Build 3588: Kerberos support in Rebex Mail

GSSAPI and Kerberos support in Mail and Secure Mail

Few months ago, we introduced GSSAPI/Kerberos authentication support in Rebex SFTP - and now it is available in Rebex Mail and Rebex Secure Mail as well! Microsoft SSPI is used as an underlying authentication provider for both. In practice, this means you can authenticate with SMTP, POP3 or IMAP to Microsoft Exchange server using Kerberos single-sign-on, which is definitely an improvement over NTLM. Negotiate algorithm is also supported - this automatically selects either NTLM or Kerberos, depending on what is available.

This feature is not supported in .NET Compact Framework edition of Rebex (Secure) Mail - it will be added in the next release.

SFTP v4 support

Rebex SFTP supports v4 of the protocol now. In practice, one of the main benefits is that it is possible to select transfer type (Sftp.TransferType) without need to select the target OS type first (Sftp.ServerType). Unfortunately, many SFTP servers inclusing OpenSSH only supports SFTP v3, which means that the target OS type has to be still set for these. Another benefit of SFTP v4 is that it uses UTF-8 charset by default, which is a great improvement - in v3, charset was undefined.

Integrated ZLIB support in SSH, SFTP, SCP and SSH Shell

ZLIB is used to compress all communication. This means faster file transfers in SFTP and SCP when transferring compressible files and better throughput for Rebex SSH Shell, where most data is simple text. To disable ZLIB compression and make the new version work just like before, use SshParameters.Compression property, as described in this SFTP tutorial. This also means that the experimental ZLIB compression support introduced in build 3428 no longer works because there is no need for it now.

Complete list of changes:

  • FTP: Added FtpOptions.ConnectPassiveLater option - makes the passive mode transfer initialize the connection only after the LIST/NLST/RETR/STOR commands are sent (instead of after PASV).
  • FTP: Enhanced MODE Z support.
  • FTP: Added a workaroud for bad PASV implementation at ftp-edi.pubnet.org.
  • FTP: CCC command no longer actively sends close _notify TLS message by default.
  • FTP: Fixed a bug in proxy code that caused data transfers to fail when using HTTP CONNECT proxy with NTLM authentication.
  • SFTP: SFTP v4 support added.
  • SFTP: Fixed a bug in CreateDirectory/ChangeDirectory workaround for CoreFTP.
  • SFTP: Added workaround for ProFTPd's mod _sftpd SSH _FXP _REALPATH command that fails for newly created directories.
  • MIME: MailMessage object's BodyText and BodyHtml properties now remove illegal characters when set.
  • MIME: LinkedResource.FileName property added.
  • MIME: Mail messages with empty TNEF/winmail.dat attachment no longer cause an exception to be thrown.
  • S/MIME: Added MimeOptions.SkipCertificateUsageCheck option to make it possible to skip certificate usage check.
  • S/MIME: Fixed a bug that caused an exception to be thrown when signing a mail message on FIPS-enabled systems.
  • SMTP: Kerberos, NTLM and Negotiate authentication methods through GSSAPI/SSPI are now supported (not yet available on .NET Compact Framework).
  • SMTP: GSSAPI or NTLM is also attempted in Auto mode if the mail server doesn't support any other authentication methods.
  • POP3: Kerberos, NTLM and Negotiate authentication methods through GSSAPI/SSPI are now supported (not yet available on .NET Compact Framework).
  • POP3: Added workaround for I&ES Mail Server that doesn't like TOP n 1 command.
  • IMAP: Fixed a bug in Imap object's External authentication method implementation.
  • IMAP: GSSAPI or NTLM is also attempted in Auto mode if the mail server doesn't support any other authentication methods.
  • IMAP: Added a workaround for servers that reply with FETCH BODYSTRUCTURE what FETCH BODY is requested.
  • IMAP: Kerberos, NTLM and Negotiate authentication methods through GSSAPI/SSPI are now supported (not yet available on .NET Compact Framework).
  • IMAP: Message structure parser enhanced to be compatible with more servers and distinguish attachments and linked resources.
  • SSH Shell: Added workaround for SSH packets 101 that some SSH servers were observed to use.
  • Terminal: Fixed a bug that caused Disconnect event not to be raised when some types of connection failures occured.
  • Terminal: TerminalControl now correctly resizes itself when hosted in WPF.
  • SSH Core: Fixed a bug in ArcFour cipher implementation that made it unusable.
  • SSH Core: Fixed a bug that caused an SSH welcome message to be parsed incorrectly when split accross multiple packets.
  • SSH Core: Added support for ZLIB transfer compression.
  • ProxySocket: Proxy object now has Encoding property that makes it possible to specify character set to be used for parsing server responses.
  • ProxySocket: ProxySocketException.ErrorCode property now returns HTTP and Socket4/Socks5 error codes when available.
  • ProxySocket: SspiAuthentication and GssApiProvider classes added that provide GSSAPI/SSPI functionality.
  • Security: Certificate's CRL distribution point list can be accessed using GetCrlDistributionPoints method.

We are also progressing nicely on Rebex ZIP component as well. If there is something you would like it to support, please visit our customer feedback & ideas forum and add some suggestions!