Cannot send mail from Forms

Vote:
 

We have a new site on CMS 12 hosted on-prem and struggling with getting emails being sent after form submission.

Locally I am using host 127.0.0.1, port 25, useSsl false and it is recieved by Papercut without issued. 
On webserver using

"SmtpHost": "mailrelay.notmyactualdomain.net",
"SmtpPort": "25",
"SmtpUseSsl": "false",

A test mail is sent successfully when tested on the actual server using powershell and curl-command.

However in web application using the same settings as the test in powershell, it does not work. 

[ERR] Failed to send email
System.AggregateException: One or more errors occurred. (An error occurred while attempting to establish an SSL or TLS connection.

The host name did not match the name given in the server's SSL certificate.
)
 ---> MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.

The host name did not match the name given in the server's SSL certificate.

 ---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.

I have tried with smtp settings in application.json and also setting it directly in startup.cs without any change. Currently using the later.

public static class SmtpInitialization
{
  public static IServiceCollection AddSmtpConfiguration(this IServiceCollection services, string host, int port = 25, bool useSsl = false)
  {
    services.Configure<SmtpOptions>(x =>
    {
      x.DeliveryMethod = DeliveryMethod.Network;
      x.Network = new Network
      {
        Host = host,
        Port = port,
        UseSsl = useSsl
      };
    });

    return services;
  }
}

//invoking in startup.cs:
var smtpHost = Configuration.GetValue<string>("SmtpHost");
var smtpUseSsl = Configuration.GetValue<bool>("SmtpUseSsl");
var smtpPort = Configuration.GetValue<int>("SmtpPort");
services.AddSmtpConfiguration(smtpHost, smtpPort, smtpUseSsl);

I have checked and double-checked and tripple-checked the settings. The same settings are working in a CMS 11 site on a different webserver.

How would I go about in debugging this? Can there be another setting in IIS that needs to be made?

#316865
Edited, Feb 08, 2024 13:49
Vote:
 

Hi Jonas

The above error message you provided had pointed out the issue already. What's the domain name in your cert? does it match to your smtp host?

The host name did not match the name given in the server's SSL certificate.

Alternatively, you can try to use SmtpClient to see if it works in order to isolate the fundamental issue. 

p.s. MailKit is keeping up with the latest security best practices and continously removing outdated protocols. You can find more details and workaround from the link below if you still want to use MailKit without correct certificate.

MailKit/FAQ.md at master · jstedfast/MailKit (github.com)

I hope above helps. 

#316919
Feb 09, 2024 1:05
Vote:
 

Thanks Vincent. 

I hear you. Why would it work in other site on epi11 and with curl. And this with usessl=false

The error provided is for me not consistant.

#316921
Feb 09, 2024 6:46
Vote:
 

Is it Optimizely that requires a certificate? 
I am not getting same error when using Powershell.

#317606
Feb 23, 2024 14:48
Vote:
 

Hi Jonas,

The problem is probably the default implementation of EPiServer.Notification.Internal.ISmtpClient. It uses SecureSocketOptions.Auto when you configure the UseSsl: false. You could implement your own ISmtpClient, but unfortunately the default implementation is internal so can't inherit that as a base.

    public class SmtpClientProvider : EPiServer.Notification.Internal.ISmtpClient
    {
        private readonly ILogger _logger;
        private readonly SmtpOptions _options;

        public SmtpClientProvider(SmtpOptions options, ILogger<SmtpClientProvider> logger)
        {
            _options = options;
            _logger = logger;
        }

        private void SaveToPickupDirectory(MimeMessage message, string pickupDirectory)
        {
            int num = 0;
            do
            {
                string path = Path.Combine(pickupDirectory, Guid.NewGuid().ToString() + ".eml");
                if (File.Exists(path))
                {
                    continue;
                }
                try
                {
                    using FileStream stream = new FileStream(path, FileMode.CreateNew);
                    message.WriteTo(stream);
                    return;
                }
                catch (IOException)
                {
                }
            }
            while (num++ < 3);

            _logger.LogError("Unable to write email to disk {PickupDirectory}", pickupDirectory);
        }

        public virtual async Task SendAsync(MimeMessage message)
        {
            if (_options.DeliveryMethod == DeliveryMethod.Network)
            {
                using SmtpClient client = new();

                await client.ConnectAsync(_options.Network.Host, _options.Network.Port.GetValueOrDefault(), (!_options.Network.UseSsl.GetValueOrDefault()) ? SecureSocketOptions.None : SecureSocketOptions.StartTls);

                if (!string.IsNullOrWhiteSpace(_options.Network.UserName))
                {
                    await client.AuthenticateAsync(_options.Network.UserName, _options.Network.Password);
                }

                await client.SendAsync(message);

                await client.DisconnectAsync(quit: true);
            }
            else
            {
                if (_options.DeliveryMethod != DeliveryMethod.SpecifiedPickupDirectory)
                {
                    throw new NotSupportedException("Unsupported DeliveryMethod");
                }
                SaveToPickupDirectory(message, _options.SpecifiedPickupDirectory?.PickupDirectoryLocation);
            }
        }
    }

You can just add that in to the services

services.AddScoped<ISmtpClient, SmtpClientProvider>();

Maybe someone from Optimizely can comment is that a bug that should be fixed or a feature

#317800
Feb 27, 2024 6:53
Vote:
 

Thanks Antti. Great response and solution.

We ended up changing smtp-server/service that has support for ssl and with certificate. That would have been the best if the existing smtp server would support SSL but its an big organisation and the service could not change just like that :)

#317883
Feb 28, 2024 7:27
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.