DKIM is failing when using swift mailer to sign emails, but works when I use http://php-dkim.sourceforge.net/

[pankaj-garg]

I downloaded php-dkim from http://php-dkim.sourceforge.net/ and tried to test from same privatekey, domain and selector i am using for swift mailer. That works perfectly, dkim is passed and shows mails signed-by pankajgarg.in But when I do same with swift mailer, DKIM test is failed.

Code I am using to sign emails using Swift Mailer

$SwiftMessage = \Swift_Message::newInstance();
        $SwiftMessage->setFrom(['support@pankajgarg.in'])
                     ->setTo(['garg.pankaj15@gmail.com])
                     ->setSubject('Check DKIM Status')
                     ->setBody('Check DKIM Status == passed ? hurray :) : alas :(');

$privateKey = ''; // Generated one as the paired public key is set in DNS
$domain = 'pankajgarg.in';
$selector = 'pankaj1';

$SwiftMessage ->attachSigner((new \Swift_Signers_DKIMSigner($privateKey, $domain, $selector))->setBodyCanon('simple')                                                                                                           ->setHeaderCanon('relaxed')                                                                                                         ->setHashAlgorithm('rsa-sha1'));

$MailTransport = \Swift_MailTransport::newInstance();
$Swift         = \Swift_Mailer::newInstance($MailTransport);

$result = $Swift->send($SwiftMessage);

Please suggest, how can I achieve that

[xdecock]

have you tried setting the body canon to relaxed?

It's probably the culprit here, one mail server messes up with your
contents.

• Can you provide at least the failing dkim header?

On Fri, Jul 10, 2015 at 8:30 AM, Pankaj Garg notifications@github.com
wrote:

I downloaded php-dkim from http://php-dkim.sourceforge.net/ and tried to
test from same privatekey, domain and selector i am using for swift mailer.
That works perfectly, dkim is passed and shows mails signed-by
pankajgarg.in But when I do same with swift mailer, DKIM test is failed.

Code I am using to sign emails using Swift Mailer

$SwiftMessage = \Swift_Message::newInstance();
$SwiftMessage->setFrom(['support@pankajgarg.in'])
->setTo(['garg.pankaj15@gmail.com])
->setSubject('Check DKIM Status')
->setBody('Check DKIM Status == passed ? hurray :) : alas :(');

$privateKey = ''; // Generated one as the paired public key is set in DNS
$domain = 'pankajgarg.in';
$selector = 'pankaj1';

$SwiftMessage ->attachSigner((new \Swift_Signers_DKIMSigner($privateKey, $domain, $selector))->setBodyCanon('simple') ->setHeaderCanon('relaxed') ->setHashAlgorithm('rsa-sha1'));

$MailTransport = \Swift_MailTransport::newInstance();
$Swift = \Swift_Mailer::newInstance($MailTransport);

$result = $Swift->send($SwiftMessage);

Please suggest, how can I achieve that

—
Reply to this email directly or view it on GitHub
#636.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

Thanks @xdecock for your reply. I have set the body canon to relaxed. How can I get the failing DKIM header?

The email headers shows
dkim=fail header.i=@pankajgarg.in

X-PHP-Originating-Script: 501:SimpleMailInvoker.php DKIM-Signature: v=1; a=rsa-sha1; bh=qG7f3WWiwJUtfve+xKFA68ry3Cg=; d=pankajgarg.in; h=From:To:Subject; q=dns/txt; s=pankaj1; c=relaxed/relaxed; t=1436513140; z=return-path:<support@pankajgarg.in>|message-id:<078cab35f601fda157c53338a3fcf23a@kayako>|date:Fri, 10 Jul 2015 07:25:40 +0000|from:support@pankajgarg.in|reply-to:support@pankajgarg.in|cc:garg.pankaj15@gmail.com|mime-version:1.0|content-type:text/html; charset=utf-8|content-transfer-encoding:quoted-printable; b=uLpQiZS8vgm6Wwx+NvuaySo03SgH5mOkApHnJrcqVydgeODksbSD5Hj6vQslsVzxhtPlVSyzM T4Q0HbplUDmu3akUl9b4xZY3YzbyyBo/UrpEs+0oRmOwpPFFT3j6Z3Dac5FKo+oIUZVPZApPv Yt6z4UQaeXCjsf2qaV1hASkQI=

[xdecock]

You probably want to exclude the return-path from the signed headers, i
remember it's possible, altough i don't have the code line at hand

the rest is probably ok

On Fri, Jul 10, 2015 at 9:38 AM, Pankaj Garg notifications@github.com
wrote:

Thanks @xdecock https://github.com/xdecock for your reply. I have set
the body canon to relaxed. How can I get the failing email header?

The email headers shows
dkim=fail header.i=@pankajgarg.in

X-PHP-Originating-Script: 501:SimpleMailInvoker.php
DKIM-Signature: v=1; a=rsa-sha1; bh=qG7f3WWiwJUtfve+xKFA68ry3Cg=;
d=pankajgarg.in; h=From:To:Subject; q=dns/txt; s=pankaj1;
c=relaxed/relaxed;
t=1436513140;
z=return-path:<support@pankajgarg.in

|message-id:078cab35f601fda157c53338a3fcf23a@kayako|date:Fri,
10 Jul 2015 07:25:40
+0000|from:support@pankajgarg.in|reply-to:support@pankajgarg.in|
cc:garg.pankaj15@gmail.com|mime-version:1.0|content-type:text/html;
charset=utf-8|content-transfer-encoding:quoted-printable;
b=uLpQiZS8vgm6Wwx+NvuaySo03SgH5mOkApHnJrcqVydgeODksbSD5Hj6vQslsVzxhtPlVSyzM
T4Q0HbplUDmu3akUl9b4xZY3YzbyyBo/UrpEs+0oRmOwpPFFT3j6Z3Dac5FKo+oIUZVPZApPv
Yt6z4UQaeXCjsf2qaV1hASkQI=

—
Reply to this email directly or view it on GitHub
#636 (comment)
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

@xdecock But the test is still failing. Should i include return-path in signing headers?

[xdecock]

No it is signed, you should add it to ignored headers ;) as it's usually
moved in the mail, and as such cannot be found after the dkim-signature
header.

this is what is causing the failure

->ignoreHeader('Return-Path');

On Fri, Jul 10, 2015 at 10:22 AM, Pankaj Garg notifications@github.com
wrote:

@xdecock https://github.com/xdecock But the test is still failing.
Should i include return-path in signing headers?

—
Reply to this email directly or view it on GitHub
#636 (comment)
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

Hey @xdecock , Thank you so much :) that really worked. I wasted my two days because I was new to DKIM. Ignoring Return-path header worked for me.

But may I know why do we need to ignore the Return-path header?

[xdecock]

Because this is the only header that can move in the mail, it should Always
be on first line and dkim-signatures only signs headers after it.

As such the header is missing and the signature is invalid.

regards,

On Fri, Jul 10, 2015 at 11:54 AM, Pankaj Garg notifications@github.com
wrote:

Hey @xdecock https://github.com/xdecock , Thank you so much :) that
really worked. I wasted my two days because I was new to DKIM. Ignoring
Return-path header worked for me.

But may I know why do we need to ignore the Return-path header?

—
Reply to this email directly or view it on GitHub
#636 (comment)
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

@xdecock is it safe if we ignore it?

[xdecock]

yes, as it cannot be signed, it's probably not signed by default by php-dkim

On Fri, Jul 10, 2015 at 12:55 PM, Pankaj Garg notifications@github.com
wrote:

@xdecock https://github.com/xdecock is it safe if we ignore it?

—
Reply to this email directly or view it on GitHub
#636 (comment)
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

okay, Thanks a lot @xdecock You are really awesome!!

[pankaj-garg]

@xdecock I checked this seems a bug #442

Is there any plan to submit the fix?

[xdecock]

To be completely honnest, it's linked to the way DKIM works, so either we
need to make sure it works that way with every given smtp server, or, we
allow people to ignore certain headers, i prefer not to hard-code any
default.

But any patch is welcome.

On Mon, Jul 13, 2015 at 7:39 AM, Pankaj Garg notifications@github.com
wrote:

@xdecock https://github.com/xdecock I checked this seems a bug #442
#442

Is there any plan to submit the fix?

—
Reply to this email directly or view it on GitHub
#636 (comment)
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

@xdecock ok, is this the official documentation of DKIM http://www.opendkim.org/opendkim.conf.5.html ? or would be helpful if you could share the correct one.

[xdecock]

DKIM Documentation?

https://tools.ietf.org/html/rfc6376

On Mon, Jul 13, 2015 at 10:18 AM, Pankaj Garg notifications@github.com
wrote:

@xdecock https://github.com/xdecock ok, is this the official
documentation of DKIM http://www.opendkim.org/opendkim.conf.5.html ? or
would be helpful if you could share the correct one.

—
Reply to this email directly or view it on GitHub
#636 (comment)
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

@xdecock okay, thanks

[pankaj-garg]

@xdecock
As per the doc

   fields for which there are multiple fields with the same name and
   fields that are modified in transit.  Examples of these are:

   o  Return-Path

   o  Received

   o  Comments, Keywords

   Note that the DKIM-Signature field is also excluded from the header
   hash because its handling is specified separately. ```

Would it be correct if we initialize the existing variable `$_ignoreHeaders` in  `Swift/classes/Swift/Signers/DKIMSigner.php`with these headers?

[xdecock]

those are examples, and altough i think Return-Path might be a good idea,

the other ones might have usage, or we nee to implement a "signHeader" to
force signing "pre excluded" headers. excluding too many things by default
might help out people but will desserve everybody in the long run.

Regards,

Xavier

On Mon, Jul 13, 2015 at 10:47 AM, Pankaj Garg notifications@github.com
wrote:

@xdecock https://github.com/xdecock

fields for which there are multiple fields with the same name and
fields that are modified in transit. Examples of these are:

o Return-Path

o Received

o Comments, Keywords

Note that the DKIM-Signature field is also excluded from the header
hash because its handling is specified separately.```

Would it be correct if we initialize the existing variable $_ignoreHeaders
in Swift/classes/Swift/Signers/DKIMSigner.phpwith these headers?

—
Reply to this email directly or view it on GitHub
https://github.com/swiftmailer/swiftmailer/issues/636#issuecomment-120852948
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

Didn't get you exactly what do you mean by "we need to implement a "signHeader" to
force signing "pre excluded" headers."

Apart from that, I checked some well known product's emails, no one includes return-path in signing headers even github does not.

[pankaj-garg]

@xdecock Can you please explain bit more what should we do if adding Return-path to $_ignoreHeaders is not the good way?

[xdecock]

Return-path is ok, no other headers should be included however

regards,

Xavier

On Mon, Jul 13, 2015 at 12:51 PM, Pankaj Garg notifications@github.com
wrote:

@xdecock https://github.com/xdecock Can you please explain bit more
what should we do if adding Return-path to $_ignoreHeaders is not the
good way?

—
Reply to this email directly or view it on GitHub
#636 (comment)
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[pankaj-garg]

Hi @xdecock ,

Please check #637

Regards
Pankaj

[pankaj-garg]

Travis build is not passing for PHP5.3, says Segmentation fault when phpunit tests are executed

https://travis-ci.org/swiftmailer/swiftmailer/jobs/70777428

[tunexlevel]

Am working on a project to help send mail via a contact form, but am having this issue while using swiftmailer DKIM class to authenticate the message before sending it.

Here is the error i get:

Fatal error: Uncaught exception 'Swift_SwiftException' with message 'Unable to load DKIM Private Key [error:0906D06C:PEM routines:PEM_read_bio:no start line]' in /home/villaroc/public_html/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Signers/DKIMSigner.php:691 Stack trace: #0 /home/villaroc/public_html/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Signers/DKIMSigner.php(560): Swift_Signers_DKIMSigner->_getEncryptedHash() #1 /home/villaroc/public_html/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Message.php(213): Swift_Signers_DKIMSigner->addSignature(Object(Swift_Mime_SimpleHeaderSet)) #2 /home/villaroc/public_html/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Message.php(179): Swift_Message->doSign() #3 /home/villaroc/public_html/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(327): Swift_Message->toByteStream(Object(Swift_Transport_StreamBuffer)) #4 /home/villaroc/public_html/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(428): Swif in /home/villaroc/public_html/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Signers/DKIMSigner.php on line 691

Your assistance will be highly appreciated.
Thanks

[xdecock]

it seems you don't have a pem encoded private key

does your key start with ---- START PRIVATE RSA ---- (or something like
that)

2016-10-14 11:08 GMT+02:00 tunexlevel notifications@github.com:

Am working on a project to help send mail via a contact form, but am
having this issue while using swiftmailer DKIM class to authenticate the
message before sending it.

Here is the error i get:

Fatal error: Uncaught exception 'Swift_SwiftException' with message
'Unable to load DKIM Private Key [error:0906D06C:PEM
routines:PEM_read_bio:no start line]' in /home/villaroc/public_html/
vendor/swiftmailer/swiftmailer/lib/classes/Swift/Signers/DKIMSigner.php:691
Stack trace: #0 /home/villaroc/public_html/vendor/swiftmailer/
swiftmailer/lib/classes/Swift/Signers/DKIMSigner.php(560):
Swift_Signers_DKIMSigner->_getEncryptedHash() #1
#1
/home/villaroc/public_html/vendor/swiftmailer/
swiftmailer/lib/classes/Swift/Message.php(213): Swift_Signers_DKIMSigner->
addSignature(Object(Swift_Mime_SimpleHeaderSet)) #2
#2
/home/villaroc/public_html/vendor/swiftmailer/
swiftmailer/lib/classes/Swift/Message.php(179): Swift_Message->doSign() #3
#3
/home/villaroc/public_html/vendor/swiftmailer/
swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(327):
Swift_Message->toByteStream(Object(Swift_Transport_StreamBuffer)) #4
#4
/home/villaroc/public_html/vendor/swiftmailer/
swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(428):
Swif in /home/villaroc/public_html/vendor/swiftmailer/
swiftmailer/lib/classes/Swift/Signers/DKIMSigner.php on line 691

Your assistance will be highly appreciated.
Thanks

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#636 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AADCfVJJ5l-9n8u5WkpWwz4XtWkKWxmLks5qz0acgaJpZM4FV2x0
.

Xavier De Cock
GPG Fingerprint: 93CA EE3F 9F57 5BE1 AE4A 794D 3C74 CA9E E7A5 0C1B
GPG Id: 0xE7A50C1B

[tunexlevel]

@xdecock Thanks for your prompt response. I think you are right. Am new to swiftmailer framework but how can I get a pem encoded private key and selector for the parameter of Swift_Signers_DKIMSigne()

[pankaj-garg]

@tunexlevel http://dkimcore.org/tools/keys.html

[tunexlevel]

@pankaj-garg That really helped. I was so excited but the mail is still not verified. Find attached below the error message from gmail. Thanks in anticipation...

[pankaj-garg]

@tunexlevel Have you added proper DNS records? and also check your code with the code snippet here #636 (comment)

[tunexlevel]

Here is how my code looks like:

`
//create transport
$transport = \Swift_SmtpTransport::newInstance('mail.villarockestate.com')
->setUsername($username)
->setPassword($password);

//create swiftmailer instance
$swift = \Swift_Mailer::newInstance($transport);

//create content
$content = "The is a test message from villarockestate under construction...It is well";

//create a message
$message = \Swift_Message::newInstance('This is a new email')
->setFrom(["no-reply@villarockestate.com"=>"villarockestate"])
->setTo(["tunexlevel8@gmail.com"=>"Tunexlevel"])
->setBody($content,'text/html')
->addPart(strip_tags($content), 'text/plain');

$privateKey = '---'; // Generated one as the paired public key is set in DNS
$domain = 'www.villarockestate.com';
$selector = '1476402965.villarockestate';

$message ->attachSigner((new \Swift_Signers_DKIMSigner($privateKey, $domain, $selector))
->setBodyCanon('relaxed')
->setHeaderCanon('relaxed')
->setHashAlgorithm('rsa-sha1')
->ignoreHeader('Return-Path'));

//send it
$send = $swift ->send($message);

if($send){
echo 'Yes';
}
else{
`

[pankaj-garg]

I don't see SPF and DKIM related TXT records on your domain villarockestate.com

[tunexlevel]

@pankaj-garg I really appreciate your effort, what can I do

I don't see SPF and DKIM related TXT records on your domain villarockestate.com

[tunexlevel]

@pankaj-garg Is this what you mean $domain = '1476448060.villarockestate._domainkey.www.villarockestate.com';

[tunexlevel]

If that is what you meant; I tried that also, but didn't solve the problem

Kind regards,
Tunexlevel