Skip to main content

Messages with DKIM error are silently discarded without any message

Comments

5 comments

  • cPRex Jurassic Moderator

    Hey there!  Inside WHM >> Exim Configuration Manager there are two options you can enable to adjust this behavior:

    Allow DKIM verification for incoming messages
    and
    Reject DKIM failures
     
    Are both of those enabled on your machine?  If not, there wouldn't be any failure messages sent.
    0
  • Mise

    yes, I have both enabled. Although there is no automatic message generated for the sender with the DKIM error. 

    Have you checked if automatic e-mail messages are sent by Exim after DKIM errors?. I have never seen these traces in the logs.

     

    0
  • cPRex Jurassic Moderator

    I reached out to our email team about this one and confirmed that there is no bounce of any kind sent to the sender for failed DKIM messages.  Would you like me to submit an official feature request to add that behavior?

    0
  • Mise

    it would be good, thanks!

    Really I think this is not an added feature but a failure in the mail system. These DKIM errors appears after a right SPF validation. At that point the probability of a non-authentic sender is lower than in the  previous step. However, there is no message to inform the sender about the rejection because a wrong DKIM configuration. 


    On my side I have created one script to parse the exim_reject.log to find these missed messages. It sends one message to the sender with  his DKIM error, and a daily summary to the receiver with their missed messages.  It works with a cron each 12 hours. It is not perfect but enough to clarify to our customers that the fault was in the sender, despite it can be a big company. 

    Big companies also seems to be victim of the fashion to avoid the task of sending their own e-mails. Instead, they upload the data of their customers to Mailgun and other mailing services. Although later  one can check how they are not configuring properly the DKIM fields. 

    According that growing fashion, probably we can expect more of these DKIM failures in the next times, and a bounce after a DKIM error can be necessary.

     

    thanks

     

     

     

     

     

     

     

    0
  • cPRex Jurassic Moderator

    Thanks for the additional details.  I submitted that feature request (we can call it whatever we want, but to get something added to the product it's a "feature" request) with a link to this thread so they can read the full discussion here - thanks!

    0

Please sign in to leave a comment.