Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Indy, gmail and "modern standards of security"


This question is answered. Helpful answers available: 1. Correct answers available: 1.


Permlink Replies: 4 - Last Post: Aug 8, 2015 11:38 AM Last Post By: Steen Albrechtsen
Steen Albrechtsen

Posts: 6
Registered: 9/16/07
Indy, gmail and "modern standards of security"  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 28, 2015 6:10 PM
I have an app sending e-mail notificications.

I use Delphi XE2 and Indy 10.5.8.0 (shipped with XE2) for that.

Everything worked fine years ago when I implemented it.

I tested it again using smtp.gmail.com: TLSv1, port=465, Implicit.

This resulted in a mail from Google saying that they have blocked an intruder.

I upgraded OpenSSL to 1.0.2d and tested again and in my app I got an error message from Google saying that I should only use Google apps to access my gmail account.

It is working now: In my gmail account I had to allow "less secure apps". I don't like this ofcourse.

This is what Google says about it (in Danish)

Google kan blokere loginforsøg fra nogle apps eller enheder, der ikke bruger moderne sikkerhedsstandarder. Da disse apps og enheder er nemmere at kapre, holdes din konto sikker ved at blokere dem.

Her er nogle eksempler på apps, der ikke understøtter de seneste sikkerhedsstandarder:

Appen Mail på din iPhone eller iPad med iOS 6 eller ældre
Appen Mail på din Windows Phone 8.1 eller ældre
Visse e-mailklienter til pc, f.eks. Microsoft Outlook og Mozilla Thunderbird

I will try to translate:

Google can block login attempts from some apps and units not using modern standards of security. Since these apps and units are easier to hijack, your account is kept safe by blocking them.

Here some examples of apps not supporting the latest standards of security:

The app Mail on your iPhone or iPad with iOS 6 or older
The app Mail on your Windows phone 8.1 or older
Certain e-mail clients to pc, eg. Microsoft Outlook and Mozilla Thunderbird

According to Google I am not using "modern standards of security"

Is there a way not needing to allow "less secure apps" in gmail?

TIA

Edited by: Steen Albrechtsen on Jul 29, 2015 6:44 AM

Steen Albrechtsen

Posts: 6
Registered: 9/16/07
Re: Indy, gmail and "modern standards of security"  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 29, 2015 6:31 AM   in response to: Steen Albrechtsen in response to: Steen Albrechtsen
For the sake of completness, here my code. Got some seriously help from Remy Lebeau for that.

unit UEmail;
 
interface
 
uses
  UStrings {My unit: GetLocalComputerName}, Classes, Vcl.StdCtrls, IdBaseComponent,
  IdComponent, IdTCPConnection, IdTCPClient, IdExplicitTLSClientServerBase,
  IdMessageClient, IdSMTPBase, IdSMTP, IdMessage, IdSSLOpenSSL, IdGlobal,
  IdSASL_CRAM_MD5,
  IdSASLLogin, IdSASL_CRAM_SHA1, IdUserPassProvider,
  IdSASLUserPass, IdSASLPlain, IdSASLSKey,
  IdSASLOTP, IdSASLExternal, IdSASLDigest, IdSASLAnonymous;
 
type
  TEmailData = class
    SMTPServer: string; //GMail: smtp.gmail.com
    SMTPPort: integer; //GMail: 465 or 587
    UseTLS: integer;
    SSLMethod: integer;
    SSLConnection: boolean; //GMail: True
    SenderEmail: string; //GMail: <you>@gmail.com
    SMTPUserName: string; //GMail: <you>@gmail.com
    SMTPPassword: string; //GMail: GMail Password
    ToEmail: string;
    Subject: string;
    SenderApp: string;
    Priority: TIdMessagePriority;
    Body: TStringList;
    constructor Create;
    destructor Destroy; override;
  end;
 
procedure SendEmail(ED: TEmailData);
 
implementation
 
constructor TEMailData.Create;
begin
  inherited;
  Body := TStringList.Create;
end;
 
destructor TEMailData.Destroy;
begin
  Body.Free;
  inherited;
end;
 
procedure SendEmail(ED: TEmailData);
var
  IdMessage: TIdMessage;
  SMTP: TIdSMTP;
  SSLHandler: TIdSSLIOHandlerSocketOpenSSL;
  IdUserPassProvider: TIdUserPassProvider;
  IdSASLCRAMMD5: TIdSASLCRAMMD5;
  IdSASLCRAMSHA1: TIdSASLCRAMSHA1;
  IdSASLPlain: TIdSASLPlain;
  IdSASLLogin: TIdSASLLogin;
  IdSASLSKey: TIdSASLSKey;
  IdSASLOTP: TIdSASLOTP;
  IdSASLAnonymous: TIdSASLAnonymous;
  IdSASLExternal: TIdSASLExternal;
begin
  IdMessage := TIdMessage.Create(nil);
  try
    IdMessage.ContentType := 'text/plain';
    IdMessage.Charset := 'UTF-8';
    IdMessage.Body.Assign(ED.Body);
    IdMessage.Sender.Text := ED.SenderEMail;
    IdMessage.From.Name := ED.SenderApp + ' (' + GetLocalComputerName + ')';
    IdMessage.From.Address := ED.SenderEMail;
    IdMessage.ReplyTo.EMailAddresses := ED.SenderEmail;
    IdMessage.Recipients.EMailAddresses := ED.ToEmail;
    IdMessage.Subject := ED.Subject;
    IdMessage.Priority := ED.Priority;
    IdMessage.ReceiptRecipient.Text := '';
    IdMessage.BccList.EMailAddresses := '';
 
    SMTP := TIdSMTP.Create(nil);
    try
      if ED.SSLConnection then
      begin
        SSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(SMTP);
        SSLHandler.MaxLineAction := maException;
        case ED.SSLMethod of
          0: SSLHandler.SSLOptions.Method := sslvTLSv1;
          1: SSLHandler.SSLOptions.Method := sslvSSLv3;
          2: SSLHandler.SSLOptions.Method := sslvSSLv23;
        end;
        SSLHandler.SSLOptions.Mode := sslmClient;
        SSLHandler.SSLOptions.VerifyMode := [];
        SSLHandler.SSLOptions.VerifyDepth := 0;
        SMTP.IOHandler := SSLHandler;
        case ED.UseTLS of
          0: SMTP.UseTLS := utNoTLSSupport;
          1: SMTP.UseTLS := utUseImplicitTLS;
          2: SMTP.UseTLS := utUseRequireTLS;
          3: SMTP.UseTLS := utUseExplicitTLS;
        end;
      end;
 
      if (ED.SMTPUserName <> '') or (ED.SMTPPassword <> '') then
      begin
        SMTP.AuthType := satSASL;
 
        IdUserPassProvider := TIdUserPassProvider.Create(SMTP);
        IdUserPassProvider.Username := ED.SMTPUserName;
        IdUserPassProvider.Password:= ED.SMTPPassword;
 
        IdSASLCRAMSHA1 := TIdSASLCRAMSHA1.Create(SMTP);
        IdSASLCRAMSHA1.UserPassProvider := IdUserPassProvider;
        IdSASLCRAMMD5 := TIdSASLCRAMMD5.Create(SMTP);
        IdSASLCRAMMD5.UserPassProvider := IdUserPassProvider;
        IdSASLSKey := TIdSASLSKey.Create(SMTP);
        IdSASLSKey.UserPassProvider := IdUserPassProvider;
        IdSASLOTP := TIdSASLOTP.Create(SMTP);
        IdSASLOTP.UserPassProvider := IdUserPassProvider;
        IdSASLAnonymous := TIdSASLAnonymous.Create(SMTP);
        IdSASLExternal := TIdSASLExternal.Create(SMTP);
        IdSASLLogin := TIdSASLLogin.Create(SMTP);
        IdSASLLogin.UserPassProvider := IdUserPassProvider;
        IdSASLPlain := TIdSASLPlain.Create(SMTP);
        IdSASLPlain.UserPassProvider := IdUserPassProvider;
 
        SMTP.SASLMechanisms.Add.SASL := IdSASLCRAMSHA1;
        SMTP.SASLMechanisms.Add.SASL := IdSASLCRAMMD5;
        SMTP.SASLMechanisms.Add.SASL := IdSASLSKey;
        SMTP.SASLMechanisms.Add.SASL := IdSASLOTP;
        SMTP.SASLMechanisms.Add.SASL := IdSASLAnonymous;
        SMTP.SASLMechanisms.Add.SASL := IdSASLExternal;
        SMTP.SASLMechanisms.Add.SASL := IdSASLLogin;
        SMTP.SASLMechanisms.Add.SASL := IdSASLPlain;
      end else begin
        SMTP.AuthType := satNone;
      end;
 
      SMTP.Host := ED.SMTPServer;
      SMTP.Port := ED.SMTPPort;
      SMTP.ConnectTimeout := 20000;
      SMTP.ReadTimeout := 20000;
      SMTP.UseEHLO := True;
 
      SMTP.Connect;
      try
        SMTP.Send(IdMessage);
      finally
        SMTP.Disconnect;
      end;
    finally
      SMTP.Free;
    end;
  finally
    IdMessage.Free;
  end;
end;
 
 
end.
Christophe LACH

Posts: 37
Registered: 12/2/01
Re: Indy, gmail and "modern standards of security"
Helpful
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 29, 2015 6:39 AM   in response to: Steen Albrechtsen in response to: Steen Albrechtsen
Hi Steen,

I don't know much about your problem, I was just curious and wanted to learn more for my personnal knownledge.

Based on what I found, I suggest you should google for 'OAuth 2.0 delphi'

Like you I'm still with XE2 so I cant' tell for sure, but Delphi XE5 may be required according to my search results.

Cheers

EDIT : Wow ! The forum just updated (incredibly slowly), nice code, thanks for sharing
Steen Albrechtsen

Posts: 6
Registered: 9/16/07
Re: Indy, gmail and "modern standards of security"  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 29, 2015 9:36 AM   in response to: Christophe LACH in response to: Christophe LACH
Christophe LACH wrote:
Based on what I found, I suggest you should google for 'OAuth 2.0 delphi'

Hi Christophe,

Then it is possible, but complicated. The email noticification is not a core functionality of my project so I think I will wait a while.

Thanks
Steen Albrechtsen

Posts: 6
Registered: 9/16/07
Re: Indy, gmail and "modern standards of security"  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Aug 8, 2015 11:38 AM   in response to: Steen Albrechtsen in response to: Steen Albrechtsen
Remy Lebeau (TeamB) wrote:
Native OAuth support is on Indy's TODO list, but no ETA at this time.
-- Remy Lebeau (TeamB)

I found the upper dated 29/8/2014 at

http://codeverge.com/embarcadero.delphi.winsock/indy-oauth2-sasl-component/2001474

Does anyone know something about this?
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02