Hello,
Yahoo requires SSL connection. Please specify SslMode.Implicit in the connect method like this:
smtp.Connect("smtp.mail.yahoo.com", Rebex.Net.SslMode.Implicit)
If no SslMode is specified, unsecured (no SSL) connection is performed and port 25 is used. However, port 25 is used for communication between servers, not for communication between client and server.
See Connecting to servers article for more details about ports and SSL modes.
DKIM is on our list of possible future enhancements, but not very high at the moment. DKIM signatures are usually added by mail transfer agents (such as mail servers), while Rebex SMTP is most often used as an SMTP client that sends e-mail through a server (which can usually be set up quite easily to add DKIM signatures).
However, we wrote a proof-of-concept code that shows how to add DKIM signature using Rebex Secure Mail with a bit of custom code:
string privateKeyPath = "..."; // path to domain private key
string domain = "rebex.net"; // domain name
string selector = "jun2016"; // selector
string from = "support@rebex.net";
string to = "someone@example.org";
string subject = "DKIM test email";
string body =
"\r\n\r\nThis is the body of the message, with more than\r\n" +
"one line at <B>the END and START</B>.\r\n" +
"\r\n";
// create new MailMessage
MailMessage mail = new MailMessage();
mail.From = from;
mail.To.Add(to);
mail.Subject = subject;
mail.BodyText = body;
mail.BodyHtml = body;
// save message into MemoryStream in final MIME format
MemoryStream ms = new MemoryStream();
// save it using MimeMessage to be able to omit Preamble (not part of canonicalized data)
MimeMessage message = mail.ToMimeMessage();
message.Preamble = null; // no preamble
message.Save(ms);
// load message from MemoryStream using DoNotParseMimeTree option
ms.Position = 0;
message.Options = MimeOptions.DoNotParseMimeTree;
message.Load(ms);
// read the body part
using (Stream s = message.GetContentStream())
{
byte[] b = new byte[s.Length];
int n = b.Length;
while (n > 0)
n -= s.Read(b, b.Length - n, n);
body = Encoding.UTF8.GetString(b);
body = RemoveCharset(body); // remove charsets (not part of canonicalized data)
}
// compute body hash
HashAlgorithm hash = new SHA256Managed();
// use desired Body Canonicalization Algorithm (see RFC 4871)
string hashBody = BodyRelaxedCanonicalization(body);
byte[] bodyBytes = Encoding.UTF8.GetBytes(hashBody);
string hashout = Convert.ToBase64String(hash.ComputeHash(bodyBytes));
// prepare Timestamp - seconds since 00:00:00 on January 1, 1970 UTC
TimeSpan t = DateTime.Now.ToUniversalTime() - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
// prepare data to sign
string signatureHeader =
"v=1; " +
"a=rsa-sha256; " +
"c=relaxed/relaxed; " +
"d=" + domain + "; " +
"s=" + selector + "; " +
"t=" + Convert.ToInt64(t.TotalSeconds) + "; " +
"bh=" + hashout + "; " +
//"h=From:To:Subject:Content-Type:Content-Transfer-Encoding; " +
"h=From:To:Subject; " +
"b=";
string canonicalizedHeaders =
"from:" + message.Headers["From"].Raw + Environment.NewLine +
"to:" + message.Headers["To"].Raw + Environment.NewLine +
"subject:" + message.Headers["Subject"].Raw + Environment.NewLine +
"dkim-signature:" + signatureHeader;
// load RSA private key
Rebex.Security.Cryptography.Pkcs.PrivateKeyInfo pkinfo = new Rebex.Security.Cryptography.Pkcs.PrivateKeyInfo();
using (FileStream fs = File.OpenRead(privateKeyPath))
{
pkinfo.Load(fs, null);
}
// sign prepared header data using RSA-SHA256
using (RSACryptoServiceProvider signer = new RSACryptoServiceProvider())
{
signer.ImportParameters(pkinfo.GetRSAParameters());
byte[] plaintext = Encoding.UTF8.GetBytes(canonicalizedHeaders);
byte[] signature = signer.SignData(plaintext, "SHA256");
signatureHeader += Convert.ToBase64String(signature);
}
// add the DKIM-Signature header
message.Headers.Add(new MimeHeader("DKIM-Signature", new Unparsed(signatureHeader)));
// save the message (for debugging purposes)
message.Save(targetMailPath);
// send the message
...
public static string BodySimpleCanonicalization(string body)
{
// Ignores all empty lines at the end of the message body
return body.TrimEnd(' ', '\t', '\r', '\n') + "\r\n";
}
public static string BodyRelaxedCanonicalization(string body)
{
// Ignores all empty lines at the end of the message body
body = body.TrimEnd(' ', '\t', '\r', '\n') + "\r\n";
// Reduces all sequences of WSP within a line to a single SP character
body = body.Replace('\t', ' ');
int originalLength = body.Length;
body = body.Replace("", "");
while (body.Length != originalLength)
{
originalLength = body.Length;
body = body.Replace("", "");
}
// Ignores all whitespace at the end of lines
body = body.Replace(" \r\n", "\r\n");
return body;
}
public static string RemoveCharset(string body)
{
return System.Text.RegularExpressions.Regex.Replace(body, ";\r\n[ \t]*charset=", "; charset=");
}
Although this code is certainly not production-quality, it demonstrates that adding DKIM signature using a bit of custom code is possible. Please note that in addition to this, you need to add proper DKIM DNS records as well.
This looks like the server rejected the client's attempt to negotiate a TLS/SSL session when it received the client's initial TLS/SSL packet.
Unfortunately, this makes it impossible to tell why based on the client-side log alone. Possible cause includes a lack of common algorithms.
Your code seems to be correct.
The exception says that source directory (which is "/ITAPDB") doesn't exist (it doesn't refer to exact argument value). The SFTP server doesn't recognize backslashes, so they are transformed into ordinal slashes.
To tell more, please send us the Debug log for the both transfers to support@rebex.net or post it here. It can be done like this:
// create client
var sftp = new Sftp();
// assign logger
sftp.LogWriter = new Rebex.FileLogWriter(@"C:\logs\sftp.log", Rebex.LogLevel.Debug);
// connect and login
sftp.Connect(...);
sftp.Login(...);
// prepare paths
string filename = "CO_AOC_T.zip";
string rootPath = "/ITAPDB";
string localRootPath = @"C:\AWCTSTempLocal\ITAPDB";
// get single file
sftp.GetFile(Path.Combine(rootPath, filename), Path.Combine(localRootPath, filename));
// get all files from rootPath (on first level)
sftp.Download(rootPath + "/*", localRootPath, TraversalMode.MatchFilesShallow);
Unfortunately, we don't support PPMd compression method.
If you use Deflate compression method, we should be able to decompress it.
This looks like a bug in SFTP subsystem's data buffering that has been fixed in Rebex File Server 2016 R2.
However, you seem to be using a beta build with preliminary IFilesystem support - please download the current beta build that incorporates all 2016 R2 changes and give it a try. If the issue persists, let us know.
Can you please ensure that you are using FileZilla with SFTP protocol and not the FTP protocol?
If you are using really SFTP, please let us know.
If you are using FTP, please use the Rebex FTP/SSL component (instead of Rebex SFTP).
Hi,
Iam using Rebex secure mail(Imap) for crawling folders in gmail account.
I have a code like this [ for getting mails for past 30 days ]:
parameters = new ImapSearchParameter[] {
ImapSearchParameter.Arrived(DateTime.Now.AddDays(-30),
DateTime.Now.AddDays(1))
};
ImapMessageCollection tLatestMessages =
cImap.Search(ImapListFields.UniqueId, parameters);
The order of messages in the collection is not as expected.
I expect the order as per the date with which they arrived, but I am getting in the order with which they are added to the folder.
Please clarify if I am missing any thing
When calling this:
Ntp.SynchronizeSystemClock("pool.ntp.org");
Then it sometimes works, but often it does not correct the time and we get an exception instead one minute after the call:
NtpException: Request timed out - no answer in 60000 ms
How can we reliably correct UTC on the device?
Hi all,
We have been using Rebex Secure Mail for the past 8 months sending emails through Office 365. We connect directly to our instance (ie. customerdomain.mail.protection.outlook.com) on port 25 and use SslMode.Explicit to start TLS. As of a couple days ago, the connection start throwing an exception saying "Connection was closed by the remote connection end".
Here is the code we are using:
smtp.Connect(outbound_smtp_server, outbound_smtp_port, SslMode.Explicit);
We have opened a ticket with Microsoft but I figured I would also ask the question here. From packet sniffs we can see that Rebex issues the STARTTLS command and receives "220 2.0.0 SMTP server ready", however once Rebex starts transmitting the encrypted traffic we get disconnected.
Any help would be very appreciated. Thanks!
Hello,
please ensure two things:
the linked image is stored in MailMessage.Resources collection not the MailMessage.Attachments.
the linked resource has the ContentId property specified.
In your case, the code can look like this:
MailMessage mail = new MailMessage();
// fill mail properties
// ...
// add linked image to mail
var res = new LinkedResource("linked image source", MediaTypeNames.Image.Jpeg);
res.ContentId = "image003.jpg@01D1A45F.A330FC80";
mail.Resources.Add(res);
P.S: in your code, the src and alt values of the <img> tag differ.
Hello, you are using version released before 6 years. It is possible that the problem is already solved. Can you please try the current version.
Hello, yes, it is possible. You can use OAuth authentication, which doesn’t require “Less secure apps” option to be enabled.
Please see How to authenticate to Gmail with Rebex Secure Mail using OAuth 2.0 blog post for sample code.
I have an SFTP server running in the wild and I keep getting random connections from other countries. This is absolutely expected, but I would like to be able to detect this issue and reject connections from these IPs. The problem is that I don't know where to catch this exception and record the IP. I have tried placing a try catch around code in my Authentication Event Handler, but the error isn't being thrown there.
Session 273: Error: Rebex.Net.Protocols.Ssh.ZSC: Error while processing packet V. Key exchange failed. ---> Rebex.Net.Protocols.Ssh.ZSC: Key exchange failed. ---> System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils._ExportKey(SafeKeyHandle hKey, Int32 blobType, Object cspObject)
at System.Security.Cryptography.RSACryptoServiceProvider.ExportParameters(Boolean includePrivateParameters)
at Rebex.Security.Cryptography.CryptoHelper.WS(RSA T, Byte[] U, String D, Boolean C, RD M)
at Rebex.Security.Cryptography.CryptoHelper.YS(RSA T, Byte[] U, String D, Boolean C, RD M)
at Rebex.Security.Cryptography.AsymmetricKeyAlgorithm.SignHash(Byte[] hash, SignatureHashAlgorithm hashAlgorithm)
at Rebex.Net.SshPrivateKey.N(Byte[] T, Boolean U, SignatureHashAlgorithm D)
at Rebex.Net.SshPrivateKey.CreateSignature(Byte[] hash, SignatureHashAlgorithm algorithm)
at Rebex.Net.Protocols.Ssh.ZHD.OS(ETC T, XPD U)
at Rebex.Net.Protocols.Ssh.YHD.JS(ETC T, XPD U)
--- End of inner exception stack trace ---
at Rebex.Net.Protocols.Ssh.YHD.JS(ETC T, XPD U)
at Rebex.Net.Protocols.Ssh.MSC.DC(Int32 T, Int32 U)
--- End of inner exception stack trace ---
at Rebex.Net.Protocols.Ssh.MSC.DC(Int32 T, Int32 U)
at Rebex.Net.Protocols.Ssh.MSC.DC()
at Rebex.Net.Protocols.Ssh.MSC.HD(Int32 T, Int32 U, Int32 D, Int32 C, SocketException M)
Can you explain what this error means, and perhaps tell me where I could catch it and have access to the client IP? I only have access to the exception and session id in the ErrorOccurred Handler.
We are currently evaluating the Terminal WinForms Control and so far it has met our needs. However there is one feature I don't see that is a deal-breaker.
My particular situation requires that I be able to sanitize the data coming from the server before it renders. For instance, the server may send ©ABC®. I need to be able to strip the two delimiters and everything between them before they render to the terminal.
I see the DataReceived event but it's after the fact. I also didn't know if I could use the Terminal Emulator in conjunction with the WinForms control to do something like this but I assume the WinForms control is using behind the scene anyway. I haven't really seen anything else in the API.
Any help is greatly appreciated. This is our last hurdle using this product. We can move forward if we can get it working.
Thanks,
John
We are facing problem while connecting to our mail server using rebex.
Below are the component we are using:
We are using .Net framework 3.5.
Microsoft outlook 2012
Rebex 1.0.3588.0.
Below are the connection details we are using:
string server = "10.242.47.95";
int port = 110;
Imap client = new Imap();
client.Connect(server, port);
While connecting we are getting exception "Invalid IMAP response".
It was working earlier.
Please check it and reply.
Thanks
Lijo
You actually ask two different questions:
1) How to reject connections based on their IP address?
Fortunately, this is very simple - use FileServer.Connecting event:
server.Connecting += (sender, e) =>
{
// only accept sessions from clients within 192.168.1.* network
if (e.ClientAddress.ToString().StartsWith("192.168.1."))
e.Accept = true;
else
e.Accept = false;
};
Setting Accept to false will reject clients before they even attempt SSH negotiation.
2) What does the error mean?
The "Key exchange failed" error occurred because it was not possible to use the server RSA key to sign a hash during SSH session negotiation.
The actual cause of this was the "Key not valid for use in specified state" error thrown by .NET's RSACryptoServiceProvider object. This error usually indicates that something is wrong with the RSA key or key storage - see Microsoft Forum for suggested solutions.
How often does this occur? This doesn't seem to be related to different clients - if the RSA key is unusable, I would expect this to fail for all clients attempting RSA-based host key negotiation. Are you actually able to connect to this server yourself?
However, what's definitely worth mentioning is that RSACryptoServiceProvider.ExportParameters method has been called by the AsymmetricKeyAlgorithm.SignHash method - this indicates that RSACryptoServiceProvider.SignHash was attempted first and it failed. As a workaround of the last resort, AsymmetricKeyAlgorithm.SignHash tried to export the key in order to retry the signing operation using RSAManaged class - but this truned out to be impossible because RSACryptoServiceProvider.ExportParameters method failed as well.
Hello, to tell what exactly is going on I would need a communication log, but this is my hypothesis:
The server doesn't support SIZE command (because of the received error), so getting file length or checking file existence of a single file is not supported by this server.
FileZilla sends the LIST (or MLSD) command to list the content of the folder. The response contains file names and sizes. FileZilla doesn't send SIZE or any other command for each separate file.
If you use Ftp.GetList() method, you will very probably receive file lengths as well as FileZilla.
This is most likely not a Rebex issue - it's actually quite tricky to get AppDomain.CurrentDomain.AssemblyResolve to work correctly. I can't tell exactly without access to your code, but I guess the following articles might be helpful:
AppDomain.AssemblyResolve Event Tips (in particular Tip 3)
However, may I ask why exactly are you doing this? Why don't you simply deploy the DLLs along with your application's executable? .NET does try looking up DLLs in GAC first, but it will look into your app's directory when it can't find the DLLS in the GAC. Most of our customers deploy DLLs with their application and don't need to use AssemblyResolve at all.
I'm testing your demo trial of the .Net SFTP library for CF 2.0 (RebexSftp-2016R1.1)
The sample runs fine, and i can log in a SFTP server, upload/download files, etc... but all the time that i disconnect the client i get an entry on the log server: 'An existing connection was forcibly closed by the remote host'.
I'm using your Rebex tiny SFTP server, but i already tried with other servers and the behaviour is the same.
Using another SFTP client (for instance FileZilla) i don't get the warning entry on the server and i get a graceful disconnect.