I am trying to use gmail's SMTP server smtp.gmail.com to send mails using C in Windows. I am able to connect to port 587 of the server, however the server responds by saying that STARTTLS/TLS is needed. Is there any Windows API call for starting a TLS connection ?
Should I even consider writing this application in C or use Python ?
Edit: Has anyone been able to send a mail by connecting to smtp.gmail.com using Telnet ? What I got was
220 mx.google.com ESMTP g4sm73428740wae.2
HELO hello
502 5.5.1 Unrecognized command. g4sm73428740wae.2
HELO hello.hello
250 mx.google.com at your service
MAIL FROM:a#gmail.com
530 5.7.0 Must issue a STARTTLS command first. g4sm73428740wae.2
STARTTLS
220 2.0.0 Ready to start TLS
MAIL FROM:a#gmail.com
and the connection is lost
You are going to need either a .NET wrapper around Microsoft's SmtpClient to create a DLL that can use the .NET features for SSL/TLS support through SMTP or use OpenSSL to handle the connections.
It would probably be beneficial for you to write this in C++. I am not familiar with Python, but I am sure there are libraries such as TLS Lite (Edit: see below, smtplib apparently provides you this functionality too).
Edit: Based on your edit, you have to have a program that knows how to handle the STARTTLS command. GMail requires secure connections and a username/password by default on all SMTP connections. You can connect to port 25, but you'll have to switch to the secure port after the initial connection. This is why, when you go to http://mail.google.com, it automatically switches to https connection. There was a whole big discussion about this on the Internet some time ago..
If you do not want to use OpenSSL or other third-party SSL/TLS library, then you can use Microsoft's own SSPI/SChannel APIs instead. It can be used on top of a socket, where the socket handles the low-level input/output of bytes, and you pass the bytes in/out of SSPI/SChannel functions for processing.
If you choose to write it in C then you will need a library like GNU SASL, which enables secure SMTP authentication. If you opt for C++ as was previously suggested then I would look at VMime, which is a free C++ library that uses GSASL. There is an example on the site that shows how to connect to GMail.
Related
I currently working on BizTalk and I got a problem when I try to configure a send port to a ftps server.
I send a request to an amazon server to get a file and I want to send this file on a ftp server.
I use an adapter nsoftware.ftp v3 for my sending port to the ftp server. But when I try it, I got this error message :
This system contains a plaintext-only license, however the( Ftp:Adresse) send port is configured to run with security enabled. You must disable the security features for the send port to execute.
Do I need a certificate with a private key or just the configuration any is ok with the nsoftware adapter?
So actually I use a first flow to get a file on a amazon server and it works . After, I create a send port who must take this file and send him to an ftps server (it is the server of a client). So I use the property BTS.SPName to activate this send port at the file reception and I use a nsoftware.ftp adapter (free version) for the transport type. The client send to me the certificate of the server and I install it on the server.
#Martin is right. The error is due to licensing. The version of the license you have does not support SSL/TLS connections. Please submit a support ticket and we can provide information on using the latest version of the adapters (V3 is also a few major versions old).
I'm trying to develop a XMPP "Proxy" which will be in the middle of a standard Jabber communication.
The schema will be something like this:
Pidgin ---> Proxy <--- eJabberD
|
v
Console
The purpose of this proxy is to log all the stanzas which go over the wire. IMHO, this is very convenient when you're developing XMPP based solutions.
I'm doing this with EventMachine and Ruby, and the main problem is to know how to decypher the traffic after the TLS/SASL handshake.
Before the starttls, all works perfectly, the server and client can talk between them, but when the tls handshake begins, although it works, it is impossible to dump the clear content as all of the traffic is encrypted.
I'm not an expert in TLS/SASL thing, so I don't know which is the best approach to do this. I think one way to achieve this, should be to grab the certificate in the handshake and use it to decypher the content as it goes throught the proxy.
Thanks!
If you could do what you say (grab the certificate on the wire and use it to decrypt), then TLS would be pretty worthless. This is one of the primary attacks TLS exists to prevent.
If the server will allow it, just don't send starttls. This is not required by spec. If starttls is required by your server, then you can configure it to use a null cipher, which will leave the traffic unencrypted. Not all servers will support that of course.
You can man-in-the-middle the starttls. Respond with your own tunnel to the client, and send a separate starttls negotiation to the server. This should generate certificate warnings on the client, but since you control the client you can tell it to accept the certificate anyway.
If you control the server, you can use the private key from it to decrypt the traffic. I'm not aware with any off-the-shelf code to do that easily, but it's writable.
I know how to test smtp email using telnet. But I think because telnet uses "its own channel" to reach smtp server, it doesn't necessarily mean the normal smtp communication on port 25 would work. (Please correct me if this is not true)
Basically the client has encountered with an issue : [ERROR] Access to default session denied during a test from application to reach smtp server. From the same server, telnet to send an email just works...
So I've got no other choice but to figure out why I am getting this sort of error. Done my research only to find out lots and lots of command-line email applications, no good in this case as it is the client's environment that I've got little control on what to install.
So I think the last resort would be using simple DOS commands? Please advise if there is even a better way. Many thanks in advance.
I know how to test smtp email using telnet. But I think because telnet uses "its own channel" to reach smtp server, it doesn't necessarily mean the normal smtp communication on port 25 would work.
That's incorrect. If sending e-mail works with typing it to the Windows telnet application, then it works, i.e. there is no problem with the SMTP server, and there are no firewall issues between the client and the server.
So the bug is most probably in the in the application displaying the error message. Maybe there is no bug, but the application is not configured properly.
I think because telnet uses "its own channel" to reach smtp server, it doesn't necessarily mean the normal smtp communication on port 25 would work. (Please correct me if this is not true)
That is not true. A "real" SMTP client uses the same method to talk to the SMTP server as telnet does.
If you do not trust Telnet, use Thunderbird, but the problem is probably with your client software or configuration. Double check the settings there and see if you can turn on any trace logging (on the client or the server).
Debug HTTP is easy, you have all sort of tools to do it (like Fiddler). What about SMTP?
How to Debug SMTP Communications?
My target system is Windows.
Suggested tools:
Ethereal
tcpdump
Microsoft Network Monitor
For the two people who responded with Ethereal: We renamed the project to Wireshark (http://www.wireshark.org) back in 2006 due to trademark issues. I strongly recommend upgrading.
Depending on your exact issue, Wireshark's Follow TCP Stream feature is pretty useful for debugging Internet Message protocols, including SMTP.
How to capture emails with Wireshark:
Get wireshark -> Install
Into filter enter smtp click Apply
When you get filtered lines click right mouse button on one of them and select 'Follow TCP stream'.
You should get window like following
(OPTIONAL) If you want to inspect contents of email that are base64 encoded
Copy part that looks like gibberish into one of base64 to text converters, there are plenty online. You should get readable text that was sent.
Hope this saves you some time.
smtp-cli is good for this. From the homepage:
smtp-cli is a powerful SMTP command line client with a support
for advanced features, such as STARTTLS, SMTP-AUTH, or IPv6
In addition to being a full-featured client, its --verbose option makes it
the tool I think you're looking for to track down SMTP issues (like, for instance,
why a server is rejecting a given to: address, which is how I found the tool :-) )
Again from the homepage:
It's also a convenient tool for testing and debugging SMTP servers' setups.
Even the hardcore mail admins used to typing the SMTP protocol over telnet
need a specialised tool when it comes to verifying encryption settings of
their TLS enabled server with a subsequent user authentication. Such things
are pretty hard to type into a telnet session by hand :-)
Try Ethereal - its a free network protocol analyzer.
The SMTP protocol is all ascii, so once you see whats inside the TCP connection, you should be good to go.
It will take a bit of work learning how to use Ethereal.
You can use a SMTP development server, like Neptune or Antix. Both work the same way: they create a "fake" SMTP server in your machine so you can test your e-mail sending methods, without actually sending the messages they receive.
Use tools like ethereal (www.ethereal.com) or tcpdump (www.tcpdump.org), if you want to see the SMTP traffic.
If you like to check your server for compliance with relaying standards, do a
telnet relay-test.mail-abuse.org
from your SMTP server and it checks your server for relaying vulnerabilities.
I am trying to send mail from a local iis app using localhost as my smtp server after installing free smtp but I am getting the following error:
Mailbox unavailable. The server response was: Invalid
recipient: 'validAddress'#hotmail.com
Any idea what the problem could be?
it sounds like your free (3rd party) smtp app is not leaving your network and might be trying to see if it has that mailbox itself. Try and see if there is a setting to allow the smtp server to access external connections, etc. What is the name of the free smtp app, btw?
Alternatively, can u use the built in SMTP mail provider, built into iis? do you know how to use that, instead of this 3rd party app.
It looks more like the SMTP service needs to be configured to "Relay" email... Usually this involves telling it what YOUR mail domain is, and then any mail destin for a domain other than it's own will cause it to go out to the world, and try to relay the message to the real server.
But, be careful! This is how spammers exploit email servers. They look for SMTP listeners that will relay for them. You want to make sure yours will only accept relay mail from "localhost", or whatever machine will be connecting to it to do the sending.
A more secure way is to block port 25 inbound at your firewall to this box, so this SMTP server is not visible to the outside world.
Write and test a simple smtp sender in C. It needs 3 minutes with RFC
Use Wireshark to see what comes on the wire between your application and the SMTP server.