CRL Checking of the SMTP Server Certificate is bypassing the proxy configuration

Hello,

This is the method we use to configure a proxy with DVLS.
https://docs.devolutions.net/kb/devolutions-server/how-to-articles/add-proxy-devolutions-server/

Have you already configured that part in the web.config file?

Best regards,

Hello Erica,

Thanks for the fast response! Yes already did that config and it is working well, i can view trafic on the proxy. But the configuration is not used for validating the revocation list of the SMTP server. It seems very specific to me. Like i said all web trafic on the machine goes trough the proxy event dvls, the only exception is the RCL Checking of the SMTP server. I guess it would be the same for all RCL validation.

Regards,
Pierre Ayotte

Hello Pierre,

We cannot add a proxy for the CRL check made while sending an email. After speaking with our security specialist they suggest to configure the proxy at the OS level so that all traffic goes through the proxy.
I also added a feature request to add an option to skip the CRL check all together if configuring the proxy at OS level is not a valid option.
This is not a recommended option but we think it might be a useful in some environment.

Let me know if you would prefer to use the option to skip the CRL check so that we can prioritize it accordingly.

Best regards,

Hello Benoit, as i wrote previously, the proxy is configured at all level, os level included:

• netsh winhttp
• internet configuration
• http_proxy, https_proxy system variable (and user variables)
• web.config file off .net application AND system.net

still, the CRL check bypass the proxy. We will try to use the azure option instead for sending emails.

Hello Pierre,

Sorry about the proxy configuration suggestion. Using Azure to send email should remove the CRL check.
I will see if we can find what happening for the CRL check when the proxy is configured correctly.

Thank you for reporting this to us