Dnn.Platform icon indicating copy to clipboard operation
Dnn.Platform copied to clipboard
verified publisher icon dnnsoftware

[Bug]: BLOCKING ISSUE after OAUTH test, cannot revert back to SMTP. Suggested fix

Open fablaser opened this issue 2 years ago • 7 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

What happened?

I updated my DNN instance from 9.12 to 9.13. After tried to setup OAUTH2 with exchange, I cannot revert back to a working SMTP configuration with anonymous authentication.

You will get the error "C'è un problema nella configurazione del server SMTP. La posta non è stata inviata. An error occurred while attempting to establish an SSL or TLS connection. The host name did not match the name given in the server's SSL certificate. Il certificato remoto non è stato ritenuto valido dalla procedura di convalida." DNN smtp test

Steps to reproduce?

  1. Upgrade to 9.3
  2. Send a test message from EMAil configuration page using anonymous authentication and SSL off. It will work
  3. Try to setup OAUTH, select Exchange Online. Fill TenantID, ClientID, ClientSecret. Save
  4. Revert back to anonymous authentication, SSL off. Save
  5. You will the the error "C'è un problema nella configurazione del server SMTP. La posta non è stata inviata. An error occurred while attempting to establish an SSL or TLS connection. The host name did not match the name given in the server's SSL certificate. Il certificato remoto non è stato ritenuto valido dalla procedura di convalida."

Current Behavior

No response

Expected Behavior

No response

Relevant log output

C'è un problema nella configurazione del server SMTP. La posta non è stata inviata. An error occurred while attempting to establish an SSL or TLS connection. The host name did not match the name given in the server's SSL certificate. Il certificato remoto non è stato ritenuto valido dalla procedura di convalida.

Anything else?

No response

Affected Versions

9.13.0 (latest release)

What browsers are you seeing the problem on?

Firefox

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

fablaser avatar Oct 12 '23 07:10 fablaser

Hello, I found a temporary fix:

When you change in DNN from standard SMTP to oauth, in web.config mail defaultProvider="CoreMailProvider" will change to "MailKitMailProvider".

When you revert back to standard SMTP, the default provider will remain MailKitMailProvider. In order to manually fix the issue, it is necessary to change MailKitMailProvider to CoreMailProvider.

Please, take in consideration to fix this bug.

fablaser avatar Oct 12 '23 10:10 fablaser

It seems like the MailKitMailProvider does not respect the setting "SSL off", since it's always set to SecureSocketOptions.Auto instead of SecureSocketOptions.None (http://www.mimekit.net/docs/html/T_MailKit_Security_SecureSocketOptions.htm):

https://github.com/dnnsoftware/Dnn.Platform/blob/7631f2c7f187d7e95983980728565914604d8594/DNN%20Platform/Library/Services/Mail/MailKitMailProvider.cs#L106

GerardSmit avatar Oct 12 '23 11:10 GerardSmit

It seems like the MailKitMailProvider does not respect the setting "SSL off", since it's always set to SecureSocketOptions.Auto instead of SecureSocketOptions.None (http://www.mimekit.net/docs/html/T_MailKit_Security_SecureSocketOptions.htm):

https://github.com/dnnsoftware/Dnn.Platform/blob/7631f2c7f187d7e95983980728565914604d8594/DNN%20Platform/Library/Services/Mail/MailKitMailProvider.cs#L106

I don't know, anyway using standard SMTP, DNN should use CoreMailProvider instead of MailKitMailProvider. As I wrote, the default DNN email provider is CoreMailProvider.Using OAUTH, DNN switches to MailKitMailProvider but it will not change when you revert back to SMTP: it remains MailKitMailProvider .

fablaser avatar Oct 12 '23 11:10 fablaser

Related code:

https://github.com/dnnsoftware/Dnn.Platform/blob/7631f2c7f187d7e95983980728565914604d8594/Dnn.AdminExperience/Dnn.PersonaBar.Extensions/Services/ServerSettingsSmtpAdminController.cs#L125-L129

GerardSmit avatar Oct 12 '23 12:10 GerardSmit

It's currently quite tricky on how to handle this. We can remember the original mail provider and restore this once you switch back, however this bring other issues on the table:

  1. Let's say you have mail provider XMailProvider in web.config that doesn't support OAuth.
  2. You switch to OAuth. DNN sees the provider doesn't support OAuth and switches to MailKitProvider and remembers the provider.
  3. You change the provider manually in web.config to YMailProvider.
  4. You switch back to SMTP, causing to restore the original mail provider which is XMailProvider.

We can check if the current provider is MailKitProvider and only then restore it back, but what if you want to keep using MailKitProvider?

I've talked with @valadas about this on Discord in the open source co-coding session. Daniel said it would better to introduce a separate config for the OAuth Mail Provider (for example <oAuthMail>), which is probably better.

What's the best way to tackle this?

GerardSmit avatar Oct 13 '23 20:10 GerardSmit

In my humble opinion, you should never manually change the email provider using web.config, but only using web interface. At the moment, any change using web interface is very risky because it can lead to a broken configuration.

fablaser avatar Oct 16 '23 16:10 fablaser