我正在尝试在EnableSsl = false中使用EmailConnectionInfo,但似乎smtp连接所使用的smtp client正在尝试使用SSL,因为默认的{{ 1}}设置为SecureSocketOptions。当我手动创建客户端并将the overload与Auto结合使用时,它可以正常工作。
错误:
SecureSocketOptions = None工作环境:
我将Failed to send email: MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.
The SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. The certificate presented by the server is expired or invalid.
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#InvalidSslCertificate for possible solutions. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
设置为ServerCertificateValidationCallback
在我的true中使用时,它可以正常工作:
Program.cs但是,当我尝试在.UseSerilog((hostingContext, loggerConfiguration) =>{
Serilog.Debugging.SelfLog.Enable(Console.WriteLine);
loggerConfiguration.ReadFrom.Configuration(hostingContext.Configuration)
.WriteTo.Email(
new EmailConnectionInfo {
FromEmail = "{email}",
ToEmail = "{email}",
MailServer = "{SMTP IP}",
Port = {PORT},
EnableSsl = false,
EmailSubject = "Something to log",
ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => true
},
outputTemplate: "{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz} [{Level:u3}] {Message:lj}{NewLine}{Exception}",
batchPostingLimit: 1,
restrictedToMinimumLevel: LogEventLevel.Warning);
});
中包含Email sink的所有serilog设置时,appsettings.json无法读取(我的假设)
我的"ServerCertificateValidationCallback": "(senderX, certificate, chain, sslPolicyErrors) => true"
appsettings.json有什么想法吗?
答案 0 :(得分:0)
如您在Mailkit's source code中所见,当SecureSocketOptions.StartTlsWhenAvailable为enableSsl时,它将使用false。 TLS在您的Exchange服务器中可用,因此它正在尝试使用它...
如果Serilog.Sinks.Email曾经公开过一种更改此行为的方法(issue 69 that you reported),这将是一种解决方法,但是我相信正确的解决方法是更新Exchange配置以使用正确的在该连接器上已安装用于TLS通信的证书。
建立TLS入站时,服务器可能会根据名称(自签名证书)获取最接近的匹配项。
您的IT管理员应该能够按照本文“ Configuring the TLS Certificate Name for Exchange Server Receive Connectors”中所述的步骤更新TLS证书。
答案 1 :(得分:0)
我能够利用其他一些问题来完成这项工作,并且没有对回调的支持就可以通过配置直接设置它。这个问题的答案(https://stackoverflow.com/a/59914193/116208)特别有用。如果您按照他的示例进行一些修改。
您可以将ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => true添加到EmailConnectionInfo扩展类的SerilogEmailExtension中
调整Serilog配置“使用”语句以包含已编译的应用程序的名称,以便它可以找到扩展类而不是“ MyApp”:
"Using": [ "Serilog", "Serilog.Sinks.Console", "Serilog.Sinks.File", "MyApp" ],
这应该使您能够实现所有受配置驱动的功能,并且仍然添加回调以绕过异常。