Comments (12)
Interesting. To be honest I have no idea and I'm glad you referenced the relevant RFC's. I'll do some research, but know that the DKIM library used under the hood has been passed on to different hands a few times, so it's entirely possible there's no real reason behind it (anymore).
from simple-java-mail.
I've released 8.8.0, which updates the DKIM builder api in a similar fashion as the recent S/MIM update for #498.
You can now configure lengthParam, headerCanonicalization, bodyCanonicalization and signingAlgorithm for DKIM. Here's an example from the DKIM documentation:
currentEmailBuilder.signWithDomainKey(
DkimConfig.builder()
.dkimPrivateKeyData(byte[] / File / InputStream)
.dkimSigningDomain("your_domain.org")
.dkimSelector("your_selector")
.useLengthParam(true) // default is false
.excludedHeadersFromDkimDefaultSigningList("From", "Subject") // default is none
.headerCanonicalization(DkimConfig.Canonicalization.SIMPLE) // default is RELAXED
.bodyCanonicalization(DkimConfig.Canonicalization.SIMPLE) // default is RELAXED
.signingAlgorithm("SHA256_WITH_ED25519") // default is SHA256_WITH_RSA
.build()
);
from simple-java-mail.
How fast you done with bunch of codes 😅
Thank you for taking the time to this!
I really like this.
from simple-java-mail.
I wonder how can I extract the dkim signature after build it, to use it as header ? When I reconvert it from EmailBuilder to MimeMessage it broke the dkim and bh fails.
from simple-java-mail.
Hi @furkan-atak,
If I understand correctly, you want to pull out the DKIM signature to add it in your email headers directly, but you're hitting a wall with the bh field after switching from EmailBuilder to MimeMessage? Just to clear things up, Simple Java Mail is pretty solid when it comes to converting Email objects to MimeMessages right before sending, since this is the primary use case of using DKIM. This step is meant to keep everything, including DKIM signatures, intact.
It seems like there might be a mix-up or a special case with your issue. Normally, the DKIM signature is part of the email headers, added automatically when you send the email to make sure it's legit and hasn't been tampered with. Messing with the DKIM signature manually isn't typically done because it can easily make the signature invalid, especially if you change parts of the email that the signature covers (like the bh field for the body hash).
If you really need to get at the DKIM signature before sending, I'm curious to know why. Perhaps it's a use case I might want to support. However, I'd advise caution with manual manipulations of DKIM signatures due to the precise nature of email authentication processes.
from simple-java-mail.
It's because I am trying to use dkim in milter (mail filter). So it's actually does not send a mail to anywhere but it communicates with postfix (if you do not know much about postfix and milter protocol stages: https://www.postfix.org/MILTER_README.html) so because of that instead of directly signing and sending an email, I need the dkim header to add the mail headers in the related milter stage which is eom(end of message).
from simple-java-mail.
from simple-java-mail.
It's because I am trying to use dkim in milter (mail filter). So it's actually does not send a mail to anywhere but it communicates with postfix (if you do not know much about postfix and milter protocol stages: https://www.postfix.org/MILTER_README.html) so because of that instead of directly signing and sending an email, I need the dkim header to add the mail headers in the related milter stage which is eom(end of message).
Hhm, you could try creating your own CustomMailer implementation. This gives you access to the converted MimeMessage without sending it. Would that be of help?
from simple-java-mail.
from simple-java-mail.
@bbottema My issue is not about sending stuff or related about the main purpose of the library. I mainly use the library for content replacement and dkim sign for the mail so my problem is about that. However, even if a did not change the body and just convert byte[] to EmailPopulatingBuilder than Email than MimeMessage than have a dkim header and adding that to the header did not work well.
And this is what I do:
MimeMessage mimeMessage = EmailConverter.emailToMimeMessage(email);
MimeMessage dkimMimeMessage = genereateDkimMimeMessage(email); /* returns
new DkimMessageIdFixingMimeMessage(messageToSign, dkimSigner, email.getId()); with default config*/
String dkimEmailContent = EmailConverter.mimeMessageToEML(dkimMimeMessage);
String dkimHeader = FormatUtils.findFirstWithRegex(DKIM_HEADER_VALUE_FINDER_PATTERN, dkimEmailContent);
@SaeGon-Heo thanks for the idea. However, it's a protocol level config not related to the application layer I am implementing and before that, I have my own test cases. And in that tests bh (body hash) fails in dkim.
from simple-java-mail.
@furkan-atak Apologies, but I still don't understand what you're doing or trying to accomplish.
You want to send an email to postfix. Signed or unsigned? I'm assuming unsigned, because if signed, the header would already be there. So you first sign the email just to get the header and then send the unsigned email plus header separately to postfix? And how does it break DKIM, where? At which stage?
from simple-java-mail.
@furkan-atak
okay...
I misunderstood because of this sentence
I need the dkim header to add the mail headers in the related milter stage which is eom(end of message).
likely you want to add DKIM header
in milter's EOM(end-of-data) stage.
But you want to add DKIM header
to original MIMEMessage
before send it to email server associated with milter
, am I right?
And this is what I do:
MimeMessage mimeMessage = EmailConverter.emailToMimeMessage(email);
MimeMessage dkimMimeMessage = genereateDkimMimeMessage(email);
String dkimEmailContent = EmailConverter.mimeMessageToEML(dkimMimeMessage);
String dkimHeader = FormatUtils.findFirstWithRegex(DKIM_HEADER_VALUE_FINDER_PATTERN, dkimEmailContent);
And add dkimHeader
to mimeMessage
, is it?
Then I wonder why you need this process...
Because, as I know, DKIM header
is stuff for identity email sender's domain at server which receiving emails using Asymmetric Cryptography
with mail header and body.
And I guess here, as you saw in your test, bh tag check
may fail because of DKIM's Canonicalization
.
In short, when make DKIM signature
, mail header and body is canonicalized to prevent DKIM signature
verification failure when transit it to destination via relays like milter.
Message transit from author to recipient is through
relays that typically make no substantive change to the message
content and thus preserve the DKIM signature.
Your DKIM header's bh
is calculated after relaxed/relaxed canonicalization by default config.
And original MIMEMessage
not canonicalization in any way.
It can lead to verification failure because original mail header and body is not canonicalized
but DKIM header
made using canonicalized header/body.
You may solve this by choose simple
canonicalization for header/body.
But simple body canonicalization also modify body in some case.
And most case use relaxed/relaxed canonicalization nowadays.
If you want to simply check DKIM header is added correctly before send it, how about use DKIMVerifier
in org.apache.james.jdkim:apache-jdkim:0.3
?
But I think check DKIM when receiving email is most important point than any other stage.
Note that public key dns/txt
check is performed when make DKIM header, too.
from simple-java-mail.
Related Issues (20)
- Update to Angus Mail HOT 9
- Unable to compile HOT 3
- [bug] Attachment body parts should separately parse Content-Disposition and ContentID, possible resulting in an downloadable attachment that is also embedded HOT 9
- [bug] don't require smime-module when adding collection of headers (also used when copying email) HOT 2
- [question from newbie] sjm cli does not return HOT 1
- Add config support for 'verifyingServerIdentity' with SMTP, also: since Angus 1.1.0 (8.6.0) server identity checks are on by default and can be countered by `mailerBuilder.verifyingServerIdentity(false)` HOT 12
- Cannot send an email. HOT 3
- Order of attachments is lost when converting a MimeMessage to an Email HOT 4
- Make S/MIME algorithms configurable (signature algorithm for signing, key encapsulation and cipher algorithms for encryption) HOT 4
- [bug] Fix parsing addresses from headers in EML files, like a Disposition-Notification-To with umlaut HOT 1
- Update outlook-message-parser dependency, which has improved support for X500 addresses
- [Bug] Message headers not treated with case insensitivity as per RFC, causing deviating headers to slip through the filters HOT 1
- Maxing out SMTP server concurrent connections HOT 1
- outlookMsgToEmail duplicates recipients if same name used for To and Cc HOT 1
- java.lang.NoClassDefFoundError: org/jacoco/agent/rt/internal_c13123e/Offline HOT 2
- [security] Update 3rd party dependencies to get rid of all currently known CVE issues HOT 2
- [enhancement+bug] Make EmailConverter API more consistent regarding Session parameter, don't use `Session.getDefaultInstance` anymore and fix bug where `emlToEmailBuilder` used `emlToMimeMessage` HOT 3
- How to create jakarta.mail.internet.MimeMessage without accessing the mailer session? HOT 3
- Update upstream dependency generic-object-pool, which solves a critical bug when there are exceptions during allocation HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simple-java-mail.