Question

我刚刚从供应商那里继承了一个网站，并浏览了该网站的漏洞和源代码。

该应用程序基于dotnet核心1.1构建，并使用Mailkit通过我们公司代理的SMTP发送电子邮件。

问题是邮件发送功能在发送电子邮件时表现不正常。大多数时候我调试send方法都会出错。我们使用Authentication必需标记并将userId和密码传递给MailKit Authenticate方法

StackTrace消息

AuthenticationInvalidCredentials：5.7.3身份验证失败

在MailKit.Net.Smtp.SmtpClient.Authenticate（编码编码，   ICredentials凭证，CancellationToken cancellationToken）   MailKit.MailService.Authenticate（String userName，String password，   取消语音取消语言）   Rules.Emailer.SendNotification.Send（String to，String from，String   subject，String body）in   C：\工作区\ G□\规则\的emailer \ SendNotification.cs：行   94.在G.Rules.Emailer.UserNotifications.ResetPassword（String

代码段

using (var client = new SmtpClient())
{
    client.Connect(EmailConfiguration.SmtpServer, EmailConfiguration.SmtpPort, EmailConfiguration.UseSsl);

    if (EmailConfiguration.RequiresAuthentication)
    {
        client.Authenticate(EmailConfiguration.Username, EmailConfiguration.Password);
    }

    //TODO: Only Send if PROD
    client.Send(message);
    client.Disconnect(true);
}

return true;
}

Answer 1

对于NTLM连接，您可以尝试：

await client.ConnectAsync(SmtpServer.SenderServer, SmtpServer.Port).ConfigureAwait(false);

if (client.AuthenticationMechanisms.Contains("NTLM"))
{
    var ntlm = new SaslMechanismNtlm(SmtpServer.UserName, SmtpServer.Password);
    await client.AuthenticateAsync(ntlm).ConfigureAwait(false);
}
else
{
    await client.AuthenticateAsync(SmtpServer.UserName, SmtpServer.Password).ConfigureAwait(false);
}

Answer 2

Connected to smtp://<IP>:25/?starttls=when-available
S: 220 <Server_REDACTED>.<DOMAIN_REDACTED>.COM Microsoft ESMTP MAIL Service ready at Tue, 27 Mar 2018 03:22:42 -0400
C: EHLO [10.207.8.74]
S: 250-<Server_REDACTED>.<DOMAIN_REDACTED>.COM Hello [10.207.8.74]
S: 250-SIZE
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-STARTTLS
S: 250-X-ANONYMOUSTLS
S: 250-AUTH NTLM
S: 250-X-EXPS GSSAPI NTLM
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250-XEXCH50
S: 250-XRDST
S: 250 XSHADOW
C: STARTTLS
S: 220 2.0.0 SMTP server ready
C: EHLO [10.207.8.74]
S: 250-<Server_REDACTED>.<DOMAIN_REDACTED>.COM Hello [10.207.8.74]
S: 250-SIZE
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-AUTH NTLM LOGIN
S: 250-X-EXPS GSSAPI NTLM
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250-XEXCH50
S: 250-XRDST
S: 250 XSHADOW
C: AUTH LOGIN
S: 334 VXNlcm5hbWU6
C: <EMAIL_REDACTED>  
S: 334 UGFzc3dvcmQ6
C: <PSWD_REDACTED> 
S: 535 5.7.3 Authentication unsuccessful

dotnet核心网站使用MailKit发送电子邮件

2 个答案: