Resolved Arc errors in maillog

[danami]

Username:

TITLE

Arc errors in maillog

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Product version: Plesk Obsidian 18.0.58.0
OS version: AlmaLinux 8.9 x86_64
Build date: 2024/01/05 08:00
Revision: ec671a07e896ad1b354270e5a4c8597163abfc66

PROBLEM DESCRIPTION

After upgrading to 18.0.58.0 we are seeing these errors in the maillog

grep arc-sign /var/log/maillog
Jan 12 04:03:23 web4 postfix-local[29829]: 106A02014F81B: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 04:03:23 web4 postfix-local[29829]: 106A02014F81B: arc-sign: stderr: dkim=pass (1024-bit key) header.d=em...
Jan 12 04:27:20 web4 postfix-local[23784]: 254FD20150DAD: arc-sign: stderr: SKIP
Jan 12 04:48:33 web4 postfix-local[11797]: 4422C20159C4F: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 04:48:33 web4 postfix-local[11797]: 4422C20159C4F: arc-sign: stderr: dkim=pass (2048-bit key) header.d=pc...
Jan 12 05:01:53 web4 postfix-local[26939]: AD927201BA692: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:01:53 web4 postfix-local[26939]: AD927201BA692: arc-sign: stderr: dkim=pass (2048-bit key) header.d=au...
Jan 12 05:01:54 web4 postfix-local[26970]: 6DA36201BA691: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:01:54 web4 postfix-local[26970]: 6DA36201BA691: arc-sign: stderr: dkim=pass (2048-bit key) header.d=au...
Jan 12 05:01:57 web4 postfix-local[27004]: 9CA9A201BA691: arc-sign: stderr: SKIP
Jan 12 05:06:03 web4 postfix-local[1009]: 62822201BA704: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:06:03 web4 postfix-local[1009]: 62822201BA704: arc-sign: stderr: dkim=pass (2048-bit key) header.d=p....
Jan 12 05:23:28 web4 postfix-local[22582]: 1C559201BC1D5: arc-sign: stderr: PASS
Jan 12 05:24:13 web4 postfix-local[22911]: 8CAA8201BA699: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
Jan 12 05:24:13 web4 postfix-local[22911]: 8CAA8201BA699: arc-sign: stderr: dkim=pass (1024-bit key) header.d=pp...

Additionally seeing these errors on another server too:
Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: WARNING:__main__:Unable to ARC sign, SKIP the message: Cannot read private key: [Errno 21] Is a directory: '/etc/domainkeys/domain.com/'
Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: SKIP

STEPS TO REPRODUCE

Upgrade to Plesk 18.0.58.0

ACTUAL RESULT

Jan 12 04:03:23 web4 postfix-local[29829]: 106A02014F81B: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;

Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: WARNING:__main__:Unable to ARC sign, SKIP the message: Cannot read private key: [Errno 21] Is a directory: '/etc/domainkeys/domain.com/'
Jan 12 04:32:42 web9 postfix-local[2623]: 6AFAE100417111: arc-sign: stderr: SKIP

EXPECTED RESULT

Arc should work properly.

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[Peter Debik]

Thank you! Forwarded for further analysis as internal ID PPS-15464.

 

[Peter Debik]

Feedback from the test engineer:

Please check if the DKIM files are missing from /etc/domainkeys/<your domain>/*.

If the files are missing:
The user can recreate the DKIM keys and update Dns Zone for domain(s) as follows:

export idPr="dkim_$RANDOM"
export id="dkim_$RANDOM"

/usr/bin/openssl genrsa -out /usr/local/psa/tmp/$idPr 2048
/usr/bin/openssl rsa -in /usr/local/psa/tmp/$idPr -out /usr/local/psa/tmp/$id

plesk sbin mailmng-domain --set-domain-key --domain-name=example.com --file-name=/usr/local/psa/tmp/$id --selector=default
plesk sbin dnsmng --update example.com --without-reverse

If they are not missing, the suggested temporary workaround is:
1. Disable ARC by running plesk bin settings -s mail_arc_sign=false and apply changes /usr/lib64/plesk-9.0/mail_dk_restore
2. Switch to Postfix+Dovecot
(In that case the issue is something different that is already being fixed and will be published soon in a micro update for version 18.0.58.)

 

[Peter Debik]

If neither of the previous suggestions help, please submit a ticket to Plesk support so that the issue can be checked directly on your server.

 

[danami]

@Peter Debik I checked and all the domains have their domain keys in /etc/domainkeys/<your domain>/default and the server is using Postfix+Dovecot already so I guess I'll open a ticket with Plesk on Monday.

 

[Alex Presland]

My Plesk server (running Postfix & Dovecot on Ubuntu 22.04) auto-upgraded to 18.0.58 this morning at around 08:15 this morning.

I can see that these errors have also been appearing since this time:

maillog:Jan 18 08:20:11 hosting postfix-local[1982553]: 495697EB62: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
maillog:Jan 18 08:21:53 hosting postfix-local[1993880]: E88387F6EE: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
maillog:Jan 18 08:21:57 hosting postfix-local[1993910]: DF92B7E179: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;
maillog:Jan 18 08:22:09 hosting postfix-local[1995004]: 09A7A7E173: arc-sign: stderr: ERROR:__main__:Syntax error: Expected "=" at: ;

I've checked and the /etc/domainkeys/<your domain>/default exists in the directory for one of the domains accessed.

Nearly a week since this was first reported. Do you need any more tickets raised with Plesk Support?

 

[Alex Presland]

My Plesk server (running Postfix & Dovecot on Ubuntu 22.04) auto-upgraded to 18.0.58 this morning at around 08:15 this morning.

Correction: It auto-upgraded to 18.0.58 Update 1 this morning.

 

[danami]

@Alex Presland I've already opened a ticket with Plesk support and they have access to the server and are looking into it. I will update this thread when I know more.

 

[HoracioS]

I am experiencing the same error. I am using version 18.0.58 Update 1 on Ubuntu 22.04.

 

[HoracioS]

I am experiencing the same error. I am using version 18.0.58 Update 1 on Ubuntu 22.04.

I fixed uninstalling Plesk Email Security 1.5.0-1907 and reinstall it.

 

[Alex Presland]

I fixed uninstalling Plesk Email Security 1.5.0-1907 and reinstall it.

Interesting. We're getting these errors and don't have Plesk Email Security installed.

 

[danami]

I received word back. On our server it looks like its a combination of two different bugs:

PPPM-14299: which happens when migrating subscriptions with add-on domains from Plesk <= 18.0.55 via the Migrator, or via a backup.
PPPM-14305: authres library fails to parse the full spectrum of valid Authentication-Results: header values.

They are still working on an fix for PPPM-14305.

 

[Petje]

We are seeing exact the same error in the mail log. And it started right after installing Plesk Obsidian 18.0.58 update 1.

 

[EgidijusS]

Same. Version 18.0.58 Update #2

 

[danami]

From Plesk support: We have received an update from our development team.

The bug PPPM-14305 (authres library fails to parse the full spectrum of valid Authentication-Results: header values) is preliminary planned to be fixed in the upcoming Plesk update, Obsidian 18.0.59.

Plesk Obsidian 18.0.59 is preliminary planned to be released on the week on February 19th-25th, but it also may be subject to change.

 

[Peter Debik]

PPPM-14305 has been fixed in Plesk Obsidian 18.0.59, published February 20th, 2024. I have no clear feedback on the original case presented in this thread, but I think it should be fixed, too. Could you please re-check?

 

[danami]

@Peter Debik I can confirm that updating to 18.0.59 fixed the issue. No more arc-sign errors in the maillog

# tail -f /var/log/maillog | grep arc-sign
Feb 20 09:34:20 web9 postfix-local[2481958]: 4F348100416848: arc-sign: stderr: SKIP
Feb 20 09:34:59 web9 postfix-local[2482448]: A62C3100416846: arc-sign: stderr: PASS
Feb 20 09:35:15 web9 postfix-local[2492227]: C1B2C100416846: arc-sign: stderr: PASS
Feb 20 09:35:25 web9 postfix-local[2494664]: 4A117100416846: arc-sign: stderr: SKIP
Feb 20 09:35:29 web9 postfix-local[2494702]: 4A17C100416846: arc-sign: stderr: PASS
Feb 20 09:35:40 web9 postfix-local[2494806]: 1DB40100416846: arc-sign: stderr: PASS
Feb 20 09:35:47 web9 postfix-local[2494872]: 11F3E100416846: arc-sign: stderr: PASS
Feb 20 09:35:49 web9 postfix-local[2494897]: 341BE100416848: arc-sign: stderr: PASS
Feb 20 09:36:47 web9 postfix-local[2495437]: E6D1F100416846: arc-sign: stderr: PASS
Feb 20 09:36:49 web9 postfix-local[2495480]: DE04E100416848: arc-sign: stderr: PASS
Feb 20 09:36:52 web9 postfix-local[2495541]: 70F2E100416846: arc-sign: stderr: SKIP
Feb 20 09:37:35 web9 postfix-local[2495937]: AE76D100416846: arc-sign: stderr: PASS
Feb 20 09:38:27 web9 postfix-local[2496416]: 34C7B100416846: arc-sign: stderr: PASS
Feb 20 09:38:32 web9 postfix-local[2496472]: 71DF3100416846: arc-sign: stderr: PASS
Feb 20 09:38:43 web9 postfix-local[2496557]: BF4DA100416846: arc-sign: stderr: PASS
Feb 20 09:38:45 web9 postfix-local[2496591]: 8B5A1100416846: arc-sign: stderr: PASS
Feb 20 09:39:09 web9 postfix-local[2496784]: C9C11100416846: arc-sign: stderr: PASS
Feb 20 09:39:19 web9 postfix-local[2496835]: 2884F100416846: arc-sign: stderr: PASS
Feb 20 09:39:37 web9 postfix-local[2497020]: 91BE8100416846: arc-sign: stderr: PASS
Feb 20 09:39:38 web9 postfix-local[2497046]: 4AF29100416848: arc-sign: stderr: PASS
Feb 20 09:40:02 web9 postfix-local[2497722]: 34CA4100416846: arc-sign: stderr: PASS
Feb 20 09:40:09 web9 postfix-local[2503474]: 1CBF4100416846: arc-sign: stderr: PASS
Feb 20 09:40:38 web9 postfix-local[2509517]: 264A4100416846: arc-sign: stderr: PASS
Feb 20 09:40:46 web9 postfix-local[2509595]: 4D77B100416846: arc-sign: stderr: PASS
Feb 20 09:41:42 web9 postfix-local[2509994]: 7CAD4100416846: arc-sign: stderr: PASS
Feb 20 09:41:43 web9 postfix-local[2510045]: 38E08100416848: arc-sign: stderr: PASS
Feb 20 09:42:36 web9 postfix-local[2510559]: 2FB17100416846: arc-sign: stderr: PASS
Feb 20 09:42:52 web9 postfix-local[2510726]: 84C6B100416846: arc-sign: stderr: PASS
Feb 20 09:43:32 web9 postfix-local[2511092]: D5928100416846: arc-sign: stderr: PASS
Feb 20 09:43:40 web9 postfix-local[2511174]: 7AD40100416846: arc-sign: stderr: PASS
Feb 20 09:43:40 web9 postfix-local[2511197]: C7D5110041684A: arc-sign: stderr: PASS
Feb 20 09:44:03 web9 postfix-local[2511484]: 3F46B100416846: arc-sign: stderr: PASS
Feb 20 09:49:07 web9 postfix-local[2527099]: 5F07B10041684B: arc-sign: stderr: SKIP

 

[twebhosting]

I just installed now Plesk Obsidian 18.0.59 (from Plesk Obsidian 18.0.55) and I'm seeing in logs:
Feb 21 09:56:15 server2 postfix-local[30372]: 4CF4614005D: arc-sign: stderr: WARNING:__main__:Unable to ARC sign, SKIP the message: Cannot read private key: [Errno 21] Is a directory: '/etc/domainkeys/<DOMAINNAME>'

Everything was fine before. I do use dkim for domain and the signature file is present
-rw-r----- 1 root popuser 887 Feb 20 08:54 /etc/domainkeys/DOMAINNAME/default

I tried uninstall Email Security but currently the same issue. Any ideas ?
Thank you!

 

[danami]

@twebhosting That error you are getting is PPPM-14299: which happens when migrating subscriptions with add-on domains from Plesk <= 18.0.55 via the Migrator, or via a backup. Plesk support will have to fix it using a SQL query.

 

[twebhosting]

Thank you danami!
"Plesk support will have to fix it using a SQL query" so what's on my side to do ? Add a ticket ?