NavigateToTest VS2017 extension

January 24th, 2018

You can download the extension here:
NavigateToTest Visual Studio 2017 extension

Here’s the latest version that supports Visual Studio 2017 and Visual Studio 2015.

Extension is convention based. It matches ClassName file with ClassNameTest or ClassNameTests and vice-versa, so you can easily navigate to the test file and back.

Here are some screenshots:

Here’s the toolbar and two opened files:

You can download the extension here:
NavigateToTest Visual Studio 2017 extension

Mail.dll is not affected by Mailsploit

December 5th, 2017

The Mailsploit vulnerability stems from how email servers/clients interpret email addresses containing encoded words. Incorrectly handling those, could allow an attacker to spoof email identities.

Recent specs (RFC-2822 and RFC-5322) don’t allow using encoded-words for email addresses (addr-spec):

3.4. Address Specification:
address = mailbox / group
mailbox = name-addr / addr-spec
name-addr = [display-name] angle-addr
angle-addr = [CFWS] “<" addr-spec ">” [CFWS] / obs-angle-addr
display-name = phrase

Here are the unit test that show how Mail.dll behaves when such malicious emails are parsed. Please note that encoded-words are not decoded when part of email address.

[Test]
public void Test1()
{
    string eml = @"From: =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@example.com

Body";

    IMail mail = new MailBuilder().CreateFromEmlASCII(eml);

    Assert.AreEqual(
        "=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@example.com", 
        mail.Headers["From"]);

    Assert.AreEqual(
        "=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@example.com", 
        mail.From[0].Address);                                      // Correct

    Assert.AreEqual(
        null, 
        mail.From[0].Name);                                         // Correct
}
[Test]
public void Test2()
{
    string eml = @"From: =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=

Body";

    IMail mail = new MailBuilder().CreateFromEmlASCII(eml);

    Assert.AreEqual(
        "=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=", 
        mail.Headers["From"]);

    Assert.AreEqual(
        null, 
        mail.From[0].Address);                // Correct

    Assert.AreEqual(
        "potus@whitehouse.gov", 
        mail.From[0].Name);      // Correct - this is correct behavior, 
                                 // sender can put anything in the name field.
}
[Test]
public void Test3()
{
    string eml = @"From: =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=" 
        + @"=?utf-8?Q?=00?=" 
        + @"=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@example.com

Body";

    IMail mail = new MailBuilder().CreateFromEmlASCII(eml);

    Assert.AreEqual(
        @"=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=" 
        + @"=?utf-8?Q?=00?=" 
        + @"=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@example.com", 
        mail.Headers["From"]);

    Assert.AreEqual(
        @"=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=" 
        + @"=?utf-8?Q?=00?=" 
        + @"=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@example.com", 
        mail.From[0].Address);            // Correct

    Assert.AreEqual(
        null, 
        mail.From[0].Name);               // Correct
}

Mail.dll allows anything in the name part of the address headers:

[Test]

public void Test4()
{
    string eml = @"From: =?utf-8?Q?=42=45=47=49=4E=20=2F"
        + @"=20=20=2F=20=00=20=50=41=53=53=45=44" 
        + @"=20=4E=55=4C=4C=20=42=59=54=45=20=2F=20=0D=0A" 
        + @"=20=50=41=53=53=45=44=20=43=52" 
        + @"=4C=46=20=2F=20=45=4E=44?= <test@example.com>

Body";

    IMail mail = new MailBuilder().CreateFromEmlASCII(eml);

    Assert.AreEqual(
        "test@example.com", 
        mail.From[0].Address);

    Assert.AreEqual(
        "BEGIN /  / \0 PASSED NULL BYTE / \r\n PASSED CRLF / END", 
        mail.From[0].Name); 

    // Note the \r\n (new line) and \0 (null) characters
}

Specification allow using encoded-words in the name (RFC2047 – 5. Use of encoded-words in message headers. (3) )
Encoded words are used to encode non-ASCII characters, for example national characters like umlauts (ä, ö, ü).

RFC2047 imposes no restrictions what characters can be encoded, which means that zero byte (\0) and new lines (\r\n) are valid characters.

Client applications must ensure that such special charters don’t ‘push’ the actual email address (“”test@example.com”) outside of control, in such way, that it becomes not visible.
It is crucial for them to display the email address (test@example.com) no matter what is in the name field.

Outlook365: IMAP, POP3, and SMTP settings

November 24th, 2017

Outlook365 supports access via IMAP, POP3 and SMTP protocols. Below you can find the configuration settings for all protocols.

Latest Office 365 version

For latest Office 365 after the service upgrade, use the following settings:

IMAP

Server: outlook.office365.com
SSL: true-implicit, true-explicit (StartTLS)
Port: 993 (default), 143 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

POP3

Server: outlook.office365.com
SSL: true-implicit, true-explicit (StartTLS)
Port: 995 (default), 110 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

SMTP

Server: smtp.office365.com
SSL: true-explicit (StartTLS)
Port: 587(default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

IMAP and POP3 servers allow both: implicit/TLS SSL and explicit SSL/TLS, so you can ConnectSSL method -or- Connect and StartTLS.

SMTP server requires explicit SSL – use Connect and StartTLS method.

// C#

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Pop3 client = new Pop3())
{
    client.ConnectSSL("outlook.office365.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Smtp client = new Smtp ())
{
    client.Connect("smtp.office365.com");
    client.StartTLS();

    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}
' VB.NET

Using client As New Imap()
	client.ConnectSSL("outlook.office365.com")
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Pop3()
	client.ConnectSSL("outlook.office365.com")		
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Smtp()
	client.Connect("smtp.office365.com")
	client.StartTLS()

	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Office 365 pre-upgrade

For latest Office 365 pre-upgrade, use the following settings:

On the main screen go to “Options” / “See All Options…”:

Now click the “Settings for POP, IMAP, and SMTP access…” link:

You can find POP, SMTP and IMAP server addresses and settings on the popup window:

Office365 uses default ports for IMAP, POP3 and SMTP protocols. That means that you don’t need to remember port numbers, as Mail.dll .NET email component is going to use correct port numbers by default.

IMAP

Server: podXXXX.outlook.com
SSL: true-implicit
Port: 993 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

POP3

Server: podXXXX.outlook.com
SSL: true-implicit
Port: 995 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

SMTP

Server: podXXXX.outlook.com
SSL: true-explicit
Port: 587 (default)
User: pat@domain.onmicrosoft.com or pat@your-domain.com

IMAP and POP3 servers use implicit SSL – use ConnectSSL method. SMTP server requires explicit SSL – use Connect and StartTLS method.

// C#

using (Imap client = new Imap())
{
    client.ConnectSSL("podXXXX.outlook.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Pop3 client = new Pop3())
{
    client.ConnectSSL("podXXXX.outlook.com");
    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}

using (Smtp client = new Smtp ())
{
    client.Connect("podXXXX.outlook.com");
    client.StartTLS();

    client.UseBestLogin("user@domain.onmicrosoft.com", "password");
    ...
}
' VB.NET

Using client As New Imap()
	client.ConnectSSL("podXXXX.outlook.com")
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Pop3()
	client.ConnectSSL("podXXXX.outlook.com")		
	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

Using client As New Smtp()
	client.Connect("podXXXX.outlook.com")
	client.StartTLS()

	client.UseBestLogin("user@domain.onmicrosoft.com", "password")
	...
End Using

You can find more details about using implicit and explicit SSL or TLS with email protocols:

Order process maintenance scheduled for May 16, 2017

May 10th, 2017

As part of our ongoing commitment to invest in and provide a scalable ecommerce platform that meets the advancing needs of our client base, we will be conducting planned maintenance to our system next week:

CEST: Tuesday, May 16, 2017 from 1 p.m. to 9 p.m.
CDT: Tuesday, May 16, 2017 from 6 a.m. to 2 p.m.
PDT: Tuesday, May 16, 2017 from 4 a.m. to noon
AEST: Tuesday, May 16, 2017 from 9 p.m. to Wednesday, May 17, 2017, 5 a.m.

During the planned maintenance, the system will continue to take orders. However customers will see temporary delays in fulfillment and order confirmation emails.

Once the maintenance is finished, we expect all functionality to resume; orders will be processed and order confirmation emails will be sent to customers.

Receive emails in .NET

May 8th, 2017

This article describes how to receive email messages using Mail.dll .NET email library.

Sending email is built into .NET, so there’s no need for 3rd party library, however Mail.dll is much easier to use than SmtpClient,
and much more powerful. Receiving is a bit more complicated. It does require a 3rd party library.

There are two standard protocols for receiving emails IMAP (Internet Message Access Protocol) and POP3 (Post Office Protocol).
Without getting in to much details IMAP is better and offers more features when receiving emails (you can find a detailed IMAP vs POP3 comparison here). We’ll use Imap class to work with this protocol.

As a prerequisite you need to add reference to Mail.dll to your project and import following namespaces:

// C#

using Limilabs.Mail;
using Limilabs.Client.IMAP;
' VB

Imports Limilabs.Mail
Imports Limilabs.Client.IMAP

First thing you need to do is to connect to your IMAP email server. Most servers today require SSL or TLS. We’ll use ConnectSSL(string host) to connect and establish secure channel. This method makes sure correct SSL/TLS versions are used and server certificate are valid:

// C#

using (Imap imap = new Imap ())
{
    imap.ConnectSSL("imap.example.com");  
    imap.UseBestLogin("user@example.com", "password");

' VB

Using imap As New Imap()
    imap.ConnectSSL("imap.example.com")
    imap.UseBestLogin("user@example.com", "password")

Next step is to select a folder which we want to access and download unique ids (UIDs) of email messages. In this example we’ll search and receive unseen emails from INBOX folder.

// C#

imap.SelectInbox();
List<long> uids = imap.Search(Flag.Unseen);
' VB

imap.SelectInbox()
Dim uids As List(Of Long) = imap.Search(Flag.Unseen)

Finally we need to receive and process those emails. On the server emails are stored in MIME format. GetMessageByUID method receives emails as a raw byte array and MailBuilder class can be used to parse it:

// C#

foreach (long uid in uids)
{
    var eml = imap.GetMessageByUID(uid)
    IMail email = new MailBuilder().CreateFromEml(eml);

    Console.WriteLine(email.Subject);
    Console.WriteLine(email.Text);
}
' VB

For Each uid As Long In uids
{
    Dim eml = imap.GetMessageByUID(uid)
    Dim email As IMail = builder.CreateFromEml(eml)

    Console.WriteLine(email.Subject)
    Console.WriteLine(email.Text)
}

At that point you can also access attachments or From and To fields.

Here are the full samples that receive emails in both C# and VB .NET:

// C#

using Limilabs.Mail;
using Limilabs.Client.IMAP;

class Program
{
    static void Main(string[] args)
    {
        using(Imap imap = new Imap())
        {
            imap.ConnectSSL("imap.example.com"); 
            imap.UseBestLogin("user", "password");

            imap.SelectInbox();
            List<long> uids = imap.Search(Flag.Unseen);

            foreach (long uid in uids)
            {
                var eml = imap.GetMessageByUID(uid);
                IMail email = new MailBuilder()
                    .CreateFromEml(eml);

                Console.WriteLine(email.Subject);
                Console.WriteLine(email.Text);
            }
            imap.Close();
        }
    }
};
' VB.NET

Imports Limilabs.Mail
Imports Limilabs.Client.IMAP

Public Module Module1
    Public Sub Main(ByVal args As String())
        Using imap As New Imap()
            imap.ConnectSSL("imap.example.com")
            imap.UseBestLogin("user", "password")

            imap.SelectInbox()
            Dim uids As List(Of Long) = imap.Search(Flag.Unseen)

            For Each uid As Long In uids
                Dim eml = imap.GetMessageByUID(uid)
                Dim email As IMail = New MailBuilder() _
                    .CreateFromEml(eml)

                Console.WriteLine(email.Subject)
                Console.WriteLine(email.Text)
            Next
            imap.Close()
        End Using
    End Sub
End Module