I have a desktop app that requires registration after a trial period. registration is done via an activation licence that is validated within the app (not server), but also sends me a notification email. If it can’t send the email, registration fails, even if the licence is validated.
So far has worked well on Mac and Windows, but have had 2 Mac users who reported that their app failed to register - the progress wheel continues to spin.
My code is as follows. The validation of the licence is done elsewhere - this is just the email notification section. Mail server username/password and email blotted out.
progressWheel1.visible=true
// set up the socket--Socket1 is an SMTPSocket
MyMailSocket.Address = "host.gasbag.net"
MyMailSocket.port = 465
MyMailSocket.username = "*****"
MyMailSocket.password = "*****"
MyMailSocket.Secure = True
MyMailSocket.connectiontype=SSLSocket.SSLv3 //seems to be optional - tested with and without
//myMailSocket.connect // also seems to be optional
Dim mail as New EmailMessage
mail.fromAddress=RegistrationEmailField.text
mail.subject="New QuickBAS Registration Notification"
mail.bodyPlainText = "New QuickBAS registration details." + chr(13) + chr(13) + "Name: " + RegistrationFirstNameField.text + " " + RegistrationSurnameField.text + chr(13) + "Email Address: " + RegistrationEmailField.text + chr(13) + "Registration code: " + RegistrationCodeField.text
mail.addRecipient("*******") //send it to me
// send the email
//this bit puts in a delay to establish connection before email sent - seems to work fine without
//myMailSocket.Poll()
//App.YieldToNextThread()
//loop until (myMailSocket.IsConnected or (myMailSocket.LastErrorCode <> 0))
MyMailSocket.messages.append mail
MyMailSocket.sendMail
if myMailSocket.LastErrorCode =103 then
progressWheel1.visible=false
msgbox("No Network Connection" + endofline +endofline + "You must be connected to the internet to register QuickBAS. Please ensure your computer is connected to the internet. Sometimes a firewall can block the registration process, and needs to be temporarily disabled until registration is complete.")
end if
This code has worked fine for about 100 users, but has failed for 2 Mac users.
What am I doing wrong? Are there extra error codes I should add in the last section to catch failed connections?
But that in itself wont be the cause of a failed connection? Or does OS X now disallow connections via SSL?
I failed to mention but both users whose connection failed were definitely internet connected, and in contact with me via email while trying to correct the problem.
Per the link that Greg provided, SSL has been compromised. Many service providers have disabled SSL connections so you may very well experience a failed connection if the protocol you’re using is not available. Consider checking with host.gasbag.net to find out which protocols they support and then use the latest/safest one. As far as I know, that would be TLSv1.2, assuming they support it. You may also need to change the Port and perhaps the SMTPConnectionMode.
Dim mail as New EmailMessage
// set up the socket -- MyMailSocket is an SMTPSocket
MyMailSocket.Address = "smtp.west.cox.net"
MyMailSocket.port = 25'465
MyMailSocket.username = "anotheraccount"
MyMailSocket.password = "password"
MyMailSocket.Secure = True
MyMailSocket.connectiontype=SSLSocket.TLSv12
myMailSocket.connect
//
mail.fromAddress="anotheraccount@cox.net"
mail.subject="test subject"
mail.bodyPlainText = "body of message"
mail.addRecipient("rdavids3@cox.net") //send it to me
//
// send the email
//
MyMailSocket.messages.append mail
MyMailSocket.sendMail
if myMailSocket.LastErrorCode =103 then
msgbox("No Network Connection")
else
msgbox "sent "+str(myMailSocket.LastErrorCode)
end if
It says “SENT 0” , no email ever arrives… plus it still says no error, EVEN if I get it the wrong password
UPDATE: IT DID WORK… wierd thing is … it didn’t care the password was wrong… it sent it anyways?!
and it only works if I change the Port to 25.
What I found was… it had to be port 25, and fromAddress had to be an existing account on my computer (this part might be due to how Cox Commuincations works, to keep people from spoofing email addresses). But the Password didn’t seem to be important. However the app this is for is going to collect that data anyways, and use it to create the call
So… where is the security hole here?
Nothing I’m doing (purposely at least)…
so either XOJO is doing something that bypasses the authentication requirement, or OSX (10,9.5) is, or Cox.Net simply does not care (and I know they beefed things up a few years back)
I cannot do this via the OSX MAIL app (or at least not last time I tried)
I know I’m going to get flamed for this because everyone knows that this is “outdated technology,” but do you have any active mail clients from your location that are checking mail on those two accounts?
If you do, what you are seeing could simply be “POP before SMTP,” which was a method (years ago) to do outgoing email for remote clients, but like I said, no one should be using that technology anymore.
If that’s not the case, I’d contact Cox immediately. Problem is that unless you reach a level 2 or level 3 technician, they’re not going to understand the problem. Most level 1 techs can only help you with restarting your router in my experience.
But I know I can save 15% in just 15 minutes if I call “Jake from State Farm”… or is it the Gecko that wears kaki?
Anyways… No “outdated” or not, that is what “Xojo” suggests (or infers by supplying said examples)
and NO, I do not have my sisters email account installed on my computer…
The examples show the use of username and password, which is what all modern email systems require. It’s this problem where it doesn’t care if you have the correct password that I was talking about.
But in any case, if you can send email on behalf of your sister without knowing what her password is, I’d call Cox immediately. It sound like they’re overlooking something obvious in their security protocols. If they’ve got things set up properly, there it nothing we can do to “get around” their security.
My question is why, if it is a secure socket, it even allows it to go out with out a username/password.
Sure I understand the client side can’t “know” if they are valid or not, but it does know if they don’t exist
And I sent myself an email using the above code telling to be FROM my sister, and TO me, and it worked
I then sent one FROM my sister TO my sister, and haven’t heard back if she got it or not
The subject was “If you DO NOT get this email, call me”
The Bell ISP up here allows unauthenticated SMTP transactions on their SMTP server as long as the client is sending from the Bell subnet. Sounds like Cox is doing something similar. Technically it’s wrong, but I imagine it reduces their help desk calls quite a bit. Make’s it a bugger to test though.
Can you use your web host’s mail server for testing? They’re generally more restrictive about auth.
But I’d like to ask something… Are you talking about the username field or the From address when you said it’s sent from your sister? If it’s the From address, they’re technically doing nothing wrong. You can put just about anything you want in the from field.
