search

gopu23 / skpsmtpmessage

Automatically exported from code.google.com/p/skpsmtpmessage
0 stars 0 forks source link

SMTP Fails with TLS timeout from iPhone but not from XCode Simulator #21

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The current (and prior) versions of skpsmtpmessage fails when connecting to my 
mail server with an SSL_accept error.  This is happening with several iPhone 
programs that I have 
purchased which use the library (Emailer and Multi-Photo).

I have built the latest version but can only run it in Simulator as I don't 
have a developer key to allow me to deploy a build on my iPhone.  In the 
simulator the code seems to work just 
fine and I'm able to send from SMTPSender without problems.  However, from the 
iPhone it fails using the two programs from other developers and they are also 
using the latest 
versions.

This has been tested from several different networks for both iPhone and 
Simulator as well as via ATT Edge.

From the iPhone console:

unknownMulti-Photo[1124] <Warning>: C: Attempting to connect to server at: 
mail.SERVER.net:25
unknownMulti-Photo[1124] <Warning>: Got bytes: 220 mars.SERVER.net ESMTP 
Postfix\r\n
unknownMulti-Photo[1124] <Warning>: *** stopping watchdog ***
unknownMulti-Photo[1124] <Warning>: S: 220 mars.SERVER.net ESMTP Postfix
unknownMulti-Photo[1124] <Warning>: C: EHLO localhost\r\n
unknownMulti-Photo[1124] <Warning>: *** starting short watchdog ***
unknownMulti-Photo[1124] <Warning>: Got bytes: 
250-mars.SERVER.net\r\n250-PIPELINING\r\n250-SIZE 
16240000\r\n250-VRFY\r\n250-ETRN\r\n250-STARTTLS\r\n250 
8BITMIME\r\n
unknownMulti-Photo[1124] <Warning>: S: 250-mars.SERVER.net
unknownMulti-Photo[1124] <Warning>: S: 250-PIPELINING
unknownMulti-Photo[1124] <Warning>: S: 250-SIZE 16240000
unknownMulti-Photo[1124] <Warning>: S: 250-VRFY
unknownMulti-Photo[1124] <Warning>: S: 250-ETRN
unknownMulti-Photo[1124] <Warning>: S: 250-STARTTLS
unknownMulti-Photo[1124] <Warning>: C: STARTTLS\r\n
unknownMulti-Photo[1124] <Warning>: S: 250 8BITMIME
unknownMulti-Photo[1124] <Warning>: Got bytes: 220 Ready to start TLS\r\n
unknownMulti-Photo[1124] <Warning>: S: 220 Ready to start TLS
unknownMulti-Photo[1124] <Warning>: Beginning TLSv1...
unknownkernel[0] <Debug>: Multi-Photo 1124 FS_WRITE_DATA SBF 
/System/Library/Frameworks/Security.framework/TrustStore.sqlite3 13 (seatbelt)
unknownkernel[0] <Debug>: Multi-Photo 1124 FS_WRITE_DATA SBF 
/private/var/Keychains/TrustStore.sqlite3 13 (seatbelt)
unknownMulti-Photo[1124] <Warning>: *** starting short watchdog ***
unknownMulti-Photo[1124] <Warning>: *** stopping watchdog ***

From the mail server log:

postfix/smtpd[25399]: connect from plns.epix.net[207.7.164.1]
postfix/smtpd[25399]: setting up TLS connection from plns.epix.net[207.7.164.1]
postfix/smtpd[25399]: SSL_accept error from plns.epix.net[207.7.164.1]: -1
postfix/smtpd[25399]: lost connection after STARTTLS from 
plns.epix.net[207.7.164.1]
postfix/smtpd[25399]: disconnect from plns.epix.net[207.7.164.1]

From XCode:
SMTPSender[21667:20b] C: Attempting to connect to server at: mail.SERVER.net:25
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 220 mars.SERVER.net ESMTP Postfix
SMTPSender[21667:20b] C: EHLO localhost
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-mars.SERVER.net
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-PIPELINING
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-SIZE 16240000
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-VRFY
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-ETRN
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-STARTTLS
SMTPSender[21667:20b] C: STARTTLS
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250 8BITMIME
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 220 Ready to start TLS
SMTPSender[21667:20b] Beginning TLSv1...
SMTPSender[21667:20b] C: EHLO localhost
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-mars.SERVER.net
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-PIPELINING
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-SIZE 16240000
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-VRFY
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-ETRN
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-AUTH PLAIN LOGIN
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250-AUTH=PLAIN LOGIN
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250 8BITMIME
SMTPSender[21667:20b] C: AUTH PLAIN AG53ja1WFuY233EAdGl03YTVzbXg=
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 235 Authentication successful
SMTPSender[21667:20b] C: MAIL FROM:<username@SERVER.com>
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250 Ok
SMTPSender[21667:20b] C: RCPT TO:<username@SERVER.com>
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250 Ok
SMTPSender[21667:20b] C: DATA
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 354 End data with <CR><LF>.<CR><LF>
SMTPSender[21667:20b] C: Date: Sun, 22 Feb 2009 09:46:28 -0500
dSMTPSender[21667:20b] *** starting long watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 250 Ok: queued as 1589E65C024
SMTPSender[21667:20b] C: QUIT
SMTPSender[21667:20b] *** starting short watchdog ***
SMTPSender[21667:20b] *** stopping watchdog ***
SMTPSender[21667:20b] S: 221 Bye
SMTPSender[21667:20b] delegate - message sent
SMTPSender[21667:20b] *** stopping watchdog ***

postfix/smtpd[25713]: connect from epix.net[207.7.164.1]
postfix/smtpd[25713]: setting up TLS connection from epix.net[207.7.164.1]
postfix/smtpd[25713]: TLS connection established from epix.net[207.7.164.1]: 
TLSv1 with cipher AES128-SHA (128/128 bits)
postfix/smtpd[25713]: 1589E65C024: client=epix.net[207.7.164.1], 
sasl_method=PLAIN, sasl_username=username
postfix/cleanup[25750]: 1589E65C024: 
message-id=<9722EDEE07714BD9BABDA3DA5BA789D9@mail.SERVER.net>
postfix/qmgr[22699]: 1589E65C024: from=<username@SERVER.com>, size=791, nrcpt=1 
(queue active)
deliver(username): msgid=<9722EDEE07714BD9BABDA3DA5BA789D9@mail.SERVER.net>: 
saved mail to INBOX
postfix/local[25768]: 1589E65C024: to=<username@SERVER.com>, relay=local, 
delay=1, status=sent (delivered to command: /usr/local/libexec/dovecot/deliver)
postfix/qmgr[22699]: 1589E65C024: removed
postfix/smtpd[25713]: disconnect from epix.net[207.7.164.1]

Original issue reported on code.google.com by ncia...@gmail.com on 22 Feb 2009 at 2:55

GoogleCodeExporter commented 9 years ago 
Replacing the lines (should be around line 430 in SKPSMTPMessage.m. Can't say 
exactly as I added some lines to turn on/off the NSLogs with a define)

    CFWriteStreamWriteFully((CFWriteStreamRef)outputStream, (const uint8_t *)[ehlo UTF8String], [ehlo lengthOfBytesUsingEncoding:NSUTF8StringEncoding]);
    [self startShortWatchdog];

with this try catch Block

@try {
    CFWriteStreamWriteFully((CFWriteStreamRef)outputStream, (const uint8_t *)[ehlo UTF8String], [ehlo lengthOfBytesUsingEncoding:NSUTF8StringEncoding]);
    [self startShortWatchdog];
}
@catch (NSException * e) {
    [self stopWatchdog];
    error = [NSError errorWithDomain:@"SKPSMTPMessageError" 
                               code:kSKPSMTPErrorTLSFail
                         userInfo:[NSDictionary dictionaryWithObject:NSLocalizedString(@"Unable to start TLS", @"")
                            forKey:NSLocalizedDescriptionKey]];
    encounteredError = YES;
}

did help. The problem was, that the server did talk about TLS when contacted by 
the iPhone, but didn't reall support it. Causing the timeout and with it an 
uncaught exception that crashes the 
app.

Original comment by goo...@ambertation.de on 9 Mar 2009 at 7:30

GoogleCodeExporter commented 9 years ago 
Another thing is that if the mail server supports only SSL protocol which defer 
from STL protocol implementation, you need to add the following lines of code

 if ((inputStream != nil) && (outputStream != nil))
    {
        sendState = kSKPSMTPConnecting;
        isSecure = NO;

        [inputStream retain];
        [outputStream retain];

        [inputStream setDelegate:self];
        [outputStream setDelegate:self];

        [inputStream scheduleInRunLoop:[NSRunLoop currentRunLoop]
                               forMode:NSRunLoopCommonModes];
        [outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop]
                                forMode:NSRunLoopCommonModes];

            //if (useSSL)
            //{            
            [inputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL 
                           forKey:NSStreamSocketSecurityLevelKey];
            [outputStream setProperty:NSStreamSocketSecurityLevelNegotiatedSSL 
                            forKey:NSStreamSocketSecurityLevelKey];  

            NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
                                      [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                      [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                      [NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
                                      kCFNull,kCFStreamSSLPeerName,
                                      nil];

            CFReadStreamSetProperty((CFReadStreamRef)inputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
            CFWriteStreamSetProperty((CFWriteStreamRef)outputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);

            // }

just underneath
 [NSStream getStreamsToHostNamed:relayHost port:relayPort inputStream:&inputStream outputStream:&outputStream]; 

This way you can connect to SSL socket supported servers, since SSL sockets 
must ssl hand shake first whereas TLS protocol dose not require an SSL client 
socket to be created when connected to TLS enabled server. an obvious example 
is that google mail server has to secure connections one for pure SSL, and the 
other is for TLS protocol. see 
http://mail.google.com/support/bin/answer.py?hl=en&answer=13287

Original comment by waleed.m...@gmail.com on 16 Jan 2011 at 10:20