I have an e-mail script that I am using to send an e-mail inside SSIS. NOT using the e-mail task since I cannot ping a server from the mail task and it is easier from an e-mail script. Also, the script is a lot better in many ways.
This e-mail script is simple, checks if the server exists, validates the e-mails, and sends the e-mail out.
ISSUE: In my "From" line in the e-mail script, I am using my e-mail address, and when I upload my package to the Integration Services Server and run it, the e-mail task sends the mail successfully. But, when someone else runs my package on the server, the e-mail task succeeds but, no e-mail is sent. No exceptions are thrown nor there are any failures overall. When I switch the "From" e-mail address to their e-mail address, and they run the package: it sends the mail. And when I try to run it with their e-mail address in the from line, it fails to send e-mail.
We use this:
mySmtpClient.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
for crendentials.
So, my question is: Is there a workaround for this? Do you think this is a windows authentication issue? If there is a workaround, can you please direct me towards one or provide one?
Thank You.
Hello bank teller, I'm a friend of Bob's and he said I can use his account. Honest. I might take money out but I'll put it back.
This is essentially the conversation that is happening between your mail system and your SSIS package. The mail system isn't trusting that Alice has the authority to send email on Bob's behalf. Why it's silently swallowing the error is dependent on your code. Perhaps there's a status you aren't checking that signals the email was not sent. Update your question with your actual code if you want some eyes to review it.
There are two options for resolution. The first, and probably least agreeable, is to have the From account authorize every possible user. Dumb, horrible and probably violates every practice known to man but it'd entail no code change.
The "right" approach would be to make the From line agree with the Credentials. You'd have some logic to grab the account and assign that to the From line.
Figured out the issue. Just like billinkc mentioned, the "right" approach. We had a hardcoded "From" line which was the reason it failed. Our packages get run by a SQL Job that runs a specific package. The package has the e-mail script that was having Windows Authentication issues due to a mismatch in the authentication. The mismatch was between the person running the SQL job and the From line email user. Hence, they never matched. We added a line to our scritp that gets the user running the job and makes that the From line user. And thus, resolved :)
Related
I have made a VB.NET application. I have read I tutorials that how to use SMTP to send emails from VB.NET, and finally I got one working.
But I have an issue with it, I don't want to bother the user to input all his details like, SMTP server name and all those stuffs.
I just want that a user input their Usename and Password and all other necessary details gets available for the application. Same like thunderbird, as when I enter my Usename and Password in Mozilla thunderbird it automatically get all the other required data and configures my email account.
Now what I want to accomplish is that, a user should fill in their details i.e. Usename and Password & the email using their Usename and Password should be sent to the email specified in the program.
To explain more about the kind of my project is, when an error occurs I want the user to take a screenshot of it and email me it using this method. So that I can look into the bug.
There is no automatic way of doing this. Each email setup is different and there is no automated configuration specification.
Thunderbird has a built in database that it's developers built and maintain to offer this functionality. See: https://support.mozillamessaging.com/en-US/kb/isp-database
You could do the same using the #domain.tld to enable you to match the users email provider with your database.
Microsoft Exchange does offer an automatic configuration endpoint, but I don't think it would prove useful to you as it isn't guaranteed to include SMTP information.
I'm wondering what the best behavior is when a user requests a password reset for an email that doesn't exist.
Context: user is not logged in. They just enter an email and hit a reset button.
If I tell the user requesting the reset immediately that the account doesn't exist, that's both a bit of security hole and a privacy issue.
If I do nothing and it's an innocent mistake (they thought they had an account), they'll be wondering what the heck happened. Most mysterious option, least subject to abuse.
I can send an email that says a password reset has been requested but there's no account (and should be ignored blah blah blah). This seems the least noxious but it is a little subject to abuse.
Update: On further consideration, I don't really so how 1 is a big deal since they can get the same information by simply trying to sign up/use the same email ... unless I'm missing something ...
I personally would go this way:
User enters e-mail address.
Screen says "request will be processed, e-mail has been send" or something along those lines.
If there is no account linked with this e-mail address: don't send a mail, but don't tell the guy requesting.
If there is an account linked with this e-mail: send the reset e-mail including the usual "if this wasn't you simply ignore this mail, if you suspect abuse please contact $foobar"-message.
Here is why i would NOT tell anyone whether an account is linked with this e-mail address: Privacy. If you told everyone, everyone could check if $person is using $service.
Figured i would include why i wouldn't send a mail if there was no such user: Why should i? The user will probably either know which email address he used or try several at once (or only wait a short time span). Of course there are cases in which it would be a bit more userfriendly if one would send those mails, but they aren't important enough to negate the abuse potential.
There is not much abuse potential if only one website does that stuff (as long as they wouldn't send multiple mails in a short timespan), but imagine every webservice going this way. You would just have to collect a few of those services and then emailbomb someone 'you' dislike, without hitting any spamfilter!
Personally, i'm a fan of:
The user enters an email.
Whether or not the email exists, say that it has been requested, and if you do not receive an email shortly, try again or contact us.
In the email, state a password request was submitted, and if it wasn't the user, then to ignore the email.
Also,
If you're worried about bots scraping your site for emails, add a Captcha.
If you're worried about people hacking accounts, add a second layer that prompts for a secret question answer.
In my opinion the third option is the best compromise between user-friendlyness and security. Option 1 seems to be to big of a privacy issue. Using option 2 the user can not know if he has an account, but registered with another email address or if the reset system doesn't work.
I would do something like this
Ask for the username or email
If that email or username is present, send all the email to the person, with the reset password.
Finished :)
I have a vb.net application that uses my gmail smtp server settings and my password to send me the users feedback through the email, (I don't want to show my email to the users)
The problem is I want to store these data securely in the vb.net application so that It's hard for any hackers/crackers through (reverse engineering or programs like cheat engine) to get my gmail account data.
Any ideas are welcome.
You cannot be 100% secure, you could store the email in a resource file and use an obsficator to make it much harder to get at the string but it is possible to break it (encrypted resource files and strings). However Even if you used a different email address and setup a forwarding rule the password for that account could still be comprimised. Anything you have access to in code a hacker could potentially break into as the key will be in clear text at some point.
You have a number of secure options:
Setup a webservice to receive your messages and email them onto you/log them to a database
Log your messages to a 3rd Party system (irc? news? some p2p network, IM system), and pick um the messages later.
Setup a Source Control/issue site for your system, google code/bitbucket/something else that has the ability to receive issues via an api.
I don't know if this makes any sense but what I'd do is let the program run an external PHP script that sends the mail.
Basically, if I'm understanding your question, you don't want the password in clear text in your .exe. Correct?
The solution is simply to ENCRYPT the string in your program, then decrypt it at runtime (pass your decrypted variable to your e-mail function).
Any two-way encryption will work. For example:
http://www.vbdotnetforums.com/security/1240-encrypt-password.html
As other people pointed out saving the password to your email in your application is unsafe because somebody might be able to crack your code and retrieve your password.
For logging errors, I suggest creating a very small PHP script and putting it on a PHP server. When an error occurs in your VB.NET application, the application can send data to this .php script. The script can save the data in a file or in a MySQL database.
All the things you need for sending data to PHP scripts can be found in "System. Net. WebRequest" namespace in VB.NET.
If you cannot use a PHP script, you may use a combination of IsolatedStorage ("System.IO.IsolatedStorage" namespace) and Cryptography ("System.Security.Cryptography" namespace) to save sensitive data. But, this is not completely secure to savvy attackers.
Currently on our system, when a user contacts us, we reply via our admin panel. The user is then sent an email containing our message and the other messages in the conversation.
Then the user has to click on 'Reply to this message' which opens up our website, with a contact enquiry form, and submits the message to the conversation (using a QueryString to tell which conversation it belongs to).
However, a lot of users like to simply reply to the email sent to them.
How can I track their reply and automatically add this to the same conversation?
We're currently using ASP.NET 3.5, IIS6 & SQL Server 2005, however will be upgrading to ASP.NET 4.0, IIS7 & SQL Server 2008
Thanks,
Curt
It's not a full code solution (but hey, that's not what this place is for anyway), but this is a general idea:
Specify a reply-to header in the messages you send (or simply use the from address). Then set up a script that periodically reads the emails send to that address and inserts them into your database (to be viewed). In order to get the correct threads, you can use the in-reply-to header in the message sent to you. I don't know by heart how to find the message-id of a mail you sent, but a little research on your part should reveal that. (if worst comes to worst, you can always BCC yourself the message and read it from there, but there should be easier ways).
Note that some people (most notably GMail) refuse to use in-reply-to headers because of how people use email (though I don't think it would be much of a problem in the case you are describing) and use topics to create threads instead. This may be an easier solution, though it may be less reliable in your case.
I need to check for specific words so that the program will know what smtp client will be used.
For example. If the from textbox will have #yahoo.com on it then the program will make use of the smtp for yahoo.
Or if you know of any way on how to do just the same but with other idea.
You can't make this work in the general case, just a server name isn't enough. The days that SMTP servers accepted an email message without any authentication are long gone. You will need to use the SmtpClient.Credentials property to proof to the server that the user is legit.
Perhaps more to the point, you only need one SMTP server. As long as the user can authenticate, s/he can use the server to distribute email to any recipient. Add a configuration feature to your app so the user can provide the server address, port number and required credentials.
If yourTextBox.Text.Contains("#yahoo.com") Then
'make use of smtp for yahoo
End If
And if you have more complicated phrases/rules to find, make yourself comfortable with regular expressions.