×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Sending emails with VFP with CDO
2

Sending emails with VFP with CDO

Sending emails with VFP with CDO

(OP)
Hi,

I'm sending emails out thru VFP9 using CDO's. Everything works perfectly except that as of Feb-2024, Google insists that every email sent to Gmail users must have a DKIM signature.

How do I add the DKIM signature to this code please.

accno='000-000000'
has_txt=.F.
has_pdf=.F.
m.emal='mine@gmail.com'
LOCAL iMsg,iConf
DECLARE SHORT InternetGetConnectedState IN wininet.DLL;
INTEGER @lpdwFlags, INTEGER dwReserved
lConnect=displayState()
IF lConnect
iMsg = CREATEOBJECT("CDO.Message")
iConf = CREATEOBJECT("CDO.Configuration")
Flds = iConf.FIELDS
WITH Flds
.ITEM("http://schemas.microsoft.com/cdo/configuration/sen...") = 2
.ITEM("http://schemas.microsoft.com/cdo/configuration/smt...") = 'ourserver' && ourserver
.ITEM("http://schemas.microsoft.com/cdo/configuration/smt...") = 25
.UPDATE()
ENDWITH
WITH iMsg
.Configuration = iConf
.TO = m.emal
.BCC = ""
.FROM = "me@example.ca"
.Subject = "Your Invoice is Now Ready 2024-01"
.FIELDS("Priority").VALUE = 0 && -1=Low, 0=Normal, 1=High
.Fields("http://schemas.microsoft.com/cdo/configuration/smt...").Value = 1
.Fields("http://schemas.microsoft.com/cdo/configuration/smt...").Value = 60
.Fields("http://schemas.microsoft.com/cdo/configuration/smt...").Value = .T.
.FIELDS.UPDATE()
IF has_txt=.F. && HAS ONLY PDF (NO TXT FILE EXISTS)
bod="<img src='cid:logo.png'><BR>Hello,<BR><BR>in PDF.<BR>"
.HtmlBody=bod
ELSE && EXISTS BOTH THE PDF & TXT FILE SO EMAIL BODY IS A LITTLE DIFFERENT
bod="<img src='cid:logo.png'><BR>Hello,<BR><BR>your pdf PDF.<BR>"
.HtmlBody=bod
ENDIF
.AddAttachment ("C:\Users\jk\Desktop\ff\logo.png") && ALWAYS DONE SO THAT EVERYBODY HAS THE LOGO
.SEND()
ENDWITH
iMsg = .NULL.
iConf = .NULL.
Flds = .NULL.
ELSE
MESSAGEBOX("Could not send the message, your internet connection is down.")
ENDIF
PROCEDURE displayState
LOCAL lConnected
lConnected = .F.
lpdwFlags = 0
IF InternetGetConnectedState (@lpdwFlags, 0) = 1
lConnected = .T.
ENDIF
RETURN lConnected
ENDPROC


Thanks,
FOXUP

RE: Sending emails with VFP with CDO

SPF is what I came across with Gmail so far, but never actually implemented it, in my case it was just about sending an hourly mail from my domain to a gmail mail account and it didn't become mandatory to have SPF authentication, the mails I sent to myself just all were marked as suspicious as one mail came each hour.

From what I already read about SPF and never actually implemented and from skimming through this explainer on DKIM (https://www.emailonacid.com/blog/article/email-del...) I can tell you:

You need more than just a bit more code to sign your mail. If you run a mail server on your intranet only, you will need to change a lot more and bring your mail server to an actual internet domain, as DKIM and also SPF require some DSN entries that must be publicly available, not just in your intranet, so "localhost" won't do for that.

I recommend you read through the explainer and you'll need a bit more support than just a VFP programming expert to add this feature to your outgoing eMail.

Chriss

RE: Sending emails with VFP with CDO

(OP)
Hi,

The 4 protocols that Google has implemented and enforced (as of Feb-2024) are actually TLS, SPF, DMARC and DKIM. I have setup our servers with all the necessary DNS records for all the 4 protocols in question, including the Public Key and Private Keys for the DKIM, and they all work fine when sending thru a regular Outlook account.

When I send thru the above program the SPF, the TLS, the DMARC all pass and everything is working for those.
The only problem is the DKIM. I can't seem to pass the DKIM record so that the emails get DKIM signed.

I really just need help with the DKIM line of code to add in the program (CDO line). Everything works with regards to all other aspects of the other protocols.

Please help.


Thanks.
FOXUP

RE: Sending emails with VFP with CDO

I came up against this same issue last year. (At least, I think it was the same issue. Some of my emails to Gmail addresses were being bounced, and the bounce messages indicated a problem with DKIM or SPF. This wasn't consistent. It happened with some messages but not others - almost randomly.)

Anyway, after a huge hassle, I finally determined that there was nothing wrong with the messages, but was caused by settings on my outgoing mail server. I was unable to change the settings myself, and the company hosting it were unable to help. I ended up switching to a different server, after which the problem went away.

Foxup, I don't know if this is relevant to your situation. I have very little expertise in this area. But it might be something to keep in mind.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads

RE: Sending emails with VFP with CDO

I don't find a CDO configuration item that just tells the mail server to sign the outgoing mails.

I only found this

Quote:

iMsg.Fields("urn:schemas:mailheader:DKIM-Signature") = "YOUR_SIGNATURE_HERE"

Which also just was a untested guess of the answeerer at https://stackoverflow.com/questions/10724308/how-t...

I have too little information about what to put together to compute the signature.

The other thing I see Microsoft documenting for DKIM on https://learn.microsoft.com/en-us/microsoft-365/se...
That starts with Microsoft using CNAME DNS records instead of TXT.

Chriss

RE: Sending emails with VFP with CDO

(OP)
Mike,

That's exactly what's going on. The message are not being delivered due to emails not being DKIM signed.
As I mentioned, all emails are being sent properly when being sent thru Outlook, so it wouldn't be the outgoing mail server. It's only when using the CDO program that they are not DKIM signed.

Chris,

I have tried that setting and get an error saying "DKIM FAIL" so I think it's kind of half right, half wrong. I put the Public Key in the "YOUR_SIGNATURE_HERE" and upon inspecting the Google email, it says "DKIM FAIL" dkim=neutral (bad format). I think it's a start in the right direction but the "YOUR_SIGNATURE_HERE" doesn't work with simply the Public Key being added instead of "YOUR_SIGNATURE_HERE". What belongs on the "YOUR_SIGNATURE_HERE" ?


I really need help as hundreds of emails are being bounced back.

FOXUP

RE: Sending emails with VFP with CDO

Of course that does not work, foxup, a sigfnature is not the key, it's the hash of the mail computed with the private key and verifiable with the public key.

In an ideal situation you'd just put an outgoing mail into a mail server which automatically signs your mails before they are sent to the final recipient. I don't know and don't assume mail servers do this post processing of mails before they are finally sent out.

You said:

Quote (foxup)

they all work fine when sending thru a regular Outlook account.

Then it would be best to change to Outlook automation instead of sending mails by CDO.

Chriss

RE: Sending emails with VFP with CDO

Quote:

That's exactly what's going on. .... As I mentioned, all emails are being sent properly when being sent thru Outlook ...

I don't think that's the same as he behaviour I saw. I tried sending messages from various email clients - but all through the same mail server - and they all failed in the same way. Which led me to believe that the problem was caused by a mis-configuration of the server rather than something in the message itself. I didn't have the problem when I switched to a different server.

But, as I said earlier, this might not be relevant to your situation, not least because your aim is to automate the sending of emails whereas for me the problems arose when sending them interactively.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads

RE: Sending emails with VFP with CDO

(OP)
How do I get the "the hash of the mail computed with the private key" ?

RE: Sending emails with VFP with CDO

I don't find documentation about what exactly needs to be signed, so that's a god question.

I would still rather change from CDO to outlook, which makes mailing even much simpler, or investigate in the direction which mailserver software would automatically apply DKIM signing of mails.

Chriss

RE: Sending emails with VFP with CDO

(OP)
What do the changes from CDO to Outlook look like exactly? Can you give me an example of what the code would look like in Outlook script? Also, which mailserver software automatically apply DKIM signing of mails?

RE: Sending emails with VFP with CDO

Let me only tackle the simpler question.

To send mails with outlook is far simpler than with CDO as you don't need to care for configuration, all you need is outlook to be configured to allow automation. And that's possible to do even without using the infamous redemption tool.

The core code to send mails is in the faq section FAQ184-766: How can I send an Email using OUTLOOK from VFP?, let me copy it here:

CODE

oOutlook = CreateObject("Outlook.Application")
oitem=oOutlook .createitem(0)
oitem.subject="Email From VFP"

oitem.to="someone@example.com"

oitem.body="This mail was sent from vfp using Outlook"
* for HTML mail there is simply oItem.HTMLBody to put in any HTML

** To attach a file
oitem.Attachments.Add("MyFullPath+MyFile+Ext")
** to attach one more file.. and you can repeat this.
* oitem.Attachments.Add("MyFullPath+MyFile+Ext")

** to send it
oitem.send()

** to clear up
oOutlook=.null. 

You can forget about anything related to mailserver, port, etc, as that's all done by Outlook, including the DKIM authentication, as you said.

To find out a bit more, just do this in the command window, one line after the other manually:

CODE -->

o=CreateObject("Outlook.Application")
oitem=o.createitem(0) 

And then you can open the debugger and in the Locals window expand the oitem variable to see what properties and subobjects it has, etc. Or use intellisense by just typing oitem. up to the point.

Chriss

RE: Sending emails with VFP with CDO

(OP)
Hi Chriss,

OK, your code:

oOutlook = CreateObject("Outlook.Application")
oitem=oOutlook .createitem(0)
oitem.subject="Email From VFP"

oitem.to="someone@example.com"

oitem.body="This mail was sent from vfp using Outlook"
* for HTML mail there is simply oItem.HTMLBody to put in any HTML

** To attach a file
oitem.Attachments.Add("MyFullPath+MyFile+Ext")
** to attach one more file.. and you can repeat this.
* oitem.Attachments.Add("MyFullPath+MyFile+Ext")

** to send it
oitem.send()

** to clear up
oOutlook=.null.

seems to work fine. The DKIM now passes, however the other 3 protocols don't pass. The ones that don't pass are SPF and TLS and DMARC.

Any help on those please?

Thanks,
FOXUP

RE: Sending emails with VFP with CDO

Well, how should I know what you configured in your Outlook?

I also don't see anything in your CDO code that handles SPF, TLS and DMARC, though.

Those things have to do with the mail domain and mailservers, not so much with the mail client used.

Maybe you will find out how to configure the mailserver you use for CDO in the same manner as the one configured in Outlook. If your Outlook is configured to the same mailserver as is used by your CDO configuration, then there still may be differences in how you connect and how the raw mails (including headers) are composed.

The question now of course becomes what is simpler: Add the DKIM signature to the CDO routine or have the other three features done with/from Outlook, too.

I'd just go back to what I initially said: ...you'll need a bit more support than just a VFP programming expert.

Chriss

RE: Sending emails with VFP with CDO

(OP)
OK, I just re-checked and the TLS is working. Let me check the other 2 (DMARC and SPF). I hope this works.

RE: Sending emails with VFP with CDO


Try using sfMail - a mail client based on MailKit from Doug Hening that works well with gmail and office 365.





Marco Plaza
https://www.github.com/nfoxdev

RE: Sending emails with VFP with CDO

foxup,

all I can say about SPF is that that's also based on DNS records and is domain related, not mail client related. I haven't read up on DMARC, but I think it's of the same nature, while TLS is "only" about a secure connection to the mailserver, sending mails encrypted.

DKIM has indeed to do with the mail item itself, as you provide a (techincal, cryptographic) signature in the mail header and so it was plausible Outlook was somehow setup to do this and your code not.

I think when you use a mail server like an Exchange server it could also post process mails to add the necewssary headers or other parts of a mail, so that a mail client and your code does not need to be adjusted at all about such things as SPF, DKIM and maybe DMARC. They are all features related to the authenticity of mails and the origin domain and so are more related to protocols than to the actual mail composition, except DKIM which clearly - even just skimming the definitions you find - adds to the mail headers.

You know better than us how you managed to earlier solve the SPF and DMARC features, I already talked about my limited experience with SPF. You're looking for an expert on the topic of mail, mail protocols and mail servers, and while I can only speak for myself, this forum is clearly mainly about FoxPro. I'm not saying your post is wrong here, you see you get advice like the last one about sfMail by Doug Hennig. You could also look for a mail techniology related forum, like an Exchange server forum.

Coming back to the topic of mail server software. I'm not sure if you even run something like an Exchange Server or have a company MSDN subscription using Office 365, a Microsoft 365 domain or even Azure. The link I posted earlier was about the features of a Microsoft 365 domain you could own in a Microsoft based world, and if you go one up in the treeview of topics you get to https://learn.microsoft.com/en-us/microsoft-365/se... and there are links to set up SPF, set up DKIM, and set up DMARC.

It confirms my gut feeling that such things can be handled without changing or configuring anything in mail clients themselves. But using CDO you may circumvent all that by sending the mail items you create in VFP to the outbound mail server that's not inhouse or the MS 365 domain, but a T-Online/T-Systems mail server, for example, or whatever your ISP is. All these mail authentication schemes are about the domain of a company and have more to do with the hoster of your domain, which rarely is the same as your ISP. There is another pointer to who you could involve and ask about this.

Way back when I didn't actually set up SPF - it doesn't stop a mail to arrive in my gmail account - I had bad experience with my hoster not knowing what DNS records to configure and how their mail server would be involved. If it would have become important to me I would have switched my hosting. Well, and that reminds me of Mike Lewis advice to switch servers, set up something new or even switch the hoster.

Chriss

RE: Sending emails with VFP with CDO

Good idea,

the DKIM samples are here:
https://www.example-code.com/foxpro/dkim.asp

The fly in the ointment is, that all code to sign and verify the signature is closed source, so you'll need the Chilkat bundle. And what I don't see in the code samples is the side of the domain configuration with the DSN entries.

Chriss

RE: Sending emails with VFP with CDO


Here you have a guide on how to send DKIM signed emails with mailKit and .net core:
Sending emails with .Net Core using MailKit with DKIM signature

The c# source to sign the message is included at the end. It's 3 steps - create a DkimSigner object, create the headers, and sign the message using the sign function before the send operation.

Just add the DKIM support to Hening sfMail source ( smtp.cs ) and recompile the project using visual studio.

Marco Plaza
https://www.github.com/nfoxdev

RE: Sending emails with VFP with CDO

Hi Marco,

I hope someone (Doug?) will add the DKIM support to sfMail. I don’t have visual studio, so I can only hope someone will be able to add this and recompile.

Regards, Gerrit

RE: Sending emails with VFP with CDO

One point still is, that you don't necessarily need to sign mails while creatiung them. The first step of sneding a mail is putting it into your own mailserver, especially if it's company mails coming from your own domain. And you cannot only set some DSN records, if you have a Microsoft365 domain the links I posted above configure the automatic processing of the mails in regard to SPF, DKIM, and DMARC, before mails which makes the whole process unimportant for the client side, even for Outlook. And what works for Microsoft365 domains likely also works for other constructs of domain/mailserver software.

To reiterate and summarize that with quotes:

Link: https://learn.microsoft.com/en-us/microsoft-365/se...
quote MS:

Quote (Microsoft)

As a Microsoft 365 organization with mailboxes in Exchange Online, or a standalone Exchange Online Protection (EOP) organization without Exchange Online mailboxes, protecting the integrity of email messages from senders in your domains is important...
...To configure email authentication for mail sent from Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, see the following articles:

The latter sentence implies that if your company does use an Exchange Online mailserver or EOP, but you at least have a Microsoft365 domain, then you can use the three articles about SPF, DKIM and DMARC to get all this going without changing anything in your processes generating emails. I.e. if a mail without DKIM header (just to pick that one out) is arriving in the domains Exchange server, that will do the signing and you don't have to do that yourself.

Chriss

RE: Sending emails with VFP with CDO

(OP)
Chriss and Mike,

Thank you all for your help guys. I managed to send out all the emails since we were sending less than 2,500 per day, the requirement from Google is that SPF OR DKIM (one or the other) be functional. It all worked out since I had SPF working.

I did note your Outlook code though as it will be something that I'll be building upon later.


Thanks to all,
FOXUP

RE: Sending emails with VFP with CDO

Hi Foxup,

Good to you have a working solution. What did you use to get CDO running with SPF?

Regards, Gerrit

RE: Sending emails with VFP with CDO

(OP)
Hi Gerrit,

I had SPF setup as DNS TXT records in the mail server. All required records (SPF, DKIM, DMARC) were setup as DNS TXT records on mail server.

I hope that helps.

Thanks,
FOXUP

RE: Sending emails with VFP with CDO

Hi foxup,

What do you mean exactly with mail server? Is it your (local) SMTP server or your mail service provider?

Regards Gerrit

RE: Sending emails with VFP with CDO

The whole topic of SPF, DKIM, and DMARC is about authenticating the sender mail address, by giving information that can be retrieved from the mail recipient (or its mail client software) to verify the sender.

So it's all about mail sender addresses of a company domain, like it's brand name, mails from apple.com, for example. Or if your company owns a brand name as a domain about that domain.

You'll not ever be responsible nor do you have access to DNS records of gmail.com, for example. It's only of your own concern, if you own a domain and send mails from that domain and don't want your mails to be marked as spam.

SPF itslef is the lowest form of authentication as far as I remember, SPF DSN records should clarify which from addresses of your domain you authorize to send mails, so if someone spoofs mails as coming from your company/brand and spreads misinformation or does phishing or other fraud, then these authentication schemes help recognizing that.

To get back to what foxup forwarded from Google:

Quote:

Google insists that every email sent to Gmail users must have a DKIM signature.

That's talking of Googles Gmail as a mail client that verifies mails sent to them (any gmail recipient) are having these authentication schemes. It's not about the SPF records of gmail.com and even less so of any specific gmail address.

All that is telling it's not your concern, if you have a gmail address. On the contrary as a gmail user having a gmail address you will profit from Google paying attention to these things on the one side, and companies having a legitimate reason to send out mails to clients, be it to confirm subscriptions/registration or sending out newsletters can process their outgoing mails to have these verifieable features.

My hoster could never tell me how even those SPF records have to look, so Gmail displays the mails I sent from one of my domains from a cron job (a summary of some things) to a gmail address with a warning icon (red question mark in an octagon) and the alt tag text "Gmail couldn't verify that <senderaddress> actually sent this message." Since I know these mails come from my domain to me and since gmail doesn't reject these mails and still delivers them to my gmail address I'm not needing this.

But if I'd want to send out mails to customers even just the nature of the mails in simple aspects as regular (weekly/monthly) with similar texts (template mails individualized with mailmerging processes and individual attachments), you neither want your mails to go into a spam folder nor even have that warning icon marker. Otherwise this is not a concern and I still would push this as far from me as I can, as I see it's doable with an Exchange server to let it do that instead of your mail generation process.

Chriss

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close