Tinkering around with verifying a couple of domains and found the manual process rather tedius. My DNS controller offers API access so I figured why not script the whole thing.
Trick is I can't figure out how to access the required TXT & CNAME records for DKIMS verification from boto, when I punch in
dkims = conn.verify_domain_dkim('DOMAIN.COM')
it adds DOMAIN.COM to the list of domains pending verification but doesn't provide the needed records, the returned value of dkims is
{'VerifyDomainDkimResponse': {
'ResponseMetadata': {'RequestId': 'REQUEST_ID_STRING'},
'VerifyDomainDkimResult': {'DkimTokens': {
'member': 'DKIMS_TOKEN_STRING'}}}}
Is there some undocumented way to take the REQUEST_ID or TOKEN_STRING to pull up these records?
UPDATE
If you have an aws account you can see the records I'm after at
https://console.aws.amazon.com/ses/home?region=us-west-2#verified-senders:domain
tab: Details:: Record Type: TXT (Text)
tab: DKIM:: DNS Record 1, 2, 3
these are the records required to add to the DNS controller to validate & allow DKIM signatures to take place
This is how I do it with python.
DOMINIO = 'mydomain.com'
from boto3 import Session
session = Session(
aws_access_key_id=MY_AWS_ACCESS_KEY_ID,
aws_secret_access_key=MY_AWS_SECRET_ACCESS_KEY,
region_name=MY_AWS_REGION_NAME)
client = session.client('ses')
# gets VerificationToken for the domain, that will be used to add a TXT record to the DNS
result = client.verify_domain_identity(Domain=DOMINIO)
txt = result.get('VerificationToken')
# gets DKIM tokens that will be used to add 3 CNAME records
result = client.verify_domain_dkim(Domain=DOMINIO)
dkim_tokens = result.get('DkimTokens') # this is a list
At the end of the code, you will have "txt" and "dkim_tokens" variables, a string and a list respectively.
You will need to add a TXT record to your dns, where the host name is "_amazonses" and the value is the value of "txt" variable.
Also you will need to add 3 CNAME records to your dns, one for each token present in "dkim_tokens" list, where the host name of each record is of the form of [dkimtoken]._domainkey and the target is [dkimtoken].dkim.amazonses.com
After adding the dns records, after some minutes (maybe a couple of hours), Amazon will detect and verify the domain, and will send you an email notification. After that, you can enable Dkim signature by doing this call:
client.set_identity_dkim_enabled(Identity=DOMINIO, DkimEnabled=True)
The methods used here are verify_domain_identity, verify_domain_dkim and set_identity_dkim_enabled.
You may also want to take a look a get_identity_verification_attributes and get_identity_dkim_attributes.
I think the get_identity_dkim_attributes method will return the information you are looking for. You pass in the domain name(s) you are interested in and it returns the status for that identity as well as the DKIM tokens.
Related
I am new to Jmeter and trying to carry out the following flows:
User Login with username and password
Page 1 is displayed with 10 invoices - User select ten invoices -
10 ajax call is executed (invoice1, invoice2,invoice3.. json file is generated with invoices as request)
Page 2 is displayed to view invoices
User log out
I have recorded the flow with blazemeter plugin on chrome.
The thread group in Jmeter has the following tasks:
I have 10 users in a file called users.txt and i am using CSV Data
set config to load them.
For each user I will load only 10 invoices from invoices.txt using
CSV Data set config to load them.
Since I have 10 users and each user needs 10 invoices, my
invoices.txt has 100 unique invoices.
Please find csv config for invoice below:
The problem is that I need each user to be assigned with 10 unique invoices and those 10 invoices cannot be allocated to another user.
Any idea how I can load 10 unique invoices for each user and make sure those invoices are not assigned again to another user?
invoices.txt should have only unique IDs before test start, you can share the IDs using:
CSV Data Set Config inside loop of users with attributes:
Sharing mode - All Threads - ID won't be repeated
Recycle on EOF? - False - for not to get invalid Id (<EOF>)
Stop thread on EOF? - True - Stop when file with unique IDs ends
You can consider using HTTP Simple Table Server instead of 2nd CSV Data Set Config.
HTTP Simple Table Server has KEEP option, given you set it to FALSE each used "invoice" will be removed, it will guarantee uniqueness even in case when you run your test in Distributed (Remote) mode
You can install HTTP Simple Table Server (as well as any other JMeter Plugin) using JMeter Plugins Manager
I have a domain mydomain.com. The DNS servers for this domain are under my control and I'm running PowerDNS there. I've set up DNSSEC for my main domain mydomain.com and I've registered the keys at registrar. Everything works fine for the main domain. However when I create subdomains (zones) with PowerAdmin GUI then I get the following error for my subdomains from DNSSEC analysis tool at http://dnssec-debugger.verisignlabs.com/:
No DS records found for subdomain.mydomain.com in the mydomain.com zone
Question: how to add that DS record to mydomain.com zone with powerdns?
Note: I haven't used PowerAdmin, so this is a PowerDNS answer.
Assuming you have also signed these subdomains/zones, you would use pdnssec show-zone to see the DS records for them. Then, insert these DS records into the parent zone (mydomain.com), with fields set like this:
domain_id = id of domain.com
name = sub.mydomain.com
type = DS
content = copy/paste from pdnssec show-zone
You also need to insert NS records (as above, but with type=NS and content=name of your server), to get a valid delegation, even if it is local!
If you don't actually care about DNSSEC for the subdomains, just insert the NS records and leave out the DS. This will tell validators that the subdomain is deliberately insecure.
I have an extension that needs to access the IP addresses associated with a recent change entry.
From the revision ID, I can access the Revision object and in turn the associated RecentChange but neither have any obvious methods to get the originating IP. It can only get the IP if it was an anonymous edit.
I have set $wgPutIPinRC so the IPs will be in the recentchanges table.
How can I get the IP address for the change?
It is not directly exposed as a property, but it is stored in the class as an attribute.
These can be read using the RecentChange::getAttribute() method passing the field name of rc_ip:
$ip_address = $this->recentchange->getAttribute( 'rc_ip' );
This still requires $wgPutIPinRC to be set for the data to be recorded in the first place.
I'm sending weekly emails to subscribers and it turns out that messages are frequently going to the spam folder for users.
I'm utilizing Amazon SES to send these messages and have added an SPF record according to their instructions: http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SPFSenderIDDKIM.html?r=3917
In querying the SPF records for my domain I get the following back from http://www.kitterman.com/spf/validate.html:
SPF record lookup and validation for: mydomain.tld
SPF records are primarily published in DNS as TXT records.
The TXT records found for your domain are:
SPF records should also be published in DNS as type SPF records.
Type SPF records found for the domain are:
Checking to see if there is a valid SPF record.
Found v=spf1 record for mydomain.tld:
v=spf1 include:amazonses.com ?all
evaluating...
Results - record processed without error.
The result of the test (this should be the default result of your record) was, none . The explanation returned was,
For my CloudFlare DNS records I have:
SPF mydomain.tld v=spf1 include:amazonses.com ?all with automatic TTL
TXT mydomain.tld spf2.0/pra include:amazonses.com ?all with automatic TTL
The emails are being sent from "no-reply#mydomain.tld" and "admin#mydomain.tld".
Some users have reported seeing the following message: "Messages that falsely appear to be a "bounced message" response (a system-generated email that you might automatically get after sending a message that can't be delivered such as a message sent to an invalid email address)"
With my current sending solution I can't add a DKIM to the emails.
How can this be resolved so as to ameliorate any kind of receipt issues for our users?
There are no valid TXT records for your domain (notice that the test doesn't return any, see below for a working example), which is caused by missing quotes around those TXT records you defined, as explained e.g. in Record Types Supported:
Unlike with most other record types, for TXT records the Data field is
essentially free-form and may even include spaces. Please note: When
entering a string that includes spaces, such as SPF records, you must
enclose the string in double quotes; otherwise, individual words will
be separately quoted and break up the record into multiple parts.
Here are the TXT records we currently use successfully for Amazon SES as per Authenticating Your Email Address and (it's indeed unfortunate that their documentation doesn't address the quoting needs):
"v=spf1 include:amazonses.com ~all"
"spf2.0/pra include:amazonses.com ~all"
Accordingly, here is our domain's abbreviated result for the test you have been running:
SPF record lookup and validation for: [...]
SPF records are primarily published in DNS as TXT records.
The TXT records found for your domain are:
spf2.0/pra include:amazonses.com ~all
v=spf1 include:amazonses.com ~all
[...]
Checking to see if there is a valid SPF record.
Found v=spf1 record for services.marescom.net:
v=spf1 include:amazonses.com ~all
I have an SSIS package which is going to be deployed on test, staging, and finally production.
It has a couple of "Send Mail Tasks",say 10.
As developer, I put my email address as the recipient of the email.
Currently, for the test person, I need to change all the "To"s in all the script task to e.g. "TestPerson#test.com". If following the paradigm of hard-coding the emails this way,I need to change the recipient email 30 times!!! (10 for each stage stated above)
Just wondering if there is any way to inject To field(recipient) dynamically. e.g. from a variable. like I have done for the "MessageSource"
You can set the ToLine of the Send Mail task to be the value of a variable, using an Expression from the Properties window of the task.
We use a SQL table containing a list of email recipients for various conditions (table columns of kemail, emailaddress, success, error) and set flags in the table to 0=no, 1=yes for that particular user to receive emails on particular conditions.
Then create a variable that contains a delimited list of your recipients then use an expression to set "ToLine" for the send mail task.
The only thing to watch here is that you don't end up with a no records returned from the SQL table. We always have our "support" email address always having all the bits set, to avoid this.
So the package wont need to be modified when a new user needs to receive email updates.