Bug in CDO.Message smtpserverport = 587 fails RRS feed

  • General discussion

  • If I use port 25 it works

    I can telnet to the 365 SMTP server on port 587

    However CDO.Message errors when I use port 587

    Do we have a bug in CDO.Message?

    Sub email(emailfrom,emailto,emailsubject,emailbody,emailattach)
    	On Error Resume Next
    	Set objMessage = CreateObject("CDO.Message") 
    	objMessage.Subject = emailsubject 
    	if dbg then wscript.echo "emailsubject: " & emailsubject
    	objMessage.From = emailFrom 
    	if dbg then wscript.echo "emailfrom: " & emailfrom
    	objMessage.To = emailto
    	if dbg then wscript.echo "emailto: " & emailto
    	objMessage.Bcc = "" 
    	objMessage.Cc = "" 
    	objMessage.TextBody = emailbody 
    	if dbg then wscript.echo "emailbody: " & emailbody
    	objMessage.AddAttachment emailattach
    	if dbg then wscript.echo "emailattach: " & emailattach
    	'// jump into the configuration schema to change some settings
    	'// sendusing (1= pickup folder, 2= network)
    	objMessage.Configuration.Fields.Item _
    	("") = 2
    	'// set timeout - default = 30 seconds
    	'objMessage.Configuration.Fields.Item _
    	'("") = 30
    	'// name or IP of remote server
    	objMessage.Configuration.Fields.Item _
    	("") = ""
    	'// Server port (typically 25)
    	objMessage.Configuration.Fields.Item _
    	("") = 587
    	'// Use TLS (AKA SSL)
    	objMessage.Configuration.Fields.Item _
    	("") = True
    	'// turn on authentication
    	objMessage.Configuration.Fields.Item _
    	("") = 1
    	'// username
    	objMessage.Configuration.Fields.Item _
    	("") = SENDusername
    	'// password
    	objMessage.Configuration.Fields.Item _
    	("") = SENDpassword
    	'// update the message configuration
    	'// send the message
    	if err.number <> 0 then Call ErrorExit("SMTP Send error",err.description & err.Source ,CStr(err.number))
    	on error goto 0
    end sub

    Many thanks

    David (Nobby) Barnes

    Wednesday, April 26, 2017 12:19 PM

All replies

  • CDO is no longer used on current systems.  Use PowerShell and Send-MailMessage.

    Without an error code you cannot determine what the error is.  There is no bug in CDO.

    Port 587 usually requires SSL.  It may require TLS 2.1 which is not available to VBScript.


    • Edited by jrv Wednesday, April 26, 2017 12:50 PM
    Wednesday, April 26, 2017 12:49 PM
  • You say "CDO is no longer used on current systems" - This confuses me as (as far as I can tell) it is still current and supported on windows 10, but I will be guided by your experience. What VBScript function can I use in it's place?

    You suggest PowerShell and Send-MailMessage. - This again confuses me. Are PowerShell functions available directly in VBScript? Have I missed something? Because access to some of the cool features of some PowerShell commands would be really ace in VBScript. Maybe you could point me in the right direction and I'll go read-up some more.
    Or are you suggesting that I have to re-code everything in PowerShell? That would be fairly MAJOR and akin to trying to swap from Visual Basic to C#... Hmmmm

    The error reported is:
       SMTP Send error
       The transport failed to connect to the server.

    If I use Microsoft Message Analyzer I can see the session connection process.
    With the port set to 25 I see:
    Server respond 220
    client (CDO) sending EHLO
    Server responding 250 with list of commands
    then client sending STARTTLS 
    Client offers TLS 1.2
    Server responds with cert etc.. and TLS session is negotiated
    (invisible to me)
    Client then logs in and sends email

    With the port set to 587 I see:
    the client (CDO) starting the TLS 1.2 handshake early on
    The server then responds 220
    It all falls apart from here..
    ... No EHLO
    ... No STARTTLS
    ... Etc.. etc..

    (To me) CDO seems to be taking an undocumented approach to handling the session negotiation when the port is set to 587. This (to me) looks like a bug in CDO or an omission in the documentation.

    Many thanks for your time and help on this.
    I'm probably missing something that you can illuminate for me.

    David (Nobby) Barnes

    Thursday, April 27, 2017 12:13 PM
  • VBScript and WSH are pretty much dead systems and will not be included in future versions of Windows although they will likely be available as an add-on feature for at least one more version.

    VBScript is not supported on any new Windows subsystems and cannot access much of what is available on Windows 10 and Windows 2012R2 and later.

    CDO has been removed from Exchange systems for security and usability reasons.  Only PowerShell will work with Exchange.

    Port 587 on your server appears to not support TLS 1.2.  It is also likely that CDO does not support all of the elements required for TLS on an alternate port.

    To test this use PowerShell to send a port 587 message and you will get a more detailed message.

    The CDO message is "Transport failed to connect.".  This can be caused by a bad cert on the server.  The cert on port 25 is likely good but the port 587 SMTP transport cert is different and is rejected by CDO.  CDO and VBScript cannot get the underlying error and the Message Analyzer does not see the clients rejection since the client is just disconnecting with no other response.

    Use PS to see that you are getting a cert error then I will show you how to make this work with PowerShell even with a bad cert.


    Thursday, April 27, 2017 12:30 PM
  • We would definitely recommend redesigning scripts using PowerShell rather than VBScript. The time investment will pay off in the long run.

    -- Bill Stewart [Bill_Stewart]

    Thursday, April 27, 2017 12:31 PM
  • I hear what you guys are saying..

    That is a daunting task as I understand VB to a good enough level but PowerShell with it's C# like nature and form is almost like Klingon to me.

    Can PowerShell be encoded (like VBScript can)?

    Can I install the latest (v5) PowerShell on server 2008r2?

    I'll just have to start learning it..
    What better than a task/nodule that's needed.

    David (Nobby) Barnes

    Thursday, April 27, 2017 12:56 PM
  • Just type:

    Send-MailMessage -To address -from address -subject test -body test -smtpserver serveraddress -UseSSL -Port 587 -Credential userid

    See what happens.  If you get  a cert error then we can override it.


    Thursday, April 27, 2017 1:04 PM
  • Many thanks

    Friday, April 28, 2017 12:41 PM