Any interest in DKIM/Domain Keys

Solutions for other advanced phplisters

Any interest in DKIM/Domain Keys

Postby bzcoder » 8:19pm, Mon 14 Apr, 2008

I've now had to deal with 3 different providers that did not support Domain Key signing of outgoing emails.

While the easy solution is to setup a dedicated outgoina email server on a cheap VPS and configure domain keys myself(and it is preferred to segment transactional and list emails) - the easy solution is not always within the scope of all users.

As such, I'm putting together a PHPlist plugin that can be configured to sign outgoing emails before submitting to the mail server.

I was wondering if there is any interest in testing it outside the small number of people I've run into that need such a function?
bzcoder
PL Geek
 
Posts: 53
Joined: 8:15pm, Mon 14 Apr, 2008

Postby WinstonN » 7:51am, Tue 15 Apr, 2008

Yo, I'll be interested.
Sounds like a good plugin. Personally I don't care which companies/providers support domainkeys yet...someday they will :)
I add SPF, SenderID and domainkeys to all my domains, it's just better and if you want your mails to get to the mailbox, every bit helps.

How will the user create the cert?
I use gentoo and it's pretty easy -

Code: Select all
emerge --config dkim-milter


Keep us posted how it goes,

Wins
Winston Nolan
http://www.buyxonline.com
eCommerce and Email Marketing
WinstonN
PL Master
 
Posts: 158
Joined: 3:31pm, Sun 04 Feb, 2007
Location: Cape Town, South Africa

Hoping for testers

Postby bzcoder » 1:28pm, Tue 15 Apr, 2008

Well, I'm hoping there is enough interest to get some people to test it. As if I can get DKIM working in PHPlist it is primarily a stepping stone to my real goal(signing via commercial e-postage providers). I'm sick and tired of the way big commercial ESP's implement it, plus their extra application and setup fees.
bzcoder
PL Geek
 
Posts: 53
Joined: 8:15pm, Mon 14 Apr, 2008

Postby emma » 3:28pm, Mon 26 May, 2008

Absolutely yes.
emma
PL Nut
 
Posts: 32
Joined: 7:21am, Tue 05 Feb, 2008

DomainKeys

Postby Heritage » 7:57pm, Thu 11 Sep, 2008

Has anyone gotten DomainKeys to work in PHPlist?

Once you have it installed on your server wouldn't it just be another line in the header to insert the private key?

Does any one have a working example?
Heritage
Moderator
 
Posts: 223
Joined: 3:25pm, Fri 23 Jun, 2006
Location: 800 720-7301

DKIM

Postby Guest » 6:57pm, Fri 19 Sep, 2008

Well - we use DKIM under PHPmail option, the SMTP mail does not work, because
there is a bug (we are trying to find a fix) in smtp-mailer section of PHPlist, so the headers are created incorrectly causing DK-milter *NOT* to sign them..
Guest
 

DomainKeys

Postby Heritage » 7:21pm, Fri 19 Sep, 2008

One one of our servers running "post fix" we have PHPlist configured as "sendmail" and the DomainKey works fine:

X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 domain.net 04DDB21D8EFF

DomainKey-Signature: a=rsa-sha1; s=default; d=domain.net; c=simple; q=dns;
b=J2yR63SY5tUcr5A63BMbz9vm6fwxCAUDU9afyG5jADTPVfHbrpTJmTt0rNrIDdoSs
anAE0M0DjwTXqgcoFCRWw==

We did not have to do anything related with PHPlist other than configure the send method to be "sendmail". The mail drops faster and we still have ESMTP in the transport.

So I assume in order to send mail with a DomainKey you have to set up the private key on the mail server and then have the proper public key in DNS.

Really nothing to do with PHPlist. More of a Mail server and DNS issue.

If you get the X-DomainKeys header then you have the private key set up correct. Then When you have both the private and public key correct you will have the DomainKey-Signature header.

If you get the DomainKey-Signature, regardless, your okay without any X header. Each email system is different.

On another shared host we send SMTP with PHPlist and our email send the DomainKey-Signature header just fine.

Then on another issue we had to make sure a corporate fire wall stopped stripping the header.

You have to make sure the "From" email address is on the same root domain name that you are emailing from and have set up. Everything else can be different, but the "From" has to be the root domain of the DomainKey-Signature.

If it is not one thing . . . is may be another.
Heritage
Moderator
 
Posts: 223
Joined: 3:25pm, Fri 23 Jun, 2006
Location: 800 720-7301

Postby Guest » 5:03pm, Wed 21 Jan, 2009

Hi all,

Just posting some feedback here as I have just enabled DomainKeys on my shared host provider using the cpanel interface.

This was just a case of clicking the enable button under Mail > Email Authentication > DomainKeys. Perhaps this creates the public and private keys for you, I'm not sure.

Interestingly before I created an SPF record which I did before this, emails to my test hotmail account were being flagged when opened with the "Attachments, pictures, and links in this message have been blocked for your safety. (plus Show Content Link)" and "You may not know this sender. (plus Mark as Safe | Mark as Unsafe Links)". Sometimes email was received into Hotmail Spam box, sometimes to inbox, without adding sender as safe.

After creating SPF I still receive mail to inbox but now without the above warnings. 8) This also means that the tracking works as it doesnt rely on the receiver releasing the block on the content.

I thought I'd also enable DomainKeys for completeness.

Anyway as Heritage's post suggests that if you have the DomainKey-Signature now in the header then it is working.

Not sure why my c value is different (c=nofws) but it doesnt seem to be causing a problem.

I have PHPList v2.10.8 set up to use SMTP with Google Apps and POP for bounce processing. My PHPList is on a sub domain and the email addresses i use with PHPList are those matching the sub domain. My MX records on the sub domain all point to Google as per Google Apps instructions.

So far even before adding SPF or DomainKey I've been receiving test mail sent from PHPList to a test Google Apps mail account and to a pop freeserve account without it being marked as spam. The latter has been notorious for not allowing legit stuff to reach me.

For info, my headers now look like this, as per message received in hotmail. Just thought this might help others relate to how their settings come through. Obviously I've changed the names that are bolded up but the continuity is still retained with the original.
Code: Select all
xx.xx.xx.xx = ip address

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtTQ0w9Mw==
X-Message-Status: n:0
X-SID-PRA: [b]**My PHPList Admin Name** admin email address @ mydomain.co.uk[/b]
X-Message-Info: JGTYoYF78jEW6jWL2nPj7a8+r1Y61sF0dl7lR1N0qSg0amu89MyYeqLEorkSs4QBVuIFq45i2NmQAQr78TdlXNVu4ShUpW4t
Received: from [b]server.mysharedhost.net ([xx.xx.xx.xx])[/b] by COl0-MC4-F35.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
    Wed, 21 Jan 2009 05:40:09 -0800
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=[b]mydomain.co.uk;[/b]
   h=Received:To:Subject:Recieved:Date:From:Message-ID:X-Priority:X-MessageID:X-ListMember:Precedence:Errors-To:MIME-Version:Content-Type;
b=TEiL1ZWI8VaLxQvvf+Y8/cd26NA2YwL5kTA7Pj9KmZbmiivI3dBC1oHhJSFZhP2KgIVwU9ADMC5z9d7hMFuy21K++ST4s31uKHkgfGKDDKxp0eiEbjf/wvJD6QNTdg/z;
Received: from [b]mysharedhostusername by server.mysharedhost.net[/b] with local (Exim 4.69)
   (envelope-from [b]bounces @ mydomain.co.uk)[/b]
   id 1LPd9f-00054M-2A
   for [b]testlistuser @ hotmail.com;[/b] Wed, 21 Jan 2009 13:30:03 +0000
To: [b]testlistuser @ hotmail.com[/b]
Subject: test28
Recieved:
Date: Wed, 21 Jan 2009 13:30:03 +0000
From: [b]**My PHPList Admin Name** admin email address @ mydomain.co.uk[/b]
Message-ID: <9d282530336b1226f3fb2cf9a0f9f1aa>
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
X-Mailer: phplist v2.10.8
X-MessageID: 28
X-ListMember: [b]testlistuser @ hotmail.com[/b]
Precedence: bulk
Errors-To: [b]bounces @ mydomain.co.uk[/b]
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="b1_9d282530336b1226f3fb2cf9a0f9f1aa"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - [b]server.mysharedhost.net[/b]
X-AntiAbuse: Original Domain - [b]hotmail.com[/b]
X-AntiAbuse: Originator/Caller UID/GID - [32225 32227] / [47 12]
X-AntiAbuse: Sender Address Domain - [b]mydomain.co.uk[/b]
Return-Path: [b]bounces @ mydomain.co.uk[/b]
X-OriginalArrivalTime: 21 Jan 2009 13:40:09.0961 (UTC) FILETIME=[C7566590:01C97BCD]
Guest
 

Postby H2B2 » 7:18pm, Wed 21 Jan, 2009

jmids wrote:Just posting some feedback here as I have just enabled DomainKeys on my shared host provider using the cpanel interface.
Useful info. Thanks for sharing!
H2B2
Moderator
 
Posts: 7188
Joined: 1:51am, Wed 15 Mar, 2006

Re: Any interest in DKIM/Domain Keys

Postby scrane » 7:31pm, Wed 22 Apr, 2009

YES! It's going to be essential to all of us using the php mail() function. Otherwise within a few months none of our emails will get through to the main inbox of gmail, microsoft etc and hotmail is already virtually impossible - unless every one of your subscribers has whitelisted you of course!
I've been trying to integrate/adapt the opensource dkim-php to work with phplist but without success so far. Did anyone find a solution before I spend anymore time? Otherwise if anyone's interested in helping I can post where I've got to so far as I think many brains will be better than one!
scrane
phpList newbie
 
Posts: 3
Joined: 7:42pm, Thu 29 Jan, 2009

Re: Any interest in DKIM/Domain Keys

Postby nealc » 4:28pm, Tue 15 Sep, 2009

Ok, well I may be mad & I'm certainly not going to win a prize for programming, but I seem to have persuaded PHPlist to send DKIM-signed emails, which means I can send DKIM email without needing my host to co-operate. What follows is not edifying but should at least provide a start for those with finer skills than mine...

PHPlist (in my case 2.10.4)
DKIM-PHP from http://sourceforge.net/projects/php-dkim/files/

Unpack DKIM-PHP into /lists/admin/phpmailer/
Sort out your DKIM keys, add them to DNS and the dkim-cfg.php file. (Sorry, you get to look this part up).

Two things need doing. One is to patch DKIM-PHP into PHPlist's mail-sending arrangements, the other is to fix a heap of gotchas. I did this by altering class.phpmailer.php and dkim.php (I'm sure there are better ways, but my life is short enough now).

Make a nice safe copy of class.phpmailer.php
Edit the live copy of class.phpmailer.php in two places as follows...
Line 2 add require 'dkim.php';
Code: Select all
<?php
    require 'dkim.php'; //bodge for DKIM
////////////////////////////////////////////////////


At line about 365 (in function Send(), between $body = $this->CreateBody(); and if($body == "") { return false; } ) add
Code: Select all
        //start of bodge to add DKIM ------------------------------

        //recover To: field from array, needed for AddDKIM()
        $to = "\nTo: ";
        for($i = 0; $i < count($this->to); $i++)  {
            if($i != 0) { $to .= ", "; }
            $to .= $this->to[$i][0];
        }

        //for some reason dkim.php needs \r\n prepended to HTML (not text) body or body hash is wrong...?
        if (stripos(substr($this->Body,0,20),"html")>0)
            $header = AddDKIM($header.$to,$this->Subject,"\r\n".$body).$header; //prepend \r\n='0D''0A'
        else
            $header = AddDKIM($header.$to,$this->Subject,$body).$header;

        //end of bodge------------------------------------------------

That does the patching in and catches two of the 'gotchas' (getting the To: field to feed to dkim.php and getting HTML messsages to verify correctly).

Now make a nice safe copy of dkim.php
Edit the live copy of dkim.php as follows
Comment out the existing line 127 (split on \r\n) & add a new one (split on \n only) Without this nothing will verify.
Code: Select all
        //$headers=explode("\r\n",$headers_line) ;
        $headers=explode("\n",$headers_line) ; //required to prevent signiture verification failure on all sends


Now you can try sending a test message to check-auth@verifier.port25.com (responds to your Bounces) and dkim-test@altn.com (responds to From address)

After all that Yahoo still says "Authentication-Results: ... dkim=permerror (bad sig)" - no idea why yet.
nealc
phpList newbie
 
Posts: 2
Joined: 2:46pm, Tue 15 Sep, 2009

Re: Any interest in DKIM/Domain Keys

Postby Heritage » 2:55pm, Wed 18 Nov, 2009

Some one asked me where do they change the Method to send "sendmail".

/lists/admin/phpmailer/class.phpmailer.php Line 114 (version 2.10.10)

Code: Select all
/**
     * Method to send mail: ("mail", "sendmail", or "smtp").
     * @var string
     */
    var $Mailer            = "sendmail";


Hope this helps others.
Heritage
Moderator
 
Posts: 223
Joined: 3:25pm, Fri 23 Jun, 2006
Location: 800 720-7301

Re: Any interest in DKIM/Domain Keys

Postby pradnesh » 6:37am, Mon 26 Apr, 2010

above DKIM/Domain keys setting is not working with phplist v-2.10.4 and as well as phplist v-2.10.10.any body explain briefly how to do a configuration of DKIM/Domain keys setting with phplist..
pradnesh
phpLister
 
Posts: 6
Joined: 1:38pm, Wed 21 Oct, 2009

Re: Any interest in DKIM/Domain Keys

Postby mrmckoy » 6:34pm, Fri 19 Nov, 2010

pradnesh wrote:above DKIM/Domain keys setting is not working with phplist v-2.10.4 and as well as phplist v-2.10.10.any body explain briefly how to do a configuration of DKIM/Domain keys setting with phplist..


Domain Keys and SPF signing is done by the smtp server. But becuase phplist includes its own mailer and SMTP code it incorrectly breaks this.

There is a fix somewhere on this forum. I used it before but can't remember where...
mrmckoy
PL Master
 
Posts: 169
Joined: 7:10am, Sat 24 Nov, 2007
Location: Atlanta, GA

Re: Any interest in DKIM/Domain Keys

Postby ogrethegreat » 4:25am, Tue 18 Jan, 2011

First,
Thanks to nealc. So close. Everything he has is required to get this to work. I'm using phplist 2.10.12 and php-dkim 1.2 which hasn't been touched in years. The issue comes down to a single character bug in php-dkim. Hours of beating my head on the wall sending verification emails again and again until that DOH moment. The bug in php-dkim is on line 162 (after making the changes suggested by nealc).
Code: Select all
   
$to_be_signed=RelaxedHeaderCanonicalization("$from_header\r\n$to_header\r\n$subject_header\r\n$dkim") ;


Note the missing semi-colon at the end. If you send emails to check-auth@verifier.port25.com you will get back what remote server sees as the canonicalized headers that get signed. That gives you a semi-colon at the of the dkim sig header. php-dkim does not have that. The dkim header is included in the canonicalized headers up to b= and the signature is stripped but NOT the semi-colon. The line simply needs to be changed to:

Code: Select all
   
$to_be_signed=RelaxedHeaderCanonicalization("$from_header\r\n$to_header\r\n$subject_header\r\n$dkim;") ;


Don't add it to the actual $dkim variable or it'll end up with ;; in the final sent message and it'll fail again.

If there is interest, I'll upload a corrected version of the php-dkim library and the phpmailer class.
ogrethegreat
phpList newbie
 
Posts: 3
Joined: 4:11am, Tue 18 Jan, 2011

Next

Return to Advanced Answers, Howtos, Tips & Tricks

Who is online

Users browsing this forum: No registered users and 0 guests