Sending emails with VFP with CDO 2

[foxup]

Hi,

I'm sending emails out thru VFP9 using CDO's. Everything works perfectly except that as of Feb-2024, Google insists that every email sent to Gmail users must have a DKIM signature.

How do I add the DKIM signature to this code please.

accno='000-000000'
has_txt=.F.
has_pdf=.F.
m.emal='mine@gmail.com'
LOCAL iMsg,iConf
DECLARE SHORT InternetGetConnectedState IN wininet.DLL;
INTEGER @lpdwFlags, INTEGER dwReserved
lConnect=displayState()
IF lConnect
iMsg = CREATEOBJECT("CDO.Message")
iConf = CREATEOBJECT("CDO.Configuration")
Flds = iConf.FIELDS
WITH Flds
.ITEM("

http://schemas.microsoft.com/cdo/configuration/sendusing")

= 2
.ITEM("

http://schemas.microsoft.com/cdo/configuration/smtpserver")

= 'ourserver' && ourserver
.ITEM("

http://schemas.microsoft.com/cdo/configuration/smtpserverport")

= 25
.UPDATE()
ENDWITH
WITH iMsg
.Configuration = iConf
.TO = m.emal
.BCC = ""
.FROM = "me@example.ca"
.Subject = "Your Invoice is Now Ready 2024-01"
.FIELDS("Priority").VALUE = 0 && -1=Low, 0=Normal, 1=High
.Fields("

http://schemas.microsoft.com/cdo/configuration/smtpauthenticate").Value

= 1
.Fields("

http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout").Value

= 60
.Fields("

http://schemas.microsoft.com/cdo/configuration/smtusessl").Value

= .T.
.FIELDS.UPDATE()
IF has_txt=.F. && HAS ONLY PDF (NO TXT FILE EXISTS)
bod="<img src='cid:logo.png'><BR>Hello,<BR><BR>in PDF.<BR>"
.HtmlBody=bod
ELSE && EXISTS BOTH THE PDF & TXT FILE SO EMAIL BODY IS A LITTLE DIFFERENT
bod="<img src='cid:logo.png'><BR>Hello,<BR><BR>your pdf PDF.<BR>"
.HtmlBody=bod
ENDIF
.AddAttachment ("C:\Users\jk\Desktop\ff\logo.png") && ALWAYS DONE SO THAT EVERYBODY HAS THE LOGO
.SEND()
ENDWITH
iMsg = .NULL.
iConf = .NULL.
Flds = .NULL.
ELSE
MESSAGEBOX("Could not send the message, your internet connection is down.")
ENDIF
PROCEDURE displayState
LOCAL lConnected
lConnected = .F.
lpdwFlags = 0
IF InternetGetConnectedState (@lpdwFlags, 0) = 1
lConnected = .T.
ENDIF
RETURN lConnected
ENDPROC


Thanks,
FOXUP

 

[Chris Miller]

SPF is what I came across with Gmail so far, but never actually implemented it, in my case it was just about sending an hourly mail from my domain to a gmail mail account and it didn't become mandatory to have SPF authentication, the mails I sent to myself just all were marked as suspicious as one mail came each hour.

From what I already read about SPF and never actually implemented and from skimming through this explainer on DKIM (

https://www.emailonacid.com/blog/ar...g_you_need_to_know_about_digital_signatures/)

I can tell you:

You need more than just a bit more code to sign your mail. If you run a mail server on your intranet only, you will need to change a lot more and bring your mail server to an actual internet domain, as DKIM and also SPF require some DSN entries that must be publicly available, not just in your intranet, so "localhost" won't do for that.

I recommend you read through the explainer and you'll need a bit more support than just a VFP programming expert to add this feature to your outgoing eMail.


Chriss

 

[foxup]

Hi,

The 4 protocols that Google has implemented and enforced (as of Feb-2024) are actually TLS, SPF, DMARC and DKIM. I have setup our servers with all the necessary DNS records for all the 4 protocols in question, including the Public Key and Private Keys for the DKIM, and they all work fine when sending thru a regular Outlook account.

When I send thru the above program the SPF, the TLS, the DMARC all pass and everything is working for those.
The only problem is the DKIM. I can't seem to pass the DKIM record so that the emails get DKIM signed.

I really just need help with the DKIM line of code to add in the program (CDO line). Everything works with regards to all other aspects of the other protocols.

Please help.


Thanks.
FOXUP

 

[Mike Lewis]

I came up against this same issue last year. (At least, I think it was the same issue. Some of my emails to Gmail addresses were being bounced, and the bounce messages indicated a problem with DKIM or SPF. This wasn't consistent. It happened with some messages but not others - almost randomly.)

Anyway, after a huge hassle, I finally determined that there was nothing wrong with the messages, but was caused by settings on my outgoing mail server. I was unable to change the settings myself, and the company hosting it were unable to help. I ended up switching to a different server, after which the problem went away.

Foxup, I don't know if this is relevant to your situation. I have very little expertise in this area. But it might be something to keep in mind.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads

 

[Chris Miller]

I don't find a CDO configuration item that just tells the mail server to sign the outgoing mails.

I only found this

iMsg.Fields("urn:schemas:mailheaderKIM-Signature") = "YOUR_SIGNATURE_HERE"

Which also just was a untested guess of the answeerer at

https://stackoverflow.com/questions...signature-to-classic-asp-email-sent-using-cdo

I have too little information about what to put together to compute the signature.

The other thing I see Microsoft documenting for DKIM on

https://learn.microsoft.com/en-us/m...entication-dkim-configure?view=o365-worldwide

That starts with Microsoft using CNAME DNS records instead of TXT.

Chriss

 

[foxup]

Mike,

That's exactly what's going on. The message are not being delivered due to emails not being DKIM signed.
As I mentioned, all emails are being sent properly when being sent thru Outlook, so it wouldn't be the outgoing mail server. It's only when using the CDO program that they are not DKIM signed.

Chris,

I have tried that setting and get an error saying "DKIM FAIL" so I think it's kind of half right, half wrong. I put the Public Key in the "YOUR_SIGNATURE_HERE" and upon inspecting the Google email, it says "DKIM FAIL" dkim=neutral (bad format). I think it's a start in the right direction but the "YOUR_SIGNATURE_HERE" doesn't work with simply the Public Key being added instead of "YOUR_SIGNATURE_HERE". What belongs on the "YOUR_SIGNATURE_HERE" ?


I really need help as hundreds of emails are being bounced back.

FOXUP

 

[Chris Miller]

Of course that does not work, foxup, a sigfnature is not the key, it's the hash of the mail computed with the private key and verifiable with the public key.

In an ideal situation you'd just put an outgoing mail into a mail server which automatically signs your mails before they are sent to the final recipient. I don't know and don't assume mail servers do this post processing of mails before they are finally sent out.

You said:

they all work fine when sending thru a regular Outlook account.

Then it would be best to change to Outlook automation instead of sending mails by CDO.

Chriss

 

[Mike Lewis]

That's exactly what's going on. .... As I mentioned, all emails are being sent properly when being sent thru Outlook ...

I don't think that's the same as he behaviour I saw. I tried sending messages from various email clients - but all through the same mail server - and they all failed in the same way. Which led me to believe that the problem was caused by a mis-configuration of the server rather than something in the message itself. I didn't have the problem when I switched to a different server.

But, as I said earlier, this might not be relevant to your situation, not least because your aim is to automate the sending of emails whereas for me the problems arose when sending them interactively.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads

 

[foxup]

How do I get the "the hash of the mail computed with the private key" ?

 

[Chris Miller]

I don't find documentation about what exactly needs to be signed, so that's a god question.

I would still rather change from CDO to outlook, which makes mailing even much simpler, or investigate in the direction which mailserver software would automatically apply DKIM signing of mails.

Chriss

 

[foxup]

What do the changes from CDO to Outlook look like exactly? Can you give me an example of what the code would look like in Outlook script? Also, which mailserver software automatically apply DKIM signing of mails?

 

[Chris Miller]

Let me only tackle the simpler question.

To send mails with outlook is far simpler than with CDO as you don't need to care for configuration, all you need is outlook to be configured to allow automation. And that's possible to do even without using the infamous redemption tool.

The core code to send mails is in the faq section faq184-766, let me copy it here:

oOutlook = CreateObject("Outlook.Application")
oitem=oOutlook .createitem(0)
oitem.subject="Email From VFP"

oitem.to="someone@example.com"

oitem.body="This mail was sent from vfp using Outlook"
* for HTML mail there is simply oItem.HTMLBody to put in any HTML

** To attach a file
oitem.Attachments.Add("MyFullPath+MyFile+Ext")
** to attach one more file.. and you can repeat this.
* oitem.Attachments.Add("MyFullPath+MyFile+Ext")

** to send it
oitem.send()

** to clear up
oOutlook=.null.

You can forget about anything related to mailserver, port, etc, as that's all done by Outlook, including the DKIM authentication, as you said.

To find out a bit more, just do this in the command window, one line after the other manually:

o=CreateObject("Outlook.Application")
oitem=o.createitem(0)

And then you can open the debugger and in the Locals window expand the oitem variable to see what properties and subobjects it has, etc. Or use intellisense by just typing oitem. up to the point.

Chriss

 

[foxup]

Hi Chriss,

OK, your code:

oOutlook = CreateObject("Outlook.Application")
oitem=oOutlook .createitem(0)
oitem.subject="Email From VFP"

oitem.to="someone@example.com"

oitem.body="This mail was sent from vfp using Outlook"
* for HTML mail there is simply oItem.HTMLBody to put in any HTML

** To attach a file
oitem.Attachments.Add("MyFullPath+MyFile+Ext")
** to attach one more file.. and you can repeat this.
* oitem.Attachments.Add("MyFullPath+MyFile+Ext")

** to send it
oitem.send()

** to clear up
oOutlook=.null.

seems to work fine. The DKIM now passes, however the other 3 protocols don't pass. The ones that don't pass are SPF and TLS and DMARC.

Any help on those please?

Thanks,
FOXUP

 

[Chris Miller]

Well, how should I know what you configured in your Outlook?

I also don't see anything in your CDO code that handles SPF, TLS and DMARC, though.

Those things have to do with the mail domain and mailservers, not so much with the mail client used.

Maybe you will find out how to configure the mailserver you use for CDO in the same manner as the one configured in Outlook. If your Outlook is configured to the same mailserver as is used by your CDO configuration, then there still may be differences in how you connect and how the raw mails (including headers) are composed.

The question now of course becomes what is simpler: Add the DKIM signature to the CDO routine or have the other three features done with/from Outlook, too.

I'd just go back to what I initially said: ...you'll need a bit more support than just a VFP programming expert.


Chriss

 

[foxup]

OK, I just re-checked and the TLS is working. Let me check the other 2 (DMARC and SPF). I hope this works.

 

[mplaza]

Try using sfMail - a mail client based on MailKit from Doug Hening that works well with gmail and office 365.







Marco Plaza

https://www.github.com/nfoxdev

 

[Chris Miller]

foxup,

all I can say about SPF is that that's also based on DNS records and is domain related, not mail client related. I haven't read up on DMARC, but I think it's of the same nature, while TLS is "only" about a secure connection to the mailserver, sending mails encrypted.

DKIM has indeed to do with the mail item itself, as you provide a (techincal, cryptographic) signature in the mail header and so it was plausible Outlook was somehow setup to do this and your code not.

I think when you use a mail server like an Exchange server it could also post process mails to add the necewssary headers or other parts of a mail, so that a mail client and your code does not need to be adjusted at all about such things as SPF, DKIM and maybe DMARC. They are all features related to the authenticity of mails and the origin domain and so are more related to protocols than to the actual mail composition, except DKIM which clearly - even just skimming the definitions you find - adds to the mail headers.

You know better than us how you managed to earlier solve the SPF and DMARC features, I already talked about my limited experience with SPF. You're looking for an expert on the topic of mail, mail protocols and mail servers, and while I can only speak for myself, this forum is clearly mainly about FoxPro. I'm not saying your post is wrong here, you see you get advice like the last one about sfMail by Doug Hennig. You could also look for a mail techniology related forum, like an Exchange server forum.

Coming back to the topic of mail server software. I'm not sure if you even run something like an Exchange Server or have a company MSDN subscription using Office 365, a Microsoft 365 domain or even Azure. The link I posted earlier was about the features of a Microsoft 365 domain you could own in a Microsoft based world, and if you go one up in the treeview of topics you get to

https://learn.microsoft.com/en-us/m...mail-authentication-about?view=o365-worldwide

and there are links to set up SPF, set up DKIM, and set up DMARC.

It confirms my gut feeling that such things can be handled without changing or configuring anything in mail clients themselves. But using CDO you may circumvent all that by sending the mail items you create in VFP to the outbound mail server that's not inhouse or the MS 365 domain, but a T-Online/T-Systems mail server, for example, or whatever your ISP is. All these mail authentication schemes are about the domain of a company and have more to do with the hoster of your domain, which rarely is the same as your ISP. There is another pointer to who you could involve and ask about this.

Way back when I didn't actually set up SPF - it doesn't stop a mail to arrive in my gmail account - I had bad experience with my hoster not knowing what DNS records to configure and how their mail server would be involved. If it would have become important to me I would have switched my hosting. Well, and that reminds me of Mike Lewis advice to switch servers, set up something new or even switch the hoster.

Chriss

 

[tomk3]

Hello

maybe you take a look on chilkat, there are samples in VFP for Gmail and AFAIR for DKIM, too

https://www.chilkatsoft.com/refdoc/xChilkatMailManRef.html

https://www.example-code.com/foxpro/gmail_smtp_imap_pop.asp

Regards
tom

 

[Chris Miller]

Good idea,

the DKIM samples are here:

https://www.example-code.com/foxpro/dkim.asp

The fly in the ointment is, that all code to sign and verify the signature is closed source, so you'll need the Chilkat bundle. And what I don't see in the code samples is the side of the domain configuration with the DSN entries.

Chriss

 

[mplaza]

Here you have a guide on how to send DKIM signed emails with mailKit and .net core:
Sending emails with .Net Core using MailKit with DKIM signature

The c# source to sign the message is included at the end. It's 3 steps - create a DkimSigner object, create the headers, and sign the message using the sign function before the send operation.

Just add the DKIM support to Hening sfMail source ( smtp.cs ) and recompile the project using visual studio.



Marco Plaza

https://www.github.com/nfoxdev