堆栈内存溢出
  简体   繁体   English

C#| jstedfast / MimeKit | 具有DKIM安装程序的Office 365连接器

[英]C# | jstedfast/MimeKit | Office 365 connector with DKIM setup

 原文  2019-04-17 16:26:46       c#/ asp.net-mvc-4/ office365/ dkim/ mimekit

问题描述

DKIM is set up for a domain in Office365. 为Office365中的域设置了DKIM。 A .Net application (currently MVC 4) sends Email through an O365 connector to external parties. .Net应用程序(当前为MVC 4)通过O365连接器将电子邮件发送给外部方。 We'd like to sign these using DKIM as well. 我们也想使用DKIM进行签名。

I'm not quite clear about the entire process. 我对整个过程不太清楚。 MimeKit's Documentation is reasonably clear. MimeKit的文档相当清晰。 I suppose I can use any pub/priv key generator such as Putty to generate a keypair? 我想我可以使用任何发布/专用密钥生成器(例如Putty)来生成密钥对吗? I would then store the private key in a way that the C# application can read it into 然后,我将以C#应用程序可以将其读取到的方式存储私钥。 

var signer = new DkimSigner ("privatekey.pem") {
   SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1,
   AgentOrUserIdentifier = "@eng.example.com",
   QueryMethod = "dns/txt",
};

The public key will be published as a DNS record for my domain. 公钥将作为我的域的DNS记录发布。 Unfortunately, the Office 365 documentation isn't all too clear on the exact how. 不幸的是, Office 365文档的确切方式尚不清楚。

Summary Questions 简要问题

  • What exactly goes into AgentOrUserIdentifier , if my system sends with the address application@example.org ? 如果我的系统发送的地址为application@example.org AgentOrUserIdentifierAgentOrUserIdentifier到底是什么?
  • How exactly would I publish my generated public key to Office 365? 我将如何精确地将生成的公钥发布到Office 365?

Any enlightening summary would be greatly appreciated, thanks. 谢谢任何启发性的总结。

2 个解决方案

解决方案1
 1  2019-04-19 06:39:13

I'll accept @jstedfast's answer (although without really understanding it). 我将接受@jstedfast的答案(尽管没有真正理解它)。 Just in case anyone else is struggling with this, here's the complete walk-through: 以防万一其他人为此感到困惑,这里是完整的演练:

Get a public/private key pair. 获取公钥/私钥对。 You can use Puttygen or openssl directly, but it's easier to use (oh had I only known beforehand) sth like https://port25.com/dkim-wizard/ 您可以直接使用Puttygen或openssl,但是更容易使用(哦,我只是事先知道),例如https://port25.com/dkim-wizard/

Specify your domain name (example.org here) and a "selector" - this could be your application name ("greatapp"). 指定您的域名(此处为example.org)和一个“选择器”-这可以是您的应用程序名称(“ greatapp”)。 This selector will be the TXT record for the public key in DNS. 该选择器将是DNS中公钥的TXT记录。 Create an additional DNS (TXT) record; 创建一个附加的DNS(TXT)记录; leave the Office365 ones intact. 完整保留Office365。 Since they rotate keys regularly you want an additional record that you can control. 由于它们会定期旋转键,因此您需要可以控制的其他记录。 greatapp._domainkey.example.org IN TXT "k=rsa\\; p= here goes the stuff between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- ", so eg "k=rsa\\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvIwVBomj+dx2CEBbY/ZpSdnQK2Omx6ZNyHsuvC3MMJYNLQ069ajuJo5FP......." greatapp._domainkey.example.org在TXT中“ k = rsa \\; p = here goes the stuff between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- ”之间的内容,例如“ k = rsa \\; p = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvIwVBomj + dx2CEBbY / ZpSdnQK​​2Omx6ZNyHsuvC3MMJYNLQ069ajuJo5FP .......”

Copy the private key to a file, or use it in your code directly. 将私钥复制到文件,或直接在代码中使用它。 MimeKit either expects a file or a stream, so for the quick & dirty example here I'm using a string: MimeKit需要一个文件或一个流,因此对于这里的快速和肮脏示例,我使用一个字符串: 

var mail = new MimeMessage();
mail.From.Add(new MailboxAddress("Justin Case", "justin@example.org"));
mail.To.Add(new MailboxAddress("Candy Barr", "candy@example.org"));
... subject etc
var privateKey = @"-----BEGIN RSA PRIVATE KEY-----......";
var privateKeyStream = new MemoryStream(Encoding.Default.GetBytes(privateKey));
mail.Sign(new DkimSigner(privateKeyStream, "example.org", "greatapp", DkimSignatureAlgorithm.RsaSha256), new HeaderId[] { HeaderId.From, HeaderId.Subject }, DkimCanonicalizationAlgorithm.Simple, DkimCanonicalizationAlgorithm.Simple);

... Connect client and send.

Thanks to jstedfast something as awesome as MailKit/MimeKit exists, don't forget to donate. 多亏了jstedfast,像MailKit / MimeKit这样令人敬畏的东西存在了,不要忘了捐赠。

解决方案2
 0 已采纳  2019-04-18 18:46:40

From rfc6376, section 2.6 : RFC6376的2.6节开始

2.6. 2.6。 Agent or User Identifier (AUID) 代理或用户标识符(AUID)

A single identifier that refers to the agent or user on behalf of whom the Signing Domain Identifier (SDID) has taken responsibility. 单个标识符,指代签名域标识符(SDID)负责的代理或用户。 The AUID comprises a domain name and an optional <local-part>. AUID包含一个域名和一个可选的<local-part>。 The domain name is the same as that used for the SDID or is a subdomain of it. 域名与用于SDID的域名相同,或者是其子域。 For DKIM processing, the domain name portion of the AUID has only basic domain name semantics; 对于DKIM处理,AUID的域名部分仅具有基本的域名语义。 any possible owner-specific semantics are outside the scope of DKIM. 任何可能的所有者特定的语义都不在DKIM的范围之内。 It is specified in Section 3.5. 它在第3.5节中指定。

Note that acceptable values for the AUID may be constrained via a flag in the public-key record. 请注意,AUID的可接受值可能会通过公共密钥记录中的标志进行约束。 (See Section 3.6.1.) (请参阅第3.6.1节)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C# 带有 Office 365 和图形客户端的邮件 - C# Mail with Office 365 And Graph Client 使用MIMEKIT的DKIM - DKIM using MIMEKIT 将 office 365 与 C# WebForms 应用程序集成 - integrate office 365 with C# WebForms Applications c#Windows服务已连接到Office 365 - c# Windows Service connected to Office 365 Office 365 Api c#Windows服务 - Office 365 Api c# Windows Service 使用 C# 为另一个用户设置 Office 365 外出回复 - Setting Office 365 out of office reply for another user with C# Office365连接器:没有电子邮件地址的名称 - Office365 connector: no name for EmailAddresses 无法通过Office 365 C#客户端库发送电子邮件 - Unable to send email via Office 365 C# client library C#.Net Office 365 API入门 - Getting Started with C# .Net Office 365 APIs 如何使用C#通过CSOM连接到Office 365上的SharePoint? - How to connect to SharePoint on Office 365 with CSOM from C#?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM