EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElSMTPClient not starting TLS

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#3766
Posted: 09/14/2007 08:54:15
by Aaron Sherber (Standard support level)
Joined: 08/22/2006
Posts: 6

Hi,

I'm trying to do a simple project, using TElSMTPClient to send an email through a server that requires auth and TLS. I have tried different combinations of the Enabled, SSLMode, and UseSSL properties with no success. Looking at the traffic with Wireshark, it appears that the component never sends STARTTLS or AUTH LOGIN -- after EHLO it skips right to MAIL FROM.

The code basically does Open, Login, Send, Close. Address, Username, and Password are all correctly set. I must either be missing something obvious, or something not apparent from the documentation. I am able to send email using Eudora and Thunderbird with the same login info.

Could someone please post a sample project with TElSMTPClient correctly configured to do auth and TLS? (Don't include a real username and password, of course.)

Thanks,
Aaron.
#3767
Posted: 09/14/2007 09:40:28
by Eugene Mayevski (EldoS Corp.)

Here's the code for Login method:

Code
procedure TElSMTPClient.Login(Domain : string);
var
  r: smallint;

begin
  if Length(Domain) = 0 then
    Domain := FSocket.LocalHostName;// BoundAddress;
  r := GetReply;
  if r <> 220 then
    raise EElSMTPException.Create(SInvalidReply);
  r := SendCmd('EHLO ' + Domain, EHLOAccCodes);
  if (r = 550) or (r = 504) then
    raise EElSmtpError.Create(SInvalidDomainForLogin, r {$ifndef HAS_DEF_PARAMS}{$ifndef FPC}, 0{$endif}{$endif});
  if r = 250 then
    ParseEHLO(FLastGotString)
  else
  begin
    r := SendCmd('HELO ' + Domain, EHLOAccCodes);
    if (r = 550) or (r = 504) then
      raise EElSmtpError.Create(SInvalidDomainForLogin, r {$ifndef HAS_DEF_PARAMS}{$ifndef FPC}, 0{$endif}{$endif});
    if (r <> 250) then
      raise EElSSLCmdClientException.Create(SInvalidReply, r {$ifndef HAS_DEF_PARAMS}{$ifndef FPC}, 0{$endif}{$endif});
  end;

  if FUseSSL and (FSSLMode = {$ifdef CHROME}TSBSSLMode.{$endif}smExplicit) then
    EstablishSSLSession;

  Authenticate;
end;

procedure TElSMTPClient.EstablishSSLSession;
begin
  try
    try
      SendCmd('STARTTLS', STARTTLSAccCodes);
...
...


As you can see, you need to set UseSSL property and SSLMode property.

Does delivery without SSL work?


Sincerely yours
Eugene Mayevski
#3768
Posted: 09/14/2007 10:48:23
by Aaron Sherber (Standard support level)
Joined: 08/22/2006
Posts: 6

UseSSL is True, SSLMode is smExplicit. From your code above, that looks like it should work, but it doesn't.

This particular server requires auth and TLS, so I can't try delivery without SSL.

Thanks,
Aaron.
#3769
Posted: 09/14/2007 11:12:08
by Aaron Sherber (Standard support level)
Joined: 08/22/2006
Posts: 6

There appears to be something wrong with the property streaming mechanism for this component. If I set UseSSL to True, save all files, close them, and re-open, UseSLL has reverted to False, indicating that the correct value was not streamed out to the DFM.

If I set UseSSL to True in code, before I do Open, then the component does send STARTTLS as expected. However, message delivery still fails. The exact error I'm getting from the SMTP server is 550, bad address, in response to RCPT TO. But I know from working with this server that this is a misleading message. It indicates that authentication failed in some way, causing the server to reject the message.

Thanks,
Aaron.
#3770
Posted: 09/14/2007 11:14:48
by Aaron Sherber (Standard support level)
Joined: 08/22/2006
Posts: 6

Here's the source I'm using, by the way, with Address, Username, and Password removed.

Thanks,
Aaron.


[ Download ]
#3771
Posted: 09/14/2007 11:16:09
by Eugene Mayevski (EldoS Corp.)

Streaming has been fixed, thank you.
As for the failure, it's possible that you need to authenticate yourself using username/password as well. If you want, we can move this topic to HelpDesk and you will give us the address of the server. We will try to find out the source of the problem here.


Sincerely yours
Eugene Mayevski
#3772
Posted: 09/14/2007 12:07:14
by Aaron Sherber (Standard support level)
Joined: 08/22/2006
Posts: 6

Thanks for fixing the streaming.

As for authentication, the code I am using does include Username and Password; I just removed that info from the file I uploaded for obvious security reasons. But I agree that it's quite likely that the username and password are not being correctly sent to the server. This is hard to check in Wireshark, of course, because all of the traffic is encrypted after the SSL negotiation.

From the code you pasted above, it looks like Authenticate is supposed to be called right after the SSL session is established. Is there anything that might prevent that?

Unfortunately, I can't send you the login information for this particular server, because the only login I have is my personal one. I suppose I'll have to go ahead and order a license so I can step through the code myself. Do you offer any kind of money back guarantee if things ultimately don't work?

Thanks,
Aaron.
#3773
Posted: 09/14/2007 12:29:18
by Eugene Mayevski (EldoS Corp.)

We sometimes offer moneybacks, but it always makes sense to attempt to fix the problem. Is there some way for us to get a login on that server (maybe some trial account etc.)?


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 3837 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!