SMTP (Email Settings)
Is this functionality working in beta? I cannot seem to get it to work, also, the password field is in clear text.
Hi Kristian,
I am not able to find problems with SMTP settings in the BETA2. Could you tell me what issues you are having? The password is stored in clear format. SmtpElement does not expose a property that you can use to set password format and hashing type.
Sincerely yours,
Ivan Dimitrov
the Telerik team
I tried using gmail as smtp and when trying to use the forgot password page the page sits for a long time, maybe 2 minutes, and then says it was successful, but I never get an email with a new password.
Provices a set of configuration options that Sitefinity will use to send emails.
Host
Gets or sets the name or IP address of the host used for SMTP transactions.
|
Port
Gets or sets the port used for SMTP transactions
|
UserName
Gets or sets the user name associated with the credentials.
|
Password
Gets or sets the password for the user name associated with the credentials
|
Domain
Gets or sets the domain or computer name that verifies the credentials
|
DeliveryMethod
Specifies how outgoing email messages will be handled.
|
EnableSSL
Specify whether Sitefinity will use Secure Sockets Layer (SSL) to encrypt the connection.
|
Timeout
Gets or sets a value that specifies the amount of time after which a synchronous mail sending times out.
|
PickupDirectoryLocation
Gets or sets the folder where applications save mail messages to be processed by the local SMTP server.
|
Hi Kristian,
Most probably the email has not been sent through Gmail. We also found an issue where we redirect the user to success page if there is an inner exception and this issue has been logged for fixing, but this is another issue. In your case the gmail account you use is not configured to be used as SMTP. Sitefinity is just an acceptor of the smtp settings. We use the .NET SmtpClient to send the message.
Kind regards,
Ivan Dimitrov
the Telerik team
It would be nice to see what error i was receiving when trying to use this tool, maybe some boolean field in the backend to "show errors". I got this to work by enabling SSL and using port 587, now just to get it to work using exchange!
Can you customize how the email that resets the password looks like?
Also, when trying setup an exchange server I setup a relay to allow anonymous users, and use my exchange settings in the smtp settings, but that doesn't seem to work. Do you have any examples of how to setup sitefinity to use microsoft exchange for its smtp settings?
Hello Kristian,
The password format depends on the configuration of the membership provider. We use random generator and this is the correct way. If the passwordFormat for your provider is clear the user will be able to get his/hers actual password.
The anonymous user can be used only in the context of NetworkCredential that provides credentials for password-based authentication schemes such as basic, digest, NTLM, and Kerberos authentication.
Kind regards,
Ivan Dimitrov
the Telerik team
I meant the email format the way the email looks when it is sent, not the password. I apologize for the confusion.
As regarding exchange I am not familiar to what you are referring to, I know very little about exchange, would you know a good resource for setting up email relays using exchange?
Hello Kristian,
You can change the text from Sitefinity/Administration/Labels for PasswordRecoveryDefaultBody key
Greetings,
Ivan Dimitrov
the Telerik team
How would i get the default SmtpElement values that are set under administration in code?
Hi Kristian,
The settings are stored in the configuration. You can retrieve them as shown below
var smtpSettings = Config.Get<SystemConfig>().SmtpSettings;
var host = smtpSettings.Host;
// do the same for the other properties.
What is the reason for the password being stored in plain text within the file, also the administration UI input field does not hide the password.
Hi Neil,
There is no implementation that will encrypt and then decrypt the password. It is not implemented on this stage. We have logged task for making some improvements on this are but there is no ETA for them.
All the best,
Ivan Dimitrov
the Telerik team
So enterprise pay $20,000 to expose there mail systems through Sitefinity, it does not surprise me you have logged a change request but no ETA does. Surely exposing corporate exchange server accounts in xml files easily manipulated through NTFS deserves an ETA.
Hi Neil,
Let me assure you that the priority of this task is very high on our list and we are treating it with the needed urgency it requires.
The implementation will be scheduled in some of the coming releases.
Thanks for bringing our attention to the the security implications of this implementation!
Greetings,
Kalina
the Telerik team
'High prioroty'
This has still not been fixed in 4.1.................
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Hello James,
We are considering an overall strategy for protecting sensitvie information stored in the configurations file. For example, users will be able select certain areas of the configuration file and encrypt them.
This is why starting this implemenation took us more than expected.
At this point the timing of delivery is not determined and we will discuss it during the planning sessions for Q3.
Regards,
Kalina
the Telerik team
Thanks Kallina. This is really simple functionality, and could be implemented as per a number of open source code project solutions. I reckon you could implement this in less than a day if needed abd push through with the next set of testing. It really is important. Though I think you realize this.
Is this fixed? We're in version 7.1 and roughly 4 years from the original post and it seems that the password is still saved in plain text. How can we encrypt this?
Hello Richard,
I am afraid that currently this is not possible. What is achievable, you can encrypt the connectionstring by storing it in the web.config file as shown on the video attached, but Sitefinity`s config files are not available for encryption / decryption.
I apologize for the inconvenience.
Regards,
Vassil Vassilev
Telerik