Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
The default for SSLVersions is sslvTLSv1, so it looks like your mail server stopped accepting TLS v1.x (which it should do as older versions are now deprecated). I assume that you are using the out of date Openssl 1.0.2 library or earlier, given that TIdSSLIOHandlerSocketOpenSSL does not work with later versions. The underlying problem here is that the current Indy version does not support OpenSSL beyond 1.0.2. The next problem that you will hit is that your OS deprecates this version and you have to build and install Openssl 1.0.2 yourself (including any unfixed bugs). This is already true in the Linux world where Debian 12 only provides OpenSSL 3.2. I am still using Mint 20.3 on my desktop, but that has also discontinued 1.0.2 with 1.1.1 being the provided version. I am not sure what is the status under Windows. As I reported in my post to this thread on 13th, there is a proposed patch available to support OpenSSL 1.1.1 with a hint that the author is working on a patch for OpenSSL 3.2. It would be a good idea if all affected users could keep pushing, on the github issues list for Indy, in order to get this patch done as without it Indy is effectively end of life. On 15/01/2024 07:32, Bo Berglund via lazarus wrote: FINALLY: After I posted on the Atozed forum I received a reply where a by me previously unknown configuration item for TIdSSLIOHandlerSocketOpenSSL was suggested: constructor TSvnMessage.Create; begin FSvnUsers := TSvnUsers.Create; FSubscription := TStringList.Create; FSMTP := TIdSMTP.Create(nil); FSSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil); //Add this to set the scope of SSL versions allowed: FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; FMailMessage := TIdMessage.Create(nil); end; This single line in the code for my mailer made it resume operations toward the changed mail server! Posting here in case someone wonders in the future about how to fix it. Issue closed.-- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
Le 14/01/2024 à 22:32, Bo Berglund via lazarus a écrit : I assume MailData is the mail body... 2) How can I add Bcc recipients? In fact I think MailData contains a mail header (with something likeReply-to: x...@yyy.com) followed by a mail body after an empty line: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 00:54:59 +0100, Bo Berglund via lazarus
wrote:
>I wrote a commit reporting application for Windows Server16 back in 2018 using
>then current Lazarus/Fpc.
>It is a command line program called from a hook in subversion to distribute the
>log message and details of commits among co-workers.
>
>It uses Indy 10.6.2 to do its job.
>The mailer class has these in uses:
> {Indy units:}
> IdSMTP,
> IdMessage,
> IdEMailAddress,
> IdIOHandler,
> IdIOHandlerSocket,
> IdIOHandlerStack,
> IdSSL,
> IdSSLOpenSSL,
> IdExplicitTLSClientServerBase,
> IdMessageBuilder,
>
>Back mid-december 2023 the emails stopped arriving but the problem was not
>discovered/reported until I myself recently did a commit and I did not get the
>expected log message email...
>
>Now I have looked in the logfiles the application creates and found this error
>example:
>
>20240111 17:13:35.343 Connecting to mailserver
>20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL.
>error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
>
>My development system is a Windows 10 x64 PC...
FINALLY:
After I posted on the Atozed forum I received a reply where a by me previously
unknown configuration item for TIdSSLIOHandlerSocketOpenSSL was suggested:
constructor TSvnMessage.Create;
begin
FSvnUsers := TSvnUsers.Create;
FSubscription := TStringList.Create;
FSMTP := TIdSMTP.Create(nil);
FSSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
//Add this to set the scope of SSL versions allowed:
FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
FMailMessage := TIdMessage.Create(nil);
end;
This single line in the code for my mailer made it resume operations toward the
changed mail server!
Posting here in case someone wonders in the future about how to fix it.
Issue closed.
--
Bo Berglund
Developer in Sweden
--
___
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sun, 14 Jan 2024 12:54:08 +0100 (CET), Michael Van Canneyt via lazarus wrote: >The synapse package is not installed in the IDE, it does not >install any components on the component palette. > >The Synapse package just offers classes which you must create in code. > >But once you compiled the package, you can specify it as a dependency. > >This is explained in my article, in the first paragraphs. > >> >> Inside the pdf I found a link to http://synapse.ararat.cz/ but there seems >> to be >> only files from more than 10 years ago, how could they solve the recently >> encountered ssl problem? > >The latest code is on sourceforge: > >https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/ > >You can see it referenced on: > >http://synapse.ararat.cz/doku.php/download > >The maintainer is considering switching to git(lab|hub), but this will take >some time. > >However, the package in lazarus should be up-to-date for your needs, I think. > >> Could you (or someone else reading this) suggest a new SendSvnMessage >> function >> that will replace the following (snippets) but using Synapse (and say from >> where >> I can get synapse): > >The following program compiles: > >With the aid of my article, you should be able to extend the code to work with >attachments etc. Thank you so much for your help! I don't need attachmentshere since it is a commit reporting utility, just listing what was committed and the message entered. I have now retrieved the synapse package sources (using SVN from SourceForge) and compiled in Lazarus. So I am now making a test program to only prove that the mail server I must use will play balls and accept the postings. A few more questions: 1) Is there a way to set the mail property "Reply-to" when using synapse? There might be a case when the sender of an email (the From address) has to be the account owner and I want to make sure that those that receive the message can reply to it and get to the actual person making the SVN commit. It does not appear to be that way here: function SendToEx(const MailFrom, MailTo, Subject, SMTPHost: string; const MailData: TStrings; const Username, Password: string): Boolean; I assume MailData is the mail body... 2) How can I add Bcc recipients? -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sun, 14 Jan 2024, Bo Berglund via lazarus wrote:
On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus
wrote:
You could also use Synapse. I always prefer synapse over Indy.
So I have now verified that I cannot use Indy10 for email sending anymore :( ...
I have used Indy since a very long time like 20 years or so when dealing with
Internet accesses. So I am not used to other ways.
Now I have looked around for valid examples which will work like my send
function but using Synapse but the result is confusing.
I have found your pdf document "Sending mails using Lazarus.pdf".
But I am not clear as to how to map the Indy properties to Synapse...
And the example's uses clause is not shown so I don't know what to put there...
It says so in the text: 'the smtpsend unit'.
In fact I have looked for Synapse and in OnLine Package Manager I find
Synapse_40.1, which I have installed via OLPM. But when looking through the
packages in Lazarus I cannot find any match to synapse at all.
What have I done wrong?
Nothing.
The synapse package is not installed in the IDE, it does not
install any components on the component palette.
The Synapse package just offers classes which you must create in code.
But once you compiled the package, you can specify it as a dependency.
This is explained in my article, in the first paragraphs.
Inside the pdf I found a link to http://synapse.ararat.cz/ but there seems to be
only files from more than 10 years ago, how could they solve the recently
encountered ssl problem?
The latest code is on sourceforge:
https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/
You can see it referenced on:
http://synapse.ararat.cz/doku.php/download
The maintainer is considering switching to git(lab|hub), but this will take
some time.
However, the package in lazarus should be up-to-date for your needs, I think.
Could you (or someone else reading this) suggest a new SendSvnMessage function
that will replace the following (snippets) but using Synapse (and say from where
I can get synapse):
The following program compiles:
With the aid of my article, you should be able to extend the code to work with
attachments etc.
program sm;
{$mode objfpc}
{$h+}
uses
ssl_openssl, smtpSend, mimepart, mimemess, sysutils, classes;
type
{ TSvnUser } //Data from SVN user config is put here
TSvnUser = class
public
LoginName,
FullName,
Email: string;
end;
TSvnUsers = Array of TSVNUser;
{ TSvnMessage }
TSvnMessage = class
private
FSMTP: TSMTPSend;
FMailMessage: TMimeMess;
FSender : String;
FMailServer: string;
FMailLogin: string;
FMailPwd: string;
FMailPort: word;
FMailUseSSL: boolean;
FMailTimeout: integer;
FSvnUsers: TSvnUsers; //A list of users (TSvnUser) and data
function SendSvnMessage: boolean;
procedure preparemessage;
end;
Procedure Log(Msg : string);
begin
writeln(msg)
end;
Procedure MailError(Msg : String);
begin
Raise Exception.Create(Msg);
end;
procedure LogException(Msg : string);
begin
Writeln('Exception occurred : ',Msg);
end;
function TSvnMessage.SendSvnMessage: boolean;
var
sSubject: string;
i: integer;
begin
Result := false;
try
PrepareMessage;
//Set up the SMTP transfer properties
FSMTP.TargetPort := IntToStr(FMailPort);
FSMTP.TargetHost := FMailServer;
FSMTP.AutoTls:=true;
FSMTP.Username := FMailLogin;
FSMTP.Password := FMailPwd;
//FSMTP.MailAgent := 'SVNMailer';
FSMTP.Timeout := FMailTimeout;
// compose the message
FMailMessage.EncodeMessage;
//Now send message
Log('Connecting to mailserver');
if FSMTP.Login then
begin
Log('Sending message');
if not FSMTP.MailFrom(FSender,0) then
MailError('Setting mail from')
else
begin
if not FSMTP.MailTo('u...@example.com') then
MailError('Setting mail to')
else
FSMTP.MailData(FMailMessage.Lines);
end;
Result := true;
end;
except
on E: Exception do
begin
LogException('In SendSvnMessage = ' + E.Message);
end;
end;
end;
procedure TSvnMessage.PrepareMessage;
var
i: integer;
Usr,
Msg: string;
SU: TSvnUser;
begin
(*if Pos('', FMailMessage.Body.Text) > 0 then
FMailMessage.ContentType := 'text/html; charset=utf-8'
else
FMailMessage.ContentType := 'text/plain; charset=utf-8';*)
Msg := 'Recipients:';
// for i := 0 to FSubscription.Count - 1 do
begin
//Usr := Lowercase(FSubscription[i]);
//if Pos('#', Usr) > 0 then Continue;
//SU := FSvnUsers.UserByLogin[Usr];
if SU <> NIL then
begin
// Add to TO: list. There is also CClist
FMailMessage.Header.ToList.Add(Format('%s <%s>',[SU.FullName,SU.Email]));
Msg := Msg + ' ' + Usr;
end;
end;
// Log(Msg);
end;
begin
end.
--
___
lazarus mailing list
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On 2024-01-14 12:20, Bo Berglund via lazarus wrote: On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: You could also use Synapse. I always prefer synapse over Indy. So I have now verified that I cannot use Indy10 for email sending anymore :( ... I have used Indy since a very long time like 20 years or so when dealing with Internet accesses. So I am not used to other ways. Now I have looked around for valid examples which will work like my send function but using Synapse but the result is confusing. I think you have alternatives. You can seek and find a windows light mail server program that runs in the same machine as your program. You do not need a full fledged one. It's tasks is solely to receive email from your program and send it to your ISP. I can not suggest one, you would have to ask on some windows support group. The advantage is not having to modify your code. Or you can try to find another type of windows light mail server, of the type that you pass it a file to send as email, similarly to what is done on Linux with sendmail. You have to modify your code, but your program will not need to talk smtp. Fire and forget. In Linux there are also mail client applications, those that are used by a user to type an email and send it, that can also be called on scripts. Maybe they exist on Windows too. Thunderbird can do this: thunderbird.exe -compose "to='em...@domain.com',subject='Some Subject',preselectid='id1',body='Message Body',attachment='File.txt'" (in batch, add "start /b" or it will stop waiting for TB to return) https://stackoverflow.com/questions/6253701/thunderbird-compose-email-in-a-batch-script-continue-to-next-command http://forums.mozillazine.org/viewtopic.php?t=3033072 -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar) OpenPGP_signature.asc Description: OpenPGP digital signature -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus
wrote:
>You could also use Synapse. I always prefer synapse over Indy.
>
So I have now verified that I cannot use Indy10 for email sending anymore :( ...
I have used Indy since a very long time like 20 years or so when dealing with
Internet accesses. So I am not used to other ways.
Now I have looked around for valid examples which will work like my send
function but using Synapse but the result is confusing.
I have found your pdf document "Sending mails using Lazarus.pdf".
But I am not clear as to how to map the Indy properties to Synapse...
And the example's uses clause is not shown so I don't know what to put there...
In fact I have looked for Synapse and in OnLine Package Manager I find
Synapse_40.1, which I have installed via OLPM. But when looking through the
packages in Lazarus I cannot find any match to synapse at all.
What have I done wrong?
Inside the pdf I found a link to http://synapse.ararat.cz/ but there seems to be
only files from more than 10 years ago, how could they solve the recently
encountered ssl problem?
Could you (or someone else reading this) suggest a new SendSvnMessage function
that will replace the following (snippets) but using Synapse (and say from where
I can get synapse):
uses
...
IdSMTP,
IdMessage,
IdEMailAddress,
IdIOHandler,
IdIOHandlerStack,
IdSSL,
IdSSLOpenSSL,
IdExplicitTLSClientServerBase,
IdMessageBuilder,
...
type
{ TSvnUser } //Data from SVN user config is put here
TSvnUser = class
public
LoginName,
FullName,
Email: string;
end;
{ TSvnMessage }
TSvnMessage = class
private
FSMTP: TIdSMTP;
FSSLHandler: TIdSSLIOHandlerSocketOpenSSL;
FMailMessage: TIdMessage;
FMailServer: string;
FMailLogin: string;
FMailPwd: string;
FMailPort: word;
FMailUseSSL: boolean;
FMailTimeout: integer;
FSvnUsers: TSvnUsers; //A list of users (TSvnUser) and data
...
function TSvnMessage.SendSvnMessage: boolean;
var
sSubject: string;
i: integer;
begin
Result := false;
try
PrepareMessage;
//Set up the SMTP transfer properties
FSMTP.Port := FMailPort;
FSMTP.Host := FMailServer;
FSMTP.AuthType := satDefault;
FSMTP.Username := FMailLogin;
FSMTP.Password := FMailPwd;
FSMTP.MailAgent := 'SVNMailer';
if FMailUseSSL then
begin
FSMTP.IOHandler := FSSLHandler;
FSMTP.UseTLS := utUseImplicitTLS;
FSSLHandler.Port := FMailPort;
end;
FSMTP.ConnectTimeout := FMailTimeout;
//Now send message
Log('Connecting to mailserver');
FSMTP.Connect;
if FSMTP.Connected then
begin
Log('Sending message');
FSMTP.Send(FMailMessage);
Log('Send done');
FSMTP.Disconnect();
Result := true;
end;
except
on E: Exception do
begin
LogException('In SendSvnMessage = ' + E.Message);
end;
end;
end;
procedure TSvnMessage.PrepareMessage;
var
i: integer;
Usr,
Msg: string;
SU: TSvnUser;
MA: TIdEMailAddressItem; //<== Does Synapse have something like this?
begin
(*if Pos('', FMailMessage.Body.Text) > 0 then
FMailMessage.ContentType := 'text/html; charset=utf-8'
else
FMailMessage.ContentType := 'text/plain; charset=utf-8';*)
Msg := 'Recipients:';
for i := 0 to FSubscription.Count - 1 do
begin
Usr := Lowercase(FSubscription[i]);
if Pos('#', Usr) > 0 then Continue;
SU := FSvnUsers.UserByLogin[Usr];
if SU <> NIL then
begin
MA := FMailMessage.Recipients.Add; // How is this done in Synapse?
MA.Name := SU.FullName; // <== The name: 'John Doe'
MA.Address := SU.Email; // <== The address: john@somedomain.com
Msg := Msg + ' ' + Usr;
end;
end;
Log(Msg);
end;
--
Bo Berglund
Developer in Sweden
--
___
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: Or you use the system installed mailer. That's what I do. I write the mail to file and invoke sendmail. No hassle with TLS, failed connections and whatnot. sendmail will do what it takes, even retry in case of temporary failure. Michael. So you are implying there is a command line activated "mailer" on Windows Server 2016? No, only on Linux. I seem to have missed the fact that your program runs on windows. I would recommend using synapse then. It has never failed me. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
I came across a similar problem recently with Indy and did some
research. There is a proposed patch to support Openssl 1.1.1 and hence
TLS1.3. This is discussed on github under
https://github.com/IndySockets/Indy/pull/299
with a proposed patch published under
https://github.com/mezen/Indy/tree/NewOpenSSL_PR
I have tested this proposed patch out with Lazarus/fpc. It is clearly
work in progress and seems to have been frozen while a proper upgrade to
Openssl 3.2. is developed. There is little by the way of additional
documentation. However, I did get it working as a code library by
1. Adding to the unit path, in addition to the usual Lib/Core,
Lib/Protocols and Lib/System, the
Lib/Protocols/OpenSSL
Lib/Protocols/OpenSSL/dynamic
directories, and adding to the include path
/Lib/FCL
2. Using the IdOpenSSLIOHandlerClient unit instead of the
IdSSL,IdSSLOpenSSLunits.
3. For an http client using the TIdOpenSSLIOHandlerClient class instead
of the TIdSSLIOHandlerSocketOpenSSLclass as the httpclient's SSLHandler
(no need for any options).
4. compiling and fixing a compile time bug (stray ':' after and "out").
In my test program all then seemed to work fine with OpenSSL 1.1.1. and
the updated Indy source.
On 13/01/2024 08:30, Michael Van Canneyt via lazarus wrote:
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote:
I wrote a commit reporting application for Windows Server16 back in
2018 using
then current Lazarus/Fpc.
It is a command line program called from a hook in subversion to
distribute the
log message and details of commits among co-workers.
It uses Indy 10.6.2 to do its job.
The mailer class has these in uses:
{Indy units:}
IdSMTP,
IdMessage,
IdEMailAddress,
IdIOHandler,
IdIOHandlerSocket,
IdIOHandlerStack,
IdSSL,
IdSSLOpenSSL,
IdExplicitTLSClientServerBase,
IdMessageBuilder,
Back mid-december 2023 the emails stopped arriving but the problem
was not
discovered/reported until I myself recently did a commit and I did
not get the
expected log message email...
Now I have looked in the logfiles the application creates and found
this error
example:
20240111 17:13:35.343 Connecting to mailserver
20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting
with SSL.
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
Can someone please advice:
- Is there an external (dll?) file on Windows Server 2016 might need
to be
updated for ssl to work in email handling using Indy10 with SSL?
Indy 10 uses a completely outdated version of the SSL library, which does
not have the most recent cryptographic routines (notably for tls).
Most likely the server was updated and now rejects this old version.
There is of course a new version of the openssl library (3.2.x).
The interface of that library changed, but to the best of my
knowledge, indy does not support it.
The sgcWebSockets suite has an updated version of openssl which should
be able to
support openssl 3, but that is paying software..
Michael.--
___
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, Jan 13, 2024 at 9:10 AM Bo Berglund wrote: > I searched on the net and found this: > https://tecadmin.net/send-email-from-windows-command-line/ From: https://learn.microsoft.com/en-us/dotnet/api/system.net.mail.smtpclient "We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit or other libraries instead. For more information, see SmtpClient shouldn't be used on GitHub." References: Mailkit: https://github.com/jstedfast/MailKit DE0005: SmtpClient shouldn't be used https://github.com/dotnet/platform-compat/blob/master/docs/DE0005.md -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: >Or you use the system installed mailer. That's what I do. >I write the mail to file and invoke sendmail. > >No hassle with TLS, failed connections and whatnot. >sendmail will do what it takes, even retry in case of temporary failure. > >Michael. So you are implying there is a command line activated "mailer" on Windows Server 2016? Could you please expand a bit on that, it seems like a way to solve my problem if it is like so. I searched on the net and found this: https://tecadmin.net/send-email-from-windows-command-line/ However after I went through all of the steps outlined there on my actual Server 2016 powershell command line I received after some time (maybe a minute) the following: ... PS H:\> $SMTPClient.Send($Email) .. Exception calling "Send" with "1" argument(s): "The operation has timed out." At line:1 char:1 + $SMTPClient.Send($Email) + + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SmtpException PS H:\> So how can I utilize this successfully from my FPC console program? If it works using "Powershell" how can I then execute the commands from my program using TProcess? -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: Indy 10 uses a completely outdated version of the SSL library, which does not have the most recent cryptographic routines (notably for tls). Most likely the server was updated and now rejects this old version. It looks likely. I will check with the ISP tech support on Monday (this company closes support on week-ends).. There is of course a new version of the openssl library (3.2.x). The interface of that library changed, but to the best of my knowledge, indy does not support it. Then I have to switch to my backup plan, which is to do the mailing itself from a php script on my webserver (hosted at the same ISP server as the mail server is running on). You could also use Synapse. I always prefer synapse over Indy. Then I have to modify the mailer program so it posts the data to that php handler instead of using the SMTP Indy component to do the job. Or you use the system installed mailer. That's what I do. I write the mail to file and invoke sendmail. No hassle with TLS, failed connections and whatnot. sendmail will do what it takes, even retry in case of temporary failure. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 09:30:17 +0100 (CET), Michael Van Canneyt via lazarus wrote: > > >On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: > >> I wrote a commit reporting application for Windows Server16 back in 2018 >> using >> then current Lazarus/Fpc. >> It is a command line program called from a hook in subversion to distribute >> the >> log message and details of commits among co-workers. >> >> It uses Indy 10.6.2 to do its job. In fact I don't know which Indy10 version was current in 2018 but I recompiled today with Lazarus 2.2.4 + Fpc 3.2.2 and there was no improvement. :( >> Now I have looked in the logfiles the application creates and found this >> error >> example: >> >> 20240111 17:13:35.343 Connecting to mailserver >> 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with >> SSL. >> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version >> > >Indy 10 uses a completely outdated version of the SSL library, which does >not have the most recent cryptographic routines (notably for tls). > >Most likely the server was updated and now rejects this old version. It looks likely. I will check with the ISP tech support on Monday (this company closes support on week-ends).. >There is of course a new version of the openssl library (3.2.x). >The interface of that library changed, but to the best of my knowledge, >indy does not support it. Then I have to switch to my backup plan, which is to do the mailing itself from a php script on my webserver (hosted at the same ISP server as the mail server is running on). Then I have to modify the mailer program so it posts the data to that php handler instead of using the SMTP Indy component to do the job. >The sgcWebSockets suite has an updated version of openssl which should be able >to >support openssl 3, but that is paying software.. > There is a lot of stuff related to the SVN server communications built into my mailer also using Indy so I will have to modify that application... -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 09:31:19 +0100, Jean SUZINEAU via lazarus wrote: >I am not sure but it looks like your program is using TLS v1 protocol. >I think that TLS v1 is deprecated and now your SMTP mailserver requires >a newer version of TLS. >May be your SMTP mailserver / Windows Server 2016 has been updated >recently ? The mailserver is not mine, it is on my ISP where I have my webhosting. THe Windows 2016 Server is where I host the SubVersion server and where my reporting program runs... I too think that the ISP mailserver has been updated... I have tried to recompile the application originally created back in 2018 now using Lazarus 2.2.4 / Ppc 3.2.2 in the hope that Indy would have been updated. But no, it does not change - the problem is still there. -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
I am not sure but it looks like your program is using TLS v1 protocol. I think that TLS v1 is deprecated and now your SMTP mailserver requires a newer version of TLS. May be your SMTP mailserver / Windows Server 2016 has been updated recently ?-- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote:
I wrote a commit reporting application for Windows Server16 back in 2018 using
then current Lazarus/Fpc.
It is a command line program called from a hook in subversion to distribute the
log message and details of commits among co-workers.
It uses Indy 10.6.2 to do its job.
The mailer class has these in uses:
{Indy units:}
IdSMTP,
IdMessage,
IdEMailAddress,
IdIOHandler,
IdIOHandlerSocket,
IdIOHandlerStack,
IdSSL,
IdSSLOpenSSL,
IdExplicitTLSClientServerBase,
IdMessageBuilder,
Back mid-december 2023 the emails stopped arriving but the problem was not
discovered/reported until I myself recently did a commit and I did not get the
expected log message email...
Now I have looked in the logfiles the application creates and found this error
example:
20240111 17:13:35.343 Connecting to mailserver
20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL.
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
Can someone please advice:
- Is there an external (dll?) file on Windows Server 2016 might need to be
updated for ssl to work in email handling using Indy10 with SSL?
Indy 10 uses a completely outdated version of the SSL library, which does
not have the most recent cryptographic routines (notably for tls).
Most likely the server was updated and now rejects this old version.
There is of course a new version of the openssl library (3.2.x).
The interface of that library changed, but to the best of my knowledge,
indy does not support it.
The sgcWebSockets suite has an updated version of openssl which should be able
to
support openssl 3, but that is paying software..
Michael.
--
___
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
