DKIM: encountered the following problem validating domain : bodyhash_mismatch
Hello, guys.
I have 2 cpanel's servers. CP4 and CP6
A client opened a support saying that the email has been returned.
What the client sent:
[quote]Return-path:
Received: from [IPREMOVED] (port=54890 helo=DESKTOPTSBTF9A)
by domain-cp4.domain.com.br with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.91)
(envelope-from )
id 1fgW6M-000Fkw-EC; Fri, 20 Jul 2018 11:09:50 -0300
From: "Luiz Portnoi"
To: "'Eliezer'"
References: , , ,,, , , , , ,<005c01d42026$77f83bb0$67e8b310$@portsegcorretora.com.br> ,<006c01d42029$f90131a0$eb0394e0$@portsegcorretora.com.br> <007b01d4202b$ff46ce60$fdd46b20$@portsegcorretora.com.br>
In-Reply-To: <007b01d4202b$ff46ce60$fdd46b20$@portsegcorretora.com.br>
Subject: =?iso-8859-1?Q?ENC:_{Spam=3F}_Re:_{Spam=3F}_Re:_{Spam=3F}_Re:_ES_M=D3VEIS?=
=?iso-8859-1?Q?_EIRELI_-_ME_AP_81.0118.0014433?=
Date: Fri, 20 Jul 2018 11:11:14 -0300
Message-ID: <007001d42033$853dfc80$8fb9f580$@example.com.br>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0071_01D4201A.5FFF1C60"
X-Mailer: Microsoft Outlook 15.0
Content-Language: pt-br
Thread-Index: AQD6bWQcLwIq180ZedSlzPgmh5+dKgHPM72zAkzXcrQBhIkJJQGwBAQSAX/LZbQBU3tsEQDAOwEOAmGqXYUB9kGqUwJsxxH7AeSh9rUCdZ6WtAJLZiBjAftNP+YBndXrdwIffz0sAkCiEAoCXTlPjgLHxu6+AbvuODwBikCGfQD8qchppP4K7XA=
X-cPanel-MailScanner-Information: Please contact the ISP for more information
X-cPanel-MailScanner-ID: 1fgW6M-000Fkw-EC
X-cPanel-MailScanner: Found to be clean
X-cPanel-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=1.122, required 3, ALL_TRUSTED -1.00, AWL -2.38,
BAYES_00 -1.90, CPANEL_LOTS_OF_EMPTY_LINE 0.80, HTML_MESSAGE 0.00,
KAM_NUMSUBJECT 0.50, LOTS_OF_MONEY 0.00, URIBL_BLOCKED 0.00,
URIBL_SBL 5.00, URIBL_SBL_A 0.10)
X-cPanel-MailScanner-SpamScore: s
X-cPanel-MailScanner-From: luiz@example.com.br
X-Spam-Status: No
X-Exim-DSN-Information: Due to administrative limits only headers are returned
I had tested with a account ='compos@portsegcorretora.com.br'>compos@example.com.br sending e-mails to ='compos@larshopping.com.br'>compos@domain.com.br and testecompos@live.com. And it doesn't appear problem with the DKIM. What can it be? The DKIM assinature of two domains is fine. I have been tested it on mailtester. The CP4 and CP6 is different servers, but in same local. Look the prints bellow
I had tested with a account ='compos@portsegcorretora.com.br'>compos@example.com.br sending e-mails to ='compos@larshopping.com.br'>compos@domain.com.br and testecompos@live.com. And it doesn't appear problem with the DKIM. What can it be? The DKIM assinature of two domains is fine. I have been tested it on mailtester. The CP4 and CP6 is different servers, but in same local. Look the prints bellow
-
The problem appear when the server was updated to version v72.0.10 0 -
Hi @lfpiaggio Based on the header output (which I modified to remove the actual domain names) it looks like you're using MailScanner because this isn't something directly supported by cPanel I'd like to know if you're still getting the error with it disabled. Also out of curiosity I'd like to know what you have set for the following at WHM>>Service Configuration>>Configuration Manager: Allow DKIM verification for incoming messages By default, Exim verifies syntactically valid signatures in incoming mail, even when Exim is not configured to act on the results of the check. This verification process can degrade your server's performance. Reject DKIM failures Reject mail at SMTP time if the sender fails DKIM key validation. 0 -
Hi @lfpiaggio Based on the header output (which I modified to remove the actual domain names) it looks like you're using MailScanner because this isn't something directly supported by cPanel I'd like to know if you're still getting the error with it disabled. Also out of curiosity I'd like to know what you have set for the following at WHM>>Service Configuration>>Configuration Manager: Allow DKIM verification for incoming messages By default, Exim verifies syntactically valid signatures in incoming mail, even when Exim is not configured to act on the results of the check. This verification process can degrade your server's performance. Reject DKIM failures Reject mail at SMTP time if the sender fails DKIM key validation.
As i said: Its happens sometimes with our clients. I tested and it doesnt not appear problem with the dkim key. The dkim verification qnd reject fails is enabled0 -
Its look something about Outlook that change the dkim Key? This is the 3rd client's support. 0 -
I tried to emulate the fail dkim, with the same configurations of outlook client of my client. Same domain to same recipients. But it doesnt appear the erro and the msg delivery with sucess 0 -
As i said: Its happens sometimes with our clients. I tested and it doesnt not appear problem with the dkim key. The dkim verification qnd reject fails is enabled
I understood what you said but mailscanner has been known to cause issues similar to this. Because it's a 3rd party plugin which is not supported by cPanel and this behavior does not normally occur on systems with cPanel's default configuration I want to rule this out as a cause. Please let us know if the issue persists with MailScanner disabled.0 -
Without sucess... What you think about refresh time in zone differents of servers? 0 -
I recently solved a similar issue. Solution: manually add a Message-Id (note not a Message-ID) header then connect and send an email. cPanel WHM adds a Message-ID header and re-arranges the 'h' record in the DKIM signature which invalidates it, causing a DKIM:fail in the recipients mailbox. 0
Please sign in to leave a comment.
Comments
9 comments