System.Net.Mail unable to Authenticate against some third party SMTP Servers


I recently ran into an issue where one of my customer was unable to send mail using System.Net.Mail(.Net 2.0), we always got the "Authentication failed" error.

We tried sending mail using Microsoft CDO for Windows 2000 Library(Cdosys) and System.Web.Mail and the mails went just fine. if Cdosys works System.Web.Mail(SWM) would normally work because SWM is essentially a wrapper over Cdosys. How can you send mails using Cdosys? Click here

Why is one API able to send mail and the other fails? We enabled Network Tracing in our .net code and below is what the logs show:

System.Net.Sockets Verbose: 0 : [7240] 00000000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : 220 mail.XYZYZYZ
System.Net.Sockets Verbose: 0 : [7240] 00000010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : XYZXYZZ.com ESMT
System.Net.Sockets Verbose: 0 : [7240] 00000020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 : P Gday mate..
System.Net.Sockets Verbose: 0 : [7240] Exiting Socket#32176063::Receive() -> 45#45
System.Net.Sockets Verbose: 0 : [7240] Socket#32176063::Send()
System.Net.Sockets Verbose: 0 : [7240] Data from Socket#32176063::Send
System.Net.Sockets Verbose: 0 : [7240] 00000000 : 45 48 4C 4F 20 41 4B 41-53 48 42 0D 0A : EHLO AKASHB..
System.Net.Sockets Verbose: 0 : [7240] Exiting Socket#32176063::Send() -> 13#13
System.Net.Sockets Verbose: 0 : [7240] Socket#32176063::Receive()
System.Net.Sockets Verbose: 0 : [7240] Data from Socket#32176063::Receive
System.Net.Sockets Verbose: 0 : [7240] 00000000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : 250-mail.XYZYZYZ
System.Net.Sockets Verbose: 0 : [7240] 00000010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : XYZXYZZ.com..250
System.Net.Sockets Verbose: 0 : [7240] 00000020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : -PIPELINING..250
System.Net.Sockets Verbose: 0 : [7240] 00000030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : -SIZE 20971520..
System.Net.Sockets Verbose: 0 : [7240] 00000040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : 250-VRFY..250-ET
System.Net.Sockets Verbose: 0 : [7240] 00000050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : RN..250-AUTH PLA
System.Net.Sockets Verbose: 0 : [7240] 00000060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : IN LOGIN..250-EN
System.Net.Sockets Verbose: 0 : [7240] 00000070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : HANCEDSTATUSCODE
System.Net.Sockets Verbose: 0 : [7240] 00000080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : S..250-8BITMIME.
System.Net.Sockets Verbose: 0 : [7240] 00000090 : 00 00 00 00 00 00 00 00-00 00 : .250 DSN..
System.Net.Sockets Verbose: 0 : [7240] Exiting Socket#32176063::Receive() -> 154#154
System.Net Verbose: 0 : [7240] SmtpLoginAuthenticationModule#61150033::Authenticate()
System.Net Verbose: 0 : [7240] Exiting SmtpLoginAuthenticationModule#61150033::Authenticate()
System.Net.Sockets Verbose: 0 : [7240] Socket#32176063::Send()
System.Net.Sockets Verbose: 0 : [7240] Data from Socket#32176063::Send
System.Net.Sockets Verbose: 0 : [7240] 00000000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : AUTH login Y2222
System.Net.Sockets Verbose: 0 : [7240] 00000010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : Wwwwwwwwwwwwwwww
System.Net.Sockets Verbose: 0 : [7240] 00000020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 : mmmmmmmmmmm..
System.Net.Sockets Verbose: 0 : [7240] Exiting Socket#32176063::Send() -> 45#45
System.Net.Sockets Verbose: 0 : [7240] Socket#32176063::Receive()
System.Net.Sockets Verbose: 0 : [7240] Data from Socket#32176063::Receive
System.Net.Sockets Verbose: 0 : [7240] 00000000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : 334 VXNlcm5hbWU6
System.Net.Sockets Verbose: 0 : [7240] 00000010 : 0D 0A : ..
System.Net.Sockets Verbose: 0 : [7240] Exiting Socket#32176063::Receive() -> 18#18
System.Net Verbose: 0 : [7240] SmtpLoginAuthenticationModule#61150033::Authenticate()
System.Net Verbose: 0 : [7240] Exiting SmtpLoginAuthenticationModule#61150033::Authenticate()
System.Net.Sockets Verbose: 0 : [7240] Socket#32176063::Send()
System.Net.Sockets Verbose: 0 : [7240] Data from Socket#32176063::Send
System.Net.Sockets Verbose: 0 : [7240] 00000000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : xxxxxxxxxxxxxxxx=
System.Net.Sockets Verbose: 0 : [7240] 00000010 : 0D 0A : ..
System.Net.Sockets Verbose: 0 : [7240] Exiting Socket#32176063::Send() -> 18#18
System.Net.Sockets Verbose: 0 : [7240] Socket#32176063::Receive()
System.Net.Sockets Verbose: 0 : [7240] Data from Socket#32176063::Receive
System.Net.Sockets Verbose: 0 : [7240] 00000000 : 33 33 34 20 55 47 46 7A-63 33 64 76 63 6D 51 36 : 334 UGFzc3dvcmQ6
System.Net.Sockets Verbose: 0 : [7240] 00000010 : 0D 0A : ..
System.Net.Sockets Verbose: 0 : [7240] Exiting Socket#32176063::Receive() -> 18#18
System.Net Verbose: 0 : [7240] SmtpLoginAuthenticationModule#61150033::Authenticate()
System.Net Verbose: 0 : [7240] Exiting SmtpLoginAuthenticationModule#61150033::Authenticate()
System.Net Error: 0 : [7240] Exception in the SmtpClient#3888474::Send - Authentication failed.

Note:Data in the logs has been altered to hide confidential information

To request LOGIN authentication, the client issues the AUTH command with the parameter LOGIN and the user name to be used for authentication, base64-encoded as specified in [RFC4648]. For example, if the client's user name was "Charlie", then the client would initiate AUTH LOGIN as follows (AUTH_LOGIN_COMMAND_USER):

AUTH LOGIN Q2hhcmxpZQ==<CR><LF>

If AUTH LOGIN is not supported, then the server should responds with a 504 error Message as specified in [RFC4954] section 4. If AUTH LOGIN is supported on the server, then the server responds with the AUTH_LOGIN_Password_Challenge:

334 UGFzc3dvcmQ6<CR><LF>

The client then responds with the password to be used for authentication, base64-encoded as specified in [RFC4648]. For example, if the client's password was "password", then client would respond with the following Login_Password_Response:

cGFzc3dvcmQ=<CR><LF>

If the authentication is successful, then the server issues a LOGIN_Succeeded_Response or a LOGIN_Failed_Response, corresponding to a 235 reply for success or a 535 reply for a failure [RFC4954].

In this case, even though the user name is passed with the AUTH LOGIN the server responds with the AUTH_LOGIN_Username_Challenge again:

334 VXNlcm5hbWU6<CR><LF>

Now since the client has already sent the user name, it instead of sending the user name, sends the password. The server then responds with the AUTH_LOGIN_Password_Challenge:

334 UGFzc3dvcmQ6<CR><LF>

The client then sends nothing and the Authentication fails! We can clearly see that the SMTP server is not respecting the user name sent with the AUTH LOGIN command. It is optional for the client to send the user name([initial-response]) with the AUTH LOGIN command, if sent the SMTP server should respect it. More details about the SMTP Service Extension for Authentication can be found in the [RFC4954].

Why did Cdosys and SWM work? Both the API’s do not send the user name along with the AUTH LOGIN and therefore everything works fine.

Is there a way we can change this behaviour of System.Net.Mail i.e. not send the user name along with the AUTH LOGIN? No.

What are the alternatives?

1)Use CDOSYS (Does not send the User Name with the AUTH Login)

2)Use System.Web.Mail (Does not send the User Name with the AUTH Login)

3)Contact the SMTP Server owner and have them fix the server.

Enjoy!

Comments (2)

  1. Dave Boal says:

    After InitializeSecurityContext(), since SmtpNegotiateAuthenticationModule() is eliminated by above code, the next action is Authenticate().

    Can you tell by looking at the log below why Authentication is failing?  Thank you!

    HERE ARE 3 CLUES:

    1. Telnet into to EHLO gives the following results:

    220 mail.namechanged.com ESMTP Postfix

    ehlo d820

    250-mail.namechanged.com

    250-PIPELINING

    250-SIZE 10485760

    250-VRFY

    250-ETRN

    250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI

    250-STARTTLS

    250-ENHANCEDSTATUSCODES

    250-8BITMIME

    250 DSN

    1. SMTPClient.EnableSSL = true.
    2. BlockGSSAPINTLMCredential has been and not been implemented and whether it is or not, makes little obvious difference in the comparative logs.

    HERE IS THE LOG with BlockGSSAPINTLMCredential enabled:

    System.Net Verbose: 0 : [5100] SmtpLoginAuthenticationModule#24893793::Authenticate()

    System.Net Verbose: 0 : [5100] Exiting SmtpLoginAuthenticationModule#24893793::Authenticate()

    System.Net.Sockets Verbose: 0 : [5100] Socket#21289199::Send()

    System.Net.Sockets Verbose: 0 : [5100] Data from Socket#21289199::Send

    System.Net.Sockets Verbose: 0 : [5100] 00000000 : 17 03 01 00 25 17 E3 33-71 BD 1C 4B E5 32 D7 2A : ….%..3q..K.2.*

    System.Net.Sockets Verbose: 0 : [5100] 00000010 : 95 89 BF 77 C0 23 29 19-12 1E 2A E8 E2 92 3E D3 : …w.#)…*…>.

    System.Net.Sockets Verbose: 0 : [5100] 00000020 : 73 B4 D6 5F 12 BC 15 35-2E 88                   : s.._…5..

    System.Net.Sockets Verbose: 0 : [5100] Exiting Socket#21289199::Send() -> 42#42

    System.Net.Sockets Verbose: 0 : [5100] Socket#21289199::Receive()

    System.Net.Sockets Verbose: 0 : [5100] Data from Socket#21289199::Receive

    System.Net.Sockets Verbose: 0 : [5100] 00000000 : 17 03 01 00 22                                  : …."

    System.Net.Sockets Verbose: 0 : [5100] Exiting Socket#21289199::Receive() -> 5#5

    System.Net.Sockets Verbose: 0 : [5100] Socket#21289199::Receive()

    System.Net.Sockets Verbose: 0 : [5100] Data from Socket#21289199::Receive

    System.Net.Sockets Verbose: 0 : [5100] 00000005 : 4C 3F DE 43 0C 25 60 5B-54 E7 55 99 48 71 B4 F9 : L?.C.%`[T.U.Hq..

    System.Net.Sockets Verbose: 0 : [5100] 00000015 : C1 28 AD A7 58 A2 A9 0E-A4 8C 40 AD 10 D6 DE EB : .(..X…..@…..

    System.Net.Sockets Verbose: 0 : [5100] 00000025 : A8 08                                           : ..

    System.Net.Sockets Verbose: 0 : [5100] Exiting Socket#21289199::Receive() -> 34#34

    System.Net Verbose: 0 : [5100] SmtpLoginAuthenticationModule#24893793::Authenticate()

    System.Net Verbose: 0 : [5100] Exiting SmtpLoginAuthenticationModule#24893793::Authenticate()

    System.Net.Sockets Verbose: 0 : [5100] Socket#21289199::Send()

    System.Net.Sockets Verbose: 0 : [5100] Data from Socket#21289199::Send

    System.Net.Sockets Verbose: 0 : [5100] 00000000 : 17 03 01 00 1E 6F A2 85-EF D4 97 D0 33 23 2D F3 : …..o……3#-.

    System.Net.Sockets Verbose: 0 : [5100] 00000010 : CF 44 77 66 64 A0 A1 B2-30 91 9D 12 C2 B2 23 31 : .Dwfd…0…..#1

    System.Net.Sockets Verbose: 0 : [5100] 00000020 : E6 5E FA                                        : .^.

    System.Net.Sockets Verbose: 0 : [5100] Exiting Socket#21289199::Send() -> 35#35

    System.Net.Sockets Verbose: 0 : [5100] Socket#21289199::Receive()

    System.Net.Sockets Verbose: 0 : [5100] Data from Socket#21289199::Receive

    System.Net.Sockets Verbose: 0 : [5100] 00000000 : 17 03 01 00 22                                  : …."

    System.Net.Sockets Verbose: 0 : [5100] Exiting Socket#21289199::Receive() -> 5#5

    System.Net.Sockets Verbose: 0 : [5100] Socket#21289199::Receive()

    System.Net.Sockets Verbose: 0 : [5100] Data from Socket#21289199::Receive

    System.Net.Sockets Verbose: 0 : [5100] 00000005 : 68 1C 6D B3 45 FB 04 72-76 71 72 A5 39 54 99 19 : h.m.E..rvqr.9T..

    System.Net.Sockets Verbose: 0 : [5100] 00000015 : FD BA 9E 6C 24 57 DA 18-9A AA 5C C6 31 24 0A F5 : …l$W…..1$..

    System.Net.Sockets Verbose: 0 : [5100] 00000025 : 86 43                                           : .C

    System.Net.Sockets Verbose: 0 : [5100] Exiting Socket#21289199::Receive() -> 34#34

    System.Net Verbose: 0 : [5100] SmtpLoginAuthenticationModule#24893793::Authenticate()

    System.Net Verbose: 0 : [5100] Exiting SmtpLoginAuthenticationModule#24893793::Authenticate()

    System.Net Error: 0 : [5100] Exception in the SmtpClient#45570991::Send – Authentication failed.

    System.Net Error: 0 : [5100]    at System.Net.Mail.SmtpConnection.GetConnection(String host, Int32 port)

      at System.Net.Mail.SmtpTransport.GetConnection(String host, Int32 port)

      at System.Net.Mail.SmtpClient.GetConnection()

      at System.Net.Mail.SmtpClient.Send(MailMessage message)

    System.Net.Sockets Verbose: 0 : [5100] Socket#21289199::Dispose()

    System.Net Verbose: 0 : [5100] Exiting SmtpClient#45570991::Send()

  2. Akashb says:

    With SSl enabled… No. Does it work when EnableSSL = False?

Skip to main content