Is there any trick to sending mail with CDO on port 587 (the port that uses TLS security protocol)?
This is my C++ code:
CDO::IMessagePtr iMsg(__uuidof(CDO::Message));
CDO::IConfigurationPtr iConf = iMsg->GetConfiguration();
CDO::FieldsPtr iFields;
_bstr_t empty("");
iConf->Load(CDO::cdoIIS,empty); // this string constant from import
iFields = iConf->Fields;
iFields->Item["https://schemas.microsoft.com/cdo/configuration/smtpserver"]->Value = _variant_t(szServer);
iFields->Item["https://schemas.microsoft.com/cdo/configuration/smtpserverport"]->Value = _variant_t(587);
iFields->Item["https//schemas.microsoft.com/cdo/configuration/sendusing"]->Value = 2;
iFields->Item["https//schemas.microsoft.com/cdo/configuration/smtpauthenticate"]->Value = _variant_t(1); // Basic
iFields->Item["https//schemas.microsoft.com/cdo/configuration/sendusername"]->Value = _variant_t(szUser);
iFields->Item["https//schemas.microsoft.com/cdo/configuration/sendpassword"]->Value = _variant_t(szPassword);
if(iUseSSLTLS == 2)
iFields->Item["https//schemas.microsoft.com/cdo/configuration/sendtls"]->Value = _variant_t(true);
else
iFields->Item["https//schemas.microsoft.com/cdo/configuration/smtpusessl"]->Value = _variant_t(true);
iFields->Update();
etc... etc...
If I use this code with smtp.gmail.com:
server: smtp.gmail.com,
port: 587,
sndtls = true,
account: my gmail account,
password:
I obtain the following response:
Code = 8004020e,
Code meaning = Impossibile modificare o eliminare un oggetto che รจ stato aggiunto utilizzando COM+ Admin SDK,
Source = (null),
Description = Indirizzo del mittente respinto dal server. Risposta del server: 530 5.7.0 Must issue a STARTTLS command first. y2sm3575389wme.12 - gsmtp,
(sorry ... part of the message is in Italian language, but take a look at the bold/italic one)
Obviously, if I configure Outlook 2010 using the same parameters, it works perfectly.
One more thing, if I use port 465 and SSL:
server: smtp.gmail.com,
port: 465,
smtpusessl= true,
account: my gmail account,
password:
the code works fine, but I need to configure 587 port and TLS.
I eventually tried smtpusessl and sendtls together, setting them true:
iFields->Item["https//schemas.microsoft.com/cdo/configuration/sendtls"]->Value = _variant_t(true);
iFields->Item["https//schemas.microsoft.com/cdo/configuration/smtpusessl"]->Value = _variant_t(true);
And I obtain the following error:
Code = 80040213
Code meaning = IDispatch error #19
Source = CDO.Message.1
Description = The transport failed to connect to the server.
After over 2 years, I found a solution, well ... not a solution, but now I know why it didn't work, e why it will never work. It seems there's a bug in CDO library: it can handle STARTTLS command on port 25, but it can't on port 587.
You can read more here:
https://social.technet.microsoft.com/Forums/en-US/37d00342-e5e9-4c8d-975d-44362332d426/bug-in-cdomessage-smtpserverport-587-fails?forum=ITCG
As I've just written above, it's a bug and I think Microsoft will never correct it. The recommendation for the future is to abandon CDO and use "Power shell" or third-party components.
Related
I am implementing OMI client on CentOs in C++ to communicate with windows WMI
I have installed OMI on Linux CentOS 7 and trying to connect to Windows 7
using the sample utility provided by OMI.
Reference: https://github.com/Microsoft/omi
Also configured WINRM on Windows to receive basic authentication calls.
I am not able to get the sample working. Getting the following error:
root#LinuxMachine bin]# ./omicli --auth Basic --hostname WinMachine.TEST.COM -u admin -p adminpassaword ei root/cimv2 Win32_Environment --port 5985
./omicli: result: MI_RESULT_FAILED
./omicli: result: ERROR_INTERNAL_ERROR: The WS-Management service cannot process the request. A DMTF resource URI was used to access a non-DMTF class. Try again using a non-DMTF resource URI.
Below is the WINRM configuration for the destination machine for reference
C:\Windows\system32>winrm get winrm/config
Config
MaxEnvelopeSizekb = 150
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Digest = true [Source="GPO"]
Kerberos = true [Source="GPO"]
Negotiate = true [Source="GPO"]
Certificate = true
CredSSP = true [Source="GPO"]
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;AG;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 15
EnumerationTimeoutms = 60000
MaxConnections = 25
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true [Source="GPO"]
Kerberos = true [Source="GPO"]
Negotiate = true [Source="GPO"]
Certificate = false
CredSSP = true [Source="GPO"]
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 180000
MaxConcurrentUsers = 5
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 15
MaxMemoryPerShellMB = 150
MaxShellsPerUser = 5
Am I missing anything obvious? Any help with getting the sample working is much appreciated.
I had encountered similar issue. I have resolved this by upgrading power-shell version on my server.
Windows 7 by-default shows uses powershell version 2.0.
PS C:\> test-wsman <clientName>
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 2.0
By-default CIM session uses WSMAN protocol, specifically newer version of protocol.
This won't work for computers running powershell version 2.0 or no powershell at all.
Upgrade your to resolve this issue.
Refer URL https://mcpmag.com/articles/2013/05/07/remote-to-second-powershell.aspx for more details.
I have been asked to do some system admin and to move a legacy PHP web application to an Amazon EC2 instance running Debian. I have done this, and emails are successfully being sent from postfix.
Concern was expressed by the previous system admin that the server was not using an email relay, and a request to use SES seemed straight forward. I have implemented a mail relay using Mailgun from a Rackspace instance, and though not trivial, I got this done in a couple of hours.
I have not found the SES process quite so simple, and I suspect this is because I am unfamiliar with using certificates.
Initially I set up the service using the instructions here
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
Elastic IP set up for server
Credentials created for SMTP server
Created IAM user and got a username and password for SMTP at
email-smtp.us-west-2.amazonaws.com
I created an /etc/postfix/sasl_passwd file with
[email-smtp.us-west-2.amazonaws.com]:25 USERNAME:PASSWORD
I then ran
postmap hash:/etc/postfix/sasl_passwd
to create the sasl_passwd.db
/etc/postfix/master.cf did not have smtp_fallback_relay in it
I created a certificate by installing apt-get install sasl2-bin and
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
and pointing postfix to this in my main.cf (at the end of this post).
I am using sendmail to send an email via Python
SENDMAIL = "/usr/sbin/sendmail" # sendmail location
FROM = "andy#travelinsurancequotes.com.au"
#TO = ["kirstie#travelinsurancequotes.com.au", "jason#slatescience.com"]
TO = ["jason#slatescience.com"]
SUBJECT = "Artog SMTP server is working!"
TEXT = "Sending emails on the TIQ webserver is working"
# Prepare actual message
message = """\
From: %s
To: %s
Subject: %s
%s
""" % (FROM, ", ".join(TO), SUBJECT, TEXT)
# Send the mail
import os
p = os.popen("%s -f %s -t -i" % (SENDMAIL, FROM), "w")
p.write(message)
status = p.close()
if status:
print "Sendmail exit status", stat
but I keep getting a time out error on sending:
Feb 26 03:18:19 lamp postfix/error[23414]: 5DE3240508: to=<jason#slatescience.com>, relay=none, delay=0.02, delays=0.02/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to email-smtp.us-west-2.amazonaws.com[54.187.123.10]:25: Connection timed out
I can connect via port 25
root#lamp /home/www# telnet email-smtp.us-west-2.amazonaws.com 25
Trying 54.149.142.243...
Connected to ses-smtp-us-west-2-prod-14896026.us-west-2.elb.amazonaws.com.
Escape character is '^]'.
220 email-smtp.amazonaws.com ESMTP
My main.cf file is
myhostname = travelinsurancequotes.com.au
mydomain = travelinsurancequotes.com.au
inet_interfaces = all
mynetworks_style = host
local_destination_recipient_limit = 300
local_destination_concurrency_limit = 5
recipient_delimiter=+
smtpd_banner = $myhostname
smtpd_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/sslcerts/server.key
smtpd_tls_cert_file = /etc/postfix/sslcerts/server.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
relayhost = [email-smtp.us-west-2.amazonaws.com]:25
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
AWS EC2 has some sort of limit on mail being sent ..
I had that error, and Amazon Support told me to fill this form out to remove the limit.
https://aws.amazon.com/forms/ec2-email-limit-rdns-request
I hope this helps
I am in the process of setting up Kerberos on a CentOS7 (more specific: the Hortonworks HDP 2.3 sandbox) running in a VirtualBox VM. My problem is that kinit seems to be unable to reach my KDC, the answer is "Resource temporarily unavailable while getting inital credentials" if I add an address in my /etc/hosts file and if I leave that file as is I get the message "could not contact any host for realm mycompany while getting initial credentials".
The KDC is running (can find it with ps plus the service starts with an "okay" message), same for kadmin.
As a guide for setting up kerberos I followed these two guides:
CentOS guide
Guide 2
My config files:
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
[libdefaults]
default_realm = MYCOMPANY.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MYCOMPANY.COM = {
kdc = kerberos.mycompany.com
admin_server = kerberos.mycompany.com
}
[domain_realm]
.mycompany.com = MYCOMPANY.COM
mycompany.com = MYCOMPANY.COM
kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88,750
[realms]
MYCOMPANY.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
kadm5.acl
*/admin#MYCOMPANY.COM *
/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.96.140 sandbox.hortonworks.com sandbox ambari.hortonworks.com
192.168.1.3 mycompany.com kerberos.mycompany.com
I get the "Resource..." error if I have any address in the third line of the hosts file, if that line is missing I get the "could not contact..." error.
I could trace the kinit command with something along the lines of krb5_trace or something (unfortunately I can't find the link I got it from any more nor remember the exact command) to the address specified in the host file so kinit seems to contact the fitting address, its just that the KDC does not listen there.
Netstat shows that the KDC is listening on the ports specified in the kdc.conf
Any help would be appreciated
Okay so it does work now. Things I did to fix it:
/etc/resolv.conf
mycompany.com 127.0.0.1
/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.96.140 sandbox.hortonworks.com sandbox ambari.hortonworks.com
127.0.0.1 mycompany.com kerberos.mycompany.com
And, most embarrassing: I used kinit mycompany/admin for the principal user/admin#mycompany.com which is of course wrong.
The right call is of course kinit user/admin
I'm using the following project for enabling APNS in my project:
https://github.com/stephenmuss/django-ios-notifications
I'm able to send and receive push notifications on my production app fine, but the sandbox apns is having strange issues which i'm not able to solve. It's constantly not connecting to the push service. When I do manually the _connect() on the APNService or FeedbackService classes, I get the following error:
File "/Users/MyUser/git/prod/django/ios_notifications/models.py", line 56, in _connect
self.connection.do_handshake()
Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')]
I tried recreating the APN certificate a number of times and constantly get the same error. Is there anything else i'm missing?
I'm using the endpoints gateway.push.apple.com and gateway.sandbox.push.apple.com for connecting to the service. Is there anything else I should look into for this? I have read the following:
Apns php error "Failed to connect to APNS: 110 Connection timed out."
Converting PKCS#12 certificate into PEM using OpenSSL
Error Using PHP for iPhone APNS
Turns out Apple changed ssl context from SSL3 to TLSv1 in development. They will do this in Production eventually (not sure when). The following link shows my pull request which was accepted into the above project:
https://github.com/stephenmuss/django-ios-notifications/commit/879d589c032b935ab2921b099fd3286440bc174e
Basically, use OpenSSL.SSL.TLSv1_METHOD if you're using python or something similar in other languages.
Although OpenSSL.SSL.SSLv3_METHOD works in production, it may not work in the near future. OpenSSL.SSL.TLSv1_METHOD works in production and development.
UPDATE
Apple will remove SSL 3.0 support in production on October 29th, 2014 due to the poodle flaw.
https://developer.apple.com/news/?id=10222014a
I have worked on APN using python-django, for this you need three things URL, PORT and Certificate provided by Apple for authentication.
views.py
import socket, ssl, json, struct
theCertfile = '/tmp/abc.cert' ## absolute path where certificate file is placed.
ios_url = 'gateway.push.apple.com'
ios_port = 2195
deviceToken = '3234t54tgwg34g' ## ios device token to which you want to send notification
def ios_push(msg, theCertfile, ios_url, ios_port, deviceToken):
thePayLoad = {
'aps': {
'alert':msg,
'sound':'default',
'badge':0,
},
}
theHost = ( ios_url, ios_port )
data = json.dumps( thePayLoad )
deviceToken = deviceToken.replace(' ','')
byteToken = deviceToken.decode('hex') # Python 2
theFormat = '!BH32sH%ds' % len(data)
theNotification = struct.pack( theFormat, 0, 32, byteToken, len(data), data )
# Create our connection using the certfile saved locally
ssl_sock = ssl.wrap_socket( socket.socket( socket.AF_INET, socket.SOCK_STREAM ), certfile = theCertfile )
ssl_sock.connect( theHost )
# Write out our data
ssl_sock.write( theNotification )
# Close the connection -- apple would prefer that we keep
# a connection open and push data as needed.
ssl_sock.close()
Hopefully this would work for you.
I want to use wamp as my development server and I'm trying to send email via my email => gmail, hotmail, yahoo. I'm trying to implement a simple email php application.
Is it possible to do it in wamp?
Is it possible to do it without changing php.ini and instead use ini_set();
I have tried changing my php.ini
using my yahoo mail
SMTP = smtp.mail.yahoo.com
; http://php.net/smtp-port
smtp_port = 587
auth_user = me#yahoo.com
auth_pass = password
and got this error message "Warning: mail() [function.mail]: SMTP server response: 530 authentication required - for help go to http://help.yahoo.com/help/us/mail/pop/pop-11.html in C:\wamp\www\9dot_disc_alt\abc.php on line 12"
using gmail
SMTP = smtp.gmail.com
; http://php.net/smtp-port
smtp_port = 587
auth_user = me#gmail.com
auth_pass = password
SMTP server response: 530 5.7.0 Must issue a STARTTLS command first. pc6sm6631754pbc.47 in C:\wamp\www\9dot_disc_alt\abc.php on line 12
Here's my current code:
$to = "me#yahoo.com";
$subject = "Test mail";
$message = "Hello! This is a simple email message.";
$from = "me#my.com";
$headers = "From:" . $from;
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
Sir/Ma'am your answers would be of great help and be very much appreciated. Thank you++
When you use wamp, your SMTP must be your FAI, for example if you have free :
=>SMTP = smtp.free.fr (or .com)
EDIT : You can try this : http://glob.com.au/sendmail/, i's a simple windows console application that emulates sendmail's for wamp for example ;)
I found an online article that allows me to send emails using wamp + php mailer
http://nikunj-solutions.blogspot.com/2011/08/send-email-using-wamp-server.html