Thursday, January 20, 2011

How to deploy DKIM email authentication in 4 steps

DKIM is an emerging e-mail authentication standard supported by Yahoo, Google and others ISPs, as well as a growing number of Email Service Providers that was developed by the Internet Engineering Task Force. DKIM allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message. Deploying DKIM for your company is pretty straightforward. If you are managing all of your own email servers and outbound email, including sales, marketing and transactional emails, there are 4 steps. If you are using an ESP there are 2 very simple steps that take about 10 minutes. Here’s the rundown.
DKIM provides email authentication and often complements Email authorization. Email authorization is implemented using 'Sender Policy Framework' ("SPF") and/or SenderID. I'll explain how to configure SenderID/SPF in a related posting.
Configuring DKIM (Companies Managing their Own MTAs)
If you are hosting your own email servers, your company needs to take these 4 steps to deploy the emerging DomainKeys Identified Mail (DKIM) standard:
Step #1:
Figure out all the domains that are allowed to send outbound mail on its behalf. Often this includes multiple corporate domains as well as third-party e-mail Service Providers (like Pinpointe). This is often the hardest step - especially for large organizations.
Step #2:
Next you’ll use an online wizard to create the DKIM public / private key pairing and the policy record. The ‘public’ key is a key that will be placed in your public-facing DNS record along with what’s called a ‘policy record’.
The ‘private’ key is a long key that is installed on the MTA/Email sending system(s). When you send an email, the outgoing email server (or the outgoing server of your Email Service Provider, such as Pinpointe), adds the
Here are two online wizards you can use to create the public/private key pair and the policy record. You just enter your sending domain and a ’selector’ - which is kind of like a password key (if you use an ESP - the ESP does all this for you):
Step #3:
Create DNS text records that include DKIM information for every domain that is used to send e-mail. These records will be inserted in your public facing DNS record for each sending domain. If you don’t know how to insert / modify your DNS entry, you can find a description in our description of setting up an SPF record - the process is pretty much the same:
Step #4:
Upgrade your emails servers and/or software to support DKIM. (Note - In the Email world, Email servers are often called “message transfer agents” or “MTAs”).” MTAs are the last component of a messaging system to touch outbound e-mail. That’s where DKIM signatures are attached.

Steps to Implement DKIM With an Email Service Provider :
If you are using an ESP, the process is trivial:

Step #1 - Ensure you have access to your domain’s DNS Entry (see step #2 above)
Step #2 - Call your ESP. Your ISP can provide you the key information and policy entries for your DNS entry.

Sunday, January 16, 2011

Running CodeIgniter from shell on Cronjobs

I am actually tuklifying from the CodeIgniter wiki - just adding my experience - things I faced and solution to the issue.
Steps :
1.Make a directory for your cron scripts. I just used scripts and put it in the same directory that my CI system folder is in.
2. Copy the index.php file from your DOCUMENT_ROOT (the script that normally initiates a connection to CI from a web browser) to the scripts directory, and rename it to something meaningful, such as mailsender.php.
3. Add the following line at the very first line of the mailsender.php:
#!/usr/local/bin/php -q
4. Edit this file and make some slight adjustments. First, we don’t want the script to timeout during execution, so somewhere toward the top we add:
5. Set the path to the system folder, if it isn’t correct:
$system_folder = "../system";
6. We need to let CI know what controller/method we want to access, and any other URI variables we need. Normally this happens in the URL, so we emulate it by setting PATH_INFO manually:

$_SERVER['PATH_INFO'] = '/mailprocessor/sendmail';
$_GET = ''; // Required for some installations
However, if the config uri protocol is set to REQUEST_URI, then CI doesn’t use PATH_INFO, so instead, emulate REQUEST_URI manually:

$_SERVER['REQUEST_URI'] = '/mailprocessor/sendmail';
7. You create a mailprocessor.php controller (in the application/controllers dir) with a sendmail method, and make it do what it needs to do, load libraries/models/etc, execute them, then exit. What you don’t want to happen is output anything. Just make sure you don’t echo any content to stdout (echo, loading views, etc.) If you are sending emails, you would load a view file, but return the contents to a variable instead of displaying it (pass true as third param), then run through normal procedures for sending emails.
One thing to be aware of regarding security, you probably don’t want anyone accessing /mailprocessor/sendmail from a web browser[In my case I don put the scripts on the web directory- so no need to worry about ], so in the mailprocessor.php controller constructor, you may want to do some kind of check to make sure we are coming from a cron script. Probably the easiest method would be to test the SCRIPT_FILENAME variable:

if($_SERVER['SCRIPT_FILENAME'] != 'mailsender.php')
8.Once everything looks good, add your crontab entry to execute the script, and there you have it! Sample cronjob [from cPanel  can easy do that- you just need to put the script location to run]:
# execute cronjob every day at 2am
00 02 * * * /HOME/myusername/misc/scripts/mailsender.php
My addition : 
8. You need to edit the BASEPATH on the mailsender.php.  You need to put the absolute path instead of relative path.

Original post - You will get some other alternative ways to do the things :)
Update-05/16/2011: On version 2, CodeIgniter has implemented a feature to run sccript from CLI. :)