Solved

DKIM with IIS 6.0 and ORACLE

Posted on 2012-03-13
13
546 Views
Last Modified: 2012-08-14
Hello there,

I have been setting up our E-Mail sending in the last few days including SPF and Sender-ID authentification. What I am missing still is DKIM.

Here is my situation:
I am using IIS 6.0 on an windows 2003 server und generate the mails with UTL_SMTP in ORACLE.

I tried to write the DKIM signature directly into the mail header but I am missing the Body Hash. To my understanding the body hash is simply a hash over the message body. Am I right? How can I compute this Body Hash in Oracle depending on the message content? Also what about HTML mails. How do I get the Body Hash for that occasion? Do I even need one?
0
Comment
Question by:appsystems
  • 4
  • 3
  • 3
13 Comments
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
I'll take a stab at this, I've been waiting for some Oracle experts to chime in (I'm coming in from the email/DKIM angle) but that hasn't happened yet so...

I am vaguely familiar with UTL_SMTP from a quick Google search but have no experience with it.  My question for you however is -- is there a reason why you aren't relaying mail from Oracle to a "real" mail server internal to your network and having the signing done there?
0
 

Author Comment

by:appsystems
Comment Utility
Mail gets relayed onto a real mail server via UTL_SMTP. We have a Windows 2003 Server with IIS 6.0 and the standard SMTP server which unfortunately can not sign with DKIM (at least as far as I know).
0
 
LVL 21

Expert Comment

by:Papertrip
Comment Utility
I'm not familiar unfortunately with IIS+SMTP.  Is it possible to add a simple postfix server with a DKIM signing module into your environment?  I can help with the setup... what I have in mind is that it would be the edge mail server that does the sending+signing.  I understand this may not be ideal but trying to help.

If any IIS experts know of a way to handle it there please chime in.
0
 

Author Comment

by:appsystems
Comment Utility
We only use windows components in our infrastructure so a postfix server is not an option. Is there any (cost free) possibility to get DKIM to work on IIS 6.0?
0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 250 total points
Comment Utility
I can help with the utl_smtp portion but I know nothing about the DKIM side except for what I just googled.

I'm not sure what the missing steps are.

Are you trying to get find a method within Oracle to generate the hash?  If so,  dbms_crypto package is probably what you're looking for.  It's not public execute by default though, so you may need your dba to grant access to it.
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 

Author Comment

by:appsystems
Comment Utility
As far as I can see dbms_crypto can not generate SHA-256 hashes which is necessary for DKIM nowadays. I would try it with SHA-1 but I do not think that adding a DKIM signature manually in oracle is best practice (especially because I mostly send HTML mails and I really do not think that hashing a CLOB generates a valid Body Hash). But if anyone here has done something like this I would like to know!

Is DKIM signing necessary? I currently have set up SPF and Sender-ID (although Microsoft does not recognize it, see my other open question about this). Is DKIM signing really necessary to avoid having my mails rejected?
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
>>> I do not think that adding a DKIM signature manually in oracle is best practice

Isn't that what this question is asking?


>>> Is DKIM signing really necessary to avoid having my mails rejected?

that's entirely up to the receiving end.

There is nothing in the email SMTP protocol itself that requires DKIM.

If your mail is going to junk mail folders, then it is being sent, it's simply in the filtering end.

What happens if you send mail by some means other than utl_smtp to the hotmail addresss?
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 250 total points
Comment Utility
It's not necessary.  I've seen receiving servers reject sending servers due to no SPF but I would be very surprised if anyone is rejecting due to lack of DKIM.  

I always advocate DKIM signing but if it's not possible in your environment then there isn't much you can do.  Having a DKIM signature does not guarantee inbox placement, only improves your chances and helps protect your brand from spoofing.

I will look at your other open question in a bit.
0
 

Author Comment

by:appsystems
Comment Utility
>>> Isn't that what this question is asking?
Yes, but part of the question is: Is manually signing really the way to go? And for now I unfortunately do not see it.

I am very new to mail administration so please bear with me.
I will try to use the dbms_crypto package with SHA-1 but I do not have high hopes.
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
If you need sha256 you could use a java stored procedure to generate the hash.

Implementing that is sort of going astray on this question though.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now