Is DKIM signing implemented in Thunderbird ?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Is DKIM signing implemented in Thunderbird ?

Pierre Couderc
Is it ? is there an extension ?

Not DKIM verifying, but signing.


Thanks

PC

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is DKIM signing implemented in Thunderbird ?

Joshua Cranmer 🐧
On 8/17/2017 9:56 AM, Pierre Couderc wrote:
> Is it ? is there an extension ?
>
> Not DKIM verifying, but signing.

DKIM signing is applied by the outgoing SMTP server to all messages it
submits. Note that DKIM verification looks up the signing key by DNS
records, so it's not really appropriate to apply it at the MUA level.

--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is DKIM signing implemented in Thunderbird ?

Pierre Couderc
On 08/17/2017 05:31 PM, Joshua Cranmer 🐧 wrote:

Thank you very much !
> On 8/17/2017 9:56 AM, Pierre Couderc wrote:
>> Is it ? is there an extension ?
>>
>> Not DKIM verifying, but signing.
>
> DKIM signing is applied by the outgoing SMTP server to all messages it
> submits.
Mmm, I am sorry to have a counter exemple : at least my ISP
(smtp.free.fr) does not apply DKIM in its SMTP.
You are speaking only of big entities  where the smtp is managed  by the
entity itself (gmail, ibm, ford...).
> Note that DKIM verification looks up the signing key by DNS records,
Yes !
> so it's not really appropriate to apply it at the MUA level.
Mmm, sure ? why ? I see no reason.

But I know very good reasons to apply DKIM at MUA level : all the cases
when the sender does not master the SMTP used.
For exemple when the ISP provides SMTP service, but only on its own
servers blocking SMTP ports...
Particularly in case of mobility when you cannot use your usual SMTP
server !



_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is DKIM signing implemented in Thunderbird ?

Joshua Cranmer 🐧
In reply to this post by Joshua Cranmer 🐧
On 8/17/2017 10:51 AM, Pierre Couderc wrote:
> But I know very good reasons to apply DKIM at MUA level : all the
> cases when the sender does not master the SMTP used.
> For exemple when the ISP provides SMTP service, but only on its own
> servers blocking SMTP ports...
> Particularly in case of mobility when you cannot use your usual SMTP
> server !

You need to be able to control the DNS records of the domain of your
email address, or you need someone to gift you those keys (which is
highly unlikely), to be able to sign DKIM. If you do have a domain, then
you almost certainly have a SMTP server in your control that can do the
DKIM signing. Even if you don't have one, you can still stand up a SMTP
server on your local machine that proxies its output to another SMTP server.

--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is DKIM signing implemented in Thunderbird ?

Pierre Couderc
On 08/18/2017 12:31 AM, Joshua Cranmer 🐧 wrote:

> On 8/17/2017 10:51 AM, Pierre Couderc wrote:
>> But I know very good reasons to apply DKIM at MUA level : all the
>> cases when the sender does not master the SMTP used.
>> For exemple when the ISP provides SMTP service, but only on its own
>> servers blocking SMTP ports...
>> Particularly in case of mobility when you cannot use your usual SMTP
>> server !
>
> You need to be able to control the DNS records of the domain of your
> email address, or you need someone to gift you those keys (which is
> highly unlikely), to be able to sign DKIM.
Sure.
> If you do have a domain, then you almost certainly have a SMTP server
> in your control that can do the DKIM signing.
Yes, but the point is when it is not available for any reason because of
mobility.
> Even if you don't have one, you can still stand up a SMTP server on
> your local machine that proxies its output to another SMTP server.
Yes, this is fairly easy in linux : a local exim with DKIM and
thundirbird sending by it.
But, most users are under Windows and I have no idea of solution.

Anyway, this feature shold be availble in Thinderbird. Would it be
complex to implement it?

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is DKIM signing implemented in Thunderbird ?

Joshua Cranmer 🐧
In reply to this post by Joshua Cranmer 🐧
On 8/18/2017 1:02 AM, Pierre Couderc wrote:
> Anyway, this feature shold be availble in Thinderbird. Would it be
> complex to implement it?

We don't have a nice place to intercept outgoing messages that are
fully-formed. The closest place is hacking into the S/MIME process, and
even that's dicey (I'm not sure you could actually compute a hash over
the body contents there).

I don't think DKIM signing is worth implementing in core Thunderbird.
The use case is just too small--"I run my own email domain, but I can't
contact my own outgoing mail servers directly or by VPN or non-standard
ports or other means"

--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist

_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird
Reply | Threaded
Open this post in threaded view
|

Re: Is DKIM signing implemented in Thunderbird ?

Pierre Couderc
On 08/21/2017 04:24 AM, Joshua Cranmer 🐧 wrote:
> On 8/18/2017 1:02 AM, Pierre Couderc wrote:
>> Anyway, this feature shold be availble in Thinderbird. Would it be
>> complex to implement it?
>
> We don't have a nice place to intercept outgoing messages that are
> fully-formed. The closest place is hacking into the S/MIME process,
> and even that's dicey (I'm not sure you could actually compute a hash
> over the body contents there).
Mmm, it seems to me that the good place would be after all processing
just before sending the mail...
Moreover a local "simple" smtp with DKIM implemented is an alternative
to a failing MUA.
>
> I don't think DKIM signing is worth implementing in core Thunderbird.
Well theorically, it appears to me that the MUA is the more appropriate
place to DKIM sign a  mail. I think it is its job.
> The use case is just too small--"I run my own email domain, but I
> can't contact my own outgoing mail servers directly or by VPN or
> non-standard ports or other means"
You may be right, but you are saying : MUAs are dying. You can use them
only if you can join your "own" MTA. This is not the case all around the
world, and particularly in small companies. So, stop using Th.
Use roundcube.
(I had written : "Th. is dying", but I  think :  "MUAs are dying" is
more exact).

Thank you very much.
You are lighting the problem.
PC
_______________________________________________
dev-apps-thunderbird mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-apps-thunderbird