Solved

DKIM with IIS 6.0 and ORACLE

Posted on 2012-03-13
13
595 Views
Last Modified: 2012-08-14
Hello there,

I have been setting up our E-Mail sending in the last few days including SPF and Sender-ID authentification. What I am missing still is DKIM.

Here is my situation:
I am using IIS 6.0 on an windows 2003 server und generate the mails with UTL_SMTP in ORACLE.

I tried to write the DKIM signature directly into the mail header but I am missing the Body Hash. To my understanding the body hash is simply a hash over the message body. Am I right? How can I compute this Body Hash in Oracle depending on the message content? Also what about HTML mails. How do I get the Body Hash for that occasion? Do I even need one?
0
Comment
Question by:appsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
13 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 37727461
I'll take a stab at this, I've been waiting for some Oracle experts to chime in (I'm coming in from the email/DKIM angle) but that hasn't happened yet so...

I am vaguely familiar with UTL_SMTP from a quick Google search but have no experience with it.  My question for you however is -- is there a reason why you aren't relaying mail from Oracle to a "real" mail server internal to your network and having the signing done there?
0
 

Author Comment

by:appsystems
ID: 37732487
Mail gets relayed onto a real mail server via UTL_SMTP. We have a Windows 2003 Server with IIS 6.0 and the standard SMTP server which unfortunately can not sign with DKIM (at least as far as I know).
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37736131
I'm not familiar unfortunately with IIS+SMTP.  Is it possible to add a simple postfix server with a DKIM signing module into your environment?  I can help with the setup... what I have in mind is that it would be the edge mail server that does the sending+signing.  I understand this may not be ideal but trying to help.

If any IIS experts know of a way to handle it there please chime in.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:appsystems
ID: 37736610
We only use windows components in our infrastructure so a postfix server is not an option. Is there any (cost free) possibility to get DKIM to work on IIS 6.0?
0
 
LVL 74

Assisted Solution

by:sdstuber
sdstuber earned 250 total points
ID: 37737292
I can help with the utl_smtp portion but I know nothing about the DKIM side except for what I just googled.

I'm not sure what the missing steps are.

Are you trying to get find a method within Oracle to generate the hash?  If so,  dbms_crypto package is probably what you're looking for.  It's not public execute by default though, so you may need your dba to grant access to it.
0
 

Author Comment

by:appsystems
ID: 37738226
As far as I can see dbms_crypto can not generate SHA-256 hashes which is necessary for DKIM nowadays. I would try it with SHA-1 but I do not think that adding a DKIM signature manually in oracle is best practice (especially because I mostly send HTML mails and I really do not think that hashing a CLOB generates a valid Body Hash). But if anyone here has done something like this I would like to know!

Is DKIM signing necessary? I currently have set up SPF and Sender-ID (although Microsoft does not recognize it, see my other open question about this). Is DKIM signing really necessary to avoid having my mails rejected?
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 37738293
>>> I do not think that adding a DKIM signature manually in oracle is best practice

Isn't that what this question is asking?


>>> Is DKIM signing really necessary to avoid having my mails rejected?

that's entirely up to the receiving end.

There is nothing in the email SMTP protocol itself that requires DKIM.

If your mail is going to junk mail folders, then it is being sent, it's simply in the filtering end.

What happens if you send mail by some means other than utl_smtp to the hotmail addresss?
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 250 total points
ID: 37738298
It's not necessary.  I've seen receiving servers reject sending servers due to no SPF but I would be very surprised if anyone is rejecting due to lack of DKIM.  

I always advocate DKIM signing but if it's not possible in your environment then there isn't much you can do.  Having a DKIM signature does not guarantee inbox placement, only improves your chances and helps protect your brand from spoofing.

I will look at your other open question in a bit.
0
 

Author Comment

by:appsystems
ID: 37738384
>>> Isn't that what this question is asking?
Yes, but part of the question is: Is manually signing really the way to go? And for now I unfortunately do not see it.

I am very new to mail administration so please bear with me.
I will try to use the dbms_crypto package with SHA-1 but I do not have high hopes.
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 37738404
If you need sha256 you could use a java stored procedure to generate the hash.

Implementing that is sort of going astray on this question though.
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question