Nettalk NetSimple email server - StartTLS

KevinErskine · January 16, 2025, 11:15pm

I have a little NetSimple server that only receives emails.

I have the the following steps working - any help on the negotiation part would be appreciated

S: 220-smtp.example.com ESMTP Server
C: EHLO client.example.com
S: 250-smtp.example.com Hello client.example.com
S: 250-AUTH GSSAPI DIGEST-MD5
S: 250-ENHANCEDSTATUSCODES
S: 250 STARTTLS
C: STARTTLS
S: 220 Ready to start TLS (Where I use .SwitchToSSL)

THIS IS WHERE I AM STUCK
The next message back from the email client (outlook) is a 165 byte encrypted string that I do not know what to do with it. I have all the outlook email setting correct i think.

 ... TLS negotiation proceeds, further commands
     protected by TLS layer ...

I have this coded, but it never get to this section

C: EHLO client.example.com
S: 250-smtp.example.com Hello client.example.com
S: 250 AUTH GSSAPI DIGEST-MD5 PLAIN
C: AUTH PLAIN dGVzdAB0ZXN0ADEyMzQ=
S: 235 2.7.0 Authentication successful

Joei · January 17, 2025, 9:48am

Woks for me, hope this helps…

! Init POP

ThisEmailReceive.Server = ‘pop3.provider.com’
!ThisEmailReceive.Port = 110
ThisEmailReceive.Port = 995 ! New

ThisEmailReceive.User = ‘[email protected]’
!ThisEmailReceive.User = ‘[email protected]’
ThisEmailReceive.Password = ‘P@ssw0rd’

ThisEmailReceive.SSL = 1 ! New
ThisEmailReceive.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1 ! New

ThisEmailReceive.OptionsDelete = 1
ThisEmailReceive.OptionsDontSaveAttachments = 0
ThisEmailReceive.OptionsDontSaveEmbeds = 1

! --------------------------------------------------

! Timer

llTimeCnt += 1 ! Sec.

IF llTimeCnt > 30 ! original 60

llTimeCnt = 0

IF llProcessing = 0

ThisEmailReceive.Ask(NET:EmailDownload)    ! Call the Ask() method -> check Mails every 30 secs, llProcessing = 1 if E-Mails in Q

END
END

IF llProcessing ! E-Mails in Q

llProcessing = 0

DO processQueue ! Process the E-Mails

END

Bruce · January 17, 2025, 12:37pm

Hi Kevin,

There is a method called
net.SwitchToSSL()
However I’ve only used it myself in a client context, not a server context, so I’m not sure it’ll work there.

That said, perhaps it’s easier to make your Simple Server TLS all the time.
What you’re seeing at the moment is that the Client program is set to use STARTTLS.
In this mode the client connects to the server on an insecure connection, then tells the server to switch to secure TLS mode.

Most servers (and all clients) also support an alternate approach - which is to use a Secure TLS connection from the start. This is typically done over Port 465. The client doesn’t do the STARTTLS dance - it just connects over TLS from the start. Doing it this way is a lot simpler for you because you just set net.SSL = true, and open the port.

KevinErskine · January 17, 2025, 2:02pm

Thank you, but NetEmailRecieve will not work for me. I am not logging into a mail server to get mail. I am acting as the mail server receiving mail.

KevinErskine · January 17, 2025, 2:03pm

I do use SwitchToSSL after the initial conversation between client/server and that works. it’s the “TLS security negotiation” I am having issue with that occurs after that.

KevinErskine · January 17, 2025, 6:31pm

Resolved: I decided to go with AUTH PLAIN and was able to get a full conversation w/ user/pswd credentials (I will use some other encryption later) authentication and email either rejected or sent based on values.