search

cosullivan / SmtpServer

A SMTP Server component written in C#
MIT License
690 stars 163 forks source link

Help to use Lets Encrypt with SmtpServer #185

Closed reinaldocoelho closed 1 year ago

reinaldocoelho commented 1 year ago

Hi, I'm having issues with using Lets Encrypt (certbot) + Route53 and SmtpServer. We create the certificate and use it in SmtpServer, but some requests work and some don't.

Does anyone have this problem too?

Using: SmtpServer Version=7.2.0 Dotnet 6.0 Let's Encrypt (with certbot + Route53)

SmtpServer Options and Load:

        public async Task LoadAsync()
        {
            var builder = new SmtpServerOptionsBuilder()
                .ServerName("Mail Server")
                .Port(25)
                .Port(2525, isSecure: true)
                .Port(465, isSecure: true)
                .Port(587, isSecure: true)
                .MessageStore(new ReceivedEmailStore())
                .MailboxFilter(new ReceivedEmailFilter())
                .MaxMessageSize(mailServerConfig.FileSizeLimit)
            ;

            if (isSecure)
            {
                builder.Certificate(CreateX509Certificate2());
                builder.SupportedSslProtocols(SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12 | SslProtocols.Tls13 | SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.Default);
            }

            var options = builder.Build();
            var smtpServer = new SmtpServer.SmtpServer(options);

            await smtpServer.StartAsync(cancellationToken);
        }

        private X509Certificate2 CreateX509Certificate2()
        {
            return new X509Certificate2("/etc/letsencrypt/live/<MX_DOMAIN>/fullchain.pem");
        }

To certificate I have create this policy in AWS Route53:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CertbotRoute53",
            "Effect": "Allow",
            "Action": [
                "route53:GetChange",
                "route53:ListHostedZones"
            ]
        },
        {
            "Sid": "CertbotRoute531",
            "Effect": "Allow",
            "Action": "route53:ChangeResourceRecordSets",
            "Resource": "arn:aws:route53:::hostedzone/<ZONE_ID>"
        }
    ]
}

After policy, to create a certificate we follow the steps:

sudo apt-get -y install certbot python3-certbot-dns-route53
sudo certbot certonly --dns-route53 --agree-tos -m myemail@mydomain.com --non-interactive -d  mx.mydomain.com

After start the server (without problem), my local test show:

ubuntu@ip-10-0-0-123:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 Mail Server v7.2.0.0 ESMTP ready
ehlo server
250-Mail Server Hello server, haven't we met before?
250-PIPELINING
250-8BITMIME
250-SMTPUTF8
250-STARTTLS
250 SIZE 62914560

After all this steps and with the server running, when I send e-mails, some of that are received, and some are not.

Does anyone have this problem too?

reinaldocoelho commented 1 year ago

Hi, I found the problem and solve the issue with correct load Certified.

I base my solution on the follow issue: https://github.com/dotnet/runtime/issues/19581

In resume I was load the certificate in the Windows way and need to load as the Linux way (with Certificate and Private Key).