[Mono-list] Sending mail with smtp.gmail.com

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Aug 19 17:31:42 EDT 2009


On Wed, 2009-08-19 at 22:54 +0200, Petit Eric wrote:
> sorry i forget that, i keep it because MonoOSC is a client to only one
> url api.opensuse.org

Like I said you can keep it (still can't force you ;-) but it IS, even
if used with a single host, vulnerable to attacks (e.g. a man in the
middle attack).

Now I'll shamelessly reuse this thread to plug Gendarme (instead of
MonoOSC ;-) since it can detect such bad/hackish/should-be-temporary
ICertificatePolicy implementation.
http://www.mono-project.com/Gendarme.Rules.Security#DoNotShortCircuitCertificateCheckRule

Have fun (on the client, on the server or in the middle ;-)
Sebastien

> 2009/8/19 Sebastien Pouliot <sebastien.pouliot at gmail.com>:
> > On Wed, 2009-08-19 at 22:15 +0200, Petit Eric wrote:
> >> workaround :
> >> line 102 and 197
> >> http://monoosc.svn.sourceforge.net/viewvc/monoosc/MonoOSC/MonoOBSFramework/Class/VarGlobal.cs?revision=273&view=markup
> >
> > Eric, like I already told you (October 7, 2008) this is NOT the right
> > way to do this and leaves your code vulnerable to many, well known,
> > attacks. *You* might want to continue using this (I can't force you to
> > do it correctly) but please don't publicize this as a workaround. Keep
> > in mind that what _may_ work for a quick-hack can be potentially
> > disastrous for others.
> >
> >
> > Toutu, have a look at http://go-mono.com/forums/#nabble-td19851624
> > thread. In particular the parts about using SMTP port 587 for
> > submission. If that does not work please open a bug report and include
> > (part of) the code you're using.
> >
> > Sebastien
> >
> >> 2009/8/19 toutu <mlariau at gmail.com>:
> >> >
> >> > Hi everybody,
> >> >
> >> >
> >> > I built a very simple desktop program (no asp), to send email using gmail
> >> > smtp.
> >> > I am using smtpclient with enablessl and port 587
> >> >  It works perfectly under windows but raise exception under linux.
> >> > After reading comments in this forum I tried :
> >> >        mozroots --import --ask-remove --machine
> >> >                 certmgr -ssl -m smtps://smtp.gmail.com:465
> >> > then
> >> >        mozroots --import --ask-remove
> >> >                 certmgr -ssl  smtps://smtp.gmail.com:465
> >> >
> >> > Note that certmgr warned me that the certicate of CA store had an invalidate
> >> > signature. I confirmed the integration of the certificate.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >                he authentication or decryption has failed.
> >> > System.IO.IOException: The authentication or decryption has failed. --->
> >> > System.InvalidOperationException: SSL authentication error:
> >> > RemoteCertificateChainErrors
> >> >  at System.Net.Mail.SmtpClient.<SmtpClient>m__3 (System.Object sender,
> >> > System.Security.Cryptography.X509Certificates.X509Certificate certificate,
> >> > System.Security.Cryptography.X509Certificates.X509Chain chain,
> >> > SslPolicyErrors sslPolicyErrors) [0x00000]
> >> >  at
> >> > System.Net.Security.SslStream+<BeginAuthenticateAsClient>c__AnonStorey12.<>m__9
> >> > (System.Security.Cryptography.X509Certificates.X509Certificate cert,
> >> > System.Int32[] certErrors) [0x00000]
> >> >  at
> >> > Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation
> >> > (System.Security.Cryptography.X509Certificates.X509Certificate certificate,
> >> > System.Int32[] errors) [0x00000]
> >> >  at
> >> > Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation
> >> > (System.Security.Cryptography.X509Certificates.X509Certificate certificate,
> >> > System.Int32[] errors) [0x00000]
> >> >  at
> >> > Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation
> >> > (System.Security.Cryptography.X509Certificates.X509Certificate certificate,
> >> > System.Int32[] certificateErrors) [0x00000]
> >> >  at
> >> > Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
> >> > (Mono.Security.X509.X509CertificateCollection certificates) [0x00000]
> >> >  at
> >> > Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
> >> > () [0x00000]
> >> >  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
> >> > [0x00000]
> >> >  at (wrapper remoting-invoke-with-check)
> >> > Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
> >> >  at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
> >> > (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000]
> >> >  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
> >> > (IAsyncResult asyncResult) [0x00000]
> >> >  --- End of inner exception stack trace ---
> >> >  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
> >> > (IAsyncResult asyncResult) [0x00000]
> >> >
> >> >
> >> > Help appreciated.
> >> > Regards.
> >> > --
> >> > View this message in context: http://www.nabble.com/Sending-mail-with-smtp.gmail.com-tp25051030p25051030.html
> >> > Sent from the Mono - General mailing list archive at Nabble.com.
> >> >
> >> > _______________________________________________
> >> > Mono-list maillist  -  Mono-list at lists.ximian.com
> >> > http://lists.ximian.com/mailman/listinfo/mono-list
> >> >
> >>
> >>
> >>
> >
> >
> 
> 
> 



More information about the Mono-list mailing list