C# ASP.NET Send Email via TLS

Question

In order to comply with HIPAA regulations, we need to send email from an external site (outside the firewall) to an internal Exchange server (inside the firewall). Our Exchange admins tell us we need to use TLS encryption to send mail from the web server to the email server.

I've never used TLS before and I'm not very familiar with it. Searching on Google as brought up numerous paid-for-use libraries. Is there anything native to .NET that will accomplish this? If so, how do I configure it? If not, is there something free or open source?

Current Configuration:

ASP.NET C# Web Application
2.0 Framework
Using System.Net.Mail to send email and attachments via SMTP
IIS 6.0

`SmtpClient.EnableSsl = true;` ? – Rubens Farias Jan 13 '10 at 14:24 — Rubens Farias, Jan 13 '10 at 14:24

score 80 · Accepted Answer · answered Jan 13 '10 at 14:26

80

TLS (Transport Level Security) is the slightly broader term that has replaced SSL (Secure Sockets Layer) in securing HTTP communications. So what you are being asked to do is enable SSL.

answered Jan 13 '10 at 14:26

David M

71,481
13
158
186

1

Someone had the same issue here: http://bytes.com/topic/net/answers/671675-smtpclient-enablessl-using-tls – o.k.w Jan 13 '10 at 14:32
4

Not every SMTP servers support both TSL and SSL. – cgalvao1993 Apr 15 '14 at 18:37

score 35 · Answer 2 · answered Jan 13 '10 at 14:29

35

On SmtpClient there is an EnableSsl property that you would set.

i.e.

SmtpClient client = new SmtpClient(exchangeServer);
client.EnableSsl = true;
client.Send(msg);

answered Jan 13 '10 at 14:29

Martin Clarke

5,636
7
38
58

3

I like this post since I think it is a good answer, but I'm still a little concerned. If we set EnableSSL to true, will it *guarantee* that *all* email servers *between* the originating email server and receiving email server use SSL or TLS? From my understanding, email may sometimes bounce across *many* servers before it reaches its final destination. – Shawn Eary Jan 10 '16 at 03:53
11

@ShawnEary No, it does not. It simply means the connection between your .NET SMTP client and the initial SMTP server is secure - that's it. Nothing more. There is no provision in SMTP to secure the entire route an email message follows, that's why we have S/MIME for message encryption. – Dai May 08 '17 at 05:08

score 27 · Answer 3 · answered Feb 05 '13 at 12:36

27

I was almost using the same technology as you did, however I was using my app to connect an Exchange Server via Office 365 platform on WinForms. I too had the same issue as you did, but was able to accomplish by using code which has slight modification of what others have given above.

SmtpClient client = new SmtpClient(exchangeServer, 587);
client.Credentials = new System.Net.NetworkCredential(username, password);
client.EnableSsl = true;
client.Send(msg);

I had to use the Port 587, which is of course the default port over TSL and the did the authentication.

answered Feb 05 '13 at 12:36

hiFI

1,887
3
28
57

@hiFl sir, what about the default port for SSL, if I want the smtp client to choose SSL not the TLS? – Alaa' Jan 18 '18 at 12:16
2

465 as the [document says] (https://msdn.microsoft.com/en-us/library/system.net.mail.smtpclient.enablessl(v=vs.110).aspx) – hiFI Jan 19 '18 at 11:15

C# ASP.NET Send Email via TLS

3 Answers3

Linked