Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for improvement: parse X-EXPS line (and other extensions) in Ehlo response #603

Closed
qlikled opened this issue Dec 19, 2017 · 3 comments
Closed

Request for improvement: parse X-EXPS line (and other extensions) in Ehlo response #603

qlikled opened this issue Dec 19, 2017 · 3 comments
Labels
compatibility Compatibility with existing software

Comments

@qlikled
Copy link

qlikled commented Dec 19, 2017
edited
Loading

Use case: using SmtpClient class to send email to Exchange server
Error: No compatible authentication mechanisms found.. Stack trace: at MailKit.Net.Smtp.SmtpClient.Authenticate(Encoding encoding, ICredentials credentials, CancellationToken cancellationToken)↓↓ at MailKit.MailService.Authenticate(String userName, String password, CancellationToken cancellationToken)

REASON
As visible in the protocol log below, no authentication mechanism is returned in the AUTH line, so parsing by SmtpClient.EhloAsync (bool doAsync, CancellationToken cancellationToken) returns that no authentication mechanism is supported.
Authentication mechanisms are instead returned as part of an X-EXPS line which serves the same purpose in Exchange (see https://technet.microsoft.com/en-us/library/bb123786(v=exchg.65).aspx).

As a workaround I have forced SmtpClient to attempt authentication with NTLM and LOGIN if the server does not respond properly:

if (client.AuthenticationMechanisms.IsEmpty())
{
client.AuthenticationMechanisms.Add("LOGIN");
client.AuthenticationMechanisms.Add("NTLM");
}

However this is less than ideal since the schemes could be a mismatch with what the server actually returned in the X-EXPS line.
Overriding the EhloAsync method is not possible due to visibility issues.

ENHANCEMENT REQUEST
Add a suitable method to allow overriding parsing of response to the Ehlo command to support custom extensions (also X-ANONYMOUSTLS would be interesting to support) or extend response support to parse X-EXPS authentication schemes.

PROTOCOL LOG
Connected to smtp://XXXX.XXXX.com:25/?starttls=always
S: 220 AAAA.XXXX.com Microsoft ESMTP MAIL Service ready at Mon, 18 Dec 2017 13:10:03 +0800
C: EHLO [10.128.2.212]
S: 250-AAAA.XXXX.com Hello [10.128.2.212]
S: 250-SIZE 27262976
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-X-ANONYMOUSTLS
S: 250-AUTH
S: 250-X-EXPS GSSAPI NTLM
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250-XEXCH50
S: 250-XRDST
S: 250 XSHADOW
jstedfast added a commit that referenced this issue Dec 19, 2017
@jstedfast
Treat the SMTP X-EXPS capability in an EHLO response the same as AUTH
7768ddb 
Fixes issue #603
@jstedfast jstedfast added the compatibility Compatibility with existing software label Dec 19, 2017
@jstedfast
Copy link
Owner

X-ANONYMOUSTLS seems to be for server-to-server communication, not client -> server.

@qlikled
Copy link
Author

qlikled commented Dec 20, 2017

Thanks for being so quick in resolving the issue. You're correct about the X-ANONYMOUSTLS.

@filipnavara
Copy link

FWIW, X-EXPS is also for server-to-server authentication. It's reported if you connect to Exchange SMTP on port 25 instead of port 587.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compatibility Compatibility with existing software
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jstedfast @filipnavara @qlikled