Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
The default for SSLVersions is sslvTLSv1, so it looks like your mail server stopped accepting TLS v1.x (which it should do as older versions are now deprecated). I assume that you are using the out of date Openssl 1.0.2 library or earlier, given that TIdSSLIOHandlerSocketOpenSSL does not work with later versions. The underlying problem here is that the current Indy version does not support OpenSSL beyond 1.0.2. The next problem that you will hit is that your OS deprecates this version and you have to build and install Openssl 1.0.2 yourself (including any unfixed bugs). This is already true in the Linux world where Debian 12 only provides OpenSSL 3.2. I am still using Mint 20.3 on my desktop, but that has also discontinued 1.0.2 with 1.1.1 being the provided version. I am not sure what is the status under Windows. As I reported in my post to this thread on 13th, there is a proposed patch available to support OpenSSL 1.1.1 with a hint that the author is working on a patch for OpenSSL 3.2. It would be a good idea if all affected users could keep pushing, on the github issues list for Indy, in order to get this patch done as without it Indy is effectively end of life. On 15/01/2024 07:32, Bo Berglund via lazarus wrote: FINALLY: After I posted on the Atozed forum I received a reply where a by me previously unknown configuration item for TIdSSLIOHandlerSocketOpenSSL was suggested: constructor TSvnMessage.Create; begin FSvnUsers := TSvnUsers.Create; FSubscription := TStringList.Create; FSMTP := TIdSMTP.Create(nil); FSSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil); //Add this to set the scope of SSL versions allowed: FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; FMailMessage := TIdMessage.Create(nil); end; This single line in the code for my mailer made it resume operations toward the changed mail server! Posting here in case someone wonders in the future about how to fix it. Issue closed.-- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
Le 14/01/2024 à 22:32, Bo Berglund via lazarus a écrit : I assume MailData is the mail body... 2) How can I add Bcc recipients? In fact I think MailData contains a mail header (with something likeReply-to: x...@yyy.com) followed by a mail body after an empty line: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 00:54:59 +0100, Bo Berglund via lazarus wrote: >I wrote a commit reporting application for Windows Server16 back in 2018 using >then current Lazarus/Fpc. >It is a command line program called from a hook in subversion to distribute the >log message and details of commits among co-workers. > >It uses Indy 10.6.2 to do its job. >The mailer class has these in uses: > {Indy units:} > IdSMTP, > IdMessage, > IdEMailAddress, > IdIOHandler, > IdIOHandlerSocket, > IdIOHandlerStack, > IdSSL, > IdSSLOpenSSL, > IdExplicitTLSClientServerBase, > IdMessageBuilder, > >Back mid-december 2023 the emails stopped arriving but the problem was not >discovered/reported until I myself recently did a commit and I did not get the >expected log message email... > >Now I have looked in the logfiles the application creates and found this error >example: > >20240111 17:13:35.343 Connecting to mailserver >20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL. >error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version > >My development system is a Windows 10 x64 PC... FINALLY: After I posted on the Atozed forum I received a reply where a by me previously unknown configuration item for TIdSSLIOHandlerSocketOpenSSL was suggested: constructor TSvnMessage.Create; begin FSvnUsers := TSvnUsers.Create; FSubscription := TStringList.Create; FSMTP := TIdSMTP.Create(nil); FSSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil); //Add this to set the scope of SSL versions allowed: FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; FMailMessage := TIdMessage.Create(nil); end; This single line in the code for my mailer made it resume operations toward the changed mail server! Posting here in case someone wonders in the future about how to fix it. Issue closed. -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sun, 14 Jan 2024 12:54:08 +0100 (CET), Michael Van Canneyt via lazarus wrote: >The synapse package is not installed in the IDE, it does not >install any components on the component palette. > >The Synapse package just offers classes which you must create in code. > >But once you compiled the package, you can specify it as a dependency. > >This is explained in my article, in the first paragraphs. > >> >> Inside the pdf I found a link to http://synapse.ararat.cz/ but there seems >> to be >> only files from more than 10 years ago, how could they solve the recently >> encountered ssl problem? > >The latest code is on sourceforge: > >https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/ > >You can see it referenced on: > >http://synapse.ararat.cz/doku.php/download > >The maintainer is considering switching to git(lab|hub), but this will take >some time. > >However, the package in lazarus should be up-to-date for your needs, I think. > >> Could you (or someone else reading this) suggest a new SendSvnMessage >> function >> that will replace the following (snippets) but using Synapse (and say from >> where >> I can get synapse): > >The following program compiles: > >With the aid of my article, you should be able to extend the code to work with >attachments etc. Thank you so much for your help! I don't need attachmentshere since it is a commit reporting utility, just listing what was committed and the message entered. I have now retrieved the synapse package sources (using SVN from SourceForge) and compiled in Lazarus. So I am now making a test program to only prove that the mail server I must use will play balls and accept the postings. A few more questions: 1) Is there a way to set the mail property "Reply-to" when using synapse? There might be a case when the sender of an email (the From address) has to be the account owner and I want to make sure that those that receive the message can reply to it and get to the actual person making the SVN commit. It does not appear to be that way here: function SendToEx(const MailFrom, MailTo, Subject, SMTPHost: string; const MailData: TStrings; const Username, Password: string): Boolean; I assume MailData is the mail body... 2) How can I add Bcc recipients? -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sun, 14 Jan 2024, Bo Berglund via lazarus wrote: On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: You could also use Synapse. I always prefer synapse over Indy. So I have now verified that I cannot use Indy10 for email sending anymore :( ... I have used Indy since a very long time like 20 years or so when dealing with Internet accesses. So I am not used to other ways. Now I have looked around for valid examples which will work like my send function but using Synapse but the result is confusing. I have found your pdf document "Sending mails using Lazarus.pdf". But I am not clear as to how to map the Indy properties to Synapse... And the example's uses clause is not shown so I don't know what to put there... It says so in the text: 'the smtpsend unit'. In fact I have looked for Synapse and in OnLine Package Manager I find Synapse_40.1, which I have installed via OLPM. But when looking through the packages in Lazarus I cannot find any match to synapse at all. What have I done wrong? Nothing. The synapse package is not installed in the IDE, it does not install any components on the component palette. The Synapse package just offers classes which you must create in code. But once you compiled the package, you can specify it as a dependency. This is explained in my article, in the first paragraphs. Inside the pdf I found a link to http://synapse.ararat.cz/ but there seems to be only files from more than 10 years ago, how could they solve the recently encountered ssl problem? The latest code is on sourceforge: https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/ You can see it referenced on: http://synapse.ararat.cz/doku.php/download The maintainer is considering switching to git(lab|hub), but this will take some time. However, the package in lazarus should be up-to-date for your needs, I think. Could you (or someone else reading this) suggest a new SendSvnMessage function that will replace the following (snippets) but using Synapse (and say from where I can get synapse): The following program compiles: With the aid of my article, you should be able to extend the code to work with attachments etc. program sm; {$mode objfpc} {$h+} uses ssl_openssl, smtpSend, mimepart, mimemess, sysutils, classes; type { TSvnUser } //Data from SVN user config is put here TSvnUser = class public LoginName, FullName, Email: string; end; TSvnUsers = Array of TSVNUser; { TSvnMessage } TSvnMessage = class private FSMTP: TSMTPSend; FMailMessage: TMimeMess; FSender : String; FMailServer: string; FMailLogin: string; FMailPwd: string; FMailPort: word; FMailUseSSL: boolean; FMailTimeout: integer; FSvnUsers: TSvnUsers; //A list of users (TSvnUser) and data function SendSvnMessage: boolean; procedure preparemessage; end; Procedure Log(Msg : string); begin writeln(msg) end; Procedure MailError(Msg : String); begin Raise Exception.Create(Msg); end; procedure LogException(Msg : string); begin Writeln('Exception occurred : ',Msg); end; function TSvnMessage.SendSvnMessage: boolean; var sSubject: string; i: integer; begin Result := false; try PrepareMessage; //Set up the SMTP transfer properties FSMTP.TargetPort := IntToStr(FMailPort); FSMTP.TargetHost := FMailServer; FSMTP.AutoTls:=true; FSMTP.Username := FMailLogin; FSMTP.Password := FMailPwd; //FSMTP.MailAgent := 'SVNMailer'; FSMTP.Timeout := FMailTimeout; // compose the message FMailMessage.EncodeMessage; //Now send message Log('Connecting to mailserver'); if FSMTP.Login then begin Log('Sending message'); if not FSMTP.MailFrom(FSender,0) then MailError('Setting mail from') else begin if not FSMTP.MailTo('u...@example.com') then MailError('Setting mail to') else FSMTP.MailData(FMailMessage.Lines); end; Result := true; end; except on E: Exception do begin LogException('In SendSvnMessage = ' + E.Message); end; end; end; procedure TSvnMessage.PrepareMessage; var i: integer; Usr, Msg: string; SU: TSvnUser; begin (*if Pos('', FMailMessage.Body.Text) > 0 then FMailMessage.ContentType := 'text/html; charset=utf-8' else FMailMessage.ContentType := 'text/plain; charset=utf-8';*) Msg := 'Recipients:'; // for i := 0 to FSubscription.Count - 1 do begin //Usr := Lowercase(FSubscription[i]); //if Pos('#', Usr) > 0 then Continue; //SU := FSvnUsers.UserByLogin[Usr]; if SU <> NIL then begin // Add to TO: list. There is also CClist FMailMessage.Header.ToList.Add(Format('%s <%s>',[SU.FullName,SU.Email])); Msg := Msg + ' ' + Usr; end; end; // Log(Msg); end; begin end. -- ___ lazarus mailing list lazarus@lists.
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On 2024-01-14 12:20, Bo Berglund via lazarus wrote: On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: You could also use Synapse. I always prefer synapse over Indy. So I have now verified that I cannot use Indy10 for email sending anymore :( ... I have used Indy since a very long time like 20 years or so when dealing with Internet accesses. So I am not used to other ways. Now I have looked around for valid examples which will work like my send function but using Synapse but the result is confusing. I think you have alternatives. You can seek and find a windows light mail server program that runs in the same machine as your program. You do not need a full fledged one. It's tasks is solely to receive email from your program and send it to your ISP. I can not suggest one, you would have to ask on some windows support group. The advantage is not having to modify your code. Or you can try to find another type of windows light mail server, of the type that you pass it a file to send as email, similarly to what is done on Linux with sendmail. You have to modify your code, but your program will not need to talk smtp. Fire and forget. In Linux there are also mail client applications, those that are used by a user to type an email and send it, that can also be called on scripts. Maybe they exist on Windows too. Thunderbird can do this: thunderbird.exe -compose "to='em...@domain.com',subject='Some Subject',preselectid='id1',body='Message Body',attachment='File.txt'" (in batch, add "start /b" or it will stop waiting for TB to return) https://stackoverflow.com/questions/6253701/thunderbird-compose-email-in-a-batch-script-continue-to-next-command http://forums.mozillazine.org/viewtopic.php?t=3033072 -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar) OpenPGP_signature.asc Description: OpenPGP digital signature -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: >You could also use Synapse. I always prefer synapse over Indy. > So I have now verified that I cannot use Indy10 for email sending anymore :( ... I have used Indy since a very long time like 20 years or so when dealing with Internet accesses. So I am not used to other ways. Now I have looked around for valid examples which will work like my send function but using Synapse but the result is confusing. I have found your pdf document "Sending mails using Lazarus.pdf". But I am not clear as to how to map the Indy properties to Synapse... And the example's uses clause is not shown so I don't know what to put there... In fact I have looked for Synapse and in OnLine Package Manager I find Synapse_40.1, which I have installed via OLPM. But when looking through the packages in Lazarus I cannot find any match to synapse at all. What have I done wrong? Inside the pdf I found a link to http://synapse.ararat.cz/ but there seems to be only files from more than 10 years ago, how could they solve the recently encountered ssl problem? Could you (or someone else reading this) suggest a new SendSvnMessage function that will replace the following (snippets) but using Synapse (and say from where I can get synapse): uses ... IdSMTP, IdMessage, IdEMailAddress, IdIOHandler, IdIOHandlerStack, IdSSL, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdMessageBuilder, ... type { TSvnUser } //Data from SVN user config is put here TSvnUser = class public LoginName, FullName, Email: string; end; { TSvnMessage } TSvnMessage = class private FSMTP: TIdSMTP; FSSLHandler: TIdSSLIOHandlerSocketOpenSSL; FMailMessage: TIdMessage; FMailServer: string; FMailLogin: string; FMailPwd: string; FMailPort: word; FMailUseSSL: boolean; FMailTimeout: integer; FSvnUsers: TSvnUsers; //A list of users (TSvnUser) and data ... function TSvnMessage.SendSvnMessage: boolean; var sSubject: string; i: integer; begin Result := false; try PrepareMessage; //Set up the SMTP transfer properties FSMTP.Port := FMailPort; FSMTP.Host := FMailServer; FSMTP.AuthType := satDefault; FSMTP.Username := FMailLogin; FSMTP.Password := FMailPwd; FSMTP.MailAgent := 'SVNMailer'; if FMailUseSSL then begin FSMTP.IOHandler := FSSLHandler; FSMTP.UseTLS := utUseImplicitTLS; FSSLHandler.Port := FMailPort; end; FSMTP.ConnectTimeout := FMailTimeout; //Now send message Log('Connecting to mailserver'); FSMTP.Connect; if FSMTP.Connected then begin Log('Sending message'); FSMTP.Send(FMailMessage); Log('Send done'); FSMTP.Disconnect(); Result := true; end; except on E: Exception do begin LogException('In SendSvnMessage = ' + E.Message); end; end; end; procedure TSvnMessage.PrepareMessage; var i: integer; Usr, Msg: string; SU: TSvnUser; MA: TIdEMailAddressItem; //<== Does Synapse have something like this? begin (*if Pos('', FMailMessage.Body.Text) > 0 then FMailMessage.ContentType := 'text/html; charset=utf-8' else FMailMessage.ContentType := 'text/plain; charset=utf-8';*) Msg := 'Recipients:'; for i := 0 to FSubscription.Count - 1 do begin Usr := Lowercase(FSubscription[i]); if Pos('#', Usr) > 0 then Continue; SU := FSvnUsers.UserByLogin[Usr]; if SU <> NIL then begin MA := FMailMessage.Recipients.Add; // How is this done in Synapse? MA.Name := SU.FullName; // <== The name: 'John Doe' MA.Address := SU.Email; // <== The address: john@somedomain.com Msg := Msg + ' ' + Usr; end; end; Log(Msg); end; -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: Or you use the system installed mailer. That's what I do. I write the mail to file and invoke sendmail. No hassle with TLS, failed connections and whatnot. sendmail will do what it takes, even retry in case of temporary failure. Michael. So you are implying there is a command line activated "mailer" on Windows Server 2016? No, only on Linux. I seem to have missed the fact that your program runs on windows. I would recommend using synapse then. It has never failed me. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
I came across a similar problem recently with Indy and did some research. There is a proposed patch to support Openssl 1.1.1 and hence TLS1.3. This is discussed on github under https://github.com/IndySockets/Indy/pull/299 with a proposed patch published under https://github.com/mezen/Indy/tree/NewOpenSSL_PR I have tested this proposed patch out with Lazarus/fpc. It is clearly work in progress and seems to have been frozen while a proper upgrade to Openssl 3.2. is developed. There is little by the way of additional documentation. However, I did get it working as a code library by 1. Adding to the unit path, in addition to the usual Lib/Core, Lib/Protocols and Lib/System, the Lib/Protocols/OpenSSL Lib/Protocols/OpenSSL/dynamic directories, and adding to the include path /Lib/FCL 2. Using the IdOpenSSLIOHandlerClient unit instead of the IdSSL,IdSSLOpenSSLunits. 3. For an http client using the TIdOpenSSLIOHandlerClient class instead of the TIdSSLIOHandlerSocketOpenSSLclass as the httpclient's SSLHandler (no need for any options). 4. compiling and fixing a compile time bug (stray ':' after and "out"). In my test program all then seemed to work fine with OpenSSL 1.1.1. and the updated Indy source. On 13/01/2024 08:30, Michael Van Canneyt via lazarus wrote: On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: I wrote a commit reporting application for Windows Server16 back in 2018 using then current Lazarus/Fpc. It is a command line program called from a hook in subversion to distribute the log message and details of commits among co-workers. It uses Indy 10.6.2 to do its job. The mailer class has these in uses: {Indy units:} IdSMTP, IdMessage, IdEMailAddress, IdIOHandler, IdIOHandlerSocket, IdIOHandlerStack, IdSSL, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdMessageBuilder, Back mid-december 2023 the emails stopped arriving but the problem was not discovered/reported until I myself recently did a commit and I did not get the expected log message email... Now I have looked in the logfiles the application creates and found this error example: 20240111 17:13:35.343 Connecting to mailserver 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL. error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version Can someone please advice: - Is there an external (dll?) file on Windows Server 2016 might need to be updated for ssl to work in email handling using Indy10 with SSL? Indy 10 uses a completely outdated version of the SSL library, which does not have the most recent cryptographic routines (notably for tls). Most likely the server was updated and now rejects this old version. There is of course a new version of the openssl library (3.2.x). The interface of that library changed, but to the best of my knowledge, indy does not support it. The sgcWebSockets suite has an updated version of openssl which should be able to support openssl 3, but that is paying software.. Michael.-- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, Jan 13, 2024 at 9:10 AM Bo Berglund wrote: > I searched on the net and found this: > https://tecadmin.net/send-email-from-windows-command-line/ From: https://learn.microsoft.com/en-us/dotnet/api/system.net.mail.smtpclient "We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit or other libraries instead. For more information, see SmtpClient shouldn't be used on GitHub." References: Mailkit: https://github.com/jstedfast/MailKit DE0005: SmtpClient shouldn't be used https://github.com/dotnet/platform-compat/blob/master/docs/DE0005.md -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 17:03:55 +0100 (CET), Michael Van Canneyt via lazarus wrote: >Or you use the system installed mailer. That's what I do. >I write the mail to file and invoke sendmail. > >No hassle with TLS, failed connections and whatnot. >sendmail will do what it takes, even retry in case of temporary failure. > >Michael. So you are implying there is a command line activated "mailer" on Windows Server 2016? Could you please expand a bit on that, it seems like a way to solve my problem if it is like so. I searched on the net and found this: https://tecadmin.net/send-email-from-windows-command-line/ However after I went through all of the steps outlined there on my actual Server 2016 powershell command line I received after some time (maybe a minute) the following: ... PS H:\> $SMTPClient.Send($Email) .. Exception calling "Send" with "1" argument(s): "The operation has timed out." At line:1 char:1 + $SMTPClient.Send($Email) + + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SmtpException PS H:\> So how can I utilize this successfully from my FPC console program? If it works using "Powershell" how can I then execute the commands from my program using TProcess? -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: Indy 10 uses a completely outdated version of the SSL library, which does not have the most recent cryptographic routines (notably for tls). Most likely the server was updated and now rejects this old version. It looks likely. I will check with the ISP tech support on Monday (this company closes support on week-ends).. There is of course a new version of the openssl library (3.2.x). The interface of that library changed, but to the best of my knowledge, indy does not support it. Then I have to switch to my backup plan, which is to do the mailing itself from a php script on my webserver (hosted at the same ISP server as the mail server is running on). You could also use Synapse. I always prefer synapse over Indy. Then I have to modify the mailer program so it posts the data to that php handler instead of using the SMTP Indy component to do the job. Or you use the system installed mailer. That's what I do. I write the mail to file and invoke sendmail. No hassle with TLS, failed connections and whatnot. sendmail will do what it takes, even retry in case of temporary failure. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 09:30:17 +0100 (CET), Michael Van Canneyt via lazarus wrote: > > >On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: > >> I wrote a commit reporting application for Windows Server16 back in 2018 >> using >> then current Lazarus/Fpc. >> It is a command line program called from a hook in subversion to distribute >> the >> log message and details of commits among co-workers. >> >> It uses Indy 10.6.2 to do its job. In fact I don't know which Indy10 version was current in 2018 but I recompiled today with Lazarus 2.2.4 + Fpc 3.2.2 and there was no improvement. :( >> Now I have looked in the logfiles the application creates and found this >> error >> example: >> >> 20240111 17:13:35.343 Connecting to mailserver >> 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with >> SSL. >> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version >> > >Indy 10 uses a completely outdated version of the SSL library, which does >not have the most recent cryptographic routines (notably for tls). > >Most likely the server was updated and now rejects this old version. It looks likely. I will check with the ISP tech support on Monday (this company closes support on week-ends).. >There is of course a new version of the openssl library (3.2.x). >The interface of that library changed, but to the best of my knowledge, >indy does not support it. Then I have to switch to my backup plan, which is to do the mailing itself from a php script on my webserver (hosted at the same ISP server as the mail server is running on). Then I have to modify the mailer program so it posts the data to that php handler instead of using the SMTP Indy component to do the job. >The sgcWebSockets suite has an updated version of openssl which should be able >to >support openssl 3, but that is paying software.. > There is a lot of stuff related to the SVN server communications built into my mailer also using Indy so I will have to modify that application... -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024 09:31:19 +0100, Jean SUZINEAU via lazarus wrote: >I am not sure but it looks like your program is using TLS v1 protocol. >I think that TLS v1 is deprecated and now your SMTP mailserver requires >a newer version of TLS. >May be your SMTP mailserver / Windows Server 2016 has been updated >recently ? The mailserver is not mine, it is on my ISP where I have my webhosting. THe Windows 2016 Server is where I host the SubVersion server and where my reporting program runs... I too think that the ISP mailserver has been updated... I have tried to recompile the application originally created back in 2018 now using Lazarus 2.2.4 / Ppc 3.2.2 in the hope that Indy would have been updated. But no, it does not change - the problem is still there. -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
[Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
The mORMot2 supports 3.0 https://blog.synopse.info/?post/2023/09/08/End-Of-Live-OpenSSL-1.1-vs-Slow-OpenSSL-3.0 -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
I am not sure but it looks like your program is using TLS v1 protocol. I think that TLS v1 is deprecated and now your SMTP mailserver requires a newer version of TLS. May be your SMTP mailserver / Windows Server 2016 has been updated recently ?-- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
Re: [Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote: I wrote a commit reporting application for Windows Server16 back in 2018 using then current Lazarus/Fpc. It is a command line program called from a hook in subversion to distribute the log message and details of commits among co-workers. It uses Indy 10.6.2 to do its job. The mailer class has these in uses: {Indy units:} IdSMTP, IdMessage, IdEMailAddress, IdIOHandler, IdIOHandlerSocket, IdIOHandlerStack, IdSSL, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdMessageBuilder, Back mid-december 2023 the emails stopped arriving but the problem was not discovered/reported until I myself recently did a commit and I did not get the expected log message email... Now I have looked in the logfiles the application creates and found this error example: 20240111 17:13:35.343 Connecting to mailserver 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL. error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version Can someone please advice: - Is there an external (dll?) file on Windows Server 2016 might need to be updated for ssl to work in email handling using Indy10 with SSL? Indy 10 uses a completely outdated version of the SSL library, which does not have the most recent cryptographic routines (notably for tls). Most likely the server was updated and now rejects this old version. There is of course a new version of the openssl library (3.2.x). The interface of that library changed, but to the best of my knowledge, indy does not support it. The sgcWebSockets suite has an updated version of openssl which should be able to support openssl 3, but that is paying software.. Michael. -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
[Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem
I wrote a commit reporting application for Windows Server16 back in 2018 using then current Lazarus/Fpc. It is a command line program called from a hook in subversion to distribute the log message and details of commits among co-workers. It uses Indy 10.6.2 to do its job. The mailer class has these in uses: {Indy units:} IdSMTP, IdMessage, IdEMailAddress, IdIOHandler, IdIOHandlerSocket, IdIOHandlerStack, IdSSL, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdMessageBuilder, Back mid-december 2023 the emails stopped arriving but the problem was not discovered/reported until I myself recently did a commit and I did not get the expected log message email... Now I have looked in the logfiles the application creates and found this error example: 20240111 17:13:35.343 Connecting to mailserver 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL. error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version Can someone please advice: - Is there an external (dll?) file on Windows Server 2016 might need to be updated for ssl to work in email handling using Indy10 with SSL? - Where should I look for that file? - Or is there a different solution to the problem? My development system is a Windows 10 x64 PC... -- Bo Berglund Developer in Sweden -- ___ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus