Help the legacy email application that does not support TLS 1.2 to send and retrieve email from email server - Tutorial

Nowadays, most email servers require TLS 1.2 encryption for secure connection. If your legacy email application doesn’t support TLS 1.2, it cannot connect to the email server.

For developers, you can add new codes to support TLS 1.2. However, if your code is too complex or out of maintenance, and you don’t want to change anything in your source codes, then EA Oauth Service can help the application to implement OAUTH.

This tutorial gives you a quick overview of how to use EA Oauth Service which can help the legacy email application to connect email server without changing any codes.

How EA Oauth Service works?

  • Install "EA Oauth Service" on your machine.
  • Create a local user in "EA Oauth Service Manager".
  • Change the email server address to localhost, and use local user and password in your application to login local SMTP/POP/IMAP services.
  • After "EA Oauth Service" accepts the connection from local user by plain TCP or legacy SSL/TLS, it connects the remote server by TLS 1.2.
  • Finally, "EA Oauth Service" transfers data between the email application and remote server under SSL/TLS encryption.
how eaoauth service works

You just need to change the server address in the email application, then the application can connect the remote server without changing other things.

Install EA Oauth Service

You can download EA Oauth Service Installer and install it on your machine.

Double click the installer file and the installation will be executed automatically. The installer requires .NET framework 4.5 or later version to be installed. If no corresponding .NET framework is detected in your operating system, Setup will be aborted.

After the installation is completed, click “EA Oauth Service Manager” from Windows Start menu -> All Programs -> “EA Oauth Service” to begin the setup.

Note

Installation Permission

An account with Administrative Privileges is required to run the installer for installing “EA Oauth Service” on the machine.

Check local SMTP/POP/IMAP services

After EA Oauth Service is installed, it provides SMTP/POP/IMAP services on the local machine. You can open EA Oauth Service Manager -> Services to check the service status.

By default, the following inbound ports is used:

  • SMTP Service: 25, 465
  • POP Service: 110, 995
  • IMAP Service: 143, 993
eaoauth SMTP, POP, IMAP services

Note

If the service is failed to start, it is likely that other application on the machine used the port, you should change the listening port and start the service again.

Create local user in Oauth Service Manager

Now you need to create a local user in EA Oauth Service Manager -> Users:

  • Input your email address or user as local user name.
  • Input your password of the remote server, it is used to connect local SMTP/POP/IMAP service and remote server.
  • Select permission (SMTP, POP/IMAP).
  • Select “Connect a remote server by user and password”.
  • Input your remote server address. If the SMTP/POP/IMAP uses different server address, you can click “Server address” to edit SMTP/POP/IMAP server addresses and ports individually.
set local user in eaoauth service

Change server setting in the email application

After you create the local user, the next step is changing your server settings in the application.

Use the following server address and port in the email application:

Protocol Server Address Port Encryption
SMTP localhost 25 None/STARTTLS/Auto
SMTP localhost 465 SSL/TLS
POP localhost 110 None/STARTTLS/Auto
POP localhost 995 SSL/TLS
IMAP localhost 143 None/STARTTLS/Auto
IMAP localhost 993 SSL/TLS

Here is the example setting in Outlook:

User setting in outlook

Then use the local user and local password for user authentication in the email application.

After the application connects local SMTP/POP/IMAP service successfully provided by EA Oauth Service, the service will connect the remote server by same user and password, and transfer data back to the application under SSL/TLS encryption.

Now the email application can send and retrieve email from the remote server even it doesn’t support TLS 1.2.

Example code for C# application

Here is an example code for sending email using System.NET.Mail with OAUTH service:

using System;
using System.Net.Mail;

public static void SendEmail()
{
    var mailMessage = new MailMessage();

    // local user
    string user = "test@emailarchitect.com";

    mailMessage.From = new MailAddress(user);
    mailMessage.To.Add(new MailAddress("support@emailarchitect.net"));

    mailMessage.Subject = "Test from Oauth Service";
    mailMessage.IsBodyHtml = false;
    mailMessage.Body = "This is a test";

    var basicCredential = new System.Net.NetworkCredential(user, "local password");

    var smtp = new SmtpClient("localhost");
    smtp.Port = 25;
    smtp.DeliveryFormat = SmtpDeliveryFormat.International;
    smtp.EnableSsl = true;
    smtp.DeliveryMethod = SmtpDeliveryMethod.Network;

    smtp.UseDefaultCredentials = false;
    smtp.Credentials = basicCredential;

    smtp.Send(mailMessage);
}

Allow unauthenticated user to send email

By default, EA Oauth Service requires user authentication to send email. If your legacy application doesn’t support user authentication, you can allow unauthenticated user to send email by changing the setting in EA Oauth Service Manager -> Users -> User setting -> Allow unauthenticated user to send email. You need to use the user’s email address as the email sender, then the matched token or credential is used automatically.

Accept remote connections from other machine

The legacy email application also can access the SMTP/POP/IMAP service from a remote machine.

  • Add access rule in Windows Firewall to allow inbound 25, 465, 110, 143, 993, 995 port;
  • Change listening address from localhost to * ;
  • Ignore the SSL certificate error in your application.

EA Oauth Service installed a self-signed certificate for SSL/TLS connection, the certificate is issued to localhost. If the application accesses the service from a remote machine, a certificate error will be reported.

You can use other SSL certificate by selecting certificate from EA Oauth Service Manager -> SMTP/POP/IMAP service -> Ssl Certificate.

Troubleshooting

Authentication is failed

If you get error about “Authentication”:

  • Check if the local password is set to the email application correctly;
  • Go to EA Oauth Service Manager -> Users -> Check if there is any token error.

Full Debug Log

If the email application cannot connect local SMTP/POP/IMAP serivce, you can enable full debug log like this:

  • Go to EA Oauth Service Manager -> Journal -> change Log Level to Full Debug.
  • Connect the SMTP/POP/IMAP service from the email application.
  • You can find log file in Journal shortly after the email application disconnects the service, check log content or send the log to our support email address for assistance.
  • Change log level back to “Only Error” to reduce the log file size.

The operation has timed out error in EA Oauth Service Manager

Please check if EAOauth Service is running from Administrative Tools -> Services, if this service is not running, start it.

Restart EAOauth Service

EAOauth background service can be restarted from Administrative Tools -> Services or use the following cmdlet in Powershell:

Restart-Service "EAOauthSvc"

Free Email Support

Not enough? Please contact our technical support team.

Support@EmailArchitect.NET

Remarks

We usually reply emails within 24hours. The reason for getting no response is likely that your SMTP server bounced our reply. In this case, please try to use another email address to contact us. Your Gmail, Hotmail or Office 365 email account is recommended.