DKeyEvent - DomainKeys and DKIM for MailEnable [v 0.4.8]

brenden735
Posts: 4
Joined: Thu Dec 07, 2006 4:27 am

re: authentication

Postby brenden735 » Wed Apr 25, 2007 2:58 pm

That worked. THANKS!!

marktheleg
Posts: 81
Joined: Sat Oct 07, 2006 9:48 am

Postby marktheleg » Thu Apr 26, 2007 2:06 pm

ok i'm all set up and working ok with mail that's sent from a client such as outlook...none of the mail sent from the ME webmail is getting signed.

Am i right in thinking that is because dkevent doesn't see it as originating from the smtp connector?

In the mta logs mail sent from webmail arrives from the sf...see below..

Code: Select all

04/26/07 14:30:19   Processing file D58AB650B2024A728A81B8B18DBB9CD2.MAI from queue SF
04/26/07 14:30:19   Pre Pickup Event executing: C:\Program Files\DKeyEvent\dkeyevent.exe D58AB650B2024A728A81B8B18DBB9CD2.MAI SF
04/26/07 14:30:39   ME-MTA-ROUTE [D58AB650B2024A728A81B8B18DBB9CD2.MAI] from [SF] Connector queued to [SMTP] Connector as [3CD896044A064FBB8F40B572C7F374FE.MAI]


Is there anything i'm missing, or is there a way to force it to sign outgoing mail from ME webmail?

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

SMTP and SF

Postby someone_else » Thu Apr 26, 2007 4:31 pm

marktheleg wrote:none of the mail sent from the ME webmail is getting signed. Am i right in thinking that is because dkevent doesn't see it as originating from the smtp connector?


Yes, you are correct. DKeyEvent was built around SMTP*, so it will actually ignore calls from other connectors.

I'm not sure whether this might have any effect, but you could try enabling 'Process pickup after filters instead of before' in the MTA Properties screen (in MailEnable).


_____

* The main reason for this is that I am still using MailEnable Standard, so there is no SF connector in my development environment...
MailEnable plugins:
DKeyEvent - DomainKeys/DKIM
MESpamC - SpamAssassin integration

marktheleg
Posts: 81
Joined: Sat Oct 07, 2006 9:48 am

Postby marktheleg » Thu Apr 26, 2007 5:01 pm

Hello again, thanks for the quick response...

Tried swapping that setting and it doesn't seem to have had any effect..the mails still go through unsigned.

Code: Select all

04/26/07 17:48:01   Processing file 31F8866C8D1B42479681659838B5F2DE.MAI from queue SF
04/26/07 17:48:21   Post Pickup Event executing: C:\Program Files\DKeyEvent\dkeyevent.exe 31F8866C8D1B42479681659838B5F2DE.MAI SF
04/26/07 17:48:21   ME-MTA-ROUTE [31F8866C8D1B42479681659838B5F2DE.MAI] from [SF] Connector queued to [SMTP] Connector as [93F1F5F159B540C6B5E1C691BA7B478C.MAI]


Sorry i'm not in a position to get you a licence for pro :(

Don't mind helping you out with running some testing apps on my pro set up though if you ever need/want to....?

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

specials builds are generally an option

Postby someone_else » Thu Apr 26, 2007 5:07 pm

Well, over the week-end I might put together a special build of DKeyEvent on which the SF connector is enabled. Again, I can't offer any guarantees concerning how (or if) this will work, but if you wish to test it, feel free to drop me an email (at someone_else at exhalus.net).
MailEnable plugins:

DKeyEvent - DomainKeys/DKIM

MESpamC - SpamAssassin integration

marktheleg
Posts: 81
Joined: Sat Oct 07, 2006 9:48 am

Postby marktheleg » Thu Apr 26, 2007 5:11 pm

That'd be great :) will certainly give it a try out...email on it's way to you...

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

webmail and DKeyEvent

Postby someone_else » Wed May 09, 2007 1:38 pm

Just a quick note, here, since other people have been asking about this: an option to enable webmail processing will be added in the next release, though it will continue to be officially unsupported. Until then, a special build which has webmail processing enabled is available on request (simply send me a PM or email); the build is reportedly working fine, though, again, it is not officially supported.
MailEnable plugins:

DKeyEvent - DomainKeys/DKIM

MESpamC - SpamAssassin integration

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

DKeyEvent 0.4.6

Postby someone_else » Wed May 23, 2007 9:06 pm

DKeyEvent 0.4.6 has been released.

Changes in this version:
- updated: DKIM specification
- added: option to ProcessWebmailMessages
- fixed: bug in authentication routine


Notes:

The final version of the DKIM specification has been released today as RFC4871. The DomainKeys specification has also been released as a RFC (4870) but it is noted as being obsolete, having been replaced by DKIM. Of course, DomainKeys still has a wider deployment at this time, but with the final release of the DKIM specification, domain owners are now encouraged to migrate (or to begin planning migration) towards DKIM.
MailEnable plugins:

DKeyEvent - DomainKeys/DKIM

MESpamC - SpamAssassin integration

globalmcs.net
Posts: 111
Joined: Thu Apr 14, 2005 4:32 pm
Location: Tampa Bay
Contact:

Postby globalmcs.net » Fri May 25, 2007 6:34 pm

Hi first of... great product!!!
I installed it yesterday and got it configure in less than an hour, now the only question I have is....

Is there any problem by running DkeyEvent after all the filter instead of before ?

I setup DKeyEvent to run after filtering, because the Bayesian mark was put into the header after the message was signed.

Now your documentation/help file you say..
you should make sure that 'Process pickup after filters instead of before' should remain unchecked.


but if I set it up that way I keep getting "DomainKey-Status: bad"

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

well...

Postby someone_else » Fri May 25, 2007 8:24 pm

Well, if you have filters which alter the message, then you will probably run into one of two problems:
- if you have DKeyEvent run first, the signatures on your outgoing messages might fail verification
- if you have DKeyEvent run last, then incoming messages might fail verification

So I guess it's a choice between one of two evils.
MailEnable plugins:

DKeyEvent - DomainKeys/DKIM

MESpamC - SpamAssassin integration

globalmcs.net
Posts: 111
Joined: Thu Apr 14, 2005 4:32 pm
Location: Tampa Bay
Contact:

Postby globalmcs.net » Fri May 25, 2007 8:38 pm

Well the only filter that marks the e-mail in both directions is the Bayesian one.

Is there anyone out there that knows a way to change that behavior?

Salubritas
Posts: 6
Joined: Wed Jun 06, 2007 7:40 pm

DKeyEvent not signing mail with DomainKeys

Postby Salubritas » Wed Jun 06, 2007 7:43 pm

Hi, I have installed DKeyEvent on my W2K3 server and set it up for DKIM and DomainKeys.

DKIM is working perfectly but it isn't signing mail with DomainKeys at all.

I have been through all the DomainKeys settings and can't see what's wrong. There is nothing in the Application Event log from DKeyEvent.

Any idea what might be wrong?

someone_else
Posts: 302
Joined: Tue Jul 19, 2005 1:12 pm
Location: 404

...

Postby someone_else » Wed Jun 06, 2007 8:32 pm

Well, the DomainKeys specification is much stricter than DKIM in what it allows to be signed, so there are cases when DKeyEvent will refuse to sign mail. If you are certain that you have properly configured DKeyEvent to sign outgoing mail for your domain, and there are no errors reported in the Event Log, then it could be that DKeyEvent has refused to sign the message. There are multiple reasons why this might happen, though they are all related to sender authentication; basically, DKeyEvent considers that the sender of a message does not have the authority to have that particular message signed. This might happen, for example, if the message sender did not use SMTP authentication (and you have not set 'IgnoreMESenderAuth=1' in dkeyevent.ini). Or if the envelope entities do not match those in the header.
MailEnable plugins:

DKeyEvent - DomainKeys/DKIM

MESpamC - SpamAssassin integration

Salubritas
Posts: 6
Joined: Wed Jun 06, 2007 7:40 pm

Postby Salubritas » Wed Jun 06, 2007 10:06 pm

Thank you very much for the quick answer.

I set the flag that you mentioned in the ini file and DKeyEvent is now signing email with DomainKeys. I am a bit confused by that as I thought I was using SMTP Auth, but the main thing is that it is working.

Mail generated from the web server is also being signed... need to test the newsletter application next, but I am hopeful.

Thanks again for doing such a great job with this!

johnd34
Posts: 73
Joined: Thu Jul 29, 2004 10:43 am
Location: UK
Contact:

Postby johnd34 » Thu Jun 28, 2007 11:32 am

Can you clarify the logic for the order of things in the MTA.

I have an mta plugin that will change a number of emails on the way out and the way in and need to get the order right.

Obviously outgoing you need to be the last thing going out to sign messages.

Incoming you want to be the first to validate emails?

So I need to be before and after depending on what I am doing?

I thought writing this would help my logic - now I am MORE confused :shock:
John D
JD Projects

Developer of E-Mailing Systems
West of England
Check out our email service built on mailenable
www.proserviceemail.co.uk
www.jdprojects.co.uk
www.smarterweb.co.uk

Who is online

Users browsing this forum: No registered users and 1 guest