DomainKey-Signature

Swift Mailer is a fantastic library for sending email with php. Discuss this library or ask any questions about it here.

Moderators: Chris Corbyn, General Moderators

Post Reply
meti_alb
Forum Newbie
Posts: 12
Joined: Thu Jan 17, 2008 2:46 pm

DomainKey-Signature

Post by meti_alb »

How would I be able to have my emails (using smtp and gmail) equipped with DomainKey headers such as the following example:

Is this a scripting responsibility or my hosting server's ????

Code: Select all

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:to:reply-to:subject:date:x-libversion:mime-version:content-type:content-transfer-encoding:message-id:from;
        bh=Kx6ya6cCUC2qRRIdGQEOHFc9v7G9jkIvxZuqd07Dvqo=;
        b=RIb3/HG1Eoe6GVdw2+nQyqPE1YBbthZL1iTrSVwYBQo0WfbFgXFL6wZavYiSXzcn3AarljTlnvYhAy3TunMFIicblhnlZcskBiHDWNJKYTnqytLiEcNQSG3509vMRssWdEJAKMEKMg+jCfPu1oHTFEm8DSCwUNxE5iup4tk6fJE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=to:reply-to:subject:date:x-libversion:mime-version:content-type:content-transfer-encoding:message-id:from;
        b=fqq8VUe7lnHQaqAyLO9WS4nv+6PmzYYBOwnmPnfR0IMYnjxF1pckdnwbDYNzHKChmfxN/4V5yeMcndw93crjupCJep/JKtyJ/IqqI4N9yanbL2kt5sQz57PsS2hUwX/xdHH/PIdZrEkoRus/lD4d4982CF/IhyAHIvAcH+fwFBw=
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: DomainKey-Signature

Post by Chris Corbyn »

I don't know anything about domain keys I'm afraid but it's something I wanted to read up on before the next realease (that doesn't mean they'll necessarily be in the next release ;)).

Googling around and/or searching Yahoo!'s site is probably the best I can suggest right now. It's certainly possible to set the headers if that's all that's involved :)
meti_alb
Forum Newbie
Posts: 12
Joined: Thu Jan 17, 2008 2:46 pm

Re: DomainKey-Signature

Post by meti_alb »

I ll try do that, but yeah I think that would be nice to have swiftmailer implemented with DKIM.
Both Gmail and Yahoo are using those, so I guess a lot of those swiftmailer fans out there would be happy to have DomainKeys as well.

Thank you
meti_alb
Forum Newbie
Posts: 12
Joined: Thu Jan 17, 2008 2:46 pm

Re: DomainKey-Signature

Post by meti_alb »

You know, I am sorry for making so many questions but I have spent a lot of time to get a newsletter done and I still can't get it right.

I just tried last night with a sample of 250 emails (all of them working emails) , and the script quit working on me after taking a minute and the result was only top 125 emails on the list were sent an email. I think by now you know, that I am using a gmail account (different MXs). Would you take some time and look at the following code and see if I am using the batchSend and the loops as I should, or why would it stop....I read everywhere in the docs and other comments that I could send one thousand of emails in a minute ... but I couldn't get even 250.

Code: Select all

 
$subject = $_POST['subject'];
        $message = ereg_replace('\\\"', '"', $_POST['message']);
        
        $query = "SELECT * FROM email_config";
        $sql_result = mysql_query ( $query ) ;
        $settings = mysql_fetch_object ( $sql_result );
        
        $smtp = new Swift_Connection_SMTP($settings->smtp_host, Swift_Connection_SMTP::PORT_SECURE, Swift_Connection_SMTP::ENC_TLS); 
        $query = "SELECT * FROM email_config";
        $sql_result = mysql_query ( $query ) ;
        $settings = mysql_fetch_object ( $sql_result );
        
        $smtp->setUsername($settings->username);
        $smtp->setpassword($settings->password);
        $swift = new Swift($smtp);
        $swift->attachPlugin(new Swift_Plugin_AntiFlood(90, 10), "anti-flood");
        
        //html and text
        $mesazhi = new Swift_Message($subject);
        $mesazhi->attach(new Swift_Message_Part(strip_tags($message)));
        $mesazhi->attach(new Swift_Message_Part($message, 'text/html')); 
        $mesazhi->setReplyTo( $settings->from_address );
        $mesazhi->headers->set("Precedence", "bulk");
        
        //recipients list
        $recipients = new Swift_RecipientList();
        
        //retrieving all recipients
        $query = "SELECT email FROM email_list";
        $result = mysql_query($query);
        
        while($row = mysql_fetch_array($result))
        {
            $recipients->addTo($row['email']);
        }
        
        
    
        if ( $swift->batchSend($mesazhi, $recipients,new Swift_Address($settings->username, $settings->from_name) ) ) 
        {
            $swift->disconnect();
            header("location: newsletter.php?msg=sentsuccess");
        }
        else 
        {
            $swift->disconnect();
            header("location: newsletter.php?msg=sentfail");
        }
 
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: DomainKey-Signature

Post by Chris Corbyn »

Have you got a timeout?* Also, gmail imposes limits of (I could swear 100) emails in a short space of time. Although Swift works with Gmails servers, I certainly wouldn't recommend it for mass mailing with Gmail. It'll be slower if you're using Gmail too since everything is encrypted.

* As in PHP is timing out (see set_time_limit()).
vanchuck
Forum Newbie
Posts: 6
Joined: Fri Apr 20, 2007 3:56 pm
Location: Vancouver, BC, Canada

Re: DomainKey-Signature

Post by vanchuck »

Hi there, I have successfully implemented DKIM on my server.

One thing: DKIM is different from DomainKeys. DomainKeys was created by Yahoo!, and since then a successor has been developed which is very similar, but not identical, to DomainKeys; it is called Domain Keys Identified Mail (DKIM).

To have this done within Swift Mailer would be quite difficult. Some background on how this works:
1) The domain owner generates a DNS record which includes an RSA public key, as well as some other config settings. This is put in a TXT record for the domain.
2) When an email is sent, the properly-configured MTA will determine if the email is being sent from an address with a valid DKIM key.
3) The DKIM headers are created by generating a hash of certain fields of the email address, like 'from, subject, date, body', etc. This hash is then encrypted using the private key (which was used to generate the public key in the DNS record), and added as a separate mail header
4) If the email is received by an MTA or spam-checker that supports DKIM (the latest version of SpamAssassin does), the header will be decoded using the public key that is accessible via a simple DNS query to the originating domain (the "Sender:" header field is used to determine which domain's DNS to query). Then, the receiving program checks that the decoded hash matches the hash it sees for the original fields. In this way, if any of the fields that were used to generate the original hash (subject, date, from, reply-to, etc etc) have been changed, then the process fails and the email is discarded or marked as spam. If it succeeds, then it is known strongly that the email was sent from the same domain it was claimed to be sent by, and the email as received is the same as the email as sent.

To do this in Swift would not be impossible, but would require encryption, managing keys, computing hashes of certain headers, and being very sure that the fields that the hash is computed on do not change when they are received by the server.

One thing that I'm not sure about is that if a server discarded 8bitmime data and converted a header field into 7bit quoted printable, the hash would change and message authentication would fail. DKIM would require all messages to be outputted as 7bit QP.

Currenlty, my server runs a filter that is called by Postfix (the MTA) on all outgoing messages, which then automatically signs the messages with DKIM headers if it is coming from a domain that has been set up with DKIM. It DOES convert everything into 7BIT, by the way.

Hope this was enlightening :-)
Dave
meti_alb
Forum Newbie
Posts: 12
Joined: Thu Jan 17, 2008 2:46 pm

Re: DomainKey-Signature

Post by meti_alb »

do you have any reccomendation for any free server that I could use for massmailing then ???
Chris Corbyn wrote:Have you got a timeout?* Also, gmail imposes limits of (I could swear 100) emails in a short space of time. Although Swift works with Gmails servers, I certainly wouldn't recommend it for mass mailing with Gmail. It'll be slower if you're using Gmail too since everything is encrypted.

* As in PHP is timing out (see set_time_limit()).
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: DomainKey-Signature

Post by Chris Corbyn »

meti_alb wrote:do you have any reccomendation for any free server that I could use for massmailing then ???
Chris Corbyn wrote:Have you got a timeout?* Also, gmail imposes limits of (I could swear 100) emails in a short space of time. Although Swift works with Gmails servers, I certainly wouldn't recommend it for mass mailing with Gmail. It'll be slower if you're using Gmail too since everything is encrypted.

* As in PHP is timing out (see set_time_limit()).
Sorry no. Mass mailing usually comes down to hammering an SMTP server most people don't like you doing that; hence the limits imposed. If you have a dedicated server or a VPS then you're sorted, but otherwise you probably want to be batching your queue runs into smaller chunks.

How many emails do you need to send?
meti_alb
Forum Newbie
Posts: 12
Joined: Thu Jan 17, 2008 2:46 pm

Re: DomainKey-Signature

Post by meti_alb »

Chris Corbyn wrote: Sorry no. Mass mailing usually comes down to hammering an SMTP server most people don't like you doing that; hence the limits imposed. If you have a dedicated server or a VPS then you're sorted, but otherwise you probably want to be batching your queue runs into smaller chunks.

How many emails do you need to send?
About 600 for now.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: DomainKey-Signature

Post by Chris Corbyn »

I'd probably suggest splitting them into 6 batches of 100 and sending them at different times if you're suing Gmail (1 hour apart maybe). You could of course automate that with a cron script.

Have you looked into the possibility of using your own web hosts SMTP server? Most hosts provide outgoing SMTP.
meti_alb
Forum Newbie
Posts: 12
Joined: Thu Jan 17, 2008 2:46 pm

Re: DomainKey-Signature

Post by meti_alb »

actually I was trying that today,

Could you check your pm's please.
Chris Corbyn wrote:I'd probably suggest splitting them into 6 batches of 100 and sending them at different times if you're suing Gmail (1 hour apart maybe). You could of course automate that with a cron script.

Have you looked into the possibility of using your own web hosts SMTP server? Most hosts provide outgoing SMTP.
gmbzcode
Forum Newbie
Posts: 4
Joined: Wed Apr 23, 2008 11:11 am

Re: DomainKey-Signature

Post by gmbzcode »

Interesting question as I'm looking to implement Domain Keys and DKIM within Swiftmail as well, as not everyone has a web host that will configure their email server for it.

On the one hand, it is fairly trivial to implement as it is simply adding a header line to outgoing email.

On the other hand, there is a slight problem in that it is highly dependent on getting the raw data. IE the process for signing would have to be as follows:

Have a complete copy of what the final email text will be(headers and body).
Make a few changes to the header(basically move all the fields that will be signed to the bottom of the header, so
if for example the header is as follows:
to: someone
from: me
Message-Id: 1234
Mailer: SwiftMail
X-Return-Receipt: Yes
X-Customheader: get a life
Subject: Test subject

For signage, that header may need to be rewritten as:
Message-Id: 1234
Mailer: SwiftMail
X-Return-Receipt: Yes
X-Customheader: get a life
to: someone
from: me
Subject: Test subject

And then after signage the header becomes:
Message-Id: 1234
Mailer: SwiftMail
X-Return-Receipt: Yes
X-Customheader: get a life
DKIM-Signature: v=0.5; a=rsa-sha1; c=relaxed/relaxed; s=selector1; d=mydomain.com;
h=From:To:Subject; i=me@mydomain.com;
bh=hIzVvCAb26lQLfMuoNTib/JNsFM=;
b=ZL3TWclacae/Fk8Mhl4X6006cHIRmIBxhWtQSMMk5lS8KZ7T9h5u4CjvfKWxmc7ebL14220CSyiG
UtGunfvuSg==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=selector1; d=mydoamin.com;
b=ZnWgk3qOIrfJGG1JK0W/kTs7zqLrn0/Xd11x+M5cLc14j0UBrm6+MtVuj85qmZYWWKg4dGs34Y/e
ylv9VJPq4A==;
to: someone
from: me
Subject: Test subject


The Domain Key signature signs all text after it(which is why all signed headers must be placed after the signature), where DKIM specifies the fields and can be placed before it.

Checking the API, I see I can certainly /set/ the header fields. And I can retrieve the data and calculate my best guess at what it's going to look like before signing it. But what is really needed is a swiftmessage->getRawHeader, swiftmessage->setRawHeader, swiftmessage->getRawBody and swiftmessage->setRawBody function in order to make the final calculations.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: DomainKey-Signature

Post by Chris Corbyn »

Version 4 will have toString() and toByteStream() methods which make this much easier. Domain Keys (and DKIM and PCKS) are going to be available in the new version as a paid feature. The new API in the free version does make it much easier to write these sorts of wrappers for people who'd rather not pay however.
Post Reply