Sending emails from Mono on Linux

pokorra

I just post this here, not sure if it might be outdated soon with Mono 4.6 coming with BoringSSL.

Situation: I create a report, and want to send it as an Email from within OpenPetra.

I need to configure the following:

On the Linux server, in /home/openpetra/etc/PetraServerConsole.config:

    <add key="SmtpHost" value="tim00.hostsharing.net"/>
    <add key="SmtpPort" value="25"/>
    <add key="SmtpUser" value="myuser"/>
    <add key="SmtpPassword" value="secret"/>
    <add key="SmtpEnableSsl" value="true"/>
    <add key="IgnoreServerCertificateValidation" value="false" />

You also need to configure in OpenPetra, as the user who sends the email, in "User Settings", "User Preferences", "Email", "Sender Address". You need to restart the OpenPetra Client after that.

For IgnoreServerCertificateValidation to work, you would need to install the certificate of the mail server so that it gets accepted.

If you are using the mono packages from epel-testing for CentOS7, You need to install the package mono-devel which provides the certmgr tool.

As the user openpetra you need to run on the Linux server:

//    mozroots --import --ask-remove --machine
//    mozroots --import --ask-remove
mozroots --import --sync
certmgr -ssl smtps://tim00.hostsharing.net:443
# list installed certificates
certmgr --list -c CA
certmgr --list -c Trust

Somehow, this does not work for me.
I cannot send emails, I get this error:

System.Net.Mail.SmtpException: Message could not be sent. ---> System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> System.InvalidOperationException: SSL authentication error: RemoteCertificateNotAvailable
  at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (IAsyncResult asyncResult) <0x4070d350 + 0x000f7> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (IAsyncResult ar, Boolean ignoreEmpty) <0x4070d2a0 + 0x0002b> in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (IAsyncResult result) <0x40705a10 + 0x0020f> in <filename unknown>:0

I have created a test program that makes it easier to test this: https://github.com/openpetra/openpetra/blob/master/csharp/ICT/Testing/exe/SmtpEmail/test.cs

At tim00.hostsharing.net there is a self-signed certificate. Same problem I have with office365, where I cannot get the certificate.
I tried to download the certificate with openssl as well, according to http://stackoverflow.com/a/11738568:

openssl s_client -connect tim00.hostsharing.net:25 -servername tim00.hostsharing.net -starttls smtp

Cut the certificate out of the output, and add it to the certificate Trust store:

certmgr -add -c CA cert.crt 
certmgr -add -c AddressBook cert.crt
certmgr --list -c CA

That did not work for me either.

With Mono 4.6, there will be BoringSSL. So perhaps the situation changes then. See http://www.mono-project.com/docs/about-mono/releases/4.6.0/ and http://tirania.org/blog/archive/2016/Sep-30.html for details.

Until then, I will set IgnoreServerCertificateValidation to true.