Indy, gmail and "modern standards of security"

I have an app sending e-mail notificications.

I use Delphi XE2 and Indy 10.5.8.0 (shipped with XE2) for that.

Everything worked fine years ago when I implemented it.

I tested it again using smtp.gmail.com: TLSv1, port=465, Implicit.

This resulted in a mail from Google saying that they have blocked an intruder.

I upgraded OpenSSL to 1.0.2d and tested again and in my app I got an error message from Google saying that I should only use Google apps to access my gmail account.

It is working now: In my gmail account I had to allow "less secure apps". I don't like this ofcourse.


This is what Google says about it (in Danish)

+Google kan blokere loginforsøg fra nogle apps eller enheder, der ikke bruger moderne sikkerhedsstandarder. Da disse apps og enheder er nemmere at kapre, holdes din konto sikker ved at blokere dem.+

+Her er nogle eksempler på apps, der ikke understøtter de seneste sikkerhedsstandarder:+

+Appen Mail på din iPhone eller iPad med iOS 6 eller ældre+
+Appen Mail på din Windows Phone 8.1 eller ældre+
+Visse e-mailklienter til pc, f.eks. Microsoft Outlook og Mozilla Thunderbird+

I will try to translate:

+Google can block login attempts from some apps and units not using modern standards of security. Since these apps and units are easier to hijack your account is kept safe by blocking them.+

+Here some examples of apps not supporting the latest standards of security:+

+The app Mail on your iPhone or iPad with iOS 6 or older+
+The app Mail on your Windows phone 8.1 or older+
+Certain e-mail clients to pc, eg. Microsoft Outlook and Mozilla Thunderbird+


According to Google I am not using "modern standards of security"

Is there a way not needing to allow "less secure apps" in gmail?

TIA
0
Steen
7/29/2015 1:10:48 AM
embarcadero.delphi.webservices 976 articles. 0 followers. Follow

1 Replies
695 Views

Similar Articles

[PageSpeed] 24

For the sake of completness, here my code. Got some seriously help from Remy Lebeau for that.

{code}
unit UEmail;

interface

uses
  UStrings {My unit: GetLocalComputerName}, Classes, Vcl.StdCtrls, IdBaseComponent,
  IdComponent, IdTCPConnection, IdTCPClient, IdExplicitTLSClientServerBase,
  IdMessageClient, IdSMTPBase, IdSMTP, IdMessage, IdSSLOpenSSL, IdGlobal,
  IdSASL_CRAM_MD5,
  IdSASLLogin, IdSASL_CRAM_SHA1, IdUserPassProvider,
  IdSASLUserPass, IdSASLPlain, IdSASLSKey,
  IdSASLOTP, IdSASLExternal, IdSASLDigest, IdSASLAnonymous;

type
  TEmailData = class
    SMTPServer: string; //GMail: smtp.gmail.com
    SMTPPort: integer; //GMail: 465 or 587
    UseTLS: integer;
    SSLMethod: integer;
    SSLConnection: boolean; //GMail: True
    SenderEmail: string; //GMail: <you>@gmail.com
    SMTPUserName: string; //GMail: <you>@gmail.com
    SMTPPassword: string; //GMail: GMail Password
    ToEmail: string;
    Subject: string;
    SenderApp: string;
    Priority: TIdMessagePriority;
    Body: TStringList;
    constructor Create;
    destructor Destroy; override;
  end;

procedure SendEmail(ED: TEmailData);

implementation

constructor TEMailData.Create;
begin
  inherited;
  Body := TStringList.Create;
end;

destructor TEMailData.Destroy;
begin
  Body.Free;
  inherited;
end;

procedure SendEmail(ED: TEmailData);
var
  IdMessage: TIdMessage;
  SMTP: TIdSMTP;
  SSLHandler: TIdSSLIOHandlerSocketOpenSSL;
  IdUserPassProvider: TIdUserPassProvider;
  IdSASLCRAMMD5: TIdSASLCRAMMD5;
  IdSASLCRAMSHA1: TIdSASLCRAMSHA1;
  IdSASLPlain: TIdSASLPlain;
  IdSASLLogin: TIdSASLLogin;
  IdSASLSKey: TIdSASLSKey;
  IdSASLOTP: TIdSASLOTP;
  IdSASLAnonymous: TIdSASLAnonymous;
  IdSASLExternal: TIdSASLExternal;
begin
  IdMessage := TIdMessage.Create(nil);
  try
    IdMessage.ContentType := 'text/plain';
    IdMessage.Charset := 'UTF-8';
    IdMessage.Body.Assign(ED.Body);
    IdMessage.Sender.Text := ED.SenderEMail;
    IdMessage.From.Name := ED.SenderApp + ' (' + GetLocalComputerName + ')';
    IdMessage.From.Address := ED.SenderEMail;
    IdMessage.ReplyTo.EMailAddresses := ED.SenderEmail;
    IdMessage.Recipients.EMailAddresses := ED.ToEmail;
    IdMessage.Subject := ED.Subject;
    IdMessage.Priority := ED.Priority;
    IdMessage.ReceiptRecipient.Text := '';
    IdMessage.BccList.EMailAddresses := '';

    SMTP := TIdSMTP.Create(nil);
    try
      if ED.SSLConnection then
      begin
        SSLHandler := TIdSSLIOHandlerSocketOpenSSL.Create(SMTP);
        SSLHandler.MaxLineAction := maException;
        case ED.SSLMethod of
          0: SSLHandler.SSLOptions.Method := sslvTLSv1;
          1: SSLHandler.SSLOptions.Method := sslvSSLv3;
          2: SSLHandler.SSLOptions.Method := sslvSSLv23;
        end;
        SSLHandler.SSLOptions.Mode := sslmClient;
        SSLHandler.SSLOptions.VerifyMode := [];
        SSLHandler.SSLOptions.VerifyDepth := 0;
        SMTP.IOHandler := SSLHandler;
        case ED.UseTLS of
          0: SMTP.UseTLS := utNoTLSSupport;
          1: SMTP.UseTLS := utUseImplicitTLS;
          2: SMTP.UseTLS := utUseRequireTLS;
          3: SMTP.UseTLS := utUseExplicitTLS;
        end;
      end;

      if (ED.SMTPUserName <> '') or (ED.SMTPPassword <> '') then
      begin
        SMTP.AuthType := satSASL;

        IdUserPassProvider := TIdUserPassProvider.Create(SMTP);
        IdUserPassProvider.Username := ED.SMTPUserName;
        IdUserPassProvider.Password:= ED.SMTPPassword;

        IdSASLCRAMSHA1 := TIdSASLCRAMSHA1.Create(SMTP);
        IdSASLCRAMSHA1.UserPassProvider := IdUserPassProvider;
        IdSASLCRAMMD5 := TIdSASLCRAMMD5.Create(SMTP);
        IdSASLCRAMMD5.UserPassProvider := IdUserPassProvider;
        IdSASLSKey := TIdSASLSKey.Create(SMTP);
        IdSASLSKey.UserPassProvider := IdUserPassProvider;
        IdSASLOTP := TIdSASLOTP.Create(SMTP);
        IdSASLOTP.UserPassProvider := IdUserPassProvider;
        IdSASLAnonymous := TIdSASLAnonymous.Create(SMTP);
        IdSASLExternal := TIdSASLExternal.Create(SMTP);
        IdSASLLogin := TIdSASLLogin.Create(SMTP);
        IdSASLLogin.UserPassProvider := IdUserPassProvider;
        IdSASLPlain := TIdSASLPlain.Create(SMTP);
        IdSASLPlain.UserPassProvider := IdUserPassProvider;

        SMTP.SASLMechanisms.Add.SASL := IdSASLCRAMSHA1;
        SMTP.SASLMechanisms.Add.SASL := IdSASLCRAMMD5;
        SMTP.SASLMechanisms.Add.SASL := IdSASLSKey;
        SMTP.SASLMechanisms.Add.SASL := IdSASLOTP;
        SMTP.SASLMechanisms.Add.SASL := IdSASLAnonymous;
        SMTP.SASLMechanisms.Add.SASL := IdSASLExternal;
        SMTP.SASLMechanisms.Add.SASL := IdSASLLogin;
        SMTP.SASLMechanisms.Add.SASL := IdSASLPlain;
      end else begin
        SMTP.AuthType := satNone;
      end;

      SMTP.Host := ED.SMTPServer;
      SMTP.Port := ED.SMTPPort;
      SMTP.ConnectTimeout := 20000;
      SMTP.ReadTimeout := 20000;
      SMTP.UseEHLO := True;

      SMTP.Connect;
      try
        SMTP.Send(IdMessage);
      finally
        SMTP.Disconnect;
      end;
    finally
      SMTP.Free;
    end;
  finally
    IdMessage.Free;
  end;
end;


end.
{code}
0
Steen
7/29/2015 1:31:09 PM
Reply:

Similar Artilces:

Indy, gmail and "modern standards of security" [Edit]
I have an app sending e-mail notificications. I use Delphi XE2 and Indy 10.5.8.0 (shipped with XE2) for that. Everything worked fine years ago when I implemented it. I tested it again using smtp.gmail.com: TLSv1, port=465, Implicit. This resulted in a mail from Google saying that they have blocked an intruder. I upgraded OpenSSL to 1.0.2d and tested again and in my app I got an error message from Google saying that I should only use Google apps to access my gmail account. *It is working now: In my gmail account I had to allow "less secure apps". I don't like thi...

.ALLCOL("%COLUMN%", " ", ", ", ", ")
Do you know anyway for me to exclude a subset of columns returned by this function. We have two columns (rec_user and rec_datetime) which are in all of our tables, but when generating triggers I want automatically generate a script which does not include those two columns but does include all other columns in that table. Bruce I should add that I am using PD 9.0.0.580. Bruce "Bruce Lamb" <lamb.bruce@mayo.edu> wrote in message news:6HgI315nCHA.155@forums.sybase.com... > Do you know anyway for me to exclude a subset of columns returned by this > function. ...

Precedence of "where" ("of", "is", "will")?
Nobody on #perl6 today could answer this one. Is: Str | Int where { $_ } the same as: (Str | Int) where { $_ } or: Str | (Int where { $_ }) ? Followup questions, Mr. President: What kind of operators are "where", "of", "is", and "will"? Is there a reason that S03 doesn't list them? What are their precedence(s)? -- Chip Salzenberg - a.k.a. - <chip@pobox.com> Open Source is not an excuse to write fun code then leave the actual work to others. Chip Salzenberg writes: &...

quotes, quotes, quotes...
I am getting this error and I know what is causing it, but I have no idea how to fix it, any help would be great. The script steps through the /var/log/messages file on a linux server and puts The entries into a mysql database. However when it gets to the 'hlt' line in the messages file it just barfs. The single quotes are freaking it out. I know about quotes but not how to use in this situation. Thanks, Paul Error: May 27 17:53:00 localhost kernel: Checking 'hlt' instruction... OK. <----- doesn't like this in the messages file DBD::mysql::st exec...

Replacing "\\" with "\"
Hi all I'm getting this value from a CheckBoxList control - a location of file, i have to remove "\\" and replace it with "\" and pass it to Query, how to do it, i tried with Replace, but coud'nt suceed. "\\\\Blaze10xp\\BLZ_SFS_07\\Sample Excel Files\\Excel Files\\report2.xls" thank's in advance - Prakash.C you tried Replace like this? string newstring = oldstring.Replace(@"\\",@"\");Plese, do not forget to click "Mark as Answer" on the post that helped you. Thanx!My blog: Scenes From A Developer Memory yes i tr...

double quote
hello there...  i tried everything of think but not working the way i wanted to be... not sure what i'm missing...i'm generating a <span> in code behind and then using in javascript.... here is what i'm doing code behind: int i=0string _keywordID = "keyword";string _name = row["visit_info_nm"].ToString().Trim(); String _getElementByID = String.Format("<span id='{0}' OnClick = \"document.getElementById('{1}').value='{2}';\">{3}</span><br>", i, _keywordID, _name, _name); here is what it generate : <span id='1' OnClick = \"document.getElementById('keyword')...

Turning on "Secure Mail" on BMO for "Security-Sensitive Core Group"
Hello, The Mozilla Security Team is planning on turning on Secure Mail for "Security-Sensitive Core Bug" group bugs in the near term on bugzilla.mozilla.org. This has been previously turned on and tested for web and infrastructure security bugs during the past six months. I've put together a short guidance page for this at https://wiki.mozilla.org/Security/Security_Bugs/EncryptedBugmail. We wanted to inform people of the current plan to avoid surprises. For most people, the effects of this will be minimal. If you're CC'd on a core security bug and have not ...

"Using" or "With"
Hi all Please can someone enlighten to me as regards the difference with the "Using" and "With" statement when accessing data - which is better, what are the limitations and/or any pointers. Many thanks. Regards DaveDavid WinchesterPlease mark as answer if this is the solution.  using gives you the ability to use the connection and it closes the connection directlly after you finish using it. and there is no need to try- cach - finaly. there is no limitation on using USING keywordMuhanad YOUNISMCSD.NETMy Blog || My Photos || LinkedIn I have a dataobject the re...

"-" not "_"
I wrote a SQL statement in the data tab. I wrote a bunch of alaises as example ' word-type ' but when I hit the layout tab it converts the "-" to "_". So now my field name is ' word_type '. Is there any way to prevent this? CardGunner Don' use a hypen ( - ).  It isn't a valid character for column names.   See http://searchsqlserver.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid87_gci1188931,00.html   Here's an excerpt about column names: Letters as defined in the Unicode Standard 2.0 Decimal numbers from either B...

"Me" is better than "You"
Yes I know, strings are frozen. But let me talk about it, I really can't get through the idea of a PC talkin to me. I consider my PC as an extension of myself, not a dumb companion who addresses Me as You. Yes there are times when I get angry with Him while I work and get wrong calculations etc.., but it really is my fault, Me using wrong istructions and eventually wanting to find someone else to blame, but it's Me. And yes, I consider Thunderbird my mail program, reading my mail on my PC as Me. So I personally like to have Me in the header bar as a compact address ...

XP "Security" ( "If you are not paranoid yet...")
"...XP will disable features of your computer. If you are not paranoid about this yet, you should read all the details (X84)." http://aaxnet.com/editor/edit029.html#gather A lot of information is sent from your XP computer to Microsoft. For instance, if you watch that DVD of Debbie Does Dalas using Microsoft Media Player, that information is sent to Microsoft, as is various information about user skills and computer usage. All this can be turned off by rather tedious processes, but as soon as you install a security patch or other update from Microsoft, it'll...

replace the "." with a ","
Oi.... I need to build a small programm in ASP.NET and chose to use C# for it.Now i got everything working but there's one little problem.the first textbox is a double. I need to make it so that when someone enters a "." then it gets replaced by a ","any ideas?Ghan  string blah = "4.2.2.2";blah = blah.Replace(".", ",");Ryan Ryan OlshanASPInsider | Microsoft MVP, ASP.NEThttp://ryanolshan.comHow to ask a question...

"To" and "From" missing
When I print emails, the words "To" and "From" are blank, even though the "To" name and "From name (addresser, addressee) do show up. This is not a problem for other users on my system. Suggestions In mailbox right click, view. On the message window, right click and choose print options. Make sure print header is checked. -- Barry Merchant NSC Volunteer SysOp *** no email unless requested please!! *** > In mailbox right click, view. On the message window, right click and > choose print options. Make sure prin...

Using "+" or "||"
Using SQLAnywhere 5.5.04, I've gotten into the habit of using "||" in ISQL to indicate a string concatenation. I needed to paste my SQL statement into the PowerBuilder script painter for some embedded SQL, and PB didn't like the "||" very much at all. I changed it to "+" and it seems to be ok. Do these two operators indicate ~exactly~ the same thing? moin, afaik these two's are not the same! if you're using "||" and any term is NULL then in the resultstring the term will be ignored if you use "+" then the resu...

Web resources about - Indy, gmail and "modern standards of security" - embarcadero.delphi.webservices

Resources last updated: 11/25/2015 5:20:06 AM