4

My Smtpclient is working with following setup

SmtpClient client = new SmtpClient();
client.Host = server;
client.UseDefaultCredentials = false;
client.Credentials = new NetworkCredential("username", "totallywrongpassword", "DOMAIN");

try
{
    client.Send(message);
}
 catch
 {
   // no exception is thrown, emails are send
 }

I am providing invalid credentials, yet the emails are being sent.

What am I configuring wrong?

The smtp server and client are on the same local domain.

Mathias Colpaert
  • 652
  • 6
  • 23
  • Your SMTP-server...? – JOSEFtw Nov 20 '15 at 15:09
  • 1
    As the answer says, this is a problem with your SMTP server setup, not with the code you are using. Either it is set up such that it is wide open (bad for you, great for spammers) or it doesn't require authentication for computers on the local domain. How you fix it is dependent upon the server you use, and should be answered on SuperUser. – Ron Beyer Nov 20 '15 at 15:12
  • I suspect this is a problem with `SmtpClient` but I can't confirm it yet. If I provide the right password, my emails get blocked as having no authentication. If I provide the wrong password, my emails get through without authentication. Meanwhile if I use a real mail client my emails get through with proper authentication (`X-Authenticated-User` VS `X-POP-User`). I need a way to inspect what `SmtpClient` is sending... – Dave Cousineau Mar 03 '22 at 22:02
  • Ok using wireshark and disabling SSL (so that I can see all the frames) I can see that from C#, the auth login call fails regardless of whether the password is correct or not. Yes, the server ignores the fact that authentication failed (I think my mail server only starts to require it if you send too much), but using the same username/password combination from both C# and Outlook, C# fails and Outlook succeeds. Basically, SmtpClient is not performing the AUTH LOGIN step correctly, or else maybe the parameters mean something other than what we think they do? – Dave Cousineau Mar 03 '22 at 22:26
  • ok, I have worked out some quirks with the `SmtpClient` class. the answer is not exactly relevant to this question. the reason wrong credentials work is that your SMTP server is not requiring them. but to get correct credentials, there are a couple of things: a) it can be necessary to use `CredentialCache` instead of `NetworkCredential` by itself, in order to specify the authentication scheme. and b) mostly likely you want to leave `DomainName` BLANK because it converts to the form `example.com\username` which is not valid for SMTP. use wireshark to see if you actually get auth OK or not. – Dave Cousineau Mar 03 '22 at 23:04

1 Answers1

3

Most likely is that your SMTP server is set up to allow local networks to send off it without needing credentials. Your code is totally correct and if the server is still letting you send off, I'd contact the administrator first.

Josh
  • 10,352
  • 12
  • 58
  • 109
  • 1
    But I am telling SmptClient to use the Credentials I provided right? Is there an automatic fallback or something? – Mathias Colpaert Nov 20 '15 at 15:11
  • 1
    Yes, you are providing incorrect credentials. But SMTP servers can be set up to not look at (or not verify) credentials from local networks. This seems more like a server problem than a code problem. – Josh Nov 20 '15 at 15:11
  • 1
    @MathiasColpaert I suspect that if authentication is turned off on the server for local connections, it never even prompts the client for credentials and therefore it doesn't matter what you provide. Use a packet sniffer to watch the traffic, I bet you never even see the credentials cross the wire. – mason Nov 20 '15 at 15:12