• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx

  • We are developing a new feature in Plesk that will help you promote your websites or business on social media. We want to conduct a one-hour online UX test to present the prototype and collect feedback. If you are interested in the feature, please book a meeting via this link.
    Thank you in advance!
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question DKIM fails with plesk server as relay

m4xp

New Pleskian
Server operating system version
Debian
Plesk version and microupdate number
18.0.44
Hello, we are runnig plesk obsidian 18.0.44 with postfix as a mail relay for an exchange server 2019. there are multiple different mail domains on the exchange server.
in recent times mail delivery failed because dkim was not set up so i enabled dkim for domains on the exchange server. dkim fails when sending through the relay, i already tested sending without the relay and dkim passes without issue and mails get delivered.
i found following post: Resolved - DKIM issue - Route email from Exchange via Plesk VPS and we are using the same settings without success.
can i sign the mails on plesk or is there a way to to get it to work whith signing the mails on the exchange?
thank you
 
Could you try to pick a mail from the exchange outgoing queue and compare to what it looks like after it went through postfix?
Is plesk set up to use dkim for that domain?
 
Could you try to pick a mail from the exchange outgoing queue and compare to what it looks like after it went through postfix?
Is plesk set up to use dkim for that domain?
i did several tests with and withou relay, the relay adds a header.
with relay:
1699526581575.png
without:
1699526590395.png

yes, plesk is set up to use dkim for the domain but it doesnt attach a signature. for context there is one domain set up on plesk which accepts the exchange send connector and all different domains from the exchange. so for example 1.com, 2.com and 3.com from exchange all land at relay.domain.com on plesk and are send out from there.
thanks
 
i did several tests with and withou relay, the relay adds a header.
An extra Received: is normal. Are you sure that's everything that's changed? Any encoding issues, CR/LF conversions?
yes, plesk is set up to use dkim for the domain but it doesnt attach a signature.
Are you sure it doesn't replace the signature? Do the postfix logs say anything about DKIM?

By the way, your plesk is ancient and it seems you don't have reverse DNS properly configured.
 
An extra Received: is normal. Are you sure that's everything that's changed? Any encoding issues, CR/LF conversions?

Are you sure it doesn't replace the signature? Do the postfix logs say anything about DKIM?

By the way, your plesk is ancient and it seems you don't have reverse DNS properly configured.
tested again and cross checking the results doesn't show any changes beyond the extra recieved. dkim signature stays exactly the same. postfix logs don't mention anything about dkim so the relayed mails are not signed by postfix i guess.
thanks for mentioning.
 
Could you try to send a mail to a domain that is on the relaying server? In that case, it would have to check DKIM, and it'd be very interesting how that turns out.
 
Could you try to send a mail to a domain that is on the relaying server? In that case, it would have to check DKIM, and it'd be very interesting how that turns out.
dkim fails in that instance. that is weird, as mentioned before sending directly from the exchange server allowed dkim checks to pass when i tested that.
thanks
 
Back
Top