DKIM with IIS 6.0 and ORACLE

Hello there,

I have been setting up our E-Mail sending in the last few days including SPF and Sender-ID authentification. What I am missing still is DKIM.

Here is my situation:
I am using IIS 6.0 on an windows 2003 server und generate the mails with UTL_SMTP in ORACLE.

I tried to write the DKIM signature directly into the mail header but I am missing the Body Hash. To my understanding the body hash is simply a hash over the message body. Am I right? How can I compute this Body Hash in Oracle depending on the message content? Also what about HTML mails. How do I get the Body Hash for that occasion? Do I even need one?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'll take a stab at this, I've been waiting for some Oracle experts to chime in (I'm coming in from the email/DKIM angle) but that hasn't happened yet so...

I am vaguely familiar with UTL_SMTP from a quick Google search but have no experience with it.  My question for you however is -- is there a reason why you aren't relaying mail from Oracle to a "real" mail server internal to your network and having the signing done there?
appsystemsAuthor Commented:
Mail gets relayed onto a real mail server via UTL_SMTP. We have a Windows 2003 Server with IIS 6.0 and the standard SMTP server which unfortunately can not sign with DKIM (at least as far as I know).
I'm not familiar unfortunately with IIS+SMTP.  Is it possible to add a simple postfix server with a DKIM signing module into your environment?  I can help with the setup... what I have in mind is that it would be the edge mail server that does the sending+signing.  I understand this may not be ideal but trying to help.

If any IIS experts know of a way to handle it there please chime in.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

appsystemsAuthor Commented:
We only use windows components in our infrastructure so a postfix server is not an option. Is there any (cost free) possibility to get DKIM to work on IIS 6.0?
I can help with the utl_smtp portion but I know nothing about the DKIM side except for what I just googled.

I'm not sure what the missing steps are.

Are you trying to get find a method within Oracle to generate the hash?  If so,  dbms_crypto package is probably what you're looking for.  It's not public execute by default though, so you may need your dba to grant access to it.
appsystemsAuthor Commented:
As far as I can see dbms_crypto can not generate SHA-256 hashes which is necessary for DKIM nowadays. I would try it with SHA-1 but I do not think that adding a DKIM signature manually in oracle is best practice (especially because I mostly send HTML mails and I really do not think that hashing a CLOB generates a valid Body Hash). But if anyone here has done something like this I would like to know!

Is DKIM signing necessary? I currently have set up SPF and Sender-ID (although Microsoft does not recognize it, see my other open question about this). Is DKIM signing really necessary to avoid having my mails rejected?
>>> I do not think that adding a DKIM signature manually in oracle is best practice

Isn't that what this question is asking?

>>> Is DKIM signing really necessary to avoid having my mails rejected?

that's entirely up to the receiving end.

There is nothing in the email SMTP protocol itself that requires DKIM.

If your mail is going to junk mail folders, then it is being sent, it's simply in the filtering end.

What happens if you send mail by some means other than utl_smtp to the hotmail addresss?
It's not necessary.  I've seen receiving servers reject sending servers due to no SPF but I would be very surprised if anyone is rejecting due to lack of DKIM.  

I always advocate DKIM signing but if it's not possible in your environment then there isn't much you can do.  Having a DKIM signature does not guarantee inbox placement, only improves your chances and helps protect your brand from spoofing.

I will look at your other open question in a bit.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
appsystemsAuthor Commented:
>>> Isn't that what this question is asking?
Yes, but part of the question is: Is manually signing really the way to go? And for now I unfortunately do not see it.

I am very new to mail administration so please bear with me.
I will try to use the dbms_crypto package with SHA-1 but I do not have high hopes.
If you need sha256 you could use a java stored procedure to generate the hash.

Implementing that is sort of going astray on this question though.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Oracle Database

From novice to tech pro — start learning today.