• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved Arc errors in maillog

danami

danami

Silver Pleskian
Username:

TITLE

Arc errors in maillog

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Product version: Plesk Obsidian 18.0.58.0
OS version: AlmaLinux 8.9 x86_64
Build date: 2024/01/05 08:00
Revision: ec671a07e896ad1b354270e5a4c8597163abfc66

PROBLEM DESCRIPTION

After upgrading to 18.0.58.0 we are seeing these errors in the maillog

grep arc-sign /var/log/maillog
Jan 12 04:03:23 web4 postfix-local[29829]: 106A02014F81B: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 04:03:23 web4 postfix-local[29829]: 106A02014F81B: arc-sign: stderr: dkim=pass (1024-bit key) header.d=em...
Jan 12 04:27:20 web4 postfix-local[23784]: 254FD20150DAD: arc-sign: stderr: SKIP
Jan 12 04:48:33 web4 postfix-local[11797]: 4422C20159C4F: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 04:48:33 web4 postfix-local[11797]: 4422C20159C4F: arc-sign: stderr: dkim=pass (2048-bit key) header.d=pc...
Jan 12 05:01:53 web4 postfix-local[26939]: AD927201BA692: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:01:53 web4 postfix-local[26939]: AD927201BA692: arc-sign: stderr: dkim=pass (2048-bit key) header.d=au...
Jan 12 05:01:54 web4 postfix-local[26970]: 6DA36201BA691: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:01:54 web4 postfix-local[26970]: 6DA36201BA691: arc-sign: stderr: dkim=pass (2048-bit key) header.d=au...
Jan 12 05:01:57 web4 postfix-local[27004]: 9CA9A201BA691: arc-sign: stderr: SKIP
Jan 12 05:06:03 web4 postfix-local[1009]: 62822201BA704: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:06:03 web4 postfix-local[1009]: 62822201BA704: arc-sign: stderr: dkim=pass (2048-bit key) header.d=p....
Jan 12 05:23:28 web4 postfix-local[22582]: 1C559201BC1D5: arc-sign: stderr: PASS
Jan 12 05:24:13 web4 postfix-local[22911]: 8CAA8201BA699: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:24:13 web4 postfix-local[22911]: 8CAA8201BA699: arc-sign: stderr: dkim=pass (1024-bit key) header.d=pp...

Additionally seeing these errors on another server too:
Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: WARNING:__main__:Unable to ARC sign, SKIP the message: Cannot read private key: [Errno 21] Is a directory: '/etc/domainkeys/domain.com/'
Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: SKIP

STEPS TO REPRODUCE

Upgrade to Plesk 18.0.58.0

ACTUAL RESULT

Jan 12 04:03:23 web4 postfix-local[29829]: 106A02014F81B: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;

Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: WARNING:__main__:Unable to ARC sign, SKIP the message: Cannot read private key: [Errno 21] Is a directory: '/etc/domainkeys/domain.com/'
Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: SKIP

EXPECTED RESULT

Arc should work properly.

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Feedback from the test engineer:

Please check if the DKIM files are missing from /etc/domainkeys/<your domain>/*.

If the files are missing:
The user can recreate the DKIM keys and update Dns Zone for domain(s) as follows:
Code: 
export idPr="dkim_$RANDOM"
export id="dkim_$RANDOM"

/usr/bin/openssl genrsa -out /usr/local/psa/tmp/$idPr 2048
/usr/bin/openssl rsa -in /usr/local/psa/tmp/$idPr -out /usr/local/psa/tmp/$id

plesk sbin mailmng-domain --set-domain-key --domain-name=example.com --file-name=/usr/local/psa/tmp/$id --selector=default
plesk sbin dnsmng --update example.com --without-reverse

If they are not missing, the suggested temporary workaround is:
1. Disable ARC by running plesk bin settings -s mail_arc_sign=false and apply changes /usr/lib64/plesk-9.0/mail_dk_restore
2. Switch to Postfix+Dovecot
(In that case the issue is something different that is already being fixed and will be published soon in a micro update for version 18.0.58.)
 
If neither of the previous suggestions help, please submit a ticket to Plesk support so that the issue can be checked directly on your server.
 
@Peter Debik I checked and all the domains have their domain keys in /etc/domainkeys/<your domain>/default and the server is using Postfix+Dovecot already so I guess I'll open a ticket with Plesk on Monday.
 
My Plesk server (running Postfix & Dovecot on Ubuntu 22.04) auto-upgraded to 18.0.58 this morning at around 08:15 this morning.

I can see that these errors have also been appearing since this time:
maillog:Jan 18 08:20:11 hosting postfix-local[1982553]: 495697EB62: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
maillog:Jan 18 08:21:53 hosting postfix-local[1993880]: E88387F6EE: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
maillog:Jan 18 08:21:57 hosting postfix-local[1993910]: DF92B7E179: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
maillog:Jan 18 08:22:09 hosting postfix-local[1995004]: 09A7A7E173: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Click to expand...
I've checked and the /etc/domainkeys/<your domain>/default exists in the directory for one of the domains accessed.

Nearly a week since this was first reported. Do you need any more tickets raised with Plesk Support?
 
I received word back. On our server it looks like its a combination of two different bugs:

PPPM-14299: which happens when migrating subscriptions with add-on domains from Plesk <= 18.0.55 via the Migrator, or via a backup.
PPPM-14305: authres library fails to parse the full spectrum of valid Authentication-Results: header values.

They are still working on an fix for PPPM-14305.
 
We are seeing exact the same error in the mail log. And it started right after installing Plesk Obsidian 18.0.58 update 1.
 
From Plesk support: We have received an update from our development team.

The bug PPPM-14305 (authres library fails to parse the full spectrum of valid Authentication-Results: header values) is preliminary planned to be fixed in the upcoming Plesk update, Obsidian 18.0.59.

Plesk Obsidian 18.0.59 is preliminary planned to be released on the week on February 19th-25th, but it also may be subject to change.
 
PPPM-14305 has been fixed in Plesk Obsidian 18.0.59, published February 20th, 2024. I have no clear feedback on the original case presented in this thread, but I think it should be fixed, too. Could you please re-check?
 
@Peter Debik I can confirm that updating to 18.0.59 fixed the issue. No more arc-sign errors in the maillog :)

Code: 
# tail -f /var/log/maillog | grep arc-sign
Feb 20 09:34:20 web9 postfix-local[2481958]: 4F348100416848: arc-sign: stderr: SKIP
Feb 20 09:34:59 web9 postfix-local[2482448]: A62C3100416846: arc-sign: stderr: PASS
Feb 20 09:35:15 web9 postfix-local[2492227]: C1B2C100416846: arc-sign: stderr: PASS
Feb 20 09:35:25 web9 postfix-local[2494664]: 4A117100416846: arc-sign: stderr: SKIP
Feb 20 09:35:29 web9 postfix-local[2494702]: 4A17C100416846: arc-sign: stderr: PASS
Feb 20 09:35:40 web9 postfix-local[2494806]: 1DB40100416846: arc-sign: stderr: PASS
Feb 20 09:35:47 web9 postfix-local[2494872]: 11F3E100416846: arc-sign: stderr: PASS
Feb 20 09:35:49 web9 postfix-local[2494897]: 341BE100416848: arc-sign: stderr: PASS
Feb 20 09:36:47 web9 postfix-local[2495437]: E6D1F100416846: arc-sign: stderr: PASS
Feb 20 09:36:49 web9 postfix-local[2495480]: DE04E100416848: arc-sign: stderr: PASS
Feb 20 09:36:52 web9 postfix-local[2495541]: 70F2E100416846: arc-sign: stderr: SKIP
Feb 20 09:37:35 web9 postfix-local[2495937]: AE76D100416846: arc-sign: stderr: PASS
Feb 20 09:38:27 web9 postfix-local[2496416]: 34C7B100416846: arc-sign: stderr: PASS
Feb 20 09:38:32 web9 postfix-local[2496472]: 71DF3100416846: arc-sign: stderr: PASS
Feb 20 09:38:43 web9 postfix-local[2496557]: BF4DA100416846: arc-sign: stderr: PASS
Feb 20 09:38:45 web9 postfix-local[2496591]: 8B5A1100416846: arc-sign: stderr: PASS
Feb 20 09:39:09 web9 postfix-local[2496784]: C9C11100416846: arc-sign: stderr: PASS
Feb 20 09:39:19 web9 postfix-local[2496835]: 2884F100416846: arc-sign: stderr: PASS
Feb 20 09:39:37 web9 postfix-local[2497020]: 91BE8100416846: arc-sign: stderr: PASS
Feb 20 09:39:38 web9 postfix-local[2497046]: 4AF29100416848: arc-sign: stderr: PASS
Feb 20 09:40:02 web9 postfix-local[2497722]: 34CA4100416846: arc-sign: stderr: PASS
Feb 20 09:40:09 web9 postfix-local[2503474]: 1CBF4100416846: arc-sign: stderr: PASS
Feb 20 09:40:38 web9 postfix-local[2509517]: 264A4100416846: arc-sign: stderr: PASS
Feb 20 09:40:46 web9 postfix-local[2509595]: 4D77B100416846: arc-sign: stderr: PASS
Feb 20 09:41:42 web9 postfix-local[2509994]: 7CAD4100416846: arc-sign: stderr: PASS
Feb 20 09:41:43 web9 postfix-local[2510045]: 38E08100416848: arc-sign: stderr: PASS
Feb 20 09:42:36 web9 postfix-local[2510559]: 2FB17100416846: arc-sign: stderr: PASS
Feb 20 09:42:52 web9 postfix-local[2510726]: 84C6B100416846: arc-sign: stderr: PASS
Feb 20 09:43:32 web9 postfix-local[2511092]: D5928100416846: arc-sign: stderr: PASS
Feb 20 09:43:40 web9 postfix-local[2511174]: 7AD40100416846: arc-sign: stderr: PASS
Feb 20 09:43:40 web9 postfix-local[2511197]: C7D5110041684A: arc-sign: stderr: PASS
Feb 20 09:44:03 web9 postfix-local[2511484]: 3F46B100416846: arc-sign: stderr: PASS
Feb 20 09:49:07 web9 postfix-local[2527099]: 5F07B10041684B: arc-sign: stderr: SKIP
 
I just installed now Plesk Obsidian 18.0.59 (from Plesk Obsidian 18.0.55) and I'm seeing in logs:
Feb 21 09:56:15 server2 postfix-local[30372]: 4CF4614005D: arc-sign: stderr: WARNING:__main__:Unable to ARC sign, SKIP the message: Cannot read private key: [Errno 21] Is a directory: '/etc/domainkeys/<DOMAINNAME>'

Everything was fine before. I do use dkim for domain and the signature file is present
-rw-r----- 1 root popuser 887 Feb 20 08:54 /etc/domainkeys/DOMAINNAME/default

I tried uninstall Email Security but currently the same issue. Any ideas ?
Thank you!
 
@twebhosting That error you are getting is PPPM-14299: which happens when migrating subscriptions with add-on domains from Plesk <= 18.0.55 via the Migrator, or via a backup. Plesk support will have to fix it using a SQL query.
 
You must log in or register to reply here.

Similar threads

I
Question mails that get lost
Replies
7
Views
4K
Inma
I
I
Question Mail fail
Replies
0
Views
147
ivanes82
I
LinqLOL
Issue Exclude DKIM verification for incoming mail. Plesk solution not working
Replies
1
Views
719
Peter Debik
P
Azurel
Forwarded to devs mail() not working, if called php script on command-line
Replies
3
Views
3K
Azurel
Azurel
Ehud
Question Is Plesk Email SRS fully configured, or it requires an extension?
Replies
0
Views
1K
Ehud
Ehud
Back
Top