Page 1 of 2

domainkey

Posted: Wed Nov 19, 2008 6:11 pm
by asimoneau
I want my email sent from openemm to be DK signed.
My sendmail is configured to sign my email and it is working fine.
When i send an email directly from sendmail (using webmin) to a yahoo account it tells me domainkey is verified and i see the added headers domainey signatures.....
However when i send a mailing from openemm it doesnt sign the mail at all.
I receive the email but there is no Domainkey headers in it.

Need help on setting up domain keys with Sendmail

Posted: Thu Nov 20, 2008 1:15 pm
by sapeksh
Though not the right place to ask, but since you have already setup, It will be great if you could share the steps/settings. I've tried to follow the steps in the following link, except creating the DNS entries (which I believe should result only in domain key validation failure): http://www.elandsys.com/resources/sendm ... nkeys.html

Thanks in advance.

Posted: Tue Nov 25, 2008 12:13 am
by islam_el
Hi,
I am sorry I am continuing this problem here, but it was already setup and i am part of it.
I have tried everything to make it work. Still no luck. Could it be the version of OpenEMM that we are using; we are using 5.0.2.
Is there any other way to insure that our newsletters don't end up in spam?

Any help would be appreciated.

domainkey

Posted: Tue Dec 09, 2008 8:20 pm
by snailworks
Same problem here.

Running OpenEMM 5.5.1 on Fedora9
Sendmail and dk-milter installed and working.

Sendmail by the command line will send a message with a validated signature. All OpenEMM mailings seem to bypass the dk-filter.

Every message I send to a yahoo.com recipient goes to their SPAM folder.

Posted: Sun Mar 29, 2009 1:44 pm
by johannes_77
Hi there,

good to read this here. I was about to setup dk as well but now I will wait until this is solved. From sending my first testamilings to several providers I can say that gmail and yahoo place openemm emails always into the spam folder. No matter what you do. Fresh install and IP, simple test e-mail, no indicaton on spam.

I believe the reasons for this are:
1. Port 8080. Yahoo writes this in its postmaster guidelines.Do not use another port then 80!
2. The signature of the sending programm. OpenEmm might be used by spammers and therefor every e-mail sent from such a system will be classified as spam.

This is just a clue. No proof. But I would like to be able to remove the name of the sender e-mail from the signature just out of curiosity if this is the cause!

Posted: Fri Apr 24, 2009 7:23 pm
by imphasing
Hi,

Just thought I'd share a tip on how to change the X-Mailer header on OpenEMM. The X-Mailer header is how a receiving server can determine what sort of program the email was sent from, and it's pretty easy to change.

All you need to do is edit the emm.properties file, located in /<OpenEMM-Root>/webapps/core/WEB-INF/classes, and change the mailgun.ini.mailer variable to whatever you see fit. It's usually set to something like 'OpenEMM v5.x' or something, but if you want to change to to your business name, or something else, then yahoo (or other email providers) won't automatically classify email sent from OpenEMM as spam. The email providers may not do that in the first place, but it's always a possibility.

I'll keep you guys posted on anything else I find, as I'm attempting to get DomainKeys working. It may be as simple as re-compiling a couple source files, or it may be very complex. Only time will tell.



Alex

Posted: Tue Apr 28, 2009 8:56 pm
by imphasing
Just to let you guys know, I've succeeded in getting DomainKeys and DKIM signing working with OpenEMM. It's a bit of a hack for now, but what I did was write a Perl script that leveraged the Mail::DKIM module, and had semu.py pass the email text through that script, which signs it, then semu.py continues with the sending as normal.

I may work on implementing the DomainKeys and DKIM signing in the python script directly, which would make everything much cleaner, but for now, it works pretty decently.


Alex

Posted: Tue Jul 21, 2009 11:34 am
by SimonMoore
Can you post code/steps to getting DKIM or Domainkeys working.

It works fine in sendmail (so I can send myself an email at the command line and the DKIM line gets put in) but not for emails sent by Openemm (indicating sendmail is either not being used to send emails or it is being used with some alternate configuration skipping the dkim plugin).

Any help much appreciated.

For those not knowing what we are talking about dkim is required to succesfully send emails to adresses like yahoo and not always end up in the spam folder.

Posted: Mon Aug 03, 2009 12:48 pm
by SimonMoore
Hi Alex,

can you say at which point you passed it out to the Perl Script - I am trying to get my head arround the source code and at the moment it looks like the body and headers are in different objects - presumably you pass out later on in the process to your Perl scrip? What point is that?

BTW http://hewgill.com/pydkim/ is the python equivalent - so if you let me know what you did before I can probably get this working.

Simon
imphasing wrote:Just to let you guys know, I've succeeded in getting DomainKeys and DKIM signing working with OpenEMM. It's a bit of a hack for now, but what I did was write a Perl script that leveraged the Mail::DKIM module, and had semu.py pass the email text through that script, which signs it, then semu.py continues with the sending as normal.

I may work on implementing the DomainKeys and DKIM signing in the python script directly, which would make everything much cleaner, but for now, it works pretty decently.


Alex

DKIM workaround

Posted: Wed Aug 05, 2009 9:23 am
by SimonMoore
I have made some progress and got a messgage sent by openemm verified by an online DKIM verifyer (www.myiptest.com). Not 100% certain I have not broken anything along the way.

So my discoveries to aid other hackers (after all this is supposed to be open source but precious little to point us in the right direction).

1st How openemm creates mails when sendmail is enabled (default for Linux) is not obvious perhaps in the java code (not looked).

2nd when sendmail is disabled (via the script), openemm sends through semu.py

3rd semu.py can send through a relay with an appropriate server in the config (which can be the localhost sendmail).

4th there is a DKIM module for python (and for perl, and a milter for sendmail, not checked java), no domainkeys module for python that I have found but yahoo and others should be using DKIM by now anyway.

My steps for workaround in next post

DKIM workaround part 2

Posted: Wed Aug 05, 2009 9:34 am
by SimonMoore
#Note previosly installed DKIM milter for sendmail and created a private key and DNS entry as per its instructions. Sendmail was able to sign messages sent at the command line.,
#We are told openemm does not as it creates its own mail queue which sendmail blindly sends and none of sendmails filters are processed
#Sendmail was also correctly set up to deal with incoming openemm email with the bav milter. As per openemm instructions
#Openemm was installed to /home/openemm as per instructions

go where ever you download your src code

#DNS
wget http://www.dnspython.org/kits/1.7.1/dns ... 7.1.tar.gz
tar -zxvf dnspython-1.7.1.tar.gz
cd dnspython-1.7.1
python setup.py install
cd ..

#dkim
wget http://hewgill.com/pydkim/pydkim-0.3.tar.gz
tar -zxvf pydkim-0.3.tar.gz
cd pydkim-0.3
python setup.py install
cd ..

#hashlib (only need on pythion 2.4 and before included in newer ones)
wget http://code.krypto.org/python/hashlib/h ... 119.tar.gz
tar -zxvf hashlib-20081119.tar.gz
cd hashlib-20081119
python setup.py install
cd ..


#testing add include for dkim to headers.

e.g. the other imports are at
36d35
< import dkim

su openemm
/home/openemm/bin/OpenEMM.sh stop
cd /home/openemm
./bin/scripts/semu.py

#(will probably complain something already running, if you get this far all includes worked.).

#Verify you have setup dkim properly refer to dkim-milter docs
dkim-testkey -d mydomain.com -k /data/dkim/mydomain.private -s mydomain


The below is the diff I got running after I made some changes, sorry so much is hardcoded for now, first time I've ever written any python.

#diff bin/scripts/semu.py bin/scripts/semu.pyold

36d35
< import dkim
556,583d554
< dkimkeypath = "/data/dkim/mydomain.private"
< selector="mydomain"
< domain="mydomain.com"
< dkimlog='/home/openemm/var/log/dkim.log'
< DKIMheaders=['To','Subject','From']
< try:
< fd = open (dkimkeypath)
< dkimkey = fd.read ()
< fd.close ()
< except IOError, e:
< dkimkey = None
< agn.log (agn.LV_ERROR, self.mid, 'Failed to read dkimkeypath file %s: %s' % (dkimkeypath, `e.args`))
< try:
< fd = open (dkimlog, 'a')
< DKIMSignature = dkim.sign(self.mail,selector,domain,dkimkey,include_headers=DKIMheaders,debuglog=fd)
< fd.close ()
< agn.log (agn.LV_ERROR, self.mid, 'DKIMSignature not added yet %s' % (DKIMSignature))
< tempmail = DKIMSignature
< tempmail += self.mail
< fd = open (dkimlog, 'a')
< fd.write("\n-------\n")
< fd.write(tempmail)
< fd.write("\n-------\n")
< fd.close ()
< self.mail=tempmail
< except dkim.DKIMException, e:
< DKIMSignature = None
< agn.log (agn.LV_ERROR, self.mid, 'Failed to read DKIMException file %s: %s' % (dkimkeypath, `e.args`))



/home/openemm/bin/OpenEMM.sh stop
#Openemm appears to write mail differently depending on if it is using sendmail directly or not - as I can't figure out what to change if it uses sendmail we turn it off
/home/openemm/bin/sendmail-disable.sh
#Because semu on its own is a pretty rubbish mailer e.g. could not send email to somemeail@test.myiptest.com so we tell it to relay through local sendmail (or your ISP)
echo "127.0.0.1" > /home/openemm/conf/smart-relay
#cause sendmail still does it better
/etc/init.d/sendmail start
/home/openemm/bin/OpenEMM.sh start

goto www.myiptest.com and its dkim test page. follow instructions to get a one time mail address, go to openemm add email address as admiistrator and send test mail to administrators (cc yourself as well so you can see what a DKIM header looks like). It will check there is a DKIJM header and that it matches the key in your DNS record which you set up following dkim-milter instructions.

Not tested bounces still work - can't see why they wouldn'd as semy.py and sendmail run on different ports (I have not done the port redirection thing). So sendmail should still handle incoming bounces correctly.

Feedback - particularly improvements to me rubbish code appreciated.
Anyone got a clue how to do something similar while leaving openemm in sendmail-enable mode?

Posted: Fri Aug 06, 2010 8:49 am
by yunusyb
Alternative solution without any patching or modification to OpenEMM code
http://www.bridgeinfomatics.com/blog/Op ... gning.html

smart-relay doesn't seem to work for me

Posted: Fri Oct 01, 2010 10:23 pm
by marko
yunusyb wrote:Alternative solution without any patching or modification to OpenEMM code
http://www.bridgeinfomatics.com/blog/Op ... gning.html
yunusyb, I can't seem to get smart-relay to work properly. The messages are still sent directly through OpenEMM and without passing through the system installation of sendmail. Have you tried the solution posted on Bridge Informatics?

Trying to get DKIM to work with OpenEMM has been quite... interesting. Please make DKIM a part of OpenEMM 6.2 or at least make it easier to implement.

Posted: Tue Oct 05, 2010 3:55 pm
by maschoff
We plan to address OpenEMM problems with DKIM this quarter.

Posted: Tue Oct 05, 2010 9:58 pm
by marko
SimonMoore, I finally did implement your solution, thus editing semu.py directly. It seems to work as DKIM headers are added.

Anyhow, smart-relay wasn't working for me (and I couldn't send messages to test.myiptest.com since that domain has no MX record and semu didn't seem to like that) so I figured I should post here about how I got it to work.

I defined SMART_RELAY on top

Code: Select all

SMART_RELAY = agn.mkpath (agn.base, 'conf', 'smart-relay')
and then replaced the line

Code: Select all

fd = open ('conf' + os.path.sep + 'smart-relay')
with

Code: Select all

fd = open (SMART_RELAY)
Being that using smart-relay was the issue that I couldn't figure out when applying this solution: http://www.bridgeinfomatics.com/blog/Op ... gning.html , I tried rolling back the changes on semu.py that SimonMoore posted (I kept the SMART_RELAY changes) and then just going ahead with the simpler solution that only involves ignoring some headers by DKIM-filter. Well, smart-relay worked this time but I couldn't get the DKIM-Signature to show up despite omitting described headers from /etc/dkim-filter.conf .

Finally, I went back to Simon's edits of semu.py and DKIM-Signature is now present... although test.myiptest.com tells me that there is no signature... go figure. I'll see how major mail servers are responding to this.

The smart-relay change I had to make seems like a bug in OpenEMM... Am I missing something?