ISPs often publish their SSL settings like in this example:
Outgoing mail server (SMTP)
Port for SSL 465
Port for TLS 587
From the above, it looks like SSL and TLS operate on different ports. But this is WRONG.
Consider TLS just as a newer version of SSL. It operates on the same ports, gets activated with the same SMTP and IMAP commands and so on. In MailBee.NET, you only deal with explicit SSL/TLS setting when you set
SslProtocol property of a mail server settings class (like
Pop3). The default value of this property is
SecurityProtocol.Auto which means MailBee.NET will use the most secure protocol supported by the mail server (usually, TLS).
Sometimes, the server does not support auto-selection of the best available protocol and thus you will need to manually set it to
SecurityProtocol.Tls1. Nowadays, there is virtually no case when you should set
SecurityProtocol.Ssl3 – these protocols now considered vulnerable.
In many cases, if you do something like this, you’ll get an error as SSL3 protocol is disabled on the server:
Smtp mailer = new Smtp(); SmtpServer server = new SmtpServer("mail.server.com"); server.Port = 465; server.SslProtocol = SecurityProtocol.Ssl3; // SSL mailer.SmtpServers.Add(server);
The correct one would be:
Smtp mailer = new Smtp(); SmtpServer server = new SmtpServer("mail.server.com"); server.Port = 465; server.SslProtocol = SecurityProtocol.Tls1; // TLS mailer.SmtpServers.Add(server);
So what about TLS port 587? Actually, this means STARTTLS port, not TLS port. STARTTLS is not a protocol, it’s an IMAP/SMTP command which is used to convert an existing regular port connection into secure one. This command, however, does not enforce TLS protocol for secure connection. It will make it SSL2, SSL3, TLS1 or Auto accordingly
SslProtocol property value (just the same way when you connect to a dedicated SSL port like 465 for SMTP or 993 for IMAP).
In particular case of SMTP port 587, this port is a normal SMTP port (non-secure), where the one can issue a STARTTLS command to make the connection secure. With many ISPs, the same can be done on port 25, either.
It would be better if SMTP and IMAP protocol creators named this command STARTSECURE or something like that, with no SSL or TLS in its name.