You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by GitBox <gi...@apache.org> on 2021/09/09 04:44:16 UTC
[GitHub] [james-project] Arsnael commented on a change in pull request #651: JAMES-3644 Better document outgoing email setup
Arsnael commented on a change in pull request #651:
URL: https://github.com/apache/james-project/pull/651#discussion_r704945916
##########
File path: src/homepage/howTo/dkim.html
##########
@@ -0,0 +1,178 @@
+---
+layout: howTo
+---
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!-- Main -->
+<div id="main">
+
+ <!-- Introduction -->
+ <section id="intro" class="main special">
+ <div class="">
+ <div class="content align-left">
+ <header class="major">
+ <h1><b>What is a DKIM Record?</b></h1>
+ </header>
+
+ <p>
+ DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.
+ </p>
+
+ <p>
+ It uses public-key cryptography to sign email with a private key as it leaves a sending server.
+ Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit.
+ </p>
+
+ <p>
+ Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.
Review comment:
```suggestion
Once the signature is verified with the public key by the recipient server, the message passes the DKIM check and is considered authentic.
```
##########
File path: src/homepage/howTo/dkim.html
##########
@@ -0,0 +1,178 @@
+---
+layout: howTo
+---
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!-- Main -->
+<div id="main">
+
+ <!-- Introduction -->
+ <section id="intro" class="main special">
+ <div class="">
+ <div class="content align-left">
+ <header class="major">
+ <h1><b>What is a DKIM Record?</b></h1>
+ </header>
+
+ <p>
+ DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.
+ </p>
+
+ <p>
+ It uses public-key cryptography to sign email with a private key as it leaves a sending server.
+ Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit.
+ </p>
+
+ <p>
+ Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.
+ </p>
+
+ <p>
+ The process of setting up DKIM can be split into the following steps:
+ </p>
+
+ <ul>
+ <li>Choose a DKIM selector.</li>
+ <li>Generate a public-private key pair.</li>
+ <li>Publish the selector and public key by creating a DKIM TXT record.</li>
+ <li>Attach the token to each outgoing email.</li>
+ </ul>
+
+ <p>
+ Before we begin, you might wonder what is a DKIM selector?
+ </p>
+ <p>
+ In short, a selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.
+ A selector can be anything you want, such as a word, number, or a string of letters and numbers.
+ </p>
+ <p>
+ For example, if you choose <code>james3</code> for your selector, the DKIM record name would become <code>james3._domainkey</code>
+ </p>
+
+
+ <header class="major">
+ <h1><b>Generate RSA Key Pair for DKIM</b></h1>
+ </header>
+
+ <p>
+ You can use tools such as <code>openssl</code> or <code>ssh-keygen</code> to generate RSA keys.
+ </p>
+ <p>
+ Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with DNS provider and see what length of DKIM key is supported because they need to match.
+ </p>
+ <p>Generate a 1024 bit RSA Key:</p>
+
+
+ <pre><code>$ openssl genrsa -out private.pem 1024
+Generating RSA private key, 1024 bit long modulus (2 primes)
+............................................................
+ </pre></code>
+
+ <p>Export the RSA Public Key to a File:</p>
+ <pre><code>$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
+writing RSA key
Review comment:
??? is that supposed to be the result of the command?
##########
File path: src/homepage/howTo/dkim.html
##########
@@ -0,0 +1,178 @@
+---
+layout: howTo
+---
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!-- Main -->
+<div id="main">
+
+ <!-- Introduction -->
+ <section id="intro" class="main special">
+ <div class="">
+ <div class="content align-left">
+ <header class="major">
+ <h1><b>What is a DKIM Record?</b></h1>
+ </header>
+
+ <p>
+ DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.
+ </p>
+
+ <p>
+ It uses public-key cryptography to sign email with a private key as it leaves a sending server.
+ Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit.
+ </p>
+
+ <p>
+ Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.
+ </p>
+
+ <p>
+ The process of setting up DKIM can be split into the following steps:
+ </p>
+
+ <ul>
+ <li>Choose a DKIM selector.</li>
+ <li>Generate a public-private key pair.</li>
+ <li>Publish the selector and public key by creating a DKIM TXT record.</li>
+ <li>Attach the token to each outgoing email.</li>
+ </ul>
+
+ <p>
+ Before we begin, you might wonder what is a DKIM selector?
+ </p>
+ <p>
+ In short, a selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.
+ A selector can be anything you want, such as a word, number, or a string of letters and numbers.
+ </p>
+ <p>
+ For example, if you choose <code>james3</code> for your selector, the DKIM record name would become <code>james3._domainkey</code>
+ </p>
+
+
+ <header class="major">
+ <h1><b>Generate RSA Key Pair for DKIM</b></h1>
+ </header>
+
+ <p>
+ You can use tools such as <code>openssl</code> or <code>ssh-keygen</code> to generate RSA keys.
+ </p>
+ <p>
+ Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with DNS provider and see what length of DKIM key is supported because they need to match.
Review comment:
```suggestion
Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with your DNS provider and see what length of DKIM key is supported because they need to match.
```
##########
File path: src/homepage/howTo/dkim.html
##########
@@ -0,0 +1,178 @@
+---
+layout: howTo
+---
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!-- Main -->
+<div id="main">
+
+ <!-- Introduction -->
+ <section id="intro" class="main special">
+ <div class="">
+ <div class="content align-left">
+ <header class="major">
+ <h1><b>What is a DKIM Record?</b></h1>
+ </header>
+
+ <p>
+ DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.
+ </p>
+
+ <p>
+ It uses public-key cryptography to sign email with a private key as it leaves a sending server.
+ Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit.
+ </p>
+
+ <p>
+ Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.
+ </p>
+
+ <p>
+ The process of setting up DKIM can be split into the following steps:
+ </p>
+
+ <ul>
+ <li>Choose a DKIM selector.</li>
+ <li>Generate a public-private key pair.</li>
+ <li>Publish the selector and public key by creating a DKIM TXT record.</li>
+ <li>Attach the token to each outgoing email.</li>
+ </ul>
+
+ <p>
+ Before we begin, you might wonder what is a DKIM selector?
+ </p>
+ <p>
+ In short, a selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.
+ A selector can be anything you want, such as a word, number, or a string of letters and numbers.
+ </p>
+ <p>
+ For example, if you choose <code>james3</code> for your selector, the DKIM record name would become <code>james3._domainkey</code>
+ </p>
+
+
+ <header class="major">
+ <h1><b>Generate RSA Key Pair for DKIM</b></h1>
+ </header>
+
+ <p>
+ You can use tools such as <code>openssl</code> or <code>ssh-keygen</code> to generate RSA keys.
+ </p>
+ <p>
+ Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with DNS provider and see what length of DKIM key is supported because they need to match.
+ </p>
+ <p>Generate a 1024 bit RSA Key:</p>
+
+
+ <pre><code>$ openssl genrsa -out private.pem 1024
+Generating RSA private key, 1024 bit long modulus (2 primes)
+............................................................
+ </pre></code>
+
+ <p>Export the RSA Public Key to a File:</p>
+ <pre><code>$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
+writing RSA key
+ </pre></code>
+ <p>Both generated files are base64-encoded encryption keys in plain text format:</p>
+
+
+
+ <pre><code>
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ4opSwJwxani/5Ii5VbqMQRfo
+edUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6bqfak3XGHGu4s0rAXRM6Y3us
+gy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+tpO5H1Kc+9MBTMm7qnQIDAQAB
+AoGATyl52nSIaAyMzMUca1BPE86PKLG6FeoSXUkxlJimNBYGdu4Fnkf/U+YVhXev
+mVMmoYZ68W3hg1nZwwKz6Q+oH7iBk+AJRQlDQmdNuqBS5epKQpIk77w6J+Nd2HCa
+wLXnt5wtDcusIV+HvznKi/yEt+oq29BbyY2CjAUYtR57wEECQQDhs71D4M8su6hv
+bBbif1V/4m62ChkSZRnD7T2rCxzqLoe3Qe6W9hwysDjYMAtq3pA7mjMYyTqrx8sJ
+RWcVSaf5AkEAyPx63vEKS38QPYyiesuJqqrnTeVlnPInedEmJmI6Rz5cWISosvNz
+/QjHzTqOT1fXfskbhutg1/mDarsHnH/oxQJBAJjH/cdUB4nlYehCx978iRjvYzgQ
+79XW4DETiBofhKw1YSM5G1PPN1lMlr4pD6GBFStzf0E4/mFH9nXJKDVtzakCQQCG
+OQ75ijHc31uCL0RnCzzB7GaSf+tPV+yDDukSYzEWWRAk0Vs0Px+r0UxVw5A8bqZs
+dnPas6C2O1zHT2Yy3r0dAkBECZDJaFhADFPSex8UrUrIidJaz8NLdyDiuwXKjc/c
+AmlLQXKntU4M5EIE6jz0Gf1ivw06pvTDOCDWlDxJRvf8
+-----END RSA PRIVATE KEY-----
+ </code></pre>
+ <pre><code>
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ
+4opSwJwxani/5Ii5VbqMQRfoedUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6
+bqfak3XGHGu4s0rAXRM6Y3usgy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+t
+pO5H1Kc+9MBTMm7qnQIDAQAB
+-----END PUBLIC KEY-----
+ </code></pre>
+
+ <p>Beside above steps, online tools such as <a href="https://www.sparkpost.com/resources/tools/dkim-wizard/">DKIM Wizard</a> can help you easily create a public and private key pair to be used for DomainKeys and DKIM signing. </p>
+
+
+ <header class="major">
+ <h1><b>Create DKIM TXT record</b></h1>
+ <p>Log in your Domain Control Panel and create a TXT Record:</p>
+ </header>
+ <pre><code>
+Record Type: TXT Record
+Host Name: james3._domainkey
+Text: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]
+</code></pre>
+
+<h1><b>Configure DKIMSign mailet</b></h1>
+
+<p>Lastly, you need to add a maillet to the <code>mailletcontainer.xml</code> in the /conf file of Apache James.</p>
Review comment:
```suggestion
<p>Lastly, you need to add a maillet to the <code>mailetcontainer.xml</code> in the /conf file of Apache James.</p>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org