jhawthorn / dkim Goto Github PK

View Code? Open in Web Editor NEW

92.0 9.0 18.0 86 KB

:envelope: Pure Ruby DKIM signature library with Rails integration

Ruby 100.00%

dkim's Introduction

dkim

A DKIM signing library in ruby.

Documentation

Installation

sudo gem install dkim

Necessary configuration

A private key, a domain, and a selector need to be specified in order to sign messages.

These can be specified globally

Dkim::domain      = 'example.com'
Dkim::selector    = 'mail'
Dkim::private_key = open('private.pem').read

Options can be overridden per message.

Dkim.sign(mail, :selector => 'mail2', :private_key => OpenSSL::PKey::RSA.new(open('private2.pem').read))

For more details see {Dkim::Options}

Usage With Rails

Dkim contains Dkim::Interceptor which can be used to sign all mail delivered by mail, which is used by actionmailer in rails >= 3.

For rails, create an initializer (for example config/initializers/dkim.rb) with the following template.

# Configure dkim globally (see above)
Dkim::domain      = 'example.com'
Dkim::selector    = 'mail'
Dkim::private_key = open('private.pem').read

# This will sign all ActionMailer deliveries
ActionMailer::Base.register_interceptor(Dkim::Interceptor)

Standalone Usage

Calling Dkim.sign on a string representing an email message returns the message with a DKIM signature inserted.

For example

mail = Dkim.sign(<<EOS)
To: [email protected]
From: [email protected]
Subject: hi

Howdy
EOS

Dkim.sign(mail)
# =>
# To: [email protected]
# From: [email protected]
# Subject: hi
# DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; q=dns/txt; s=mail; t=1305917829;
#  	bh=qZxwTnSM1ywsrq0Ag9UhQSOtVIG+sW5zDkB+hPbuX08=; h=from:subject:to;
#  	b=0mKnNOkxFGiww63Zu4t46J7eZc3Uak3I9km3IH2Le3XcnSNtWJgxiwBX26IZ5yzcT
# 	VwJzcCnPKCScIJMQ7yfbfXmNsKVIOV6eSUqu1YvJ1fgzlSAXuDEMNFTjoto5rrdA+
# 	BgX849hEY/bWHDl1JJgNpiwtpl4t0Q7M4BVJUd7Lo=
#
# Howdy

More flexibility can be found using {Dkim::SignedMail} directly.

Specific configuration

For sending mesages through Amazon SES, certain headers should not be signed

Dkim::signable_headers = Dkim::DefaultHeaders - %w{Message-ID Resent-Message-ID Date Return-Path Bounces-To}

Some OpenSSL's don't have sha256 support. RFC 6376 states that signers SHOULD sign using rsa-sha256. For this reason, dkim will not use rsa-sha1 as a fallback. If you wish to override this behaviour and use whichever algorithm is available you can use this snippet (not recommended).

Dkim::signing_algorithm = defined?(OpenSSL::Digest::SHA256) ? 'rsa-sha256' : 'rsa-sha1'

Limitations

Strictly a DKIM signing library. No support for signature verification. (none planned)
No support for the older Yahoo! DomainKeys standard (RFC 4870) (none planned)
No support for specifying DKIM identity i= (planned)
No support for body length l= (planned)
No support for copied header fields z= (not immediately planned)

Resources

RFC 6376
Inspired by perl's Mail-DKIM

License

(The MIT License)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

dkim's People

Contributors

Stargazers

Watchers

Forkers

mmassena cmer nikolajsen khh carsonreinke araipiyo cg2v kpandya3 tweltz daliborfilus geetfun blakestoddard luizeof oz lenlo maildealer

dkim's Issues

undefined method `strip_field' after update to mail 2.7.0

since I updated to mail 2.7.0, I have this issue :

Failure/Error: mm = Dkim.sign(mm, :domain => xxx, :selector => 'mail', :private_key => OpenSSL::PKey::RSA.new(xxx))

  NoMethodError:
    undefined method `strip_field' for #<Mail::DkimField:0x0000564a55a59bf0 @charset="utf-8">
  # /xxx/.rvm/gems/ruby-2.4.2@xxx/gems/dkim-1.0.0/lib/mail/dkim_field.rb:12:in `initialize'

link to mikel/mail#1169

Mail::Field::ParseError, DateTimeElement can not parse, in rails 3.0.0 app

Mail sends just fine with register_interceptor commented out in the initializer. But with the dkim initializer I get the following error:

Mail::Field::ParseError in AccountController#resend_code

DateTimeElement can not parse |Mon, 28 Nov 2011 23:56:08 Pacific Standard Time|
Reason was: Expected one of
, ( at line 1, column 28 (byte 28) after
Rails.root: C:/approot

Application Trace | Framework Trace | Full Trace
mail (2.2.6.1) lib/mail/elements/date_time_element.rb:13:in initialize' mail (2.2.6.1) lib/mail/fields/common/common_date.rb:33:innew'
mail (2.2.6.1) lib/mail/fields/common/common_date.rb:33:in element' mail (2.2.6.1) lib/mail/fields/common/common_date.rb:6:indate_time'
mail (2.2.6.1) lib/mail/fields/common/common_date.rb:10:in default' mail (2.2.6.1) lib/mail/field.rb:122:insend'
mail (2.2.6.1) lib/mail/field.rb:122:in method_missing' mail (2.2.6.1) lib/mail/message.rb:1065:indefault'
mail (2.2.6.1) lib/mail/message.rb:547:in date' actionmailer (3.0.0) lib/action_mailer/base.rb:419:inset_payload_for_mail'
actionmailer (3.0.0) lib/action_mailer/base.rb:400:in deliver_mail' activesupport (3.0.0) lib/active_support/notifications.rb:52:ininstrument'
activesupport (3.0.0) lib/active_support/notifications/instrumenter.rb:21:in instrument' activesupport (3.0.0) lib/active_support/notifications.rb:52:ininstrument'
actionmailer (3.0.0) lib/action_mailer/base.rb:399:in deliver_mail' mail (2.2.6.1) lib/mail/message.rb:226:indeliver'
app/models/email.rb:68:in `send_verification_email'
...

Signing too early

Hi,

we're using the gem with ActionMailer 3.2.13 and Rails 3.2. Interceptor seems to be able to sign the message. But Using port25 verifier it fails saying "fail (wrong body hash: expected n9hw0s6A+39X2zHc07dPuzj1783GTadt3NHjLpqyZ/g=)".

I tried different lengths of html body in the email and it passes for small email body but fail for large ones. Is it possible that register_interceptor(Dkim::Interceptor) binds too early?

I have dkim initializer that calls register_interceptor. I'm also using html and text templates with ActionMailer.

Any ideas?

Does it work with rails 4?

Options overridden per message not working

hi,
with "Dkim::Interceptor", everything is working fine. But I would like to specify Dkim per message

so when I try to do Dkim.sign(mail, :selector => 'mail2', :private_key => open('private2.pem').read)
I have error :
error => undefined method `sign' for #String:0x0000000a837980

so I have to make
:private_key => OpenSSL::PKey::RSA.new(open('private2.pem').read))
like this I dont have error. The mail is sent but the content seems to be encrypted

"----==_mimepart_536605ff8fe5d_a3b4663e883371d
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: base64

CgoKCgkgICAgICDhg5fhg6Xhg5Xhg5Thg5zhg6Eg4YOS4YOQ4YOc4YOq4YOu
4YOQ4YOT4YOU4YOR4YOQ4YOhIOGDleGDkOGDk+GDkCDhg5Lhg5Dhg6Phg5Xh
...
"

Duplicate DKIM header

Hi,

I'm using your gem in a Rails 3.2 app to send emails through Amazon SES. Here's my config:

# Configure dkim globally (see above)
Dkim::domain      = 'domain.com'
Dkim::selector    = 'mail'
Dkim::private_key = open('config/dkim/domain.com.pem').read

# Required for SES
Dkim::signable_headers = Dkim::DefaultHeaders - %w{Message-ID Resent-Message-ID Date Return-Path Bounces-To}

# This will sign all ActionMailer deliveries
ActionMailer::Base.register_interceptor('Dkim::Interceptor')

The problem I'm having is that every message I send fails because of this error:

| {554 Transaction failed: Duplicate header 'DKIM-Signature'.

/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/net/smtp.rb:948:in `check_response'
/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/net/smtp.rb:902:in `data'
/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/net/smtp.rb:660:in `block in send_message'
/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/net/smtp.rb:849:in `rcptto_list'
/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/net/smtp.rb:660:in `send_message'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/mail-2.4.1/lib/mail/network/delivery_methods/smtp.rb:145:in `block in deliver!'
/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/net/smtp.rb:520:in `start'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/mail-2.4.1/lib/mail/network/delivery_methods/smtp.rb:144:in `deliver!'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/mail-2.4.1/lib/mail/message.rb:2033:in `do_delivery'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/mail-2.4.1/lib/mail/message.rb:229:in `block in deliver'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/actionmailer-3.2.0/lib/action_mailer/base.rb:414:in `block in deliver_mail'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/activesupport-3.2.0/lib/active_support/notifications.rb:123:in `block in instrument'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/activesupport-3.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/activesupport-3.2.0/lib/active_support/notifications.rb:123:in `instrument'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/actionmailer-3.2.0/lib/action_mailer/base.rb:412:in `deliver_mail'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/mail-2.4.1/lib/mail/message.rb:229:in `deliver'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/performable_mailer.rb:6:in `perform'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/backend/base.rb:94:in `block in invoke_job'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/lifecycle.rb:60:in `call'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/lifecycle.rb:60:in `block in initialize'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/lifecycle.rb:65:in `call'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/lifecycle.rb:65:in `execute'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/lifecycle.rb:38:in `run_callbacks'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/backend/base.rb:91:in `invoke_job'
(eval):3:in `block in invoke_job_with_newrelic_transaction_trace'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/newrelic_rpm-3.3.1/lib/new_relic/agent/instrumentation/controller_instrumentation.rb:255:in `block in perform_action_with_newrelic_trace'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/newrelic_rpm-3.3.1/lib/new_relic/agent/method_tracer.rb:242:in `trace_execution_scoped'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/newrelic_rpm-3.3.1/lib/new_relic/agent/instrumentation/controller_instrumentation.rb:250:in `perform_action_with_newrelic_trace'
(eval):2:in `invoke_job_with_newrelic_transaction_trace'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/worker.rb:162:in `block (2 levels) in run'
/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/timeout.rb:68:in `timeout'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/worker.rb:162:in `block in run'
/home/deploy/.rbenv/versions/1.9.3-p0/lib/ruby/1.9.1/benchmark.rb:295:in `realtime'
/apps/production/varagesale/shared/bundle/ruby/1.9.1/gems/delayed_job-3.0.0/lib/delayed/worker.r

And my logs confirm it:

Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_4f23006488c2c_7877cfa87897786";
 charset=UTF-8
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=varagesale.com; q=dns/txt; s=mail; t=1327693924; bh=VGlBst8LIzltr4xXqcgFHtLmAcKyPiL2C0WKSiWqpI4=; h=content-transfer-encoding:content-type:from:mime-version:subject:to; b=YVipMt36yPhIOQ/GsiF1W6DTODYqmhzQ94KgIMnIQr/ZBDmwgTvIgYCdg7t9iodbLB0E2V0rTSBhcf8/ZIMPoTKgJIsBzdPjWpHj5mfm5GGLk4pAbWvmBVCCWM8g7s6rvWCNRfLAldKbGvSEn9AzF9cNatnXVAOzhbtIHkadLrQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=varagesale.com; q=dns/txt; s=mail; t=1327693935; bh=VGlBst8LIzltr4xXqcgFHtLmAcKyPiL2C0WKSiWqpI4=; h=content-transfer-encoding:content-type:from:mime-version:subject:to; b=ZwAJ8QFbd2bcGFaEVdKq/s/wBUB9hIiEsefJak6yWFPa3tH++fnefWL6z+2QRUhH3vB7ZwqLqZ5oa2+FB9uhQ4QPXnAmXYRGxx6qWopQPkxTojLXskOSCNKvn1ehkeeOEAGwio54eUcmlReGQD8HFQvy+TLDfzT7XiO5D71mmoY=

Any idea what could be causing this?

Thanks!

Interceptor no longer works with Mail 2.5.4

I receive undefined method 'field_order_id'. It looks like the problem is adding to header.fields requires a Mail::Field object, which is obviously is looking for field_order_id. As far as I understand, this would require appending the Dkim field to Mail::Field::FIELDS_MAP so that Mail::Field maps to the proper object.

I can put in a pull request if that seems like the right approach, though not a big fan of the global registration of the field.

dkim fail(wrong body hash)

Hi there:

I use the dkim gem to sign my emails but I failed to verify, it returns: dkim=neutral (body hash did not verify) in gmail, I have test my dkim in appmaildev, the result is: wrong body hash

But when I send emails only contains text/plain Content-Type (I delete my *.html.erb file), it passed.

I guess the culprit lies in encoding but I don't have enough proof.

Additionally, I use dkim 1.0.1 and my rails is 5.1.7.

I wish to get some help on how to debug it!

Typo in README.md

I had to remove the quotes from the line that adds the Interceptor to my Rails instance.

ActionMailer::Base.register_interceptor('Dkim::Interceptor')
became
ActionMailer::Base.register_interceptor(Dkim::Interceptor)

With the quotes it just created a String object as the Interceptor.

Invalid (wrong body hash) due to no line breaks

i.e., look here to see the issue. The error warning only appears in the Thunderbird dkim extension but I can't imagine this would be too hard a fix to implement the appropriate line breaks instead of having the entire DKIM key on one line in the email source.

integration with Mail gem

It will be nice if it can integrate with the mail gem (https://github.com/mikel/mail), and add the DKIM header to the Mail Object in that particular library.

Simple Canonicalization

If you use 'simple' for either header or body canonicalization, it appears to believe the message is modified when verifying the signature.

I'm not exactly sure why but reading this: http://www.dkim.org/specs/rfc4871-dkimbase.html#rfc.section.3, it says "In particular, header field names MUST NOT be case folded and whitespace MUST NOT be changed."

I noticed all the headers in the "h" portion of the signature are in lower case.

Generating pem files

I'm sorry, this isn't really an issue as much ignorance! How do I generate the keys? There are tons of articles online but they are each a little different!

openssl genrsa -out domain.com.pem 2048

Is that the best way to create the pem? How do I get the corresponding public key to place in the DNS?

Thanks!

[WIP] Verification Features

I started working on a verification feature awhile ago and was thinking about getting this finished up. I just wanted to put this in and see some thoughts about it before I waste a bunch of time.

https://github.com/carsonreinke/dkim/tree/feature_verification

The biggest issues now are: does not follow standard RFC error messages and missing tests.

Push new release v1.0.1

@jhawthorn Can you give me access to push a new gem? gem owner dkim --add [email protected]