DKIM fail sending to Office 365 and Outlook.com

lukekenny

• April 12, 2019 08:01

This is a bit of a weird one. WHM DKIM & SPF is set up correctly, and emails sent through the cPanel accounts to test services like dkimvalidator.com/ show DKIM passed. Emails sent to Gmail show DKIM passed. However, emails sent to Office365 Exchange accounts and Outlook.com accounts show DKIM fail. A sanitised example from an Office365 recipient: Authentication-Results: spf=pass (sender IP is 1.1.1.1) smtp.mailfrom=senderdomain.com.au; receivedomain.com.au; dkim=fail (signature did not verify) header.d=senderdomain.com.au;receivedomain.com.au; dmarc=pass action=none header.from=senderdomain.com.au;compauth=pass reason=100 Where as the exact same test message sent to a Gmail account: ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@senderdomain.com.au header.s=default header.b=uDV+6ipX; spf=pass (google.com: domain of website@senderdomain.com.au designates 1.1.1.1 as permitted sender) smtp.mailfrom=website@senderdomain.com.au; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=senderdomain.com.au DMARC was enabled manually for this domain, trying to solve the problem. It doesn't make a difference if it's on or off. dkimvalidator.com shows DKIM passes. Does anyone have any idea what additional steps / configuration is required to get cPanel emails passing Microsoft's checks?

• 

  cPanelMichael

  • April 16, 2019 16:36

  Hello @lukekenny, Can you open a

  1
• 

  lukekenny

  • April 16, 2019 17:08

  Done. Your Support Request ID is: 11989379

  0
• 

  QAZwsxED

  • October 05, 2020 01:27

  I recently solved a similar issue. Solution: manually add a Message-Id (note not a Message-ID) header then connect and send an email. cPanel WHM adds a Message-ID header and re-arranges the 'h' record in the DKIM signature which invalidates it, causing a DKIM:fail in the recipients mailbox.

  0
• 

  drandre

  • May 25, 2023 19:11

  We are having issues with our shared web host with attempting to update the Exim settings. They will not alter their Exim settings on the shared hosting platform and state if cPanel updates their servers with the corrections, they will apply those updates. I discovered this 7 year old article (Exim's DKIM signatures do not verify on Microsoft servers (outlook, hotmail) *only*) which states by adding the following string into Exim email server... [QUOTE]dkim_sign_headers = to:from:subject:message-id:date:user-agent:mime-version:content-transfer-encoding
  ... has anyone attempted this or has cPanel provided a fix for this? I am attempting to get an update. Is this DKIM authentication problem a configuration issue with my provider's Exim file configuration or is this a Microsoft mail (outlook.com/hotmail.com/O365Exchange) server issue?

  0
• 

  cPRex Jurassic Moderator

  • May 26, 2023 17:45

  @drandre - it sounds like there is likely something else happening with your situation. If all cPanel servers had a configuration that caused messages to the Microsoft/Outlook network to fail, that would be a major issue that would be immediately addressed. In the original ticket mentioned in this thread (11989379) it turned out to be a custom script sending the mail causing the issues that wasn't related to cPanel or Exim. It would likely be best to start a new thread with your specific issues and we can look into that for you, but since you only have cPanel access you would not be able to get the necessary logs from the server-side to see exactly how Exim is handling the message.

  0

Please sign in to leave a comment.