domainkey

Use this forum for questions regarding installation, upgrading and configuration of OpenEMM

Moderator: moderator

asimoneau
Posts: 1
Joined: Wed Nov 19, 2008 5:48 pm

domainkey

Post by asimoneau »

I want my email sent from openemm to be DK signed.
My sendmail is configured to sign my email and it is working fine.
When i send an email directly from sendmail (using webmin) to a yahoo account it tells me domainkey is verified and i see the added headers domainey signatures.....
However when i send a mailing from openemm it doesnt sign the mail at all.
I receive the email but there is no Domainkey headers in it.
sapeksh
Posts: 9
Joined: Wed Nov 19, 2008 7:14 am

Need help on setting up domain keys with Sendmail

Post by sapeksh »

Though not the right place to ask, but since you have already setup, It will be great if you could share the steps/settings. I've tried to follow the steps in the following link, except creating the DNS entries (which I believe should result only in domain key validation failure): http://www.elandsys.com/resources/sendm ... nkeys.html

Thanks in advance.
islam_el
Posts: 1
Joined: Mon Nov 24, 2008 6:26 pm

Post by islam_el »

Hi,
I am sorry I am continuing this problem here, but it was already setup and i am part of it.
I have tried everything to make it work. Still no luck. Could it be the version of OpenEMM that we are using; we are using 5.0.2.
Is there any other way to insure that our newsletters don't end up in spam?

Any help would be appreciated.
Best regards,
Islam
Prothion inc
snailworks
Posts: 1
Joined: Mon Nov 24, 2008 9:38 pm
Location: West Palm Beach, FL USA
Contact:

domainkey

Post by snailworks »

Same problem here.

Running OpenEMM 5.5.1 on Fedora9
Sendmail and dk-milter installed and working.

Sendmail by the command line will send a message with a validated signature. All OpenEMM mailings seem to bypass the dk-filter.

Every message I send to a yahoo.com recipient goes to their SPAM folder.
johannes_77
Posts: 19
Joined: Mon Mar 09, 2009 8:47 pm

Post by johannes_77 »

Hi there,

good to read this here. I was about to setup dk as well but now I will wait until this is solved. From sending my first testamilings to several providers I can say that gmail and yahoo place openemm emails always into the spam folder. No matter what you do. Fresh install and IP, simple test e-mail, no indicaton on spam.

I believe the reasons for this are:
1. Port 8080. Yahoo writes this in its postmaster guidelines.Do not use another port then 80!
2. The signature of the sending programm. OpenEmm might be used by spammers and therefor every e-mail sent from such a system will be classified as spam.

This is just a clue. No proof. But I would like to be able to remove the name of the sender e-mail from the signature just out of curiosity if this is the cause!
Johannes Siebert
imphasing
Posts: 5
Joined: Fri Apr 24, 2009 7:18 pm

Post by imphasing »

Hi,

Just thought I'd share a tip on how to change the X-Mailer header on OpenEMM. The X-Mailer header is how a receiving server can determine what sort of program the email was sent from, and it's pretty easy to change.

All you need to do is edit the emm.properties file, located in /<OpenEMM-Root>/webapps/core/WEB-INF/classes, and change the mailgun.ini.mailer variable to whatever you see fit. It's usually set to something like 'OpenEMM v5.x' or something, but if you want to change to to your business name, or something else, then yahoo (or other email providers) won't automatically classify email sent from OpenEMM as spam. The email providers may not do that in the first place, but it's always a possibility.

I'll keep you guys posted on anything else I find, as I'm attempting to get DomainKeys working. It may be as simple as re-compiling a couple source files, or it may be very complex. Only time will tell.



Alex
imphasing
Posts: 5
Joined: Fri Apr 24, 2009 7:18 pm

Post by imphasing »

Just to let you guys know, I've succeeded in getting DomainKeys and DKIM signing working with OpenEMM. It's a bit of a hack for now, but what I did was write a Perl script that leveraged the Mail::DKIM module, and had semu.py pass the email text through that script, which signs it, then semu.py continues with the sending as normal.

I may work on implementing the DomainKeys and DKIM signing in the python script directly, which would make everything much cleaner, but for now, it works pretty decently.


Alex
SimonMoore
Posts: 6
Joined: Tue Jul 21, 2009 11:21 am

Post by SimonMoore »

Can you post code/steps to getting DKIM or Domainkeys working.

It works fine in sendmail (so I can send myself an email at the command line and the DKIM line gets put in) but not for emails sent by Openemm (indicating sendmail is either not being used to send emails or it is being used with some alternate configuration skipping the dkim plugin).

Any help much appreciated.

For those not knowing what we are talking about dkim is required to succesfully send emails to adresses like yahoo and not always end up in the spam folder.
SimonMoore
Posts: 6
Joined: Tue Jul 21, 2009 11:21 am

Post by SimonMoore »

Hi Alex,

can you say at which point you passed it out to the Perl Script - I am trying to get my head arround the source code and at the moment it looks like the body and headers are in different objects - presumably you pass out later on in the process to your Perl scrip? What point is that?

BTW http://hewgill.com/pydkim/ is the python equivalent - so if you let me know what you did before I can probably get this working.

Simon
imphasing wrote:Just to let you guys know, I've succeeded in getting DomainKeys and DKIM signing working with OpenEMM. It's a bit of a hack for now, but what I did was write a Perl script that leveraged the Mail::DKIM module, and had semu.py pass the email text through that script, which signs it, then semu.py continues with the sending as normal.

I may work on implementing the DomainKeys and DKIM signing in the python script directly, which would make everything much cleaner, but for now, it works pretty decently.


Alex
SimonMoore
Posts: 6
Joined: Tue Jul 21, 2009 11:21 am

DKIM workaround

Post by SimonMoore »

I have made some progress and got a messgage sent by openemm verified by an online DKIM verifyer (www.myiptest.com). Not 100% certain I have not broken anything along the way.

So my discoveries to aid other hackers (after all this is supposed to be open source but precious little to point us in the right direction).

1st How openemm creates mails when sendmail is enabled (default for Linux) is not obvious perhaps in the java code (not looked).

2nd when sendmail is disabled (via the script), openemm sends through semu.py

3rd semu.py can send through a relay with an appropriate server in the config (which can be the localhost sendmail).

4th there is a DKIM module for python (and for perl, and a milter for sendmail, not checked java), no domainkeys module for python that I have found but yahoo and others should be using DKIM by now anyway.

My steps for workaround in next post
SimonMoore
Posts: 6
Joined: Tue Jul 21, 2009 11:21 am

DKIM workaround part 2

Post by SimonMoore »

#Note previosly installed DKIM milter for sendmail and created a private key and DNS entry as per its instructions. Sendmail was able to sign messages sent at the command line.,
#We are told openemm does not as it creates its own mail queue which sendmail blindly sends and none of sendmails filters are processed
#Sendmail was also correctly set up to deal with incoming openemm email with the bav milter. As per openemm instructions
#Openemm was installed to /home/openemm as per instructions

go where ever you download your src code

#DNS
wget http://www.dnspython.org/kits/1.7.1/dns ... 7.1.tar.gz
tar -zxvf dnspython-1.7.1.tar.gz
cd dnspython-1.7.1
python setup.py install
cd ..

#dkim
wget http://hewgill.com/pydkim/pydkim-0.3.tar.gz
tar -zxvf pydkim-0.3.tar.gz
cd pydkim-0.3
python setup.py install
cd ..

#hashlib (only need on pythion 2.4 and before included in newer ones)
wget http://code.krypto.org/python/hashlib/h ... 119.tar.gz
tar -zxvf hashlib-20081119.tar.gz
cd hashlib-20081119
python setup.py install
cd ..


#testing add include for dkim to headers.

e.g. the other imports are at
36d35
< import dkim

su openemm
/home/openemm/bin/OpenEMM.sh stop
cd /home/openemm
./bin/scripts/semu.py

#(will probably complain something already running, if you get this far all includes worked.).

#Verify you have setup dkim properly refer to dkim-milter docs
dkim-testkey -d mydomain.com -k /data/dkim/mydomain.private -s mydomain


The below is the diff I got running after I made some changes, sorry so much is hardcoded for now, first time I've ever written any python.

#diff bin/scripts/semu.py bin/scripts/semu.pyold

36d35
< import dkim
556,583d554
< dkimkeypath = "/data/dkim/mydomain.private"
< selector="mydomain"
< domain="mydomain.com"
< dkimlog='/home/openemm/var/log/dkim.log'
< DKIMheaders=['To','Subject','From']
< try:
< fd = open (dkimkeypath)
< dkimkey = fd.read ()
< fd.close ()
< except IOError, e:
< dkimkey = None
< agn.log (agn.LV_ERROR, self.mid, 'Failed to read dkimkeypath file %s: %s' % (dkimkeypath, `e.args`))
< try:
< fd = open (dkimlog, 'a')
< DKIMSignature = dkim.sign(self.mail,selector,domain,dkimkey,include_headers=DKIMheaders,debuglog=fd)
< fd.close ()
< agn.log (agn.LV_ERROR, self.mid, 'DKIMSignature not added yet %s' % (DKIMSignature))
< tempmail = DKIMSignature
< tempmail += self.mail
< fd = open (dkimlog, 'a')
< fd.write("\n-------\n")
< fd.write(tempmail)
< fd.write("\n-------\n")
< fd.close ()
< self.mail=tempmail
< except dkim.DKIMException, e:
< DKIMSignature = None
< agn.log (agn.LV_ERROR, self.mid, 'Failed to read DKIMException file %s: %s' % (dkimkeypath, `e.args`))



/home/openemm/bin/OpenEMM.sh stop
#Openemm appears to write mail differently depending on if it is using sendmail directly or not - as I can't figure out what to change if it uses sendmail we turn it off
/home/openemm/bin/sendmail-disable.sh
#Because semu on its own is a pretty rubbish mailer e.g. could not send email to somemeail@test.myiptest.com so we tell it to relay through local sendmail (or your ISP)
echo "127.0.0.1" > /home/openemm/conf/smart-relay
#cause sendmail still does it better
/etc/init.d/sendmail start
/home/openemm/bin/OpenEMM.sh start

goto www.myiptest.com and its dkim test page. follow instructions to get a one time mail address, go to openemm add email address as admiistrator and send test mail to administrators (cc yourself as well so you can see what a DKIM header looks like). It will check there is a DKIJM header and that it matches the key in your DNS record which you set up following dkim-milter instructions.

Not tested bounces still work - can't see why they wouldn'd as semy.py and sendmail run on different ports (I have not done the port redirection thing). So sendmail should still handle incoming bounces correctly.

Feedback - particularly improvements to me rubbish code appreciated.
Anyone got a clue how to do something similar while leaving openemm in sendmail-enable mode?
yunusyb
Posts: 1
Joined: Fri Aug 06, 2010 8:43 am

Post by yunusyb »

Alternative solution without any patching or modification to OpenEMM code
http://www.bridgeinfomatics.com/blog/Op ... gning.html
marko
Posts: 4
Joined: Fri Oct 01, 2010 10:13 pm
Location: Toronto, Ontario, Canada

smart-relay doesn't seem to work for me

Post by marko »

yunusyb wrote:Alternative solution without any patching or modification to OpenEMM code
http://www.bridgeinfomatics.com/blog/Op ... gning.html
yunusyb, I can't seem to get smart-relay to work properly. The messages are still sent directly through OpenEMM and without passing through the system installation of sendmail. Have you tried the solution posted on Bridge Informatics?

Trying to get DKIM to work with OpenEMM has been quite... interesting. Please make DKIM a part of OpenEMM 6.2 or at least make it easier to implement.
maschoff
Site Admin
Posts: 2596
Joined: Thu Aug 03, 2006 10:20 am
Location: Munich, Germany
Contact:

Post by maschoff »

We plan to address OpenEMM problems with DKIM this quarter.
OpenEMM Maintainer
marko
Posts: 4
Joined: Fri Oct 01, 2010 10:13 pm
Location: Toronto, Ontario, Canada

Post by marko »

SimonMoore, I finally did implement your solution, thus editing semu.py directly. It seems to work as DKIM headers are added.

Anyhow, smart-relay wasn't working for me (and I couldn't send messages to test.myiptest.com since that domain has no MX record and semu didn't seem to like that) so I figured I should post here about how I got it to work.

I defined SMART_RELAY on top

Code: Select all

SMART_RELAY = agn.mkpath (agn.base, 'conf', 'smart-relay')
and then replaced the line

Code: Select all

fd = open ('conf' + os.path.sep + 'smart-relay')
with

Code: Select all

fd = open (SMART_RELAY)
Being that using smart-relay was the issue that I couldn't figure out when applying this solution: http://www.bridgeinfomatics.com/blog/Op ... gning.html , I tried rolling back the changes on semu.py that SimonMoore posted (I kept the SMART_RELAY changes) and then just going ahead with the simpler solution that only involves ignoring some headers by DKIM-filter. Well, smart-relay worked this time but I couldn't get the DKIM-Signature to show up despite omitting described headers from /etc/dkim-filter.conf .

Finally, I went back to Simon's edits of semu.py and DKIM-Signature is now present... although test.myiptest.com tells me that there is no signature... go figure. I'll see how major mail servers are responding to this.

The smart-relay change I had to make seems like a bug in OpenEMM... Am I missing something?
Post Reply