I am setting up a WordPress site that will send S/MIME encrypted emails via SendGrid using a plugin called WP PGP Encrypted Emails (looks like it uses PHP's openssl_pkcs7_encrypt). I have successfully sent, and decrypted S/MIME emails with my hosting provider's postfix SMTP servers. However I have to take into account deliverability, so I would like to use SendGrid (which is not a changeable requirement for me) to improve their deliverability.
The issue that I am running into is that first SendGrid's API will reject emails that have the content-transfer-encoding set to "base64". I don't know how significant this header is in the context of S/MIME emails, but whenever I remove it or change it, my emails don't come through as expected. I did some research and found that the API simply doesn't allow changing this header, but that I should be able to modify the content-transfer-encoding header if I send directly to SendGrid's SMTP at smtp.sendgrid.net. If I do that, I can indeed send out an email that arrives with an encrpyted attachment, as expected. The problem is that when I try to decrypt the attachment in Outlook (another requirement), I get a message saying that "the underlying security system cannot verify your Digital ID".
My questions are whether or not anyone has encountered this issue before and been able to resolve it, do SendGrid SMTP servers allow content-transfer-encoding to be modified, and what role does this header play in sending and recieving S/MIME encrypted emails?
Edit: Email Headers
X-Mailer: PHPMailer 6.5.3 (https://github.com/PHPMailer/PHPMailer)
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"; charset=UTF-8
Related
I am trying to send some emails, through hotmail (outlook.live) smtp server. I am building an app that is somewhat an email client and I need to send some custom headers to provide some functionality.
The thing is that, while other email servers (only tried with Gmail and aol) accept custom headers or other rfc described headers (custom like, X-test and rfc described "Comments" or "Keywords") hotmail does not, the email sent does not contain those headers while the ones received from Gmail or aol contain the custom header.
Does hotmail require something extra or in a different format? Or they just remove them?
I want to sign and encrypt my mail.
My current camel version is 2.13.0.
Is there a camel feature which I can use for this purpose?
Body is plain text therefore XMLDSig or so cannot be used.
Expected result should be a mail with these headers:
Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
Content-Transfer-Encoding: base64
I solved the problem for sending.
I created a new MimeMessage with all required parameters like from, recipient, subject and content (Multipart with body and attachments).
With BouncyCastle I signed and encrypted this MimeMessage.
I set the resulting MimeMessage as body and sent it with standard camel mail endpoint. All required parameters will be selected from the MimeMessage itself and not from the exchange headers.
For receiving I will use also the camel mail standard but with the parameter mapMailMessage=false that I can process the received javax.mail.Message itself without preprocessing. For decrypting I will also use BouncyCastle.
I am not a Camel user, but I was curious and played around with it. What you want is S/MIME signing and encryption. This is currently unavailable, but there is a ticket for it which never got any response since it was created in February 2015. Camel has a MIME-Multipart data format, PGP encryption (but only symmetric), Sign/Verify (without encryption) - but I see no way to combine them in order to really get a valid S/MIME envelope for a signed + encrypted e-mail. Besides, PGP is not S/MIME and vice versa.
I do know how to compose and send such e-mail via JavaMail + BouncyCastle library, I even have sample code for it. Theoretically you could create the MIME message via JavaMail + BouncyCastle and then use Camel to send it or create your own S/MIME endpoint or data format (at least one-way for marshalling and skip unmarshalling if you do not need it). But out of the box I have not found a way to do it.
Update:
Even if I put a preconfigured signed & encrypted MIME part on the input endpoint and do this...
.setHeader("From", simple("sender#web.de"))
.setHeader("To", simple("recipient#web.de"))
.setHeader("Subject", simple("Signed & encrypted"))
.setHeader("Content-Type", simple("application/pkcs7-mime; name=\"smime.p7m\"; smime-type=enveloped-data"))
.setHeader("Content-Transfer-Encoding", simple("base64"))
... and the mail is sent, mail clients like Thunderbird cannot really disiplay the mail because the Camel mail endpoint overwrites the Content-Transfer-Encoding by a value of 7bit. There is another ticket for this issue, but also unresolved since June 2014. So for the time being you cannot even use the mail endpoint to send the message after you have built it via JavaMail and BouncyCastle. You even have to send it by yourself (also very simple via JM + BC, but annoying). So presently you cannot really use the Camel infrastructure because endpoints and data formats are unfit for S/MIME message composition.
I am sending a newsletter via Gmail's SMTP (actually, the SMTP depends on the mail's content, but let's use Gmail for this question).
My problem is, that bounced mails shall not return to the GMail account, but to another address. This address includes some VERP data to automatically detect outdated addresses.
What I know so far:
Gmail restricts the FROM header (which is perfectly fine for me, we do not want to spoof anything).
According to the SMTP specs, Gmail changes the Return-Path (or better: adds another one).
The Error-to header is deprecated
Using PHPMailer, I already have set the envelope sender ($mail->Sender property), which is correctly sent during SMTP communication
2014-06-11 13:59:51 CLIENT -> SERVER: MAIL FROM:<mailer+P=49276#myserver.de>
2014-06-11 13:59:51 SERVER -> CLIENT: 250 2.1.0 OK ey16sm6579150wid.14 - gsmtp
So ... is there any other option to tell the receiving mailserver to send bounces to another address? And/or tell the Gmail SMTP server to send the bounces there, if they are directly generated by the SMTP server?
UPDATE
It seems that disregarding my envelope sender goes along with the known Gmail protocol violation of changing the From header (http://lee-phillips.org/gmailRewriting/). When trying the same with GMX, the email is simply refused until the envelope sender matches the GMX mail address corresponding to the login.
Does that mean, I have no chance to alter the address that bounces are sent to?
I am wondering if any email recipients may have automatically marked incoming messages as spam, only because swiftmailer was used to send the message (via google smtp, real google account)
Any info on this?
I have been using swift mailer with a gmail account to test sending emails with my web application.
Everything seems to be fine as SwiftMailer sets up the headers properly and none of my emails have ever gone into the spam folder.
When sending multipart emails, swift mailer does insert something into the headers:
multipart/alternative; boundary="_=_swift_v4_13311823894f583b352a1eb_=_
So, yes it is possible to tell if an email is sent using swift mailer as well.
I have programmatic access to a POP3 mailbox plus access to archived emails stored in a database. My objective to to find out bad email addresses -- the email addresses from which emails were returned (bounced) with status or messages such as:
Undeliverable mail
Delivery Status Notification (Failure)
Undelivered mail returned to sender
Emails from people such as mailer-daemon or postmaster
Is there are way to filter out such emails without using "heuristics"? Its easy to scan the subject for words like "undeliverable" or senders such as "mailer-daemon" but I want a better solution, if any.
Note that I have access to mail headers for all POP3/database archived emails. Is there some header that I can use?
Some mail servers implement RFC 3464. Those that do will typically generate Delivery Status Notifications with a message header Content-Type of multipart/report and three component parts (text/plain, message/delivery-status and message/rfc822). So you could detect those characteristics of the message and process accordingly. The message will generally look like this:
From: "Mail Delivery System" <MAILER-DAEMON#example.com>
Subject: Delivery Status Notification (Failure)
Content-Type: multipart/report; report-type=delivery-status
Content-Type: text/plain
A human readable explanation of the Delivery Status Notification.
Content-Type: message/delivery-status
A structured machine readable reason for the Delivery Status Notification.
Content-Type: message/rfc822
The original message.
For those mail servers that generate Delivery Status Notifications in an unstructured format, it is probably still necessary to detect their notifications by analysing the text of the From: and Subject: message headers.