Solved

DKIM with IIS 6.0 and ORACLE

Posted on 2012-03-13
13
580 Views
Last Modified: 2012-08-14
Hello there,

I have been setting up our E-Mail sending in the last few days including SPF and Sender-ID authentification. What I am missing still is DKIM.

Here is my situation:
I am using IIS 6.0 on an windows 2003 server und generate the mails with UTL_SMTP in ORACLE.

I tried to write the DKIM signature directly into the mail header but I am missing the Body Hash. To my understanding the body hash is simply a hash over the message body. Am I right? How can I compute this Body Hash in Oracle depending on the message content? Also what about HTML mails. How do I get the Body Hash for that occasion? Do I even need one?
0
Comment
Question by:appsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
13 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 37727461
I'll take a stab at this, I've been waiting for some Oracle experts to chime in (I'm coming in from the email/DKIM angle) but that hasn't happened yet so...

I am vaguely familiar with UTL_SMTP from a quick Google search but have no experience with it.  My question for you however is -- is there a reason why you aren't relaying mail from Oracle to a "real" mail server internal to your network and having the signing done there?
0
 

Author Comment

by:appsystems
ID: 37732487
Mail gets relayed onto a real mail server via UTL_SMTP. We have a Windows 2003 Server with IIS 6.0 and the standard SMTP server which unfortunately can not sign with DKIM (at least as far as I know).
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37736131
I'm not familiar unfortunately with IIS+SMTP.  Is it possible to add a simple postfix server with a DKIM signing module into your environment?  I can help with the setup... what I have in mind is that it would be the edge mail server that does the sending+signing.  I understand this may not be ideal but trying to help.

If any IIS experts know of a way to handle it there please chime in.
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 

Author Comment

by:appsystems
ID: 37736610
We only use windows components in our infrastructure so a postfix server is not an option. Is there any (cost free) possibility to get DKIM to work on IIS 6.0?
0
 
LVL 74

Assisted Solution

by:sdstuber
sdstuber earned 250 total points
ID: 37737292
I can help with the utl_smtp portion but I know nothing about the DKIM side except for what I just googled.

I'm not sure what the missing steps are.

Are you trying to get find a method within Oracle to generate the hash?  If so,  dbms_crypto package is probably what you're looking for.  It's not public execute by default though, so you may need your dba to grant access to it.
0
 

Author Comment

by:appsystems
ID: 37738226
As far as I can see dbms_crypto can not generate SHA-256 hashes which is necessary for DKIM nowadays. I would try it with SHA-1 but I do not think that adding a DKIM signature manually in oracle is best practice (especially because I mostly send HTML mails and I really do not think that hashing a CLOB generates a valid Body Hash). But if anyone here has done something like this I would like to know!

Is DKIM signing necessary? I currently have set up SPF and Sender-ID (although Microsoft does not recognize it, see my other open question about this). Is DKIM signing really necessary to avoid having my mails rejected?
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 37738293
>>> I do not think that adding a DKIM signature manually in oracle is best practice

Isn't that what this question is asking?


>>> Is DKIM signing really necessary to avoid having my mails rejected?

that's entirely up to the receiving end.

There is nothing in the email SMTP protocol itself that requires DKIM.

If your mail is going to junk mail folders, then it is being sent, it's simply in the filtering end.

What happens if you send mail by some means other than utl_smtp to the hotmail addresss?
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 250 total points
ID: 37738298
It's not necessary.  I've seen receiving servers reject sending servers due to no SPF but I would be very surprised if anyone is rejecting due to lack of DKIM.  

I always advocate DKIM signing but if it's not possible in your environment then there isn't much you can do.  Having a DKIM signature does not guarantee inbox placement, only improves your chances and helps protect your brand from spoofing.

I will look at your other open question in a bit.
0
 

Author Comment

by:appsystems
ID: 37738384
>>> Isn't that what this question is asking?
Yes, but part of the question is: Is manually signing really the way to go? And for now I unfortunately do not see it.

I am very new to mail administration so please bear with me.
I will try to use the dbms_crypto package with SHA-1 but I do not have high hopes.
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 37738404
If you need sha256 you could use a java stored procedure to generate the hash.

Implementing that is sort of going astray on this question though.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question