Rulemanager and TLS / SSL
As of version 2.8, Dovetail Rulemanager supports SSL and TLS 1.2 when connecting to a SMTP server.
Config Settings
In order to have Rulemanager connect to the SMTP server via TLS or SSL, it must be configured to do so.
There are a few config settings that are relevant here:
EmailServiceConfig.EnableSslEmailServiceConfig.SmtpSslModeEmailServiceConfig.Port
EmailServiceConfig.EnableSsl
If you wish to connect via TLS or SSL, this setting must be set to true
EmailServiceConfig.SmtpSslMode
This setting specifies in which way the email component should switch the connection into TLS/SSL mode.
There are 4 available options here.
Manual
Typically not used.OnConnect
The entire conversation with the mail server will take place under TLS/SSL layer. Typically on a dedicated TLS/SSL port (usually, 465 for SMTP).UseStartTls
Rulemanager will automatically call StartTls method when appropriate (prior to hello for SMTP). No dedicated SSL/TLS port is required (the connection should be made to the regular SMTP, POP3, or IMAP4 port). Also, some SMTP servers use the special port 587 for StartTLS. StartTLS approach provides the same security level as OnConnect. However, the mail server must support STARTTLS.UseStartTlsIfSupported
Similar to UseStartTls but does not require the server support STARTTLS. If the server supports STARTTLS, Rulemanager will use it. If STARTTLS is not supported, Rulemanager will not issue this command and the entire session will not be SSL-encrypted.
EmailServiceConfig.Port
This is the communication port on the SMTP server to connect to.
Typically, this would be set to 25, 587 (for StartTLS), or 465 (for SSL).
Common Configurations
SSL/TLS on Port 465, using OnConnect
<
add key=
"EmailServiceConfig.EnableSsl"
value=
"true" />
<
add key=
"EmailServiceConfig.Port"
value=
"465" />
<
add key=
"EmailServiceConfig.SmtpSslMode"
value=
"OnConnect" />
TLS on Port 587, using STARTTLS
<
add key=
"EmailServiceConfig.EnableSsl"
value=
"true" />
<
add key=
"EmailServiceConfig.Port"
value=
"587" />
<
add key=
"EmailServiceConfig.SmtpSslMode"
value=
"UseStartTls" />
GMail
Gmail supports SSL on Port 465, and STARTTLS on port 587
<
add key=
"EmailServiceConfig.Host"
value=
"smtp.gmail.com" />
<
add key=
"EmailServiceConfig.EnableSsl"
value=
"true" />
<
add key=
"EmailServiceConfig.Port"
value=
"465" />
<
add key=
"EmailServiceConfig.SmtpSslMode"
value=
"OnConnect" />
<
add key=
"EmailServiceConfig.DefaultFromEmailAddress"
value=
"support@mycompany.com" />
<
add key=
"EmailServiceConfig.DefaultFromEmailAddressDisplayName"
value=
"MyCompany Support" />
<
add key=
"EmailServiceConfig.UseDefaultFromEmailAddressForAllMessages"
value=
"true" />
<
add key=
"EmailServiceConfig.TestEmailAddress"
value=
"admin@mycompany.com" />
<
add key=
"EmailServiceConfig.EnableTestMessage"
value=
"true" />
<
add key=
"EmailServiceConfig.SignOutgoingEmails"
value=
"false" />
<
add key=
"EmailServiceConfig.UserName"
value=
"support@mycompany.com" />
<
add key=
"EmailServiceConfig.Password"
value=
"myPassword" />
Microsoft Office365
Office365 supports STARTTLS on port 587
<
add key=
"EmailServiceConfig.Host"
value=
"smtp.office365.com" />
<
add key=
"EmailServiceConfig.EnableSsl"
value=
"true" />
<
add key=
"EmailServiceConfig.Port"
value=
"587" />
<
add key=
"EmailServiceConfig.SmtpSslMode"
value=
"UseStartTls" />
<
add key=
"EmailServiceConfig.DefaultFromEmailAddress"
value=
"support@mycompany.com" />
<
add key=
"EmailServiceConfig.DefaultFromEmailAddressDisplayName"
value=
"MyCompany Support" />
<
add key=
"EmailServiceConfig.UseDefaultFromEmailAddressForAllMessages"
value=
"true" />
<
add key=
"EmailServiceConfig.TestEmailAddress"
value=
"admin@mycompany.com" />
<
add key=
"EmailServiceConfig.EnableTestMessage"
value=
"true" />
<
add key=
"EmailServiceConfig.SignOutgoingEmails"
value=
"false" />
<
add key=
"EmailServiceConfig.UserName"
value=
"support@mycompany.com" />
<
add key=
"EmailServiceConfig.Password"
value=
"myPassword" />
Potential Errors
If the Rulemanager config settings are not properly aligned with the email server settings, then an error may happen, and will be logged to the Rulemanager.log file.
Here are some common errors that may occur.
IOException occurred during SSL negotiation - The handshake failed due to an unexpected packet format.
FChoice.RuleManager.Email.EmailService - SMTP server configuration loaded. Host: localhost, Port: 25, Enable SSL: Yes, SSL Mode: OnConnect, Timeout: 10 seconds
FChoice.RuleManager.FatalEmailServiceException: Failed to send an email. ---> MailBee.Security.MailBeeSslNegotiationException: IOException occurred during SSL negotiation.
Perhaps, you need to specify a more secure protocol such as TLS 1.2 (see SecurityProtocol.TlsAuto).
InnerException message follows:
The handshake failed due to an unexpected packet format. ---> System.IO.IOException: The handshake failed due to an unexpected packet format.
This can happen if you try to force a SSL connection (using an sslMode of OnConnect) with a port that doesn't support SSL
Socket connection has timed out
FChoice.RuleManager.Email.EmailService - SMTP server configuration loaded. Host: localhost, Port: 465, Enable SSL: Yes, SSL Mode: UseStartTls, Timeout: 10 seconds
FChoice.RuleManager.FatalEmailServiceException: Failed to send an email. ---> MailBee.MailBeeSocketTimeoutException: Socket connection has timed out. InnerException message follows:
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
--->
System.Net.Sockets.SocketException:
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
This can happen if you try to use StartTLS with a port that doesn't support TLS. Typically, if using port 465, you would use OnConnect rather that StartTLS.
Socket connection was aborted by remote host.
FChoice.RuleManager.Email.EmailService - SMTP server configuration loaded. Host: smtp.gmail.com, Port: 465, Enable SSL: Yes, SSL Mode: UseStartTlsIfSupported, Timeout: 100 seconds
FChoice.RuleManager.FatalEmailServiceException: Failed to send an email. ---> MailBee.MailBeeAbortedByRemoteHostException: Socket connection was aborted by remote host.
This can happen if you try to use UseStartTlsIfSupported with a port that doesn't support TLS. Typically, if using port 465, you would use OnConnect rather that StartTLS.
GMail: The server has rejected authentication data sent by the client. The server responded: 535-5.7.8 Username and Password not accepted
FChoice.RuleManager.NonFatalEmailServiceException: Received a permanent smtp error response. ---> MailBee.SmtpMail.MailBeeSmtpLoginBadCredentialsException:
The server has rejected authentication data sent
by the client. The server responded:
535
-5.7
.8 Username and Password not accepted.
Learn more at
535
5.7
.8 https:
//support.google.com/mail/?p=BadCredentials o193sm12343473vkc.45 - gsmtp.
To resolve this error, enable the "Access for less secure apps" setting in your Google account,
"Access for less secure apps" means the client/app doesn't use OAuth 2.0 for the account you are trying to access.
This setting is found in the account settings on the Security tab, Account permissions
Reference: https://support.google.com/mail/thread/5621336?hl=en -
Office365: The handshake failed due to an unexpected packet format
FChoice.RuleManager.Email.EmailService - SMTP server configuration loaded. Host: smtp.office365.com, Port: 587, Enable SSL: Yes, SSL Mode: OnConnect, Timeout: 10 seconds
FChoice.RuleManager.FatalEmailServiceException: Failed to send an email. ---> MailBee.Security.MailBeeSslNegotiationException: IOException occurred during SSL negotiation.
Perhaps, you need to specify a more secure protocol such as TLS 1.2 (see SecurityProtocol.TlsAuto).
InnerException message follows:
The handshake failed due to an unexpected packet format. ---> System.IO.IOException: The handshake failed due to an unexpected packet format.
This can happen when trying to use SSL (OnConnect) on port 587. Instead, set the sslMode to UseStartTls.
IOException occurred during SSL negotiation
FChoice.RuleManager.FatalEmailServiceException: Failed to send an email. ---> MailBee.Security.MailBeeSslNegotiationException: IOException occurred during SSL negotiation.
Perhaps, you need to specify a more secure protocol such as TLS 1.2 (see SecurityProtocol.TlsAuto).
InnerException message follows:
An existing connection was ...
This issue was reported by a customer, and was caused by an internet filtering rule that had been applied and it blocked Rulemanager from connecting to the mail server.