• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

[Plesk 11.5] DomainKeys Failing with Postfix

P

PTS

New Pleskian
I've never had issues with getting DomainKeys to pass with qmail but after switching to Postfix, they only work when the email is sent from webmail.

Anyone know where to start to debug this one? It seems like the DomainKeys sent in both cases are identical. Not sure why it only passes through webmail.

I'm running Plesk 11.5.30 on a CentOS 6.5 dedicated server from GoDaddy.

Here's the failed message sent from Outlook

Code: 
==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   fail
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  m1plded02-02.prod.mesa1.secureserver.net
Source IP:      64.202.189.19
mail-from:      [email protected]

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         fail (bad signature)
ID(s) verified: [email protected]
DNS record(s):
    default._domainkey.domain.com. 86400 IN TXT "p=y7J08Md0x57veWQfsoZCDue47kAd/QR7Yx3ptu2qGWpGsX7XDzTJFpYB8ym5f9jweK3jpenOybF3AuwElY9ghC1XiN0NfVwv+uIii9swYjBmTUP5lEI21z3nYJ2AM66FVJuSqwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCemdXc34mRb6RUVJ2ShoO3CmwDXtSmVNQa3x/Q;"


==========================================================
Original Email
==========================================================

Return-Path: <[email protected]>
Received: from m1plded02-02.prod.mesa1.secureserver.net (64.202.189.19) by verifier.port25.com id hbq9fu11u9c3 for <[email protected]>; Mon, 28 Apr 2014 13:42:23 -0400 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com; spf=pass [email protected]
Authentication-Results: verifier.port25.com; domainkeys=fail (bad signature) [email protected]
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass [email protected]
Received: from domain.com ([255.***.***.1])
   by m1plded02-02.prod.mesa1.secureserver.net with : DED :
   id vViM1n03F1dT9qo01ViMRp; Mon, 28 Apr 2014 10:42:22 -0700
x-originating-ip: 255.***.***.1
Received: from av-engine.localhost (domain.com [127.0.0.1])
   by domain.com (Postfix) with ESMTP id AFAF35004EC
   for <[email protected]>; Mon, 28 Apr 2014 10:42:08 -0700 (MST)
Received: 535e92f027184e0ef82380e1a26e7e
Received: from STARGATE (cpe-174-***-***-121.carolina.res.rr.com [174.***.***.121])
   by domain.com (Postfix) with ESMTPA id 49D2C5004EB
   for <[email protected]>; Mon, 28 Apr 2014 10:42:08 -0700 (MST)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws;
  s=default; d=domain.com;
  b=YVZoOzemCwHW68UbvzL01+7W/mjHOWpcpqgzZAHFFYm3f6poe08vhMaoKd+TsvC1LFjVhocHJJueRoYwz+zBoC4wXcgKV9E1EWUiq44IaTcMrYX1x4eAqAXpx7xIaiLG2u39zdwW7G7Nm573WSzpMHrwIbrJOnGo4uh4TucvG4c=;
  h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language;
From: "Paul" <[email protected]>
To: <[email protected]>
Subject: Verifier From Outlook
Date: Mon, 28 Apr 2014 13:42:20 -0400
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_000_0043_01CF62E7.ADEE3270"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac9jCTRnN0v+42dOQfe9QZcaTMplvQ==
Content-Language: en-us

Here's the passed message sent from Webmail

Code: 
==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   pass
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  m1plded02-02.prod.mesa1.secureserver.net
Source IP:      64.202.189.19
mail-from:      [email protected]

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: [email protected]
DNS record(s):
    default._domainkey.domain.com. 86400 IN TXT "p=y7J08Md0x57veWQfsoZCDue47kAd/QR7Yx3ptu2qGWpGsX7XDzTJFpYB8ym5f9jweK3jpenOybF3AuwElY9ghC1XiN0NfVwv+uIii9swYjBmTUP5lEI21z3nYJ2AM66FVJuSqwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCemdXc34mRb6RUVJ2ShoO3CmwDXtSmVNQa3x/Q;"

==========================================================
Original Email
==========================================================

Return-Path: <[email protected]>
Received: from m1plded02-02.prod.mesa1.secureserver.net (64.202.189.19) by verifier.port25.com id hbq9qg11u9co for <[email protected]>; Mon, 28 Apr 2014 13:45:12 -0400 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com; spf=pass [email protected]
Authentication-Results: verifier.port25.com; domainkeys=pass [email protected]
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass [email protected]
Received: from domain.com ([255.***.***.1])
   by m1plded02-02.prod.mesa1.secureserver.net with : DED :
   id vVlB1n03b1dT9qo01VlBzs; Mon, 28 Apr 2014 10:45:11 -0700
x-originating-ip: 255.***.***.1
Received: from av-engine.localhost (domain.com [127.0.0.1])
   by domain.com (Postfix) with ESMTP id 5EBE2500552
   for <[email protected]>; Mon, 28 Apr 2014 10:44:58 -0700 (MST)
Received: 535e939ab59586f41a75f60712f96d
Received: from webmail.domain.com (domain.com [127.0.0.1])
   by domain.com (Postfix) with ESMTPA id 1EE1F50053F
   for <[email protected]>; Mon, 28 Apr 2014 10:44:58 -0700 (MST)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws;
  s=default; d=domain.com;
  b=PEy9p6k6b8XhhviFtKZBYIKkxsgNy+NhHlTse8PFvFtnJeIO44hfKtKq+9Go8xQih18xkuTAL4aRzZRwDXAmx52qG0uZyIu3ds3/bFb+OUyCm5uTsJk3G/tJ4jo+zwFc/ERYZoVpnwQYcpZl62nPqIvy+VNTdovDvOt0SeVFYjI=;
YVZoOzemCwHW68UbvzL01+7W/mjHOWpcpqgzZAHFFYm3f6poe08vhMaoKd+TsvC1LFjVhocHJJueRoYwz+zBoC4wXcgKV9E1EWUiq44IaTcMrYX1x4eAqAXpx7xIaiLG2u39zdwW7G7Nm573WSzpMHrwIbrJOnGo4uh4TucvG4c=
  h=MIME-Version:Date:From:To:Subject:Message-ID:X-Sender:User-Agent;
MIME-Version: 1.0
Date: Mon, 28 Apr 2014 13:44:58 -0400
From: [email protected]
To: [email protected]
Subject: Verifier From Webmail
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/0.9.5
 
You have mangled your headers, probably to protect your domain or something. That makes this question hard to debug. We need the untouched/unedited mail.

However, please note that Plesk only supports DomainKey, and _NOT_ DKIM! DomainKey can be considered deprecated, and services such as Google only check for DKIM records, not DomainKey records. I would worry alot about DomainKey, as nothing/nobody seems to do anything with DomainKey signed e-mail. By that I mean that it doesn't help solve deliverability issues with eg. Google. You need DKIM for that.
 
You must log in or register to reply here.

Similar threads

Zalvatore Dela
Issue Outlook and Gmail block my clients emails! DKIM too long
Replies
8
Views
3K
Zalvatore Dela
Zalvatore Dela
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
2K
Alex Presland
Alex Presland
D
Question receiving phishing emails
Replies
2
Views
1K
Kaspar
K
E
Issue Same domain sender put into SPAM folder
Replies
5
Views
1K
easyware
E
H
Issue Using postfix to relay emails: Removing/masking client IP address how?
Replies
0
Views
1K
hello_world.c
H
Back
Top