Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: Or you use the system installed mailer. That's what I do. I write the mail to file and invoke sendmail. No hassle with TLS, failed connections and whatnot. sendmail will do what it takes, even retry in case of temporary failure. Michael. So you are implying there is a command line activated "mailer" on Windows Server 2016? No, only on Linux. I seem to have missed the fact that your program runs on windows. I would recommend using synapse then. It has never failed me. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
I came across a similar problem recently with Indy and did some research. There is a proposed patch to support Openssl 1.1.1 and hence TLS1.3. This is discussed on github under https://github.com/IndySockets/Indy/pull/299 with a proposed patch published under https://github.com/mezen/Indy/tree/NewOpenSSL_PR I have tested this proposed patch out with Lazarus/fpc. It is clearly work in progress and seems to have been frozen while a proper upgrade to Openssl 3.2. is developed. There is little by the way of additional documentation. However, I did get it working as a code library by 1. Adding to the unit path, in addition to the usual Lib/Core, Lib/Protocols and Lib/System, the Lib/Protocols/OpenSSL Lib/Protocols/OpenSSL/dynamic directories, and adding to the include path /Lib/FCL 2. Using the IdOpenSSLIOHandlerClient unit instead of the IdSSL,IdSSLOpenSSLunits. 3. For an http client using the TIdOpenSSLIOHandlerClient class instead of the TIdSSLIOHandlerSocketOpenSSLclass as the httpclient's SSLHandler (no need for any options). 4. compiling and fixing a compile time bug (stray ':' after and "out"). In my test program all then seemed to work fine with OpenSSL 1.1.1. and the updated Indy source. On 13/01/2024 08:30, Michael Van Canneyt via lazarus wrote: On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: I wrote a commit reporting application for Windows Server16 back in 2018 using then current Lazarus/Fpc. It is a command line program called from a hook in subversion to distribute the log message and details of commits among co-workers. It uses Indy 10.6.2 to do its job. The mailer class has these in uses: {Indy units:} IdSMTP, IdMessage, IdEMailAddress, IdIOHandler, IdIOHandlerSocket, IdIOHandlerStack, IdSSL, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdMessageBuilder, Back mid-december 2023 the emails stopped arriving but the problem was not discovered/reported until I myself recently did a commit and I did not get the expected log message email... Now I have looked in the logfiles the application creates and found this error example: 20240111 17:13:35.343 Connecting to mailserver 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL. error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version Can someone please advice: - Is there an external (dll?) file on Windows Server 2016 might need to be updated for ssl to work in email handling using Indy10 with SSL? Indy 10 uses a completely outdated version of the SSL library, which does not have the most recent cryptographic routines (notably for tls). Most likely the server was updated and now rejects this old version. There is of course a new version of the openssl library (3.2.x). The interface of that library changed, but to the best of my knowledge, indy does not support it. The sgcWebSockets suite has an updated version of openssl which should be able to support openssl 3, but that is paying software.. Michael.-- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, Jan 13, 2024 at 9:10 AM Bo Berglund wrote: > I searched on the net and found this: > https://tecadmin.net/send-email-from-windows-command-line/ From: https://learn.microsoft.com/en-us/dotnet/api/system.net.mail.smtpclient "We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit or other libraries instead. For more information, see SmtpClient shouldn't be used on GitHub." References: Mailkit: https://github.com/jstedfast/MailKit DE0005: SmtpClient shouldn't be used https://github.com/dotnet/platform-compat/blob/master/docs/DE0005.md -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: >Or you use the system installed mailer. That's what I do. >I write the mail to file and invoke sendmail. > >No hassle with TLS, failed connections and whatnot. >sendmail will do what it takes, even retry in case of temporary failure. > >Michael. So you are implying there is a command line activated "mailer" on Windows Server 2016? Could you please expand a bit on that, it seems like a way to solve my problem if it is like so. I searched on the net and found this: https://tecadmin.net/send-email-from-windows-command-line/ However after I went through all of the steps outlined there on my actual Server 2016 powershell command line I received after some time (maybe a minute) the following: ... PS H:\> $SMTPClient.Send($Email) .. Exception calling "Send" with "1" argument(s): "The operation has timed out." At line:1 char:1 + $SMTPClient.Send($Email) + + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SmtpException PS H:\> So how can I utilize this successfully from my FPC console program? If it works using "Powershell" how can I then execute the commands from my program using TProcess? -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: Indy 10 uses a completely outdated version of the SSL library, which does not have the most recent cryptographic routines (notably for tls). Most likely the server was updated and now rejects this old version. It looks likely. I will check with the ISP tech support on Monday (this company closes support on week-ends).. There is of course a new version of the openssl library (3.2.x). The interface of that library changed, but to the best of my knowledge, indy does not support it. Then I have to switch to my backup plan, which is to do the mailing itself from a php script on my webserver (hosted at the same ISP server as the mail server is running on). You could also use Synapse. I always prefer synapse over Indy. Then I have to modify the mailer program so it posts the data to that php handler instead of using the SMTP Indy component to do the job. Or you use the system installed mailer. That's what I do. I write the mail to file and invoke sendmail. No hassle with TLS, failed connections and whatnot. sendmail will do what it takes, even retry in case of temporary failure. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 09:30:17 +0100 (CET), Michael Van Canneyt via lazarus wrote: > > >On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: > >> I wrote a commit reporting application for Windows Server16 back in 2018 >> using >> then current Lazarus/Fpc. >> It is a command line program called from a hook in subversion to distribute >> the >> log message and details of commits among co-workers. >> >> It uses Indy 10.6.2 to do its job. In fact I don't know which Indy10 version was current in 2018 but I recompiled today with Lazarus 2.2.4 + Fpc 3.2.2 and there was no improvement. :( >> Now I have looked in the logfiles the application creates and found this >> error >> example: >> >> 20240111 17:13:35.343 Connecting to mailserver >> 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with >> SSL. >> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version >> > >Indy 10 uses a completely outdated version of the SSL library, which does >not have the most recent cryptographic routines (notably for tls). > >Most likely the server was updated and now rejects this old version. It looks likely. I will check with the ISP tech support on Monday (this company closes support on week-ends).. >There is of course a new version of the openssl library (3.2.x). >The interface of that library changed, but to the best of my knowledge, >indy does not support it. Then I have to switch to my backup plan, which is to do the mailing itself from a php script on my webserver (hosted at the same ISP server as the mail server is running on). Then I have to modify the mailer program so it posts the data to that php handler instead of using the SMTP Indy component to do the job. >The sgcWebSockets suite has an updated version of openssl which should be able >to >support openssl 3, but that is paying software.. > There is a lot of stuff related to the SVN server communications built into my mailer also using Indy so I will have to modify that application... -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 09:31:19 +0100, Jean SUZINEAU via lazarus wrote: >I am not sure but it looks like your program is using TLS v1 protocol. >I think that TLS v1 is deprecated and now your SMTP mailserver requires >a newer version of TLS. >May be your SMTP mailserver / Windows Server 2016 has been updated >recently ? The mailserver is not mine, it is on my ISP where I have my webhosting. THe Windows 2016 Server is where I host the SubVersion server and where my reporting program runs... I too think that the ISP mailserver has been updated... I have tried to recompile the application originally created back in 2018 now using Lazarus 2.2.4 / Ppc 3.2.2 in the hope that Indy would have been updated. But no, it does not change - the problem is still there. -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
[Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
The mORMot2 supports 3.0 https://blog.synopse.info/?post/2023/09/08/End-Of-Live-OpenSSL-1.1-vs-Slow-OpenSSL-3.0 -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
I am not sure but it looks like your program is using TLS v1 protocol. I think that TLS v1 is deprecated and now your SMTP mailserver requires a newer version of TLS. May be your SMTP mailserver / Windows Server 2016 has been updated recently ?-- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: I wrote a commit reporting application for Windows Server16 back in 2018 using then current Lazarus/Fpc. It is a command line program called from a hook in subversion to distribute the log message and details of commits among co-workers. It uses Indy 10.6.2 to do its job. The mailer class has these in uses: {Indy units:} IdSMTP, IdMessage, IdEMailAddress, IdIOHandler, IdIOHandlerSocket, IdIOHandlerStack, IdSSL, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdMessageBuilder, Back mid-december 2023 the emails stopped arriving but the problem was not discovered/reported until I myself recently did a commit and I did not get the expected log message email... Now I have looked in the logfiles the application creates and found this error example: 20240111 17:13:35.343 Connecting to mailserver 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL. error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version Can someone please advice: - Is there an external (dll?) file on Windows Server 2016 might need to be updated for ssl to work in email handling using Indy10 with SSL? Indy 10 uses a completely outdated version of the SSL library, which does not have the most recent cryptographic routines (notably for tls). Most likely the server was updated and now rejects this old version. There is of course a new version of the openssl library (3.2.x). The interface of that library changed, but to the best of my knowledge, indy does not support it. The sgcWebSockets suite has an updated version of openssl which should be able to support openssl 3, but that is paying software.. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus