Is DKIM signing implemented in Thunderbird ?

[Pierre Couderc]

Is it ? is there an extension ?

Not DKIM verifuing, but signig.


Thanks

PC

[Good Guy]

I thought DKIM setup is at the domain level and TB will just follow it when sending the message via that domain.  Is this not so?  Google G-Suite has a doc about this:

<https://support.google.com/a/answer/174124?hl=en>

For verifying (which you already know about) there are Add-Ons but I won't link them as you are already aware of.

Apart from this I have no further info to add here.

--

With over 500 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows.

[Pierre Couderc]

On 08/15/2017 07:34 PM, Good Guy wrote:

On 15/08/2017 09:04, Pierre Couderc wrote:

I thought DKIM setup is at the domain level and TB will just follow it when sending the message via that domain.  Is this not so?  Google G-Suite has a doc about this:

<https://support.google.com/a/answer/174124?hl=en>

For verifying (which you already know about) there are Add-Ons but I won't link them as you are already aware of.

Apart from this I have no further info to add here.

Thank you very much.
Yes DKIM is at domain level (at least, but this is to be checked, I am not sure). But RFC6375 at 2.1 specifies that many signers are possible, and particularly the MUA.

I do not know of any MUA offering this service.

But it would be very useful in case of mobility. When your usual SMTP is unavailble. Thunderbird add the domain signature, but uses the local SMTP...

[NoOp]

This might be an interesting read for you:

https://bugzilla.mozilla.org/show_bug.cgi?id=265226
Implement DomainKeys (DKIM/RFC 4871)
NEW Unassigned
Status
Product: ▸ MailNews Core
Component: ▸ Security
Importance: -- enhancement
Status: NEW
Reported: 13 years ago
Modified: 2 years ago

[nous]

On 15/08/2017 23:38, NoOp wrote:
> On 8/15/2017 11:12 AM, Pierre Couderc wrote:

> This might be an interesting read for you:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=265226
>

I thank you very much, but this is many hours of reading and much more
understanding. Would you be kind enough to synthesize synthesizeyour
idea in one or 2 sentences ?

[NoOp]

I think that you are actually referring to RFC 6376 rather than 6375:
https://tools.ietf.org/html/rfc6376#page-7

The short answer, as I can tell from reading that bug, is no. However,
to confirm I recommend asking on the dev group or list:

mozilla.dev.apps.thunderbird
dev-apps-t...@lists.mozilla.org

I take it that you don't like to read... however if you are interested,
NIST SP 800-177 provides some good information on 'Authenticating a
Sending Domain and Individual Mail Messages' (Section 4):
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177.pdf

[Pierre Couderc]

On 08/17/2017 04:59 AM, NoOp wrote:
> On 8/15/17 3:09 PM, nous wrote:

> I think that you are actually referring to RFC 6376 rather than 6375:
> https://tools.ietf.org/html/rfc6376#page-7

Thank you very much.
Yes, you are right : RFC6376. Sorry for th noise.

>
> The short answer, as I can tell from reading that bug, is no.

Thank you for the short answer ;)

> However,
> to confirm I recommend asking on the dev group or list:
>
> mozilla.dev.apps.thunderbird
> dev-apps-t...@lists.mozilla.org

OK, I shall do that.

> I take it that you don't like to read...

Well, I like reading. But my immediate need was : is DKIM implemented,
even if I have found nothing on the web ? yes or no. So thank you again
for your no.

> however if you are interested,
> NIST SP 800-177 provides some good information on 'Authenticating a
> Sending Domain and Individual Mail Messages' (Section 4):
> http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177.pdf

Thank you. I have read the DKIM part of this document.
It is done for big organisations where the MTA of the sender is
controled by the organisation.
I am looking for a DKIM solution when the MTA of the organosation is not
available. For exemple, an ISP who blocks the SMTP ports other than its
own SMTP.
And my current conclusion is that there is no solution.

[NoOp]

I see that you are using linux... perhaps you could roll your own?

https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
https://www.linuxbabe.com/mail-server/ubuntu-16-04-iredmail-server-installation

And if you need a free cert:
https://letsencrypt.org/
https://community.letsencrypt.org/search?q=dkim

[Pierre Couderc]

On 08/17/2017 08:30 PM, NoOp wrote:

> I see that you are using linux... perhaps you could roll your own?
>
> https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4

Thank you. Your solution is very interesting for linux...
Thindebird sends smtp to local exim which DKIM signs the mail..
Fine...

But most of my users are under Windows :(

But the good solution would be a DKIM solution inside Thunderbird