DKIM => Signature Did Not Verify

Meiji

Verified User
Joined
Jul 2, 2019
Messages
46
I looked at it more closely.

The email sent from root@server.hostname.com had a different header than the email@anotherdomain.com

root@server.hostname.com failed and generated signature did not verify error:

Code:
dkim=fail (signature did not verify)

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=hostname.server.com; s=x; h=From:Message-Id:Subject:To:Date:Sender:
Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;

email@anotherdomain.com passed and generated no error:

Code:
dkim=pass (signature was verified)

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=anotherdomain.com; s=x; h=Content-Type:MIME-Version:Message-ID:Date:
Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;

There is a difference between the two headers in the first part of h=

Code:
h=From:Message-Id:Subject:To:Date:Sender:Reply-To:Cc:MIME-Version:Content-Type
Code:
h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc

Does anyone have any idea why there was a difference in headers in emails sent from the same server?
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
@Meiji, Could it be a DNS propagation issue? If you recently setup DKIM or changed DKIM? If so, maybe try to wait another day and test again.
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
46
@Meiji, Could it be a DNS propagation issue? If you recently setup DKIM or changed DKIM? If so, maybe try to wait another day and test again.
It's not a propagation issue. I have added these domains 5 days ago, including setting up nameservers and hostname DNS.
 

Guillaume

New member
Joined
Apr 19, 2020
Messages
1
Location
Verrières-le-Buisson, France
Thank god it's only 2 months old thread. I think I have found the bug on MxToolBox.

[…]

However my MTA (exim) the last tag "b=" appends with semicolon. If this semicolon is removed and modified header sent to MxToolBox, it's accepted with all 4 ticks green. But according to RFC it should be "treated as the empty string" so in my opinion semicolon shall remain.

I even found exim line of code https://github.com/Exim/exim/blob/master/src/src/pdkim/pdkim.c#L1320 where they say "add trailing semicolon: I'm not sure if this is actually needed"

Oh well. I'll send feedback email to MxToolBox to see what they reply.
I have had this bug for two years on my exim install, but it stays forgotten in Exim's Bugzilla:

I would be glad that you add your own case to this bug report, to resurrect it…
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
46
I have had this bug for two years on my exim install, but it stays forgotten in Exim's Bugzilla:
Not sure if it is a bug. I have installed LiteSpeed Enterprise, and this error does not happen with emails sent from root@host.name.com

This only happened with OpenLiteSpeed with emails sent from root@host.name.com. Emails sent from any other domain did not raise this error.
 
Top