Timeout when credentials are invalid

hromkes · January 29, 2021, 1:40pm

When I create a connection with invalid credentials using any of the following methods, a timeout exception occurs:

CreateConnection
ValidateCredentialsAsync
NoopAsync
Any other method requiring a connection.

I set the timeout 30 seconds.

To investigate this further, I enabled logging.

Almost immediately after the method call , the following line is written to the log:
Pop3 server[1|29-1-2021 14:20:40]: -ERR Authentication failure: unknown user name or bad password.

After that the call hangs almost for the entire timeout period.
Finally the following line is written to the log:

Pop3 client[1|29-1-2021 14:21:08]: The operation ‘Connect’ terminated. Timeout ‘29998’ has been reached.
29-1-2021 14:21:08

And the method call ends with a timeout exception.

Why is the exception not thrown immediately after the credentials are checked?

mudassir.fayyaz · January 29, 2021, 2:38pm

@hromkes

This is normal behaviour of API. But I have created an investigation ticket with ID EMAILNET-40065 to further investigate this on our end and see if that can be improved further or not. We will share feedback with you as soon as it will be addressed.

hromkes · January 29, 2021, 2:58pm

I think it has something to do with the SecurityOptions.Auto parameter.
When this is set, different connection attempts are made until one succeeds.
These attempts include creating SSL connections when it is not expected, or not using SSL when the server does expect it.
Because protocols are not compatible, timeouts occur.

Ik will try to improve connect / credential validation performance by not using the SecurityOptions.Auto parameter.

hromkes · January 29, 2021, 3:12pm

Found out that pop3 on port 995
with SecurityOptions.SSLExplicit times out.

When pop3 on port 995 with SecurityOptions.SSLImplicit is used,
an "Authentication failed " is thrown. which is correct.

Why do you try to connect without SSL on port 995?
Doesn’t the protocol dictate that an SSL connection is required from the start?

So I suggest that when SecurityOptions.Auto, the port should be leading to determine whether implicit or explicit mode should be used.
So dont try to connect with implict mode on port 995.

hromkes · January 29, 2021, 3:52pm

I created this method, to determine the correct mode based on port:

SecurityOptions GetSecurityOptions(int port)
{
    switch (port)
    {
        // EXPLICIT: connection is encrypted after STARTTLS
        case 25:  // SMTP 
        case 110: // POP3
        case 143: // IMAP
        case 587: // SMTP 
            return SecurityOptions.SSLExplicit;

        // IMPLICIT: initial connection is SSL
        case 465: // SMTP 
        case 993: // IMAP
        case 995: // POP3
            return SecurityOptions.SSLImplicit;

        default:
            return SecurityOptions.SSLExplicit;
    }
}

mudassir.fayyaz · January 30, 2021, 12:10am

@hromkes

I have included the information in our issue tracking system and will share the feedback with you as soon as it will be responded.