473,388 Members | 1,104 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,388 software developers and data experts.

Secure e-mail with or without SMTP?

SMTP + relay + auth in an IPSEC tunnel to connect to our primary SMTP mail
server (GroupWise) from the Web server looks like it would work fine, but is
it the best way?

I am aware of CDOSYS and some commercial DLLs that allow devs to send mail
from within .ASP and .NET without local SMTP service running.

Is there any OTHER way to connect to an external SMTP server for mail
delivery from a .NET application?
--
Shannon Clyde
Information Security Officer
Travis County Government
Jul 21 '05 #1
3 1909
"=?Utf-8?B?U2hhbm5vbiBDbHlkZQ==?="
<Sh**********@discussions.microsoft.com> wrote in
news:AA**********************************@microsof t.com:
SMTP + relay + auth in an IPSEC tunnel to connect to our primary SMTP
mail server (GroupWise) from the Web server looks like it would work
fine, but is it the best way?
It depends what you want to do - you dont really state what your ultimate goal or constraints are.
I am aware of CDOSYS and some commercial DLLs that allow devs to send
mail from within .ASP and .NET without local SMTP service running.
Indy has an SMTP relay that can do that as well, but you are more likely to be spam trapped if IP is
not registered as an SMTP server. Its free with source:
http://www.indyproject.org/
Is there any OTHER way to connect to an external SMTP server for mail
delivery from a .NET application?


You can do it manualy.. but most SMTP's expect pipelining etc and you have DNS lookups, pass
offs, precedence to handle, etc.. Not easily implemented on your own.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Get your ASP.NET in gear with IntraWeb!
http://www.atozed.com/IntraWeb/
Jul 21 '05 #2
Good point. We have created an eCommerce environment that follows the CISCO
Safe BluePrint for Enterprise Computing. This calls for the isolation of the
Web, Application, and Database server in logical layers and physical tiers.
Our preference is to only run IIS and not SMTP if we can help it. We don't
want to use any insecure protocols, such as Telnet, FTP, SMTP. The goal would
be to get mail from the application within the eCommerce module to the
external SMTP server in the Web Hosting (border) module in a secure way. We
are trying to prevent exploitation of SMTP within the eCommerce module.

Hope that sufficiently explains it.
--
Shannon Clyde
Information Security Officer
Travis County Government
"Chad Z. Hower aka Kudzu" wrote:
"=?Utf-8?B?U2hhbm5vbiBDbHlkZQ==?="
<Sh**********@discussions.microsoft.com> wrote in
news:AA**********************************@microsof t.com:
SMTP + relay + auth in an IPSEC tunnel to connect to our primary SMTP
mail server (GroupWise) from the Web server looks like it would work
fine, but is it the best way?


It depends what you want to do - you dont really state what your ultimate goal or constraints are.
I am aware of CDOSYS and some commercial DLLs that allow devs to send
mail from within .ASP and .NET without local SMTP service running.


Indy has an SMTP relay that can do that as well, but you are more likely to be spam trapped if IP is
not registered as an SMTP server. Its free with source:
http://www.indyproject.org/
Is there any OTHER way to connect to an external SMTP server for mail
delivery from a .NET application?


You can do it manualy.. but most SMTP's expect pipelining etc and you have DNS lookups, pass
offs, precedence to handle, etc.. Not easily implemented on your own.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Get your ASP.NET in gear with IntraWeb!
http://www.atozed.com/IntraWeb/

Jul 21 '05 #3
"=?Utf-8?B?U2hhbm5vbiBDbHlkZQ==?="
<Sh**********@discussions.microsoft.com> wrote in
news:61**********************************@microsof t.com:
SMTP if we can help it. We don't want to use any insecure protocols,
such as Telnet, FTP, SMTP. The goal would be to get mail from the
application within the eCommerce module to the external SMTP server in
the Web Hosting (border) module in a secure way. We are trying to
prevent exploitation of SMTP within the eCommerce module.


System Web mail is VERY basic, it doesnt even do basic (plain text auth) without you manually
altering headers. Indy can do auth though, and SSL (TLS, etc).

http://www.indyproject.org. - Its free, some Im not trying to sell you anything.

How to send a basic email:
http://www.codeproject.com/csharp/IndySMTP.asp
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Develop ASP.NET applications easier and in less time:
http://www.atozed.com/IntraWeb/
Jul 21 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: debedb | last post by:
Hi all, I have a link, <A onClick="javascript:foo()">. The foo() function does w = window.open('', fieldid+'mywindow', prop); w.document.open(); d = w.document; And proceeds to write...
0
by: Mike | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
7
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
1
by: Iulian Ionescu | last post by:
I have a page (http://www.something.com/) and a secure page (https://secure.something.com) and the secure.something.com points to http://www.something.com/secure/ All works ok, but, when I...
3
by: Bill | last post by:
I'm running a C#.Net application that is using the HttpWebRequest to upload an xml file to a https site with FIPS complicancy turned on. On the "GetRequestStream()" method I get: "The underlying...
8
by: todd.freed | last post by:
Hey all, I have been racking my brain all morning to find a solution to this, and I am having no luck. Our webpage is created with Visual Studio C# and ASP.Net, hosted in-house using HTTPS with...
5
by: Joe | last post by:
I have an application which runs in a non-secure environment. I also have an application that runs in a secure environment (both on the same machine). Is there any way to share the session data for...
40
by: Robert Seacord | last post by:
The CERT/CC has released a beta version of a secure integer library for the C Programming Language. The library is available for download from the CERT/CC Secure Coding Initiative web page at:...
6
by: =?Utf-8?B?Q3JhaWc=?= | last post by:
If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....do webservices make the app more...
3
by: zr | last post by:
Hi, Does usage of checked iterators and checked containers make code more secure? If so, can that code considered to be reasonably secure?
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.