Question PHPMailer, DKIM, and Plesk

[pleskpanel]

Server operating system version

CentOS Linux 7.9.2009 (Core)

Plesk version and microupdate number

Plesk Obsidian 18.0.58 Update #1

For shared web servers when using DNS externally and mail externally, we used the steps here to enable DKM and signing on all domains:

https://support.plesk.com/hc/en-us/articles/12377279341975-How-to-enable-DKIM-signing-for-all-domains-on-Plesk-for-Linux-

We then use this step to get the key (as DNS is external):

https://support.plesk.com/hc/en-us/articles/12377511222039--How-to-get-the-DKIM-public-key-from-Plesk-if-DNS-is-not-installed-

It looks like PHPMailer scripts that use simply "localhost" for the SMTP host without authentication don't actually get DKIM signed. Messages are sent without an issue and logged in the Plesk > Logs > Mail (and they do get received) but without any DKIM signing at all.

Is there a way to get Plesk do to the heavy lifting and sign all locally generated outgoing emails generated by PHP as well as PHPMailer scripts or do PHPMailer instances each have to be configured one by one (even if they use localhost to send mail) for DKIM to work when using localhost?

 

[Peter Debik]

Even when you host mail externally, you can still have local mailboxes and enabled DKIM. You can then use PHP to login to these mailboxes to submit mail. Such mails will be signed by the server.

 

[Kaspar]

Email sent using PHPMailer using localhost should be signed with DKIM too if DKIM singing is enabled for the domain. However it is worth checking if the email sent uses the same domain for it's return-path (envelope sender). If it's different, it won't get singed with DKIM.

 

[Andreas Lang]

I have that very same issue. DKIM is set up properly via external DNS entry following to the documentation.

But E-Mail sent via php still isn't signed. Is it required to restart the server completely to get it working?

 

[Kaspar@Plesk]

But E-Mail sent via php still isn't signed. Is it required to restart the server completely to get it working?

No, should work out of the box.

Are emails sent via webmail via the same domain signed successfully with DKIM?

 

[Andreas Lang]

Okay thank you.

No, should work out of the box.

Are emails sent via webmail via the same domain signed successfully with DKIM?

I have no webmail there - but when I send mail using smtp with thunderbird DKIM is added - there is a validation problem - at least it is provided in some way.
But I have trouble to set up smtp inside my shop application wich is shopware 6 - authenticator fails all the time.

 

[Andreas Lang]

I've got webmail roundcube working - it delivers mail with dkim signature. The issue is same: Body Hash Did Not Verify - maybe that is a different problem.

 

[Kaspar@Plesk]

Does the DKIM TXT record in the domains DNS start with v=DKIM1; p=DKIM1; p= or just with v=DKIM1; p=?

 

[Andreas Lang]

Yes it does DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
Latest check of mail sent from webmailer appears to have a perfect header.
The domain our onlineshop is sending from is an alias, Can this be a problem?

 

[Kaspar@Plesk]

The body hash did not verify error can generally be attributed to an improper DKIM record. You could try to change the v=1; part in the record for v=DKIM1; to see if that makes difference. Both are valid options and it should not matter. But it's good to rule that out as possibility.

Yes it does DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
Latest check of mail sent from webmailer appears to have a perfect header.
The domain our onlineshop is sending from is an alias, Can this be a problem?

That would depend on your setup. Have you tried to sent an email from your webshop to mail-tester.com to get more details on why mail fails?

 

[Andreas Lang]

I now managed to get a 9.9 out of 10 score at mail-tester.com. This is what I did: I wrote a plugin that uses symfony's dkim signer to sign the message.
I had to add my webspace user to the group popuser. After fiddling a bit on the right path and domain settings in my plugin I've got this score.
This solves the issue for me. @Kaspar@Plesk many thanks for your support. It directed me towards the solution.