473,320 Members | 2,112 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Secure e-mail with or without SMTP?

SMTP + relay + auth in an IPSEC tunnel to connect to our primary SMTP mail
server (GroupWise) from the Web server looks like it would work fine, but is
it the best way?

I am aware of CDOSYS and some commercial DLLs that allow devs to send mail
from within .ASP and .NET without local SMTP service running.

Is there any OTHER way to connect to an external SMTP server for mail
delivery from a .NET application?
--
Shannon Clyde
Information Security Officer
Travis County Government
Jul 21 '05 #1
3 1906
"=?Utf-8?B?U2hhbm5vbiBDbHlkZQ==?="
<Sh**********@discussions.microsoft.com> wrote in
news:AA**********************************@microsof t.com:
SMTP + relay + auth in an IPSEC tunnel to connect to our primary SMTP
mail server (GroupWise) from the Web server looks like it would work
fine, but is it the best way?
It depends what you want to do - you dont really state what your ultimate goal or constraints are.
I am aware of CDOSYS and some commercial DLLs that allow devs to send
mail from within .ASP and .NET without local SMTP service running.
Indy has an SMTP relay that can do that as well, but you are more likely to be spam trapped if IP is
not registered as an SMTP server. Its free with source:
http://www.indyproject.org/
Is there any OTHER way to connect to an external SMTP server for mail
delivery from a .NET application?


You can do it manualy.. but most SMTP's expect pipelining etc and you have DNS lookups, pass
offs, precedence to handle, etc.. Not easily implemented on your own.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Get your ASP.NET in gear with IntraWeb!
http://www.atozed.com/IntraWeb/
Jul 21 '05 #2
Good point. We have created an eCommerce environment that follows the CISCO
Safe BluePrint for Enterprise Computing. This calls for the isolation of the
Web, Application, and Database server in logical layers and physical tiers.
Our preference is to only run IIS and not SMTP if we can help it. We don't
want to use any insecure protocols, such as Telnet, FTP, SMTP. The goal would
be to get mail from the application within the eCommerce module to the
external SMTP server in the Web Hosting (border) module in a secure way. We
are trying to prevent exploitation of SMTP within the eCommerce module.

Hope that sufficiently explains it.
--
Shannon Clyde
Information Security Officer
Travis County Government
"Chad Z. Hower aka Kudzu" wrote:
"=?Utf-8?B?U2hhbm5vbiBDbHlkZQ==?="
<Sh**********@discussions.microsoft.com> wrote in
news:AA**********************************@microsof t.com:
SMTP + relay + auth in an IPSEC tunnel to connect to our primary SMTP
mail server (GroupWise) from the Web server looks like it would work
fine, but is it the best way?


It depends what you want to do - you dont really state what your ultimate goal or constraints are.
I am aware of CDOSYS and some commercial DLLs that allow devs to send
mail from within .ASP and .NET without local SMTP service running.


Indy has an SMTP relay that can do that as well, but you are more likely to be spam trapped if IP is
not registered as an SMTP server. Its free with source:
http://www.indyproject.org/
Is there any OTHER way to connect to an external SMTP server for mail
delivery from a .NET application?


You can do it manualy.. but most SMTP's expect pipelining etc and you have DNS lookups, pass
offs, precedence to handle, etc.. Not easily implemented on your own.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Get your ASP.NET in gear with IntraWeb!
http://www.atozed.com/IntraWeb/

Jul 21 '05 #3
"=?Utf-8?B?U2hhbm5vbiBDbHlkZQ==?="
<Sh**********@discussions.microsoft.com> wrote in
news:61**********************************@microsof t.com:
SMTP if we can help it. We don't want to use any insecure protocols,
such as Telnet, FTP, SMTP. The goal would be to get mail from the
application within the eCommerce module to the external SMTP server in
the Web Hosting (border) module in a secure way. We are trying to
prevent exploitation of SMTP within the eCommerce module.


System Web mail is VERY basic, it doesnt even do basic (plain text auth) without you manually
altering headers. Indy can do auth though, and SSL (TLS, etc).

http://www.indyproject.org. - Its free, some Im not trying to sell you anything.

How to send a basic email:
http://www.codeproject.com/csharp/IndySMTP.asp
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Develop ASP.NET applications easier and in less time:
http://www.atozed.com/IntraWeb/
Jul 21 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: debedb | last post by:
Hi all, I have a link, <A onClick="javascript:foo()">. The foo() function does w = window.open('', fieldid+'mywindow', prop); w.document.open(); d = w.document; And proceeds to write...
0
by: Mike | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
7
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
1
by: Iulian Ionescu | last post by:
I have a page (http://www.something.com/) and a secure page (https://secure.something.com) and the secure.something.com points to http://www.something.com/secure/ All works ok, but, when I...
3
by: Bill | last post by:
I'm running a C#.Net application that is using the HttpWebRequest to upload an xml file to a https site with FIPS complicancy turned on. On the "GetRequestStream()" method I get: "The underlying...
8
by: todd.freed | last post by:
Hey all, I have been racking my brain all morning to find a solution to this, and I am having no luck. Our webpage is created with Visual Studio C# and ASP.Net, hosted in-house using HTTPS with...
5
by: Joe | last post by:
I have an application which runs in a non-secure environment. I also have an application that runs in a secure environment (both on the same machine). Is there any way to share the session data for...
40
by: Robert Seacord | last post by:
The CERT/CC has released a beta version of a secure integer library for the C Programming Language. The library is available for download from the CERT/CC Secure Coding Initiative web page at:...
6
by: =?Utf-8?B?Q3JhaWc=?= | last post by:
If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....do webservices make the app more...
3
by: zr | last post by:
Hi, Does usage of checked iterators and checked containers make code more secure? If so, can that code considered to be reasonably secure?
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.