EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SMTP Login throws Connection lost when using wrong password

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#34941
Posted: 11/04/2015 10:14:52
by Ilija Pavlov (Standard support level)
Joined: 12/06/2013
Posts: 13

Hello,

I am trying to login to smtp-mail.outlook.com using TElSMTPClient.

Everything seems to work fine, no problems when using correct parameters.
However, when I try to login using wrong password it fails (as expected) but the exception message is: Connection lost (error code is 10058).

Debugging in Visual Studio I can see that the Login method probably catches an exception which gives more information about why the connection was lost:

Exception thrown: 'SBCmdSSLClient.EElSSLCmdClientError' in SecureBlackbox.SSLClient.dll

Additional information: Unaccepted server reply for command AUTH PLAIN (some key here) (error code is 535).

The questions:
Is this a bug that the original exception is not thrown? We would like to know that the login authentication failed.

Is there another way to show to the user that the username/password combination is wrong and not just connection lost?
#34942
Posted: 11/05/2015 06:03:14
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

In your case the problem is that server returns 535 error, but our code also tries to login the 2nd time using workaround for Apple Mailserver (they use another format for AUTH PLAIN). In general the server should return 535 error again and you should see exception with this information, however your server breaks the connection and thats why "Connection lost" is thrown. We'll improve our code to report authentication related exception in such cases.
#34943
Posted: 11/06/2015 03:00:57
by Ilija Pavlov (Standard support level)
Joined: 12/06/2013
Posts: 13

Hello,

Thank you for the answer.

When can we expect the improvements to be released?
#34944
Posted: 11/06/2015 03:29:57
by Vsevolod Ievgiienko (EldoS Corp.)

SecureBlackbox builds are released every 3-4 weeks. The last build was released on 31 October.
#35238
Posted: 12/17/2015 04:19:22
by Ilija Pavlov (Standard support level)
Joined: 12/06/2013
Posts: 13

Hi,

I have to revive this topic again.
We have now updated to the latest version (14.0.286.0).
I tested the TElSMTPClient.Login to Hotmail (Live) server using wrong user password. The EElSSLCmdClientError is gone (at debug), and we get "Connection lost (error code is 10058)" as before. So basically we still have the same problem, we are unable to tell the user that the authentication failed.

Is there a way to catch authentication exception at login?
#35240
Posted: 12/17/2015 07:32:39
by Vsevolod Ievgiienko (EldoS Corp.)

I've just checked that valid EElSSLCmdClientError exception is thrown in case of wrong login/password.

Please check if old assemblies were not cached somewhere and new assemblies are used. If correct assemblies are used, then check if the same problem occurs with our sample and post exact parameter values that we can use to reproduce the problem.
#35242
Posted: 12/17/2015 09:39:02
by Ilija Pavlov (Standard support level)
Joined: 12/06/2013
Posts: 13

Hi,

The assemblies look correct to me, I think there is no old assemblies.
I can double-check, but here is an example also:

Code
class Program
   {
      const string SecureBlackBox = XXX;

      static void Main(string[] args)
      {
         SBUtils.Unit.SetLicenseKey(SecureBlackBox);

         TElSMTPClient m_smtpClient = new TElSMTPClient() { SocketTimeout = 30000, Enabled = false };

         m_smtpClient.Username = "random@hotmail.com";
         m_smtpClient.Password = "wrongpassword";

         m_smtpClient.Address = "smtp-mail.outlook.com";
         m_smtpClient.Port = 587;
         m_smtpClient.UseSSL = true;
         m_smtpClient.SSLMode = SBSSLCommon.TSBSSLMode.smExplicit;
         m_smtpClient.Versions = (short)4 | 8 | 16;
         m_smtpClient.AllowAuthentication = true;

         m_smtpClient.OnCertificateValidate += M_smtpClient_OnCertificateValidate;

         try
         {
            m_smtpClient.Open();
            m_smtpClient.Login(String.Empty);
            m_smtpClient.Close();
         }
         catch(Exception exc)
         {
            Console.WriteLine(exc.Message);
         }
      }

      private static void M_smtpClient_OnCertificateValidate(object Sender, SBX509.TElX509Certificate X509Certificate, ref bool Validate)
      {
         Validate = true;
      }
   }
#35250
Posted: 12/17/2015 15:48:38
by Vsevolod Ievgiienko (EldoS Corp.)

Indeed the exception is reported incorrectly in your case. We've already implemented workaround for such situation, but now have to investigate why it doesn't work in your case.

I've just improved the code to work in your case. The improvement will be included to the next build.
#35691
Posted: 01/26/2016 02:49:58
by Niklas Kjellander (Standard support level)
Joined: 09/30/2008
Posts: 49

Is this
Quote
improvement
included in the Version 14.0.287 Maintenance update?

It's not included in the What's new document.
#35692
Posted: 01/26/2016 02:52:55
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
included in the Version 14.0.287 Maintenance update?

Yes its included.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 3577 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!