Serilog 电子邮件接收器 enableSSL 错误检查

Question

我试图在我的EmailConnectionInfo 中使用EnableSsl = false，但似乎用于smtp 连接的smtp client 正在尝试使用SSL，因为默认SecureSocketOptions 设置为Auto。当我手动创建客户端并将the overload 与SecureSocketOptions = None 一起使用时，它起作用了。

错误：

Failed to send email: MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.

The SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. The certificate presented by the server is expired or invalid.

See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#InvalidSslCertificate for possible solutions. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

解决方法：

我将ServerCertificateValidationCallback 设置为true

在我的Program.cs 中使用时，它可以工作：

.UseSerilog((hostingContext, loggerConfiguration) =>{
   Serilog.Debugging.SelfLog.Enable(Console.WriteLine);           
   loggerConfiguration.ReadFrom.Configuration(hostingContext.Configuration)
   .WriteTo.Email(
      new EmailConnectionInfo {
      FromEmail = "{email}",
      ToEmail = "{email}",
      MailServer = "{SMTP IP}",
      Port = {PORT},
      EnableSsl = false,
      EmailSubject = "Something to log",
      ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => true
   },
   outputTemplate: "{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz} [{Level:u3}] {Message:lj}{NewLine}{Exception}",
   batchPostingLimit: 1,
   restrictedToMinimumLevel: LogEventLevel.Warning);
});

但是，当我尝试将 Email sink 的所有 serilog 设置包含在 appsettings.json 中时，"ServerCertificateValidationCallback": "(senderX, certificate, chain, sslPolicyErrors) => true" 无法读取（我的假设）

我的appsettings.json

"Serilog": {
    "Using": [ "Serilog.Sinks.File","Serilog.Sinks.Email" ],
    "MinimumLevel": "Information",
    "WriteTo": [
      ...
      {
        "Name": "Email",
        "Args": {
          "connectionInfo": {
            "MailServer": "{SMTP IP}",
            "Port": {PORT},
            "EnableSsl": false,
            "FromEmail": "{email}",
            "ToEmail": "{email}",
            "EmailSubject": "Something went wrong",
            "ServerCertificateValidationCallback": "(s, cert, chain, sslPolicyErrors) => true"
          },
          "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss.fff zzz} [{Level}] {Message}{NewLine}{Exception}",
          "restrictedToMinimumLevel": "Warning",
          "batchPostingLimit": 1
        }
      }
    ],
    "Enrich": [ "FromLogContext", "WithMachineName", "WithThreadId" ]
  }
...

有什么想法吗？

编辑：我打开的githut issue

Answer 1

我能够利用其他一些问题来完成这项工作，并且无需支持回调就可以直接通过配置进行设置。这个问题的答案 (https://stackoverflow.com/a/59914193/116208) 特别有帮助。如果您按照他的示例进行一些修改。

您可以将ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => true 添加到SerilogEmailExtension 扩展类中的EmailConnectionInfo

调整 Serilog 配置“Using”语句以包含您编译的应用程序的名称，以便它可以找到扩展类而不是“MyApp”：

"Using": [ "Serilog", "Serilog.Sinks.Console", "Serilog.Sinks.File", "MyApp" ],

这应该让您实现所有配置驱动，并且仍然添加回调以绕过异常。

Answer 2

正如您在Mailkit's source code 中看到的，当enableSsl 为false 时，它使用SecureSocketOptions.StartTlsWhenAvailable。 TLS 在您的 Exchange 服务器中可用，因此它正在尝试使用它...

如果Serilog.Sinks.Email 曾经公开了一种更改此行为的方法 (issue 69 that you reported)，那将是一种解决方法，但 我相信正确的解决方法是更新您的 Exchange 配置以使用已安装的正确证书用于此连接器上的 TLS 通信。

当入站建立 TLS 时，服务器可能会根据名称（自签名证书）获取最接近的匹配项。

您的 IT 管理员应该能够按照本文“Configuring the TLS Certificate Name for Exchange Server Receive Connectors”中描述的步骤更新 TLS 证书。