DomainKey-Status: bad

[CHD]

---------------------------------------------------------------
OS Linux 2.6.18-194.11.3.el5
Panel version 10.1.1

DomainKey status is always bad.
I setup using the main server mail settings, then the indiviudal domain mail settings too.
there are now DNS entries. But all emails i test state that the domainKey status is bad.

Here is example mail header: (i have replaced my domain name with CHD, and usernames with XXXX to hide from spam)

DomainKey-Status: bad
Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
CHD.co.uk
X-Spam-Level:
X-Spam-Status: No, score=-0.7 required=9.0 tests=AWL,BAYES_00,
DYN_RDNS_AND_INLINE_IMAGE,DYN_RDNS_SHORT_HELO_HTML,DYN_RDNS_SHORT_HELO_IMAGE,
HTML_IMAGE_RATIO_08,HTML_MESSAGE,MISSING_SUBJECT,RDNS_DYNAMIC,
SHORT_HELO_AND_INLINE_IMAGE autolearn=no version=3.2.5
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from CHD.co.uk (localhost.localdomain [127.0.0.1])
by CHD.co.uk (Postfix) with ESMTP id CC65D4878044
for <[email protected]>; Tue, 22 Feb 2011 15:53:49 +0000 (GMT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=CHD.co.uk;
b=Lhf9Os2ae9v3JAkmulSboUJdX4tsHjDANs28X/k1QYVgnd/j6u/GxU1sudFAIVVddnSYD7LoyGv5NbeyFSWBuRO3eynhkFiVejF9SeNm2jgg2NOySWTzX+UCR3J6T0eO;
h=Received:From:To:Subjectate:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language;
Received: from RyanPC (cpc13-dals17-2-0-cust29.hari.cable.virginmedia.com [94.175.14.30])
by CHD.co.uk (Postfix) with ESMTP
for <[email protected]>; Tue, 22 Feb 2011 15:53:49 +0000 (GMT)
From: "Ryan" <[email protected]>
To: <[email protected]>
Subject:
Date: Tue, 22 Feb 2011 15:53:48 -0000
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_03D6_01CBD2A8.B19546C0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcvSqLE+sW2hbbCxQeuQ1UdKtAUJbg==
Content-Language: en-gb


I only tried this today, with 10.0.1, it failed so i thought i'd try an upgrade first to 10.1.1, it had no effect.

Is this a bug?

 

[CHD]

Also, here's the results of a test from http://www.mailradar.com/domainkeys/


Domain-Key Status: NOT PASSED

DomainKey Signature:
a=rsa-sha1; q=dns; c=nofws; s=default;
d=CHD.co.uk;
b=t6WLriaxlt7UGW+TTmT/omZ3zVwa9NV8C1Epj+w7vnsZRQIrL3Vlr7KWJ8D3+k5BipScGX0vmUnZwGLWrZh0oXMAcX8MvxPkYaXw5/vkpKIHxqVYGXbKtlBRT+gb5eLZ;

h=Received:From:To:Subjectate:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language;

a tag - Encoding algorithm: rsa-sha1

b tag - Signature data:
t6WLriaxlt7UGW+TTmT/omZ3zVwa9NV8C1Epj+w7vnsZRQIrL3Vlr7KWJ8D3+k5BipScGX0vmUnZwGLWrZh0oXMAcX8MvxPkYaXw5/vkpKIHxqVYGXbKtlBRT+gb5eLZ

c tag - Body canonicalization: nofws

d tag - Domain of sender: CHD.co.uk

h tag - Signed headers:
Received:From:To:Subjectate:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language

Received:From:To:Subjectate:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language

q tag - Key query method(s): dns

s tag - Selector specifying key to use: default
Selector can be query like: dig TXT default._domainkey.CHD.co.uk



Public Key Data:

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOCIVk/WgRNVuT6A6uYRPzvhw8NYFP53js0WtQn+cGYB2Trwx/Fxw5sdAIK8PPP67/sT8TOoyF0UZ97vcu4qTRr8Dsc0mBJloFvxiBslWkbxjPtopoQHYv4s4ledgetiqQIDAQAB



Mail Header:
Return-Path: <[email protected]>
Authentication-Results: node6.(none) [email protected];
domainkeys=fail
Received: from node6.gecad.com [127.0.0.1] by node6 (Axigen) with (AES256-SHA
encrypted) ESMTPS id 08C09E; Tue, 22 Feb 2011 16:38:15 +0200
Received: from CHD.co.uk [88.208.195.21] by node6 (Axigen) with
(AES256-SHA encrypted) ESMTPS id 3ED86D; Tue, 22 Feb 2011 16:38:11 +0200
Received: from CHD.co.uk (localhost.localdomain [127.0.0.1]) by
CHD.co.uk (Postfix) with ESMTP id 4AA7548780BB for
<[email protected]>; Tue, 22 Feb 2011 14:38:10 +0000 (GMT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default;
d=CHD.co.uk;
b=t6WLriaxlt7UGW+TTmT/omZ3zVwa9NV8C1Epj+w7vnsZRQIrL3Vlr7KWJ8D3+k5BipScGX0vmUnZwGLWrZh0oXMAcX8MvxPkYaXw5/vkpKIHxqVYGXbKtlBRT+gb5eLZ;

h=Received:From:To:Subjectate:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language;
Received: from RyanPC (cpc13-dals17-2-0-cust29.hari.cable.virginmedia.com
[94.175.14.30]) by CHD.co.uk (Postfix) with ESMTP for
<[email protected]>; Tue, 22 Feb 2011 14:38:10 +0000 (GMT)
From: "Ryan Badger" <[email protected]>
To: <[email protected]>
Subject:
Date: Tue, 22 Feb 2011 14:38:08 -0000
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_02A9_01CBD29E.1FCA2BC0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcvSnh+Hq7y/+JWUTiW/Prv27f//RA==
Content-Language: en-gb
X-Spam-Status: No, score=2.047, required=5
tests=DKIM_SIGNED,EMPTY_MESSAGE,HELO_NO_DOMAIN,HTML_MESSAGE,JR_RCVD_HOST_PROBS2,MIME_HTML_MOSTLY,RDNS_NONE,SPF_PASS
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.003001
X-Scanned-By: MIMEDefang 2.67 on 193.230.245.6

 

[CHD]

Update

i've also realised, it works fine form the webmail, but when i use any local email program the domainkey is bad.
when comparing the results from [email protected] the only difference i can see is this:

Result from email program = FAIL
default._domainkey.DOMAIN.co.uk. 86283 IN TXT "p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALgvZ4mO/IoS3LLjW4GBGrGdbMXdyzqMRmmwFtNSRRn+FuNOVJZX3/21PP+RB/6W9kuGlNfVLTVGGOYJ8oZxx/PvQwM186SHB5SQyO8sEN1xQfzzdBgBfY/QQS2VLmWDfwIDAQAB;"

Result from webmail = PASS
default._domainkey.DOMAIN.co.uk. 86400 IN TXT "p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALgvZ4mO/IoS3LLjW4GBGrGdbMXdyzqMRmmwFtNSRRn+FuNOVJZX3/21PP+RB/6W9kuGlNfVLTVGGOYJ8oZxx/PvQwM186SHB5SQyO8sEN1xQfzzdBgBfY/QQS2VLmWDfwIDAQAB;"

not sure what that number actually means, but it seems to be the only difference in the results.
any ideas?

 

[nelem]

After spending hours looking at this with my server sending from a Interspire Email Marketer email application to localhost, I noticed that the Interspire was setting the Return-Path header on submission. The domainkeys signature was calculated on the the headers (including Return-Path) but the Return Path header is moved by most (all?) MTAs to the top of the header list away from it's original position. Subsequently, the signature fails.

Notice that the failing signature says that it has included the Return-Path header but the header is nowhere to be seen below the signature because it's been moved to the top.

CHD, I noticed that your subject is empty. Did you try with a non-empty subject?

BTW, the number is simply the TTL (time to live) value on your DNS entry and won't affect anything.

Good Signature
Return-Path: <[email protected]>
Received: from mail.MYDOMAIN.co.uk (80.90.199.101) by verifier.port25.com (PowerMTA(TM) v4.0b4) id hrlddk11u9cg for <[email protected]>; Wed, 25 May 2011 15:39:06 -0400 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com [email protected]; mfrom=pass;
Authentication-Results: verifier.port25.com [email protected]; domainkeys=pass;
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed);
Authentication-Results: verifier.port25.com [email protected]; pra=pass;
Received: from mail.MYDOMAIN.co.uk (localhost.localdomain [127.0.0.1])
by mail.MYDOMAIN.co.uk (Postfix) with ESMTP id 762D226DB899F
for <[email protected]>; Wed, 25 May 2011 20:39:02 +0100 (BST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=MYDOMAIN.co.uk;
b=je1cBmZXgxx2tkO4UcACmBOu16n/6fXxGZmA1VNSYLDOoCtsJaISAoEQNVYKOE38q0em8uxflrY/hM+K9jJq4vsSKAbz9r1286MotRcDAwX6A7Qd1aMHy4JvTkLxbrvr;
h=Received:To:Subject:Message-IDate:From:Reply-To:MIME-Version:X-Mailer-LID:List-Unsubscribe:X-Mailer-RecptId:X-Mailer-SID:X-Mailer-Sent-By:Content-Type:Content-Transfer-Encoding;
Received: from www.MYDOMAIN.co.uk (localhost.localdomain [127.0.0.1])
by mail.MYDOMAIN.co.uk (Postfix) with ESMTPA
for <[email protected]>; Wed, 25 May 2011 20:39:02 +0100 (BST)
To: [email protected]
Subject: TEst sending 1
Message-ID: <[email protected]>
Date: Wed, 25 May 2011 20:39:02 +0100
From: "MYNAME" <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
X-Mailer-LID: 37
List-Unsubscribe: <http://www.MYDOMAIN.co.uk/iem/unsubscribe.php?M=37096&C=5143ad5fb19406bb40470d2f698235a1&L=37&N=101>
X-Mailer-RecptId: 37096
X-Mailer-SID: 101
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_f9e62088279346748277b057f8b5fa6b"
Content-Transfer-Encoding: 8bit


Failing Signature
Return-Path: <[email protected]>
Received: from mail.MYDOMAIN.co.uk (80.90.199.101) by verifier.port25.com (PowerMTA(TM) v4.0b4) id hrl8ng11u9cb for <[email protected]>; Wed, 25 May 2011 14:59:04 -0400 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com [email protected]; mfrom=pass;
Authentication-Results: verifier.port25.com [email protected]; domainkeys=fail (bad signature);
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed);
Authentication-Results: verifier.port25.com [email protected]; pra=pass;
Received: from mail.MYDOMAIN.co.uk (localhost.localdomain [127.0.0.1])
by mail.MYDOMAIN.co.uk (Postfix) with ESMTP id 4647026DB899F
for <[email protected]>; Wed, 25 May 2011 19:59:02 +0100 (BST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=MYDOMAIN.co.uk;
b=C8znxX77YMmCFAPFh6ICDUyBdYqgDxohcOaD7cS+nD3HTXWDo0Ft6YORNeeo4yGtrC7Gvz4shabO9VBv5XrPlvqko9VGhU/0EXjFQZ8M5Po7wqZD4xWx3owEkk8geF0l;
h=Received:To:Subject:Message-ID:Return-Pathate:From:Reply-To:MIME-Version:X-Mailer-LID:List-Unsubscribe:X-Mailer-RecptId:X-Mailer-SID:X-Mailer-Sent-By:Content-Type:Content-Transfer-Encoding;
Received: from www.MYDOMAIN.co.uk (localhost.localdomain [127.0.0.1])
by mail.MYDOMAIN.co.uk (Postfix) with ESMTPA
for <[email protected]>; Wed, 25 May 2011 19:59:02 +0100 (BST)
To: [email protected]
Subject: TEst sending 1
Message-ID: <[email protected]>
Date: Wed, 25 May 2011 19:59:02 +0100
From: "MYNAME" <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
X-Mailer-LID: 37
List-Unsubscribe: <http://www.MYDOMAIN.co.uk/iem/unsubscribe.php?M=37096&C=5143ad5fb19406bb40470d2f698235a1&L=37&N=100>
X-Mailer-RecptId: 37096
X-Mailer-SID: 100
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_3759547d6f8a3e3cf5671b62f7343cfd"
Content-Transfer-Encoding: 8bit

 

[gtsupport]

same issue here !

DOMAIN KEYS DO NOT WORK WITH PLESK 10 AND QMAIL !! -__-

 

[nelem]

I did get to the bottom of this but had to fix it outside of Plesk.

If you look carefully, you'll see that the failing signature is calculated over the headers including Return-Path. Most MTA's will move the Return-Path header to the top of the message and it's this change in transit that causes the signature to fail subsequent validation.

My fix was to not submit messages [to postfix] with the Return-Path header at all which I was able to do from my mail client. The MTA will add it anyway but after the signature is calculated.

I tried to raise a bug report to Parallels but I am not a direct customer and my ISP wouldn't accept it as a bug. Basically, Plesk should not use Return-Path in the signature calculation.

 

[TsogooT]

Plesk 10.3.1 & mailEnable enterprise 5.5

same issue here !

DOMAIN KEYS and DKIM DO NOT WORK WITH PLESK 10.3.1 AND mailEnable enterprise 5.5 !!

 

[gtsupport]

after upgrading to psa 10.3.1 DOMAINKEYS STILL DON'T WORK !


shame on parallels !

 

[TsogooT]

DomainKeys (available only for Linux hosting). DomainKeys is a spam protection system based on sender authentication. When an e-mail claims to originate from a certain domain, DomainKeys provides a mechanism by which the recipient system can credibly determine that the e-mail did in fact originate from a person or system authorized to send e-mail for that domain. If the sender verification fails, the recipient system discards such e-mail messages. To configure the DomainKeys system on your server, refer to the section Switching on Spam Protection Based on DomainKeys.
http://download1.parallels.net/Ples...inistrator-guide/index.htm?fileName=59431.htm

any solution?

Is possible downgrade plesk 10.3.1 to 9.5.4?

 

[GravuTrad]

Seems not yet solved with 11.0.9....