我要使用该主机“ mail.rayatak.ir”发送电子邮件。当我使用以下代码时,该主机与“ smtp.gmail.com”主机配合使用,但不适用于主机“ mail.rayatak”。 ir“
var emailFrom = "test@rayatak.ir";
var emailFromPassword = "********";
var emailAddress = "mail.rayatak.ir";
int emailPort = 587;
bool enableSsl = false;
MimeMessage message = new MimeMessage();
MailboxAddress from = new MailboxAddress("کاوانو",emailFrom);
message.From.Add(from);
MailboxAddress to = new MailboxAddress("soheila tarighi", email);
message.To.Add(to);
message.Subject = _subject;
BodyBuilder bodyBuilder = new BodyBuilder();
//bodyBuilder.HtmlBody = _subject;
bodyBuilder.TextBody = htmlMessage;
message.Body = bodyBuilder.ToMessageBody();
MailKit.Net.Smtp.SmtpClient client = new MailKit.Net.Smtp.SmtpClient();
client.Connect(emailAddress, emailPort, enableSsl);
client.Authenticate(emailFrom,emailFromPassword);
client.Send(message);
client.Disconnect(true);
client.Dispose();
return true;
}
错误消息:尝试建立SSL或TLS连接时发生错误。
由于以下一个或多个原因,系统不信任服务器提供的SSL证书: 1.服务器正在使用无法验证的自签名证书。 2.本地系统缺少验证服务器证书所需的根证书或中间证书。 3.服务器提供的证书已过期或无效。
有关可能的解决方案,请参见https://github.com/jstedfast/MailKit/blob/master/FAQ.md#InvalidSslCertificate。
答案 0 :(得分:1)
编辑1:在意识到邮件服务器支持StartTLS之后,通过回答进行了更新。我先前的答案有效,但最终将禁用TLS。
我很难阅读C#文档,但是基于这些错误,看来与服务器提供的SSL证书存在冲突。
可以通过以下方式验证
(1)openssl s_client -starttls smtp -connect mail.rayatak.ir:587:
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = linux4.centraldnserver.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=linux4.centraldnserver.com
i:/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
1 s:/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGTDCCBTSgAwIBAgIRALw+rbP69c12HEJI/8joavQwDQYJKoZIhvcNAQELBQAw
cjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMRAwDgYDVQQHEwdIb3VzdG9uMRUw
EwYDVQQKEwxjUGFuZWwsIEluYy4xLTArBgNVBAMTJGNQYW5lbCwgSW5jLiBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xOTAyMTUwMDAwMDBaFw0yMDAyMTUyMzU5
NTlaMF4xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UE
CxMLUG9zaXRpdmVTU0wxIzAhBgNVBAMTGmxpbnV4NC5jZW50cmFsZG5zZXJ2ZXIu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+Mu5eRJYswwqdJe
urBluXlI7o6DKBExq/vHwReGIAlXOQ+lqdOekPhncRpCdPghQnwlLaoMqaKylnv4
0JGIS1OLENcr01aXdcB9Hja//SGMsIPZKk4EcmpqRlY2sx9oontMv9pPfXfepG6t
19HeeQ0PiMiYvEcdxRTLTDuZDXAizFskj22vecFOz69xmGC4jLQMVYLxQwMZQhlL
BunaP61SjjlfAY1yZqBuCv40TIlonSN+cYy9YS2yVo/y+uXBJyPg3nXZqK82Qe6L
w85KUxF8tLkWXKqYI2FlTdL8zAoJz72iXe7MV8eN0w1h3GaG1ClQ1Y4DVKIB2TDc
xDBIpwIDAQABo4IC7zCCAuswHwYDVR0jBBgwFoAUfgNaZUFrp34K4bidCOodjh1q
x2UwHQYDVR0OBBYEFOgLYDVv7Oap31i7TfDkkV0E4iQjMA4GA1UdDwEB/wQEAwIF
oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBP
BgNVHSAESDBGMDoGCysGAQQBsjEBAgI0MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8v
c2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9
hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9jUGFuZWxJbmNDZXJ0aWZpY2F0aW9u
QXV0aG9yaXR5LmNybDB9BggrBgEFBQcBAQRxMG8wRwYIKwYBBQUHMAKGO2h0dHA6
Ly9jcnQuY29tb2RvY2EuY29tL2NQYW5lbEluY0NlcnRpZmljYXRpb25BdXRob3Jp
dHkuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wRQYD
VR0RBD4wPIIabGludXg0LmNlbnRyYWxkbnNlcnZlci5jb22CHnd3dy5saW51eDQu
Y2VudHJhbGRuc2VydmVyLmNvbTCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3ALvZ
37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABaO6Rk4EAAAQDAEgwRgIh
AIW7pF1H/MtuoW0bkTimS1ignt7Vq0DLrfjS1ER/ZnoVAiEAyKUVUAwyXclaoEHH
Bi5NeKsgfEII511jzYhJN+Fp5XMAdgBep3P531bA57U2SH3QSeAyepGaDIShEhKE
GHWWgXFFWAAAAWjukZOkAAAEAwBHMEUCIEJJTJ/gUgV8sfvJ0JemD/U7XQS2YEE8
VVCSJM5ZWX4VAiEA/XASQcAz4IxD/gG3GEkl3VfJcrD+LXb3mvbFV4tdPi0wDQYJ
KoZIhvcNAQELBQADggEBAH8xA/E73cmQKNMs4v7hX2nndj9f1jTi+6745shDNn0K
lm8syaI55QqMNGh0OinUjlYnNW861crUYjOp6GlPMBM9KMEBHsMo8Be39m004sDt
po0zWe8wzdD6lvqGZ9HBvjoAyScrdQu4EHqVvSNC7HCJVUezRLlrW/Z1PI85Cdj4
kJch/H1IT0eNWadXrF/XLrSM+UyRMuWJ2HwaYmABrm8L/sBRkC7bE74BEwcJcDo0
SjfleM+HVqI4x6+frpwP3g0FlSZ+75AAMbjK1x2+t0th7LwMVeShDUidaDPype9x
z30ml6Nun9oTX2Ha6Ea3Ymu9YIwDJ5Amxj14faMktNE=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=linux4.centraldnserver.com
issuer=/C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5430 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 964B697E5F8A7766FA5D19CD237DADEC57D4BE2A6E00E603D9B1FC4D364F0BA5
Session-ID-ctx:
Master-Key: E12497F3E9C4AACAA10FAF2374DBC6D098898F2E5A3B538BB38750F9E938863DD1A253ABE27AB3B6605ABCB992C84E68
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1567999858
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
并通过检查SAN扩展(2)openssl s_client -starttls smtp -connect mail.rayatak.ir:587 | openssl x509 -text -noout | grep DNS::
DNS:linux4.centraldnserver.com, DNS:www.linux4.centraldnserver.com
请注意,证书(CN=linux4.centraldnserver.com)中的规范名称与您使用mail.rayatak.ir进行连接的域名不匹配,并且SAN扩展名不包含mail.rayatak.ir。
修复:
client.ServerCertificateValidationCallback = (s,c,h,e) => true;
client.Connect(emailAddress, emailPort, SecureSocketOptions.StartTls)