Mailkit: Allowing only secure connections with SecureSocketOptions.Auto?

Created on 23 Feb 2017  路  5Comments  路  Source: jstedfast/MailKit

I am trying to replace the framework internal SmtpClient in my application with MailKit's SmtpClient and encountered a problem when connecting to an insecure (i.e. no SSL/TLS) mail server using SecureSocketOptions.Auto. This results in connection being established insecure.

In the framework SmtpClient when setting option EnableSsl = true, this scenario leads to a SmtpException: Server does not support secure connections, and connection is not established.

I expected SecureSocketOptions.Auto would work the same, i.e. establish only a secure connection and just decide whether a TLS wrapped or STARTTLS upgraded connection would be used.

Is it possible to achieve this somehow?

question

Most helpful comment

No need, I just updated the docs myself.

All 5 comments

The equivalent of EnableSsl from System.Net.Mail's SmtpClient would be SecureSocketOptions.StartTls.

Something a bit closer to what you want to do could be done like this:

var options = port == 465 ? SecureSocketOptions.SslOnConnect : SecureSocketOptions.StartTls`

That's very similar to what MailKit's internal logic is (except that it uses SecureSocketOptions.StartTlsWhenAvailable).

Hope that helps.

So if I understand correctly, SecureSocketOptions.Auto may initiate an insecure connection if the server doesn't support it?

Thanks for the wonderful library!

Correct. If the server doesn't support StartTLS and the port is not the SSL-wrapped port (aka 465), then you will end up with an unencrypted connection.

Would you mind if I made a PR to add your above description to the documentation for SecureSocketOptions.Auto.

I initially had the wrong impression reading: Allow the MailKit.IMailService to decide which SSL or TLS options to use (default).

No need, I just updated the docs myself.

Was this page helpful?
0 / 5 - 0 ratings