2

I'd like to know if there is a way to use my server certificates when relaying mail using the TIdSMTPRelay component in indy. This is how the mail relaying part in my code looks like :

procedure TMyForm.SMTPServerMsgReceive(ASender: TIdSMTPServerContext; AMsg : TStream; 
  var LAction: TIdDataReply);      
begin
  //The AMsg (TStream) is being transformed to MsgDecode (TIdMessage) and 
  // all relay recipients to RelayRecipients (TIdEMailAddressList) using     
  // [http://stackoverflow.com/questions/8499524/using-indy-smtpserver]

  // SSLRelayHandler is a TIdSSLIOHandlerSocketOpenSsl indy component and SMTPRelay is 
  // a TIdSMTPRelay indy component 
  SMTPRelay.DNSServer := myDNSServer;
  SSLRelayHandler.SSLOptions.Method := sslvSSLv23; 
  SSLRelayHandler.SSLOptions.KeyFile := myMailServerKey;
  SSLRelayHandler.SSLOptions.CertFile := myMailServerCert;
  SSLRelayHandler.SSLOptions.RootCertFile := myMailServerRootCert;
  SMTPRelay.IOHandler := SSLRelayHandler;
  SMTPRelay.SSLOptions.SSLSupport := SupportSSL;
  try
    SMTPRelay.Send(MsgDecode, RelayRecipients); 
  except on e : Exception do 
  end;
end;

Sometimes the mail is never sent and sometimes it's being sent but goes to the spam section (yahoo) although I'm issuing a STARTTLS command thanks to the attached TIdSSLIOHandlerSocketOpenSSL to my TIdSMTPRelay. Can I connect to another mail server's SMTPS port 465 or the TIdSMTPRelay component can only send to port 25 ? For more details this is how the communication with yahoo looks like :

Stat Connected.
Recv 23.10.2014 ?. 15:32:15: 220 mta1418.mail.gq1.yahoo.com ESMTP ready<EOL>
Sent 23.10.2014 ?. 15:32:15: EHLO mail.mydomain.com<EOL>
Recv 23.10.2014 ?. 15:32:15: 250-mta1418.mail.gq1.yahoo.com<EOL>250-PIPELINING<EOL>250-SIZE      41943040<EOL>250-8BITMIME<EOL>250 STARTTLS<EOL>
Sent 23.10.2014 ?. 15:32:15: STARTTLS<EOL>
Recv 23.10.2014 ?. 15:32:15: 220 Start TLS<EOL>
Sent 23.10.2014 ?. 15:32:16: EHLO mail.mydomain.com<EOL>
Recv 23.10.2014 ?. 15:32:16: 250-mta1418.mail.gq1.yahoo.com<EOL>250-PIPELINING<EOL>250-SIZE 41943040<EOL>250 8BITMIME<EOL>
Sent 23.10.2014 ?. 15:32:16: MAIL FROM:<user229@mail.mydomain.com><EOL>
Recv 23.10.2014 ?. 15:32:16: 250 sender <user229@mail.mydomain.com> ok<EOL>
Sent 23.10.2014 ?. 15:32:16: RCPT TO:<test_user_mail@yahoo.com><EOL>
Recv 23.10.2014 ?. 15:32:16: 250 recipient <test_user_mail@yahoo.com> ok<EOL>
Sent 23.10.2014 ?. 15:32:16: DATA<EOL>
Recv 23.10.2014 ?. 15:32:17: 354 go ahead<EOL>
Sent 23.10.2014 ?. 15:32:17: From: "user229@mail.mydomain.com" <user229@mail.mydomain.com>   <EOL>Subject: =?UTF-8?B?0JfQsNCz0LvQsNCy0LjQtTIy?=<EOL>To: test_user_mail@yahoo.com<EOL>Date: Thu, 23     Oct 2014 15:32:17 +0300<EOL>
Sent 23.10.2014 ?. 15:32:17: <EOL>
Sent 23.10.2014 ?. 15:32:17: body of the mail here<EOL>
Sent 23.10.2014 ?. 15:32:17: <EOL>
Sent 23.10.2014 ?. 15:32:17: .<EOL>
Recv 23.10.2014 ?. 15:32:18: 250 ok dirdel<EOL>
Sent 23.10.2014 ?. 15:32:18: QUIT<EOL>
Recv 23.10.2014 ?. 15:32:18: 221 mta1418.mail.gq1.yahoo.com<EOL>
Stat Disconnected.
Viktor Anastasov
  • 1,093
  • 3
  • 17
  • 33

1 Answers1

2

TIdSMTPRelay can use other ports. You should leave the Port property set to its default (25) so that it can toggle between 25 and 465 based on how it manages its SSL/TLS connections internally.

The SSLOptions property controls how TIdSMTPRelay manages its SSL/TLS connections. SSLOptions.SSLSupport can be set to NoSSL, SupportSSL, or RequireSSL, and SSLOptions.TryImplicitTLS can be set to either True or False. See the implementation in TIdSMTPRelay.Connect().

When SSLOptions.TryImplicitTLS is true (port 465), Send() will attempt to use UseTLS=utImplicitTLS when connecting. Meaning that a SSL/TLS handshake will be initiated as soon as the socket is connected.

If that fails, or if SSLOptions.TryImplicitTLS is false (ports 25 and 587), Send() will use UseTLS=utNoTLSSupport, UseTLS=utUseExplicitTLS, or UseTLS= utUseRequireTLS depending on the value of SSLOptions.SSLSupport:

NoSSL: the SMTP session will be unencrypted.

SupportSSL: the SMTP session will be initiated unencrypted, then STARTTLS will be sent to the SMTP server only if supported, otherwise the SMTP session will continue unencrypted. If the SSL/TLS handshake fails, an exception will be raised.

RequireSSL: the SMTP session will be initiated unencrypted, then STARTTLS will be sent to the SMTP server if supported, otherwise the SMTP session will be closed with an exception raised. If the SSL/TLS handshake fails, an exception will be raised.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • Many thanks for the detailed explanation - what I still don't understand is how to attach (if it's possible) the server certificates to the ``TIdSMTPRelay`` - is my way correct or not. And is there a way to test if the other mail server (for example yahoo) can verify my ssl certificates - when I tried the ``SMTPRelay.SSLOptions.TryImplicitTLS := True;`` it returned me ``Connection timed out`` error for both yahoo and gmail - aren't they suppose to support ``SMTPS`` ? – Viktor Anastasov Oct 24 '14 at 10:14