Archived Forum Post

Index of archived forum posts

Question:

SMTP authentication, defaults changed in latest version?

Jun 20 '12 at 09:41

Hi,

We have an application that has been using .NET framework 3.5 and ChilkatDotNet2.dll (8.4.0.0) for several years. This application has just been changed to .NET framework 4 and ChilkatDotNet4.dll (9.3.1.0).

In this application we send mail using a SMTP server and provide settings for the user to set SMTP host, username, password, port and optionally SSL. In version 8.4.0.0 the response log is as the following - please note that I've anonymized the user name and password:

ChilkatLog: VerifySmtpLogin: DllDate: Jan 10 2008 Username: rw Component: .NET 2.0 SMTP_Connect: Connecting to SMTP server 192.168.11.11:25 smtp_host: 192.168.11.11 smtp_port: 25 smtp_user: domainuser InitialResponse: 220 domain.dk [ESMTP Server] service ready;Gateway Ready

  sendingHello: EHLO PC412.domain.dk

  helloResponse: 250-domain.dk

250-SIZE 0 250 8BITMIME

  login_method: NONE or already authenticated
  CONNECTED to ESMTP server 192.168.11.11:25

In version 9.3.1 this is changed to default to LOGIN authentication:

VerifySmtpLogin: DllDate: Apr 14 2012 Language: .NET 4.0 Need new SMTP connection checkForExistingConnection: Elapsed time: 0 millisec SMTP_Connect: Connecting to SMTP server 192.168.11.11:25 smtp_host: 192.168.11.11 smtp_port: 25 smtp_user: domainuser ConnectTimeoutMs_1: 60000 calling ConnectSocket2 IPV6 enabled connect with NO heartbeat. This is an IPV4 numeric address... AddrInfoList: AddrInfo: ai_flags: 4 ai_family: 2 ai_socktype: 1 ai_protocol: 0 ai_addrlen: 16 ai_canonname: (NULL) --AddrInfo --AddrInfoList Connect using IPV4. ipAddress1: 192.168.11.11 myIP_3: 172.16.5.249 myPort_3: 9291 connect successful (2) socketConnect: Elapsed time: 0 millisec InitialResponse: 220 domain.dk [ESMTP Server] service ready;Gateway Ready

  initialResponse: Elapsed time: 0 millisec
  sendingHello: EHLO PC412

  sendEhlo: Elapsed time: 0 millisec
  helloResponse: 250-domain.dk

250-SIZE 0 250 8BITMIME

  helloResponse: Elapsed time: 0 millisec
  This SMTP server did not list authentication methods.
  Defaulting to LOGIN authentication method.
  login_method: LOGIN
  500 Syntax error, command unrecognized
  Failed to send AUTH LOGIN
  220 domain.dk [ESMTP Server] service ready;Gateway Ready

It seems the newest Chilkat doesn't correctly detect the authentication method when not specified explicitly and it defaults to LOGIN when the SMTP server doesn't specify? Version 8.4.0 would default to NONE if the SMTP server doesn't specify authentication. If I set the SmtpAuthMethod to "NONE" the above works, but I'm not sure this covers all scenarios, so is there a way to use the old functionality?

Best regards, Rasmus Wæhrens Logimatic A/S


Answer

The problem is that in the years since version 8.4.0, many SMTP servers began NOT listing authentication methods even when authentication was required. The reason is that they think it's more secure (but in my opinion it simply creates headaches and time-wasting for valid users while not really adding to security). So the problem nowadays is that if an SMTP server does not list it's accepted authentication methods in its initial greeting, one must guess as to whether it wants authentication or not. It's ambiguous. There's no way to know for sure. Chilkat v9.3.1 will assume that if your application has set the SmtpUsername and SmtpPassword, then you're implying that authentication is required, and it will default to using the "LOGIN" method (which is the most common method). If SmtpUsername and SmtpPassword are empty, then it assumes no authentication. (No authentication is typical when you've already had to authentication to access the network in the first place, such as with an ISP.)

The solution is to either clear the SmtpUsername / SmtpPassword properties, or explicitly set the SmtpAuthMethod property equal to "NONE".


Answer

Thank you for the explanation. I see the problem - however the old method has worked for us. You don't have an older version compiled for .NET 4.0 supporting the old method?

Best regards, Rasmus Wæhrens Logimatic A/S