email Archives - mypapit gnu/linux

September 4, 2022May 1, 2023

Solving DKIM verification FAILED with Bad Format in Gmail email messages

DKIM (Domain keys identified Mail) is a scheme for which allows a receiver to verify that the email originated (or authorized) by the domain’s owner via a digital signature.

Having DKIM signature adds credibility to the email messages sent from the origin host/domain, which is crucial for automated emailing system to avoid the messages from being suspected as SPAM email or spoofed email.

I managed to set up DKIM for an academic journal website which I’ve managed. The journal’s runs on Open Journal System web application, the addition of DKIM is crucial to avoid GMail or Microsoft Live from labeling the automated emails sent from the academic journal from being labeled as spam.

At first I found that the DKIM scheme that I’ve setup was running fine and the email messages was verified correctly from my Organizational email domain. However, I’ve noticed a problem when the automated email sent from OJS is not properly verified by Gmail-addressed account (@gmail.com). Upon inspection in the email header, I’ve noticed that the GMail marked the DKIM signature sent from my domain as “bad format”. Example below:

DKIM:	'FAIL' with domain jcrinn.com

dkim=neutral (bad format) header.i=@example.com header.s=mail header.b=AbCdE5g;

After hours of searching and debugging, including referring to the DKIM NS TXT record for reference, I finally found out that Gmail treat the “g=*” optional parameter as required, and thus I’ve to append “;g=*” to the DKIM TXT record on my domains’ DNS record.

So it become similar like this:

TXT default._domainkey  v=DKIM1; p=yourPublicKeywHiCHi5+abit+1OnG; g=*

After altering the records, it seems GMAIL finally able to verify the automated emails sent from my OJS-based web application

The “signed-by” is visible when DKIM is successfully validated by GMail

Hopefully this will work out fine for you too!

P/S: DigitalOcean has an excellent tutorial on DKIM installation and setup in GNU/Linux operating system.

July 29, 2015July 29, 2015

What ever happened to 1Malaysia Email – Tricubes, Pemandu, anyone??

What ever happened to 1Malaysia email, a project that said to be valued at 5.3 milions (MAVcap funding) ?

Source:

The Star
Official email account for each Malaysian adult
Pemandu: Communications Content & Infrastructure
The Next Web: Malaysia’s new “official” email address for each citizen will also offer biometric USB device

1myemail-db

The 1Malaysia email is touted to be more secure than the average email provider, but a quick search reveals that the domain is still alive at the time of this writing, but is giving invalid & untrusted “self-sign” security certificate: https://www.myemail.my/

What has happened to this grandeur project??

p/s: I’ve been prepping to get my hands on the said “USB Biometric” device a few years ago and to use it on my Linux system. Seems that day have never come :(

Meanwhile enjoy my other article on enabling USB device via serial port: How to enable USB serial port converter RS-232 in GNU Linux

June 7, 2012June 4, 2012

Backup your Gmail account in Ubuntu Linux with gmvault

This is a follow-up of my previous post “What to do when your Google disabled your Gmail account?“.

Here’s how to download all emails from your GMail account with Gmvault:

Download and setting up gmvault

1. First you need to install python-pip
[bash]
sudo apt-get install python-pip
[/bash]

2. Then using ‘pip’, install gmvault
[bash]
sudo pip install gmvault
[/bash]

3. Finally you can sync and backup GMail accounts with ‘gmvault‘
[bash]
gmvault sync your_username @ gmail.com
[/bash]

4. gmvault will ask you to authenticate yourselves with GMail, and after that, the syncronization process starts. gmvault stores all the gmail backup in the ‘gmvault-db‘ directory.

p/s: Some users encounters error telling that the “All Mail folder is not visible”. You can enable All Mail folder visibility by checking the “Show in IMAP” box in Settings->Labels. Also, IMAP access should also be enabled for this to work.

p/s 2: It might not be obvious right now why you need to backup your emails when Gmail has gigabytes of storage. But according to Gmail discussions group, Google can and might disable access to all of its services, locking the users out from their emails forever.

September 9, 2010November 8, 2011

How to use GNU Privacy Guard (GPG) – Encrypt, Decrypt, Sign and Verifying identities

GPG or the GNU Privacy Guard is a free and open source software that implements OpenPGP public-key cryptography message format (RFC4880). You can use GPG to encrypt, decrypt, sign and verify files or emails. To use GPG, you need to generate the public-key/private-key pairs in your computer by running this command, and choose the default option

gpg --gen-key

The application will ask you to enter your ID and passphrase, make sure you choose a strong passphrase to guarantee the safety and security of your keys.

Encrypting and Decrypting Files
You can use GPG to encrypt files, it can be only decrypted by those who have your public-key. The command that can be used to encrypt file is :
gpg --out encrypted_file.txt --encrypt original_file.txt

Run this command to decrypt. Files encrypted with private key can only be decrypted with public key and vice-versa.
gpg --out decrypted.txt --decrypt encrypted_file.txt
Signing Email or body of texts
Alternatively, you can chose to sign emails/texts instead of encrypting them. Signing files is a way to ensure that the message/texts/emails are from the right sender and its content has not been tempered with. You can run this command to sign email or texts :
gpg --clearsign original_text.txt
This will produce a signature file which content the original text with PGP signature embedded at the bottom of the message.

To verify it (assuming you have the public key), you need to run this command:
gpg --verify original_text.txt.asc

Continue reading “How to use GNU Privacy Guard (GPG) – Encrypt, Decrypt, Sign and Verifying identities”