stealing ?
I am sorry if i did not search good enough, but could not find anything on how to encrypt email/password
As you need to recover the original password to use for the mail send, you would have to use some form reversible encryption.
It sounds like you are in a situation where you want to pass on your source code to another user to test. That tester will be able to simply breakpoint your code on the new System.Net.NetworkCredential line and see what is being passed to the constructor.
So, however you manage to encrypt your credentials, if you are passing the code (or executable) to somebody else for testing, then they will be able to access your password.
Related
I'm trying to set up some code to send email via Office 365's authenticated SMTP service:
var _mailServer = new SmtpClient();
_mailServer.UseDefaultCredentials = false;
_mailServer.Credentials = new NetworkCredential("test.user#mydomain.com", "password");
_mailServer.Host = "smtp.office365.com";
_mailServer.TargetName = "STARTTLS/smtp.office365.com"; // same behaviour if this lien is removed
_mailServer.Port = 587;
_mailServer.EnableSsl = true;
var eml = new MailMessage();
eml.Sender = new MailAddress("test.user#mydomain.com");
eml.From = eml.Sender;
eml.to = new MailAddress("test.recipient#anotherdomain.com");
eml.Subject = "Test message";
eml.Body = "Test message body";
_mailServer.Send(eml);
This doesn't appear to be working, and I'm seeing an exception:
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM
at System.Net.Mail.MailCommand.Send(SmtpConnection conn, Byte[] command, String from)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
I've tried enabling network tracing and it appears that secure communications are established (for example, I see a line in the log for the "STARTTLS" command, and later there's a line in the log "Remote certificate was verified as valid by the user.", and the following Send() and Receive() data is not readable as plain text, and doesn't appear to contain any TLS/SSH panics)
I can use the very same email address and password to log on to http://portal.office.com/ and use the Outlook email web mail to send and read email, so what might be causing the authentication to fail when sending email programmatically?
Is there any way to additionally debug the encrypted stream?
In my case after I tried all this suggestion without luck, I contacted Microsoft support, and their suggestion was to simply change the password.
This fixed my issue.
Note that the password wasn't expired, because I logged on office365 with success, however the reset solved the issue.
Lesson learned: don't trust the Office 365 password expiration date, in my case the password would be expired after 1-2 months, but it wasn't working.
This leaded me to investigate in my code and only after a lot of time I realized that the problem was in the Office365 password that was "corrupted" or "prematurely expired".
Don't forget every 3 months to "refresh" the password.
To aid in debugging, try temporarily switching to MailKit and using a code snippet such as the following:
using System;
using MailKit.Net.Smtp;
using MailKit.Security;
using MailKit;
using MimeKit;
namespace TestClient {
class Program
{
public static void Main (string[] args)
{
var message = new MimeMessage ();
message.From.Add (new MailboxAddress ("", "test.user#mydomain.com"));
message.To.Add (new MailboxAddress ("", "test.recipient#anotherdomain.com"));
message.Subject = "Test message";
message.Body = new TextPart ("plain") { Text = "This is the message body." };
using (var client = new SmtpClient (new ProtocolLogger ("smtp.log"))) {
client.Connect ("smtp.office365.com", 587, SecureSocketOptions.StartTls);
client.Authenticate ("test.user#mydomain.com", "password");
client.Send (message);
client.Disconnect (true);
}
}
}
}
This will log the entire transaction to a file called "smtp.log" which you can then read through and see where things might be going wrong.
Note that smtp.log will likely contain an AUTH LOGIN command followed by a few commands that are base64 encoded (these are your user/pass), so if you share the log, be sure to scrub those lines.
I would expect this to have the same error as you are seeing with System.Net.Mail, but it will help you see what is going on.
Assuming it fails (and I expect it will), try changing to SecureSocketOptions.None and/or try commenting out the Authenticate().
See how that changes the error you are seeing.
Be sure you're using the actual office365 email address for the account. You can find it by clicking on the profile button in Outlook365. I wrestled with authentication until I realized the email address I was trying to use for authentication wasn't the actual mailbox email account. The actual account email may have the form of: account#company.onmicrosoft.com.
We got ours working by converting the mailboxes (from address) from "shared" to "regular". Before this change, my application quit sending email when we migrated from Gmail to Office 365. No other code changes were required, besides setting the host to smtp.office365.com.
Please check below code I have tested to send email using Exchange Online:
MailMessage msg = new MailMessage();
msg.To.Add(new MailAddress("YourEmail#hotmail.com", "XXXX"));
msg.From = new MailAddress("XXX#msdnofficedev.onmicrosoft.com", "XXX");
msg.Subject = "This is a Test Mail";
msg.Body = "This is a test message using Exchange OnLine";
msg.IsBodyHtml = true;
SmtpClient client = new SmtpClient();
client.UseDefaultCredentials = false;
client.Credentials = new System.Net.NetworkCredential("XXX#msdnofficedev.onmicrosoft.com", "YourPassword");
client.Port = 587; // You can use Port 25 if 587 is blocked
client.Host = "smtp.office365.com";
client.DeliveryMethod = SmtpDeliveryMethod.Network;
client.EnableSsl = true;
try
{
client.Send(msg);
}
catch (Exception ex)
{
}
Port (587) was defined for message submission. Although port 587 doesn't mandate requiring STARTTLS, the use of port 587 became popular around the same time as the realisation that SSL/TLS encryption of communications between clients and servers was an important security and privacy issue.
In my case my problem was not related to the code but something to do with the Exchange mailbox. Not sure why but this solved my problem:
Go to the exchange settings for that user's mailbox and access Mail Delegation
Under Send As, remove NT AUTHORITY\SELF and then add the user's account.
This gives permissions to the user to send emails on behalf of himself. In theory NT AUTHORITY\SELF should be doing the same thing but for some reason that did not work.
Source: http://edudotnet.blogspot.com.mt/2014/02/smtp-microsoft-office-365-net-smtp.html
I got this same error while testing, using my own domain email account during development. The issue for me seemed related to the MFA (Multi Factor Authentication) that's enabled on my account. Switching to an account without MFA resolved the issue.
I had this issue since someone had enabled Security defaults in Azure.
This disables SMTP/Basic authentication. It's clearly stated in the documentation, but it's not evident by the error message, and you have to have access to the account to find out.
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
It's possible to enable it per account.
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
You need change the credentials function. Here is the substitution you need to make:
change
-*_mailServer.Credentials = new NetworkCredential("test.user#mydomain.com", "password");*
for this
-*_mailServer.Credentials = new NetworkCredential("test.user#mydomain.com", "password", "domain");*
In my case, password was expired.I just reset password and its started working again
var client = new SmtpClient("smtp.gmail.com", 587)
{
Credentials = new NetworkCredential("mail#gmail.com", "supersecretpassword"),
EnableSsl = true
};
MailMessage message = new MailMessage(new MailAddress(sender),
new MailAddress(recepient));
//message.From = new MailAddress(sender);
message.IsBodyHtml = true;
// message.To.Add(new MailAddress(recepient));
//message.ReplyToList.Add(new MailAddress(sender));
message.Subject = "subject";
message.Body = "title";
client.Send(message);
I'm sending an email using the code above, however, if the recepient decides to reply to the email, i want the to reply to the Adress supplied in the sender parameter, but when i receive the email, the From field gives the address of the mail#gmail.com provided in the smtp info.
I tried setting the replyto, replytolist and from properties in MailMessage, but it doesn't cahnge anything.
With the reply to i could see the sender address in "ReplyTo" in gmail, but the default receiver if i pressed reply is still mail#gmail.com
Am i not supposed to be able to change this for some reason, or am i missing something?
EDIT
i'm suspecting this has to do with using a temporary gmail as smtp server, but i can't find any confirmation to this.
ReplyTo is deprecated, ReplyToList is a correct way.
If you think this is a gmail related problem try with another smtp (for example sendgrid )
Keep in mind that gmail uses Sender and From differently in case of "fake" account as you can read here
https://stackoverflow.com/a/3872880/744610
according to this answer it is because i'm using gmail as smtp server, and gmail doesn't allow changing the From/sender properties of an email, to avoid spam
I use the following code to send email.Sometimes it works fine and some time it generate error .
Is there any better code to send emails.And one more thing is it necessary to provide password for sending mail.
using System.Net.Mail;
public void SendEmail()
{
MailMessage mail = new MailMessage();
mail.To.Add("sales#ojhatraders.com");
mail.From = new MailAddress("ojhatraderscustomer#gmail.com");
mail.Subject = "Contact Us Enquiry";
string Body = "<b>From:<b>" + mail.From + "<br/>" + "Your Query Recived "+"<br/>"+"Name"+nameTextBox.Text+"<br/>"+"Mobile:"+mobileTextBox.Text+"<br/>"
+"Email:"+emailTextBox.Text+"<br/>"+"Query:"+queryTextBox.Text;
mail.Body = Body;
mail.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com"; //Or Your SMTP Server Address
smtp.Credentials = new System.Net.NetworkCredential("sample#gmail.com", "passsword");//Or your Smtp Email ID and Password
smtp.EnableSsl = true;
smtp.Send(mail);
}
Please provide some useful suggestion and better code.
Have you tried adding
smtp.Port = 587;
The best bet to keep your credentials secret is having an SMTP Server running that accepts anonymous referrers. With this criteria met, credentials aren't required with anonymous requests. There are fewer and fewer mail services allowing anonymous requests, while it used to be rampant < 10 years ago. Now most SMTP services require valid username and password credentials, some even network domain credentials.
Error
Without informing us with the error that your code generates, we can't really help solving that issue. You should check the recommended smtp-port. From Google support websuite:
If you tried configuring your SMTP server on port 465 (with SSL) and port 587 (with TLS), but are still having trouble sending mail, try configuring your SMTP to use port 25 (with SSL).
'Better' code
Sending mails are quite obvious in ASP.NET so 'better' code to send mails is more an opinion rather than a fact. However, I should split things up a little bit from an architectural point of view. This will improve code quality and reduce duplicate code.
Things you should consider do to make this code 'better'.
Make use of a stringbuilder to build your mail content and inject it into mailtemplate
Make a separate class 'Email' with e.g. default constructor, Send() and GetTemplate() method
Specify settings for SMTP in your web.config
That way you can make and send your e-mail from anywhere in your application in a few lines. Some example code from one of my applications:
var content = new StringBuilder();
content.Append("Name: " + contactForm.Name + "<br/>");
content.Append("Email: " + contactForm.Name + "<br/>");
content.Append("Message: " + contactForm.Name + "<br/>");
//Email constructor accepts two arguments: the content and the name of the template
var mail = new Email(content, "mailTemplateName")
mail.Send("mymail#domain.be", "recipient#gmail.com", "Subject of the mail")
Try including a port for your SMTP. Ones that are typically used are 25, 465, and 587. I usually use 25 without issues and you can also use 465 for ssl. I also usually set UseDefaultCredentials to false:
SmtpClient smtp = new SmtpClient();
smtp.Port = 25;
smtp.UseDefaultCredentials = false;
Also, you might want to dispose of your messages after you've used them. It's good practice and is safer for performance and cost.
using (smtp as IDisposable)
{
smtp.Send(yourEmail);
yourEmail.Dispose();
}
All in all, pretty open ended question. Hope this helps, but be a little more specific so you can get better help next time
I have a standard Google Apps account and they host my email for me..
Currently I can send emails in C# code, but they always come from my main email address.. I have a couple of nicknames setup... and in the Gmail interface, its possible as descibed here : Google Apps - Send email from a nickname
But I want to do this from code.. so I can send emails as "info#" or "support#"...
I have an appSetting called "EmailFrom" that is defined as "info#"...
MailMessage mm = new MailMessage(ConfigurationManager.AppSettings["EmailFrom"], ToAddress);
//'(2) Assign the MailMessage's properties
mm.Subject = Subject;
mm.Body = MessageBody;
mm.IsBodyHtml = true;
//'(3) Create the SmtpClient object
SmtpClient smtp = new SmtpClient();
smtp.Port = System.Convert.ToInt32(ConfigurationManager.AppSettings["smtpPort"]);
smtp.EnableSsl = true;
smtp.Send(mm);
Is that possible?
Ok..
Figured it out...
It would seem that I needed to add the email address in the gmail interface...
Select the Settings menu, and choose Accounts.... then select "Add another email address you own"..
I just went through the verification process adding in the nickname I wanted to send from..
Easy..
I found a great way to send email in C#, except for one problem, I have to show my password. If anyone were to disassemble my program, or if I decided to make it open source (which I probably will) they would get the username and password for my gmail account. Is there any way to get around this?
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("Contact#pandorafreed.com");
mail.To.Add("myemail#gmail.com");
mail.Subject = "Pandora Free-D Message";
mail.Body = "Name: " + C.NameBox.Text + "\n" + "Email: " + C.emailBox.Text + "\n" + C.Message.Text;
SmtpServer.Port = 587;
SmtpServer.Credentials = new System.Net.NetworkCredential("username", "password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
+++++EDIT+++++
hmmm... would localhost work? Anyone know?
Not if your mail server requires authentication. The program will need to know the password to send mail, and if this program is operating on a computer you don't trust then you can assume the password will be quickly compromised.
You should consider an alternate method, like submitting the mail via a web service or HTTP call to a server under your control, where you can validate the message and then send it to the mail server.
You could create web-service, which will send e-mail to mail-server.
Why would you have others using your account to send e-mail? Let the user use his/her own mailserver and authentication. Let the user enter those values when installing your program and store it in a configuration file.