"SSL is not available on this server" Exception Sending Emails with Indy

Hi
I'm using the Indy (version 10.6.0.5122) TidSMTP component on Delphi XE6 to send emails (see component details below).
object SMTP: TIdSMTP
    OnStatus = SMTPStatus
    IOHandler = IdSSLIOHandlerSocketOpenSSL1
    Host = 'smtp.gmail.com'
    Password = '***'
    Port = 587
    SASLMechanisms = <>
    UseTLS = utUseExplicitTLS
    Username = 'username'
    Left = 480
    Top = 76
  end
object IdSSLIOHandlerSocketOpenSSL1: TIdSSLIOHandlerSocketOpenSSL
    Destination = 'smtp.gmail.com:587'
    Host = 'smtp.gmail.com'
    MaxLineAction = maException
    Port = 587
    DefaultPort = 0
    SSLOptions.Mode = sslmUnassigned
    SSLOptions.VerifyMode = []
    SSLOptions.VerifyDepth = 0
    Left = 480
    Top = 24
  end
 I have the following issue: although it works fine on my computer (Windows 7, on which I have Delphi XE6 installed), I get the following exception on all computers (Windows Server 2012 Foundation, Windows 7) located at a different location when trying to send emails :
"SSL is not available on this server"
Can anyone help me find out what the problem is exactly?
Thanx in advance.
0
Mike
9/12/2014 6:30:23 AM
📁 embarcadero.delphi.winsock
📃 1874 articles.
⭐ 2 followers.

💬 6 Replies
👁️‍🗨️ 2342 Views


Mike wrote:
> I have the following issue: although it works fine on my computer
> (Windows 7, on which I have Delphi XE6 installed), I get the following
> exception on all computers (Windows Server 2012 Foundation, Windows 7)
> located at a different location when trying to send emails :
> 
> "SSL is not available on this server"
You are using utUseExplicitTLS, so TIdSMTP will send a STARTTLS command to 
the server when it is ready to encrypt the socket.  The error means that 
either the server is replying with a failure, or it is replying with success 
and TIdSMTP is initiating the SSL/TLS handshake but it is failing before 
it completes.  The latter could be happening for any number of reasons, from 
bad OpenSSL DLLs, to an incorrect SSL/TLS configuration.  There is no way 
to know by looking at the error message by itself.  You are going to have 
to debug into it to find out what is actually going on at the lower levels. 
 Start by using a packet sniffer, such as Wireshark, to see TIdSMTP's STARTTLS 
command and its reply, and to llok at the handshake data to see if there 
is an error being reported by OpenSSL itself.
--
Remy Lebeau (TeamB)
0
Remy
9/12/2014 6:46:33 AM
> {quote:title=Remy Lebeau (TeamB) wrote:}{quote}
> Mike wrote:
> 
> > I have the following issue: although it works fine on my computer
> > (Windows 7, on which I have Delphi XE6 installed), I get the following
> > exception on all computers (Windows Server 2012 Foundation, Windows 7)
> > located at a different location when trying to send emails :
> > 
> > "SSL is not available on this server"
> 
> You are using utUseExplicitTLS, so TIdSMTP will send a STARTTLS command to 
> the server when it is ready to encrypt the socket.  The error means that 
> either the server is replying with a failure, or it is replying with success 
> and TIdSMTP is initiating the SSL/TLS handshake but it is failing before 
> it completes.  The latter could be happening for any number of reasons, from 
> bad OpenSSL DLLs, to an incorrect SSL/TLS configuration.  There is no way 
> to know by looking at the error message by itself.  You are going to have 
> to debug into it to find out what is actually going on at the lower levels. 
>  Start by using a packet sniffer, such as Wireshark, to see TIdSMTP's STARTTLS 
> command and its reply, and to llok at the handshake data to see if there 
> is an error being reported by OpenSSL itself.
> 
> --
> Remy Lebeau (TeamB)
I copied the following files to my software installation directory to no avail:
libeay32.dll
ssleay32.dll
openssl.exe
Please, advise
Edited by: Mike Norayr Monjian on Sep 12, 2014 1:08 AM
0
Mike
9/12/2014 8:14:58 AM
Mike wrote:
> I copied the following files to my software installation directory
> to no avail:
> 
> libeay32.dll
> ssleay32.dll
> openssl.exe
You don't need openssl.exe file, just the DLLs.  But you do have to make 
sure that you are using the *correct* version of the DLLs for your particular 
version of Indy.  You should be using an up-to-date version of OpenSSL.  
You can get teh DLLs from http://indy.fulgan.com/SSL/, where the latest available 
is 1.0.1i.
And did you try sniffing the network traffic, like I suggested?  When dealing 
with network protocols, you need to understand how to do that, it is an important 
debugging skill.
--
Remy Lebeau (TeamB)
0
Remy
9/12/2014 5:20:21 PM
> {quote:title=Remy Lebeau (TeamB) wrote:}{quote}
> Mike wrote:
> 
> > I copied the following files to my software installation directory
> > to no avail:
> > 
> > libeay32.dll
> > ssleay32.dll
> > openssl.exe
> 
> You don't need openssl.exe file, just the DLLs.  But you do have to make 
> sure that you are using the *correct* version of the DLLs for your particular 
> version of Indy.  You should be using an up-to-date version of OpenSSL.  
> You can get teh DLLs from http://indy.fulgan.com/SSL/, where the latest available 
> is 1.0.1i.
> 
> And did you try sniffing the network traffic, like I suggested?  When dealing 
> with network protocols, you need to understand how to do that, it is an important 
> debugging skill.
> 
> --
> Remy Lebeau (TeamB)
1.) Yes. I'm using the latest version 1.01i.
2.) Yes. I used Wireshark. I don't seem to see any errors. This is the tcp stream result while monitoring port 587:
220 mx.google.com ESMTP s7sm13859892wjo.48 - gsmtp
EHLO STEPAGORSERVER
250-mx.google.com at your service, [78.158.130.65]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
STARTTLS
220 2.0.0 Ready to start TLS
after the last command I get the following 3 lines:
50883 -> 587 [FIN, ACK] Seq= 32 Ack=252 Win=65280 Len=0
587 -> 50883 [FIN, ACK] Seq=252 Ack=33 Win43008 Len=0
50883 -> 587 [ACK] Seq= 33 Ack=253 Win=65280 Len=0
0
Mike
9/15/2014 8:35:03 AM
Mike wrote:
> STARTTLS
> 220 2.0.0 Ready to start TLS
> 
> after the last command I get the following 3 lines:
> 
> 50883 -> 587 [FIN, ACK] Seq= 32 Ack=252 Win=65280 Len=0
> 587 -> 50883 [FIN, ACK] Seq=252 Ack=33 Win43008 Len=0
> 50883 -> 587 [ACK] Seq= 33 Ack=253 Win=65280 Len=0
That is a socket disconnect.  If the SSL/TLS handshake fails, Indy does close 
the socket.  Since you are not seeing any handshake data appear in Wireshark, 
that can only mean that Indy is not able to load the OpenSSL DLLs at all. 
 The WhichFailedToLoad(0 function in the IdSSLOpenSSLHeaders unit will tell 
you why Indy could not load the DLLs.
--
Remy Lebeau (TeamB)
0
Remy
9/15/2014 7:44:05 PM
> {quote:title=Remy Lebeau (TeamB) wrote:}{quote}
> Mike wrote:
> 
> > STARTTLS
> > 220 2.0.0 Ready to start TLS
> > 
> > after the last command I get the following 3 lines:
> > 
> > 50883 -> 587 [FIN, ACK] Seq= 32 Ack=252 Win=65280 Len=0
> > 587 -> 50883 [FIN, ACK] Seq=252 Ack=33 Win43008 Len=0
> > 50883 -> 587 [ACK] Seq= 33 Ack=253 Win=65280 Len=0
> 
> That is a socket disconnect.  If the SSL/TLS handshake fails, Indy does close 
> the socket.  Since you are not seeing any handshake data appear in Wireshark, 
> that can only mean that Indy is not able to load the OpenSSL DLLs at all. 
>  The WhichFailedToLoad(0 function in the IdSSLOpenSSLHeaders unit will tell 
> you why Indy could not load the DLLs.
> 
> --
> Remy Lebeau (TeamB)
Hi Remy
I redownloaded from the site you provided above and copied the dll files to my software's installation folder. I also deleted all other dll files in other directories (System32, SysWOW64). Everything's fine now.
Thank you for all the help and guidance.
0
Mike
9/16/2014 11:05:30 AM
Reply: