DKIM Issue - Signing Fields

dazeck

• May 31, 2026 09:35

I've been working tirelessly on improving email deliverability recently, especially as I needed to change servers and the new server was already blocked by Microsoft.  I thought I'd nailed everything but was checking some dkim reports and realised emails sent to Microsoft were failing the dkim verification.  I sent the same email to 3 recipients, my gmail, my hotmail and my icloud - Gmail passed it, hotmail and icloud both failed it.  Checking the details of the headers on all emails I had a suspicion it was because the message-id was being modified and google was more relaxed with this.  

I looked to change this setting using exim advanced configuration and despite google ai giving me instructions on how to do this, it proved very difficult, so I modified exim.conf dirfectly (just to prove the fact), and emails to all 3 providers now give dkim verification correctly.

So how do I change this permanently using the recommended method ?

I added dkim_sign_headers to the dkim_remote_stmp block as below, I basically took defaults and removed message-id

dkim_remote_smtp:
  driver = smtp
  dkim_sign_headers = From:Sender:Reply-To:Subject:Date:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sen>
  interface = <; ${if > \

I need to do this so it will persist over upgrades and reboots etc.

Can anyone help please.

 

• 

  dazeck

  • May 31, 2026 10:29

  OK I wasn't convinced removing message-id was the correct thing to do, so I continued to research, it would seem that the email client I am testing with (samsung mobile email client) is not adding a message-id and exim isn't adding one either so I am guessing one is being added when it reaches the recipient mail server and I google is very relaxed when it comes to missing values in the dkim verification.

  So seeing as though I can't change the email client, can I get exim to add a valid message-id if one is missing ?   I did find this article which seemed like it might do the trick.

  https://support.cpanel.net/hc/en-us/articles/360062402934-The-message-ID-header-is-missing-from-some-email-messages-that-arrive-at-my-server

  But it broke my exim and any emails I sent were rejected with

  550 Administrative prohibition

   

  0
• 

  dazeck

  • June 02, 2026 12:41

  I have given up with this and changed email clients.  I think exim was actually adding a default message-id but then Microsoft and Apple where changing it anyway as it didn't have a valid domain at the end.

   

  0
• 

  cPRex Jurassic Moderator

  • June 02, 2026 13:41

  So you found that the issue was actually with the client and not a cPanel problem?

  0
• 

  dazeck

  • June 02, 2026 14:14

  Yes, the Samsung email client is pretty dire at following standards.  I originally posted here to ask how to advanced configure Exim as it's quite complex, but I've given in now.  If some of my hosted clients are using Samsung Email and complain about emails being rejected, I'll get them to change email clients.

  0

Please sign in to leave a comment.