Account signatures trigger DKIM to fail
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Account signatures trigger DKIM to fail
Hello,
I have a fully setup hMail Server using spf and DKIM to avoid that my mails are being marked as spam.
However I do have a strange problem:
When using Rainloop Webmail the DKIM keeps failing because of "altered body".
Funny enough this only happens when I enable either the Domain-Level Default-Signature or set a specific Account-Signature in hMail.
If no (HTML or Text) signature is added at all it works just fine and the DKIM passes perfectly.
However: As soon as I re-enable the account or domain-level signature in hMail the DKIM keeps failing again.
I tried switching to Afterlogic-Webmail but that did not do the trick, DKIM kept failing here as well.
Any ideas on this? Is this a bug or do I have to check a certain box or smth?
EDIT: Using Version 5.6.7 B2420 - Windows Server 2016
I have a fully setup hMail Server using spf and DKIM to avoid that my mails are being marked as spam.
However I do have a strange problem:
When using Rainloop Webmail the DKIM keeps failing because of "altered body".
Funny enough this only happens when I enable either the Domain-Level Default-Signature or set a specific Account-Signature in hMail.
If no (HTML or Text) signature is added at all it works just fine and the DKIM passes perfectly.
However: As soon as I re-enable the account or domain-level signature in hMail the DKIM keeps failing again.
I tried switching to Afterlogic-Webmail but that did not do the trick, DKIM kept failing here as well.
Any ideas on this? Is this a bug or do I have to check a certain box or smth?
EDIT: Using Version 5.6.7 B2420 - Windows Server 2016
Last edited by LKNickname on 2017-11-13 22:35, edited 1 time in total.
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
To be clear are you dkim signing by hms? Or is the dkim signature being applied by your webmail?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Thx for your quick response
I am signing through hms
I am signing through hms
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Account signatures trigger DKIM to fail
ALSO, how do you know that it fails?
Where do you get an error?
Where do you get an error?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
I noticed it by looking through the daily DMARC-Reports.
I ran a test on http://dkimvalidator.com/ afterwards to make sure it really is failing.
And after a while of trial and error I pinned down the Mail-Signatures to be causing the problem.
(Sidenote: I am using the Active-Directory Integration if thats helpful to know)
I'll run the Debugscript and update you shortly
I ran a test on http://dkimvalidator.com/ afterwards to make sure it really is failing.
And after a while of trial and error I pinned down the Mail-Signatures to be causing the problem.
(Sidenote: I am using the Active-Directory Integration if thats helpful to know)
I'll run the Debugscript and update you shortly
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
[code]2017-11-14 Hmailserver: 5.6.7-B2420
DOMAINS
"Domain1.com" - knxxxxxxxxxxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\bin\kntrdkim.key
Selector: 1510446879.kneipentruppe
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 213.202.247.178 - 213.202.247.178 Priority: 21 Name: Webmail
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
!! Warning: DEFAULT DOMAIN is SET !! - "Domain1.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 5 (0,08 hours, 0,00 days)
Minutes to Autoban: 30 (0,50 hours, 0,02 days)
No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind: 213.202.247.178
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 100 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
No. Connections: 0
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: True Verify DKIM: True - 5
Subject Text: "[SPAM]"
Spam delete threshold: 10 Maximum message size: 1024
DNSBL ENTRIES:
zen.spamhaus.org Score: 3 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
2.0.0.127.b.barracudacentral.org Score: 3 Result: 127.0.0.2
dnsbl.sorbs.net Score: 3 Result: 127.0.0.2-5|127.0.0.7-14
spam.dnsbl.sorbs.net Score: 3 Result: 127.0.0.6
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: False
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Required
0.0.0.0 / 110 / POP3 - StartTLS Required
0.0.0.0 / 143 / IMAP - StartTLS Required
0.0.0.0 / 465 / SMTP - SSL/TLS
0.0.0.0 / 587 / SMTP - StartTLS Required
0.0.0.0 / 993 / IMAP - SSL/TLS
0.0.0.0 / 995 / POP3 - SSL/TLS
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: False
Paths:-
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-11-14.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL Compact
IPv6 support is available in operating system.
ERROR: Backup directory has not been specified.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------
[/code]Generated by HMSSettingsDiagnostics v1.84, Hmailserver Forum.
DOMAINS
"Domain1.com" - knxxxxxxxxxxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\bin\kntrdkim.key
Selector: 1510446879.kneipentruppe
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 213.202.247.178 - 213.202.247.178 Priority: 21 Name: Webmail
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
!! Warning: DEFAULT DOMAIN is SET !! - "Domain1.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 5 (0,08 hours, 0,00 days)
Minutes to Autoban: 30 (0,50 hours, 0,02 days)
No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind: 213.202.247.178
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 100 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
No. Connections: 0
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: True Verify DKIM: True - 5
Subject Text: "[SPAM]"
Spam delete threshold: 10 Maximum message size: 1024
DNSBL ENTRIES:
zen.spamhaus.org Score: 3 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
2.0.0.127.b.barracudacentral.org Score: 3 Result: 127.0.0.2
dnsbl.sorbs.net Score: 3 Result: 127.0.0.2-5|127.0.0.7-14
spam.dnsbl.sorbs.net Score: 3 Result: 127.0.0.6
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: False
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Required
0.0.0.0 / 110 / POP3 - StartTLS Required
0.0.0.0 / 143 / IMAP - StartTLS Required
0.0.0.0 / 465 / SMTP - SSL/TLS
0.0.0.0 / 587 / SMTP - StartTLS Required
0.0.0.0 / 993 / IMAP - SSL/TLS
0.0.0.0 / 995 / POP3 - SSL/TLS
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: False
Paths:-
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-11-14.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL Compact
IPv6 support is available in operating system.
ERROR: Backup directory has not been specified.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------
[/code]Generated by HMSSettingsDiagnostics v1.84, Hmailserver Forum.
Re: Account signatures trigger DKIM to fail
What is in your error.log?
You shouldn't have port 25 as 'REQUIRE StartTLS', that should be 'Optional StartTLS'
I'd also de-select SSLv3.0 unless you have a reason to keep that - it is a compromised protocol (As is TLSv1.0 really, but many servers still use that including Facebook)
You shouldn't have port 25 as 'REQUIRE StartTLS', that should be 'Optional StartTLS'
I'd also de-select SSLv3.0 unless you have a reason to keep that - it is a compromised protocol (As is TLSv1.0 really, but many servers still use that including Facebook)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Thx I fixed the points you mentioned
However DKIM still failing when enabling Mail-signature (sadly as expected)
>>
Public Key DNS Lookup
Building DNS Query for 1510446879.kneipentruppe._domainkey.kneipentruppe.de
Retrieved this publickey from DNS: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoDRa2tTmoqWt7fhiktA2ptHzNm4DvRYEXFpjxaTvUOwUHB5Hk4h0+j0KTo7rEl1qKQapw7LWjsFEycnadSpaRTSMCEO/9GHFFPYAlbvV7uBwnvQB2QeIZk4G9lIPF03IefO5rISNbjy9CB6bftqN49TU4FrqVcil7Ge8cU4x/VwIDAQAB
Validating Signature
result = fail
Details: body has been altered
<<
hms latest errorlog is 2 days old - I can't find anything for today and yesterday (Searching in C:\Program Files (x86)\hMailServer\Logs)
However DKIM still failing when enabling Mail-signature (sadly as expected)
>>
Public Key DNS Lookup
Building DNS Query for 1510446879.kneipentruppe._domainkey.kneipentruppe.de
Retrieved this publickey from DNS: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoDRa2tTmoqWt7fhiktA2ptHzNm4DvRYEXFpjxaTvUOwUHB5Hk4h0+j0KTo7rEl1qKQapw7LWjsFEycnadSpaRTSMCEO/9GHFFPYAlbvV7uBwnvQB2QeIZk4G9lIPF03IefO5rISNbjy9CB6bftqN49TU4FrqVcil7Ge8cU4x/VwIDAQAB
Validating Signature
result = fail
Details: body has been altered
<<
hms latest errorlog is 2 days old - I can't find anything for today and yesterday (Searching in C:\Program Files (x86)\hMailServer\Logs)
Last edited by LKNickname on 2017-11-14 02:19, edited 2 times in total.
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Same Test with Mail-Signature disabled:
>>
Public Key DNS Lookup
Building DNS Query for 1510446879.kneipentruppe._domainkey.kneipentruppe.de
Retrieved this publickey from DNS: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoDRa2tTmoqWt7fhiktA2ptHzNm4DvRYEXFpjxaTvUOwUHB5Hk4h0+j0KTo7rEl1qKQapw7LWjsFEycnadSpaRTSMCEO/9GHFFPYAlbvV7uBwnvQB2QeIZk4G9lIPF03IefO5rISNbjy9CB6bftqN49TU4FrqVcil7Ge8cU4x/VwIDAQAB
Validating Signature
result = pass
Details:
<<
>>
Public Key DNS Lookup
Building DNS Query for 1510446879.kneipentruppe._domainkey.kneipentruppe.de
Retrieved this publickey from DNS: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoDRa2tTmoqWt7fhiktA2ptHzNm4DvRYEXFpjxaTvUOwUHB5Hk4h0+j0KTo7rEl1qKQapw7LWjsFEycnadSpaRTSMCEO/9GHFFPYAlbvV7uBwnvQB2QeIZk4G9lIPF03IefO5rISNbjy9CB6bftqN49TU4FrqVcil7Ge8cU4x/VwIDAQAB
Validating Signature
result = pass
Details:
<<
Re: Account signatures trigger DKIM to fail
Also, I just tested http://dkimvalidator.com and I got a pass with a Domain level HTML Signature and domain level plain text signature
Are you using HTML or plaintext signatures, are you testing both account and domain level?
I normally don't have any account level signatures, although I normally do use domain level signatures
Are you using HTML or plaintext signatures, are you testing both account and domain level?
I normally don't have any account level signatures, although I normally do use domain level signatures
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
I am normally using both levels with html only.
A domain level default one if none is specified in sender's account.
And an account-level "personal" signature.
However: Neither domain nor account-level can be used without DKIM failing.
I tried using both, only account or domain or none.
DKIM signing only works properly when I am using no signature at all.
To me it seems that the signature get's added to the body after DKIM-signing the mail. However that makes no sense at all because I am not signing in my webmail and it worked quite well a few months ago.
Only things that changed was the migration of the DNS over to cloudflare and the migration of Active-Directory Account funcionality.
Could either one of them trigger DKIM to fail? Maybe a wrong Cloudflare DNS-routing?
That's the only thing I could think of right now but (as far as I understand it) DKIM signing happens on Mailserverlevel doesn't it?
So the only thing that happens on DNS level is the validation of the public key after the mail is signed, isn't it?
A domain level default one if none is specified in sender's account.
And an account-level "personal" signature.
However: Neither domain nor account-level can be used without DKIM failing.
I tried using both, only account or domain or none.
DKIM signing only works properly when I am using no signature at all.
To me it seems that the signature get's added to the body after DKIM-signing the mail. However that makes no sense at all because I am not signing in my webmail and it worked quite well a few months ago.
Only things that changed was the migration of the DNS over to cloudflare and the migration of Active-Directory Account funcionality.
Could either one of them trigger DKIM to fail? Maybe a wrong Cloudflare DNS-routing?
That's the only thing I could think of right now but (as far as I understand it) DKIM signing happens on Mailserverlevel doesn't it?
So the only thing that happens on DNS level is the validation of the public key after the mail is signed, isn't it?
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
Maybe those DNS servers are not using the correct public DKIM key or are seeing an old or incorrect one. ie, So the key they find is used to generate the current email contents and makes an signature string which the rest of the worlds servers wont match with because they decipher using and incorrect keyLKNickname wrote:Only things that changed was the migration of the DNS over to cloudflare and the migration of Active-Directory Account funcionality.
IOW: regenerate your private and public key. Also check that the public key stored on the DNS records is in correct format (BIND-based dnsservers are particularly tricky). Reference: viewtopic.php?f=21&t=29402
BTW (unrelated): you have a DNSBL listed in your setup that is incorrect:
Code: Select all
2.0.0.127.b.barracudacentral.org Score: 3 Result: 127.0.0.2
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Hey, thx for your advice.
I deleted all DKIM-Settings withing hmail and removed the DNS entry completely.
After that I generated an new DKIM-Record and configured it in hmail and my DNS.
However: Exactly the same behaviour as before...
No Mail-Signature -> DKIM pass
Mail Signature -> DKIM fail "altered body"
I verified that the new record get's displayed correctly and (as far as I see) everything is fine.
The DKIM-Signing keeps failing when using a Mail- or Domain-Level Text-/HTML-Signature - No Text-/HTML-Signature and everything is fine...
I deleted all DKIM-Settings withing hmail and removed the DNS entry completely.
After that I generated an new DKIM-Record and configured it in hmail and my DNS.
However: Exactly the same behaviour as before...
No Mail-Signature -> DKIM pass
Mail Signature -> DKIM fail "altered body"
I verified that the new record get's displayed correctly and (as far as I see) everything is fine.
The DKIM-Signing keeps failing when using a Mail- or Domain-Level Text-/HTML-Signature - No Text-/HTML-Signature and everything is fine...
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Maybe something is broken within the signature?
However...it looks fine pasted into a HTML-Editor like https://htmledit.squarefree.com/
Code: Select all
<table>
<tbody>
<tr>
<td style="padding: 0 8px 0 0;" valign="top"><img style="height: 120px;" src="https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png" /></td>
<td style="font-size: 80%; font-family: Arial; border-left: 3px solid; border-color: #f8941c; padding: 0 0 0 8px;" valign="top">
<div style="font-size: 1.2em;">Kneipentruppe-Team</div>
<div style="font-size: 0.9em;">Kneipentruppe - DEIN Multigamingclan</div>
<div style="line-height: 1em; font-size: 1em;"> </div>
<div><span style="font-size: 0.9em; color: #ababab;">w: </span><a style="color: #000000; text-decoration: none; font-size: 0.9em;" href="https://www.kneipentruppe.de" target="_blank" rel="noopener">www.kneipentruppe.de</a> <span style="font-size: 0.9em; color: #ababab;">e: </span><a style="font-size: 0.9em; color: #000000; text-decoration: none;" href="mailto:info@kneipentruppe.de" target="_blank" rel="noopener">info@kneipentruppe.de</a> </div>
<div style="line-height: 1em; font-size: 1em;"> </div>
<div><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://facebook.com/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://twitter.com/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://youtube.com/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://steamcommunity.com/groups/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://kneipentruppe.de" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span></div>
</td>
</tr>
</tbody>
</table>
<div style="line-height: 10px; font-size: 10px;"> </div>
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
UPDATE: Funny enough....if i am using a hms HTML-Signature (no plaintext) like "test 123" without any HTML formatting, DKIM passes. If I am using this as plaintext it works too.
I think it's a problem within the signature itself
I think it's a problem within the signature itself
Re: Account signatures trigger DKIM to fail
My signatures have to be in <body> tags for them to work
Try putting the <body> ... </body> tags around your html and see if that makes a difference
It may also be the external image...
ALSO, does this still happen when you use Thunderbird or another email client, or does this ONLY happen with roundcube
Try putting the <body> ... </body> tags around your html and see if that makes a difference
It may also be the external image...
ALSO, does this still happen when you use Thunderbird or another email client, or does this ONLY happen with roundcube
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
It seems to have something to do with the length...
works perfectly....however if I copy the last Block:
and append it (speaking of copy&pasting the Block right after the </a>-Tag of the last Block) on the HTML-Code...it suddenly fails.
The Code on top is 175 Chars long....is there any sort of character limit (prob. 200 Chars) within hms that I am unaware of?
I'll test with Thunderbird and update you afterwards
Code: Select all
<table style="background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing="0" cellpadding="0" border="0">
<tbody><tr><td style="padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign="top"><img id="preview-image-url" src="https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style="padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style="background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing="0" cellpadding="0" border="0">
<tbody><tr><td colspan="2" style="padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Lars Klein</td></tr>
<tr><td colspan="2" style="color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangründer & Clanleitung</span></td></tr>
<tr><td colspan="2" style="color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style="vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width="20" valign="top">w:</td><td style="vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign="top"><a href="https://kneipentruppe.de" style=" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a> <span style="color: #f8941c;">e: </span><a href="mailto:lknickname@kneipentruppe.de" style="color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan="2" style="padding-top: 5px;"><a href="https://facebook.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width="24" height="24"></a> <a href="https://twitter.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width="24" height="24"></a> <a href="https://twitter.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width="24" height="24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
Code: Select all
<a href="https://twitter.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width="24" height="24"></a>
The Code on top is 175 Chars long....is there any sort of character limit (prob. 200 Chars) within hms that I am unaware of?
I'll test with Thunderbird and update you afterwards
Re: Account signatures trigger DKIM to fail
If I copy mine to notepad++ and view summary it shows
Characters (without blanks): 2379
Words: 390
Lines: 11
Current document length: 2399
2379 selected characters (2399 bytes) in 1 range
My longest line has 520 characters in it, I have at least three over 450 characters
perhaps it is the word '!important' in your last line
Characters (without blanks): 2379
Words: 390
Lines: 11
Current document length: 2399
2379 selected characters (2399 bytes) in 1 range
My longest line has 520 characters in it, I have at least three over 450 characters
perhaps it is the word '!important' in your last line
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Sorry I forgot to mention that: Putting them into <body>-Tags did not make any difference - Exactly the same behaviour as mentioned above
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Eliminating the "!important"-Tags did not make any difference.
Using Thunderbird everything worked perfectly so I am guessing It's an error with the way the webmail handels it itself?
I tried "Afterlogic Webmail Lite" AND "Rainloop"-Webmail so far, both with the exact same problem. Any guesses on how to handle this?
UPDATE: Thunderbird does'nt seem to apply the signature at all though, report says:
Here is the record from Rainloop
Using Thunderbird everything worked perfectly so I am guessing It's an error with the way the webmail handels it itself?
I tried "Afterlogic Webmail Lite" AND "Rainloop"-Webmail so far, both with the exact same problem. Any guesses on how to handle this?
UPDATE: Thunderbird does'nt seem to apply the signature at all though, report says:
Code: Select all
Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id C1DC320077E
for <e0WDDBnRt17ZTR@dkimvalidator.com>; Wed, 15 Nov 2017 08:06:25 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=oKRkg/aHvtofLrmkfuIroyQ9EWhqrilvJWlNrtmOmQyXjxzJdlOVpCrfW1DhM37gjaCGzRkrdqf4zJsWSRem25lCCeglKY0D1Ukb3e5GvKQl33Nl4HHoRhKo3YDzz2vKAONsEUBHd2bwfvPZQNzttkatIwP/E43IhjP02445b58=
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
; Wed, 15 Nov 2017 09:06:24 +0100
To: e0WDDBnRt17ZTR@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: test
Message-ID: <06e0e938-d06c-ac2b-3021-1881734df6c9@kneipentruppe.de>
Date: Wed, 15 Nov 2017 09:06:22 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
test
Here is the record from Rainloop
Code: Select all
Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
by relay-4.us-west-2.relay-prod (Postfix) with ESMTPS id 8432B160923
for <MyyQRnveLeS0BY@dkimvalidator.com>; Wed, 15 Nov 2017 08:32:25 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
bh=RlZUHaH+Oa44UMohhFV2hngYtiZhNrPneam6jpABWR4=;
b=lf50zCeBXz7fWP/rOpGCnnKhhsuvCqBKN7tRHs2f6UVaWIn7nc2cZbMXOkAn+hBlOaoXHT7fbLSbBUhSwyXS1LnC9KknPhkw7bTBSLo9Uso5MmiCeT0kASqJ55HL3Tz2cwfPxW/B7LgstfceVuO6OJ1aS081QH0Dw1qiHjA/YFw=
Received: from clanleitung.kneipentruppe.de (rs002432.KNTR.local [213.202.247.178]) by
mail.kneipentruppe.de with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Wed, 15 Nov 2017 09:32:23 +0100
Mime-Version: 1.0
Date: Wed, 15 Nov 2017 08:32:23 +0000
Content-Type: multipart/alternative; boundary="--=_RainLoop_858_920792391.1510734743"
X-Mailer: RainLoop/1.11.3
From: lknickname@kneipentruppe.de
Message-ID: <52cddc3045f60388672ca03d0b19420e@kneipentruppe.de>
Subject: test
To: MyyQRnveLeS0BY@dkimvalidator.com
----=_RainLoop_858_920792391.1510734743
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
test
----=_RainLoop_858_920792391.1510734743
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;">test<br><br><signature></signature> </div></body></html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a> <span style=3D"color: #f8941c;">e: </span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a> <a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
sp; <a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a> <a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
----=_RainLoop_858_920792391.1510734743--
Re: Account signatures trigger DKIM to fail
Adding a signature within hMailserver should be completely independent from the mail client...
To be certain, are you sending mail from a local account, to an external account, where the external account is NOT hosted on your hMailserver
To be certain, are you sending mail from a local account, to an external account, where the external account is NOT hosted on your hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Yes, it is used as a normal mailserver for our online-community.
Some Mails are internal->internal, some are internal<->external (send to or received from @gmail, @yahoo etc.)
Some Mails are internal->internal, some are internal<->external (send to or received from @gmail, @yahoo etc.)
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
run this, lets see if there is something obvious: viewtopic.php?f=20&t=30914
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Account signatures trigger DKIM to fail
And which ones are you checking for DKIM signatures?LKNickname wrote:Some Mails are internal->internal, some are internal<->external (send to or received from @gmail, @yahoo etc.)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
I am sending from my hms accounts example@mydomain.com to let's say anotherexample@gmail.com.mattg wrote:And which ones are you checking for DKIM signatures?LKNickname wrote:Some Mails are internal->internal, some are internal<->external (send to or received from @gmail, @yahoo etc.)
And I am checking (through the DMARC Reports) if the mail I sent is correctly signed and thus accepted by anotherexample@gmail.com.
So I am checking internal->external
Last edited by LKNickname on 2017-11-15 13:34, edited 1 time in total.
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
[code]2017-11-15 Hmailserver: 5.6.7-B2420jimimaseye wrote:run this, lets see if there is something obvious: viewtopic.php?f=20&t=30914
DOMAINS
"Domain1.com" - knxxxxxxxxxxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\bin\dkim.Domain1.com.pem
Selector: 1510654003.kneipentruppe
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 213.202.247.178 - 213.202.247.178 Priority: 21 Name: Webmail
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
!! Warning: DEFAULT DOMAIN is SET !! - "Domain1.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 5 (0,08 hours, 0,00 days)
Minutes to Autoban: 30 (0,50 hours, 0,02 days)
There is a total of 2 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind: 213.202.247.178
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 100 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
No. Connections: 0
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: True Verify DKIM: True - 5
Subject Text: "[SPAM]"
Spam delete threshold: 10 Maximum message size: 1024
DNSBL ENTRIES:
zen.spamhaus.org Score: 3 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
dnsbl.sorbs.net Score: 3 Result: 127.0.0.2-5|127.0.0.7-14
spam.dnsbl.sorbs.net Score: 3 Result: 127.0.0.6
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: False
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : False
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Optional
0.0.0.0 / 110 / POP3 - StartTLS Required
0.0.0.0 / 143 / IMAP - StartTLS Required
0.0.0.0 / 465 / SMTP - SSL/TLS
0.0.0.0 / 587 / SMTP - StartTLS Required
0.0.0.0 / 993 / IMAP - SSL/TLS
0.0.0.0 / 995 / POP3 - SSL/TLS
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: False
Paths:-
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-11-15.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL Compact
IPv6 support is available in operating system.
Backup directory C:\BACKUP\hmail is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------
[/code]Generated by HMSSettingsDiagnostics v1.84, Hmailserver Forum.
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
As a means of testing: try disabling DKIM signing completely. Then send a test email from the WEBMAIL and send an identical email from Thunderbird
The post the source so we can compare the structure of the emials as they appear with signing.
Then re-enable DKIM signing and do the same thing again
The post the source so we can compare the structure of the emials as they appear with signing.
Then re-enable DKIM signing and do the same thing again
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
DKIM disabled - Webmail - HTML-Signature in hmail enabled
DKIM RESULT: This message does not contain a DKIM Signature
####################################################
DKIM enabled - Webmail - HTML-Signature in hmail enabled
DKIM RESULT: fail - Details: body has been altered
####################################################
DKIM disabled - Thunderbird - HTML-Signature in hmail enabled
DKIM RESULT: This message does not contain a DKIM Signature
####################################################
DKIM enabled - Thunderbird - HTML-Signature in hmail enabled
DKIM RESULT: pass - Details: none
Code: Select all
Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
by relay-5.us-west-2.relay-prod (Postfix) with ESMTPS id 9C39D609B3
for <qgsDikpCM96y3F@dkimvalidator.com>; Wed, 15 Nov 2017 14:43:50 +0000 (UTC)
Received: from clanleitung.kneipentruppe.de (rs002432.KNTR.local [213.202.247.178]) by
mail.kneipentruppe.de with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Wed, 15 Nov 2017 15:43:49 +0100
Mime-Version: 1.0
Date: Wed, 15 Nov 2017 14:43:49 +0000
Content-Type: multipart/alternative; boundary="--=_RainLoop_901_190273969.1510757029"
X-Mailer: RainLoop/1.11.3
From: lknickname@kneipentruppe.de
Message-ID: <1563d4146cc07a267b378f2d138853c0@kneipentruppe.de>
Subject: NO DKIM - WEBMAIL - HTML SIGNATURE
To: qgsDikpCM96y3F@dkimvalidator.com
----=_RainLoop_901_190273969.1510757029
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
NO DKIM - WEBMAIL - HTML SIGNATURE
----=_RainLoop_901_190273969.1510757029
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;"> <br>NO DKIM - WEBMAIL - HTML SIGNATURE<br><signature></signature> </div></body></html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a> <span style=3D"color: #f8941c;">e: </span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a> <a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
sp; <a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a> <a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
----=_RainLoop_901_190273969.1510757029--
####################################################
DKIM enabled - Webmail - HTML-Signature in hmail enabled
Code: Select all
Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id 0ED1C2008ED
for <eUmrfVnuztDUDo@dkimvalidator.com>; Wed, 15 Nov 2017 14:44:40 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
bh=ESnBikMjtk+piKB7iozi6LF+mt7x8J+Z/Jq4Q9N8xDU=;
b=ZQ5HARHi0Co0/5Ai/MlgSqmgjMozlLvT8lge0CzJDP7P5TAFzV92uePNWX4cFc3Sj37Y82eB/Jw8Mq6GarFPF3pbdyCukj3cGSs/tUd42kA9CTkwpsMZjtrO+YyJPOFLoKjldHWcKMJEbG1OO5Zjucg481Ej2MDeHpo0ORgOM48=
Received: from clanleitung.kneipentruppe.de (rs002432.KNTR.local [213.202.247.178]) by
mail.kneipentruppe.de with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128) ; Wed, 15 Nov 2017 15:44:39 +0100
Mime-Version: 1.0
Date: Wed, 15 Nov 2017 14:44:39 +0000
Content-Type: multipart/alternative; boundary="--=_RainLoop_193_743105665.1510757079"
X-Mailer: RainLoop/1.11.3
From: lknickname@kneipentruppe.de
Message-ID: <04d10d83c7fc28780785aea03f64b85e@kneipentruppe.de>
Subject: DKIM - WEBMAIL - HTML SIGNATURE
To: eUmrfVnuztDUDo@dkimvalidator.com
----=_RainLoop_193_743105665.1510757079
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
DKIM - WEBMAIL - HTML SIGNATURE
----=_RainLoop_193_743105665.1510757079
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;">DKIM - WEBMAIL - HTML SIGNATURE</div></body></html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a> <span style=3D"color: #f8941c;">e: </span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a> <a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
sp; <a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a> <a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
----=_RainLoop_193_743105665.1510757079--
####################################################
DKIM disabled - Thunderbird - HTML-Signature in hmail enabled
Code: Select all
Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id B2FEB200BAF
for <RXMF1aLfKk0uJM@dkimvalidator.com>; Wed, 15 Nov 2017 14:47:55 +0000 (UTC)
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
; Wed, 15 Nov 2017 15:47:54 +0100
To: RXMF1aLfKk0uJM@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: NO DKIM - THUNDERBIRD - HTML SIGNATURE
Message-ID: <d4547dda-9e48-b4cc-0264-28c798dddc56@kneipentruppe.de>
Date: Wed, 15 Nov 2017 15:47:54 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
NO DKIM - THUNDERBIRD - HTML SIGNATURE
####################################################
DKIM enabled - Thunderbird - HTML-Signature in hmail enabled
Code: Select all
Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
by relay-1.us-west-2.relay-prod (Postfix) with ESMTPS id 5C438E02EA
for <Ekn4kfkK8KLdww@dkimvalidator.com>; Wed, 15 Nov 2017 14:46:28 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=1fRFfP41cllo39X7iACJ5+QGEkqKYA0IRbYozrBZv/s=;
b=bmfEIu1sKrFTSpHyxsRHxEhqeXIRXw/bmdv5SD/IWQkDXKiRyb6JeF5TJP0OvA4FFtRKBnD4KdscEjRbI2umnAaBbxFbTqiuuf/SBNt0KbgUoQmd1fUma2jcLKZ2LIn17fWd30j85StncegCgZYgJzn9XNrK0UaN5LrzpMdlplw=
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
; Wed, 15 Nov 2017 15:46:26 +0100
To: Ekn4kfkK8KLdww@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: DKIM - THUNDERBIRD - HTML SIGNATURE
Message-ID: <df595197-72d2-cc80-9e74-46d04da45544@kneipentruppe.de>
Date: Wed, 15 Nov 2017 15:46:26 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
DKIM - THUNDERBIRD - HTML SIGNATURE
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
Observations:
DKIM from Thunderbird
DKIM From WEBMAIL
Also, unfortunately your examples are not complete like for like. Your "DKIM enabled - Thunderbird - HTML-Signature in hmail enabled" code is a plain text email without any html signature ("Content-Type: text/plain;") - unless, of course, you havent pasted the full contents of tha particular email. Can you try that one again so we can do a true compare?
DKIM from Thunderbird
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=1fRFfP41cllo39X7iACJ5+QGEkqKYA0IRbYozrBZv/s=;
DKIM From WEBMAIL
Note the 'Content-Transfer-Encoding' is not selected.dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
bh=ESnBikMjtk+piKB7iozi6LF+mt7x8J+Z/Jq4Q9N8xDU=;
Also, unfortunately your examples are not complete like for like. Your "DKIM enabled - Thunderbird - HTML-Signature in hmail enabled" code is a plain text email without any html signature ("Content-Type: text/plain;") - unless, of course, you havent pasted the full contents of tha particular email. Can you try that one again so we can do a true compare?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Thunderbird seems to ignore the hmail setting, tested twice now without thunderbird appling the signature to the mail at all.
Besided that: "Content-Transfer-Encoding" is missing ok, where do I have to search then?
Besided that: "Content-Transfer-Encoding" is missing ok, where do I have to search then?
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
Note that it is the COMPOSE format of the email that determines the type of signature thats applied.LKNickname wrote:Thunderbird seems to ignore the hmail setting, tested twice now without thunderbird appling the signature to the mail at all.
ie, in thunderbird, if you com[pose PLAIN TEXT emails, then it will only apply a plain text signature. If you compose a RICH TEXT email (bold italics, et al) then the HTML signature will be applied.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Oh, ok well that's nice to knowjimimaseye wrote:Note that it is the COMPOSE format of the email that determines the type of signature thats applied.LKNickname wrote:Thunderbird seems to ignore the hmail setting, tested twice now without thunderbird appling the signature to the mail at all.
ie, in thunderbird, if you com[pose PLAIN TEXT emails, then it will only apply a plain text signature. If you compose a RICH TEXT email (bold italics, et al) then the HTML signature will be applied.
Now the HTML-Signature gets applied correctly, however DKIM is now failing in Thunderbird too (bc. of the signature being added now ofc)
DKIM enabled - THUNDERBIRD - HTML-Signature enabled
-> Result: fail - Details: body has been altered
Code: Select all
Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
by relay-5.us-west-2.relay-prod (Postfix) with ESMTPS id BEB9860A2D
for <soFg4HZ2BGgl2B@dkimvalidator.com>; Wed, 15 Nov 2017 19:53:49 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=QBzcCxYHOPSTePcbiw2BdrDAwf5Hiwp+hWrkAJp7Yvk=;
b=knUTYj11oZZFXG6/t0qAkHYDTRiLq6DabhyweZSa+E/nEEZbz6i7mziR+vqqhoPojIivj6Ve0E4+kzLtUTZhJV3GzmnhXoi5PDzEQksgMwFJYS/hWkPcC1JXEP88i/wJmm0OnwWF/Sns/doMlzBx/RcfDbfV+lVOrX2TYeuv0zQ=
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
; Wed, 15 Nov 2017 20:53:47 +0100
To: soFg4HZ2BGgl2B@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: test
Message-ID: <9875eae8-db6e-b4a5-97ae-ae39d8a0206f@kneipentruppe.de>
Date: Wed, 15 Nov 2017 20:53:47 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf-8">
</head>
<body text=3D"#000000" bgcolor=3D"#FFFFFF">
<p>test<br>
</p>
</body>
</html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a> <span style=3D"color: #f8941c;">e: </span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a> <a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
sp; <a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a> <a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
In a way that is a result.
I just tested using YOUR signature: with your signature as a DOMAIN signature, an email sent by thunderbird does DKIM sign correctly. That is a different result to you. (Nice image, by the way).
[code]
Authentication-Results: mta1004.mail.ne1.yahoo.net from=mydomain.net; domainkeys=neutral (no sig); from=mydomain.net; dkim=pass (ok)
Received: from mydomain.net (Unknown [192.168.0.200]) by jim.com with
ESMTP ; Wed, 15 Nov 2017 20:07:30 +0000
dkim-signature: v=1; a=rsa-sha256; d=mydomain.net; s=dkim; c=relaxed/relaxed; q=dns/txt;
h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type; bh=wmoGlvuXcyJGndUUJfLIHAV563RlxeabVCP4LJ2hI1E=;
b=Ck/ysckIvr3dlzwjdmZg2r7W0O7hxDL8/GJ8pdKm3LtTGfOYPQSM7hTTSRWG6qk+b3PHgQ58mNo//uoa5xlJQ7bQf+4pz0H1q0zLI4lFOrt4niaGO170Y+RuXvC71rAeFhetvknneZ/84yjOQ0cJdndGMCD4pSxYZAF5patuJy8=
Received: from [192.168.0.200] (mailserver [192.168.0.200]) by mydomain.net with
ESMTPA ; Wed, 15 Nov 2017 20:07:31 +0000
From: mydomain Sales <sylvester@mydomain.net>
Subject: [SPAM] test2
To: grumbler <user1@jim.com>
Message-ID: <5A0C9E83.4010900@mydomain.net>
Date: Wed, 15 Nov 2017 20:07:31 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------000301070001080407000804"
This is a multi-part message in MIME format.
--------------000301070001080407000804
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
--------------000301070001080407000804
Content-Type: multipart/related; boundary="------------050808080506070009010401"
--------------050808080506070009010401
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<br/>
<br><br><table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/upl ... .png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Lars Klein</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a> <span style=3D"color: #f8941c;">e: </span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... cebook.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... witter.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... witter.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
--------------000301070001080407000804--
[/code]
Its definitely something to do with our setup somehow.
I just tested using YOUR signature: with your signature as a DOMAIN signature, an email sent by thunderbird does DKIM sign correctly. That is a different result to you. (Nice image, by the way).
[code]
Authentication-Results: mta1004.mail.ne1.yahoo.net from=mydomain.net; domainkeys=neutral (no sig); from=mydomain.net; dkim=pass (ok)
Received: from mydomain.net (Unknown [192.168.0.200]) by jim.com with
ESMTP ; Wed, 15 Nov 2017 20:07:30 +0000
dkim-signature: v=1; a=rsa-sha256; d=mydomain.net; s=dkim; c=relaxed/relaxed; q=dns/txt;
h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type; bh=wmoGlvuXcyJGndUUJfLIHAV563RlxeabVCP4LJ2hI1E=;
b=Ck/ysckIvr3dlzwjdmZg2r7W0O7hxDL8/GJ8pdKm3LtTGfOYPQSM7hTTSRWG6qk+b3PHgQ58mNo//uoa5xlJQ7bQf+4pz0H1q0zLI4lFOrt4niaGO170Y+RuXvC71rAeFhetvknneZ/84yjOQ0cJdndGMCD4pSxYZAF5patuJy8=
Received: from [192.168.0.200] (mailserver [192.168.0.200]) by mydomain.net with
ESMTPA ; Wed, 15 Nov 2017 20:07:31 +0000
From: mydomain Sales <sylvester@mydomain.net>
Subject: [SPAM] test2
To: grumbler <user1@jim.com>
Message-ID: <5A0C9E83.4010900@mydomain.net>
Date: Wed, 15 Nov 2017 20:07:31 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------000301070001080407000804"
This is a multi-part message in MIME format.
--------------000301070001080407000804
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
--------------000301070001080407000804
Content-Type: multipart/related; boundary="------------050808080506070009010401"
--------------050808080506070009010401
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<br/>
<br><br><table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/upl ... .png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Lars Klein</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a> <span style=3D"color: #f8941c;">e: </span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... cebook.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... witter.png" width=3D"24" height=3D"24"></a> <a href=3D"https://twitter.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... witter.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
--------------000301070001080407000804--
[/code]
Its definitely something to do with our setup somehow.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
AN IDEA: Dont rely on the DKIM Validator that you are using. Send an email to an address like Yahoo or Gmail (that will display their own DKIM results in the headers). I say this because I have proven in the past that where one provider may pass another provider can fail it. (Trust me I have the evidence and its somewhere in here if you care to read: viewtopic.php?f=21&t=29402)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
Just lol....tested WEBMAIL and THUNDERBIRD with the exact same signature and it passes for gmail...what the actual fuck?
I mean why??? JUST WHY???
Well nvm. case closed then...but I do have a bad feeling about this for it was working in the tester as well when using a shorter signature....really strange
I mean why??? JUST WHY???
Well nvm. case closed then...but I do have a bad feeling about this for it was working in the tester as well when using a shorter signature....really strange
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
I guess Ive just earned my money then.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Account signatures trigger DKIM to fail
So it's the validator that doesn't like something in the hmailserver HTML signature at times - that is weird beyond belief
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Account signatures trigger DKIM to fail
Could be that html signature are added after body and html tags are closed.
Then it's not valid html code and maybe that's what it complain about.
The html signature maybe should be add before body tag is closed </body>.
Then it's not valid html code and maybe that's what it complain about.
Code: Select all
<html>
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf-8">
</head>
<body text=3D"#000000" bgcolor=3D"#FFFFFF">
<p>test<br>
</p>
</body>
</html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
...
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
Tunis, we have concluded that it is not failing - it is just that particular website that is complaining. Gmail etc are happy with the body element and the signature. Also its the same signature in all cases - both with thunderbird and roundcube.
So no.
So no.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Account signatures trigger DKIM to fail
I no it's not failing I only give a explanation why that particular website is complaining.jimimaseye wrote:Tunis, we have concluded that it is not failing - it is just that particular website that is complaining. Gmail etc are happy with the body element and the signature. Also its the same signature in all cases - both with thunderbird and roundcube.
So no.
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
I figured it out by the way and it is kinda weird:
My HTML-Signature included some lines ending with a "LF" (\n = Linefeed) and some ended with "CRLF" (\n\r = Carriagereturn Linefeed).
Basically what happens is the following:
> You have some lines ending with LF and some with CRLF = It is unsure if DKIM will fail or pass, depents hardly on the mailserver on the other side
> All your lines end with LF = DKIM will fail quite often, however, some Mailservers will display DKIM as neutral bc. they can't read the DKIM-Signature, however DKIM will never pass
> All your Lines end with CRLF = DKIM will pass almost everytime. Don't include lines that are too long (Begin a new line after a closing tag if possible) and everything is fine
Be careful though for CRLF and LF get inserted when hitting Return depending on the formatting of your Text- or HTML-Editor.
Best practice would be opening up your Signature in Notepad++ and then go to "Search & Replace" and Search for "\n" and replace with "\n\r" (Searchmode has to be "Extended")
By replacing the Linefeeds with CRLF's I got the (otherways exactly) same signature working in the DKIM Validator AND Gmail - (tested with Thunderbird and Webmail).
My HTML-Signature included some lines ending with a "LF" (\n = Linefeed) and some ended with "CRLF" (\n\r = Carriagereturn Linefeed).
Basically what happens is the following:
> You have some lines ending with LF and some with CRLF = It is unsure if DKIM will fail or pass, depents hardly on the mailserver on the other side
> All your lines end with LF = DKIM will fail quite often, however, some Mailservers will display DKIM as neutral bc. they can't read the DKIM-Signature, however DKIM will never pass
> All your Lines end with CRLF = DKIM will pass almost everytime. Don't include lines that are too long (Begin a new line after a closing tag if possible) and everything is fine
Be careful though for CRLF and LF get inserted when hitting Return depending on the formatting of your Text- or HTML-Editor.
Best practice would be opening up your Signature in Notepad++ and then go to "Search & Replace" and Search for "\n" and replace with "\n\r" (Searchmode has to be "Extended")
By replacing the Linefeeds with CRLF's I got the (otherways exactly) same signature working in the DKIM Validator AND Gmail - (tested with Thunderbird and Webmail).
Re: Account signatures trigger DKIM to fail
Well that is good to know
Thanks for the post back
Thanks for the post back
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 22
- Joined: 2017-11-13 22:03
Re: Account signatures trigger DKIM to fail
No problem...I am just relieved that it is working as expected nowmattg wrote:Well that is good to know
Thanks for the post back
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: Account signatures trigger DKIM to fail
I have added your case (by link) as a note of caution to others in my EASY DKIM CREATION how to. Thanks for sharing.LKNickname wrote:I figured it out by the way and it is kinda weird:
My HTML-Signature included some lines ending with a "LF" (\n = Linefeed) and some ended with "CRLF" (\n\r = Carriagereturn Linefeed).
Basically what happens is the following:
> You have some lines ending with LF and some with CRLF = It is unsure if DKIM will fail or pass, depents hardly on the mailserver on the other side
> All your lines end with LF = DKIM will fail quite often, however, some Mailservers will display DKIM as neutral bc. they can't read the DKIM-Signature, however DKIM will never pass
> All your Lines end with CRLF = DKIM will pass almost everytime. Don't include lines that are too long (Begin a new line after a closing tag if possible) and everything is fine
Be careful though for CRLF and LF get inserted when hitting Return depending on the formatting of your Text- or HTML-Editor.
Best practice would be opening up your Signature in Notepad++ and then go to "Search & Replace" and Search for "\n" and replace with "\n\r" (Searchmode has to be "Extended")
By replacing the Linefeeds with CRLF's I got the (otherways exactly) same signature working in the DKIM Validator AND Gmail - (tested with Thunderbird and Webmail).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Account signatures trigger DKIM to fail
I'm having the same signature issue. I have followed all the guidelines and am still getting the validation error by http://dkimvalidator.com
Code: Select all
Validating Signature
result = fail
Details: body has been altered
.
.
.
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
jimimaseye wrote: ↑2017-11-18 13:13I have added your case (by link) as a note of caution to others in my EASY DKIM CREATION how to. Thanks for sharing.LKNickname wrote:I figured it out by the way and it is kinda weird:
My HTML-Signature included some lines ending with a "LF" (\n = Linefeed) and some ended with "CRLF" (\n\r = Carriagereturn Linefeed).
Basically what happens is the following:
> You have some lines ending with LF and some with CRLF = It is unsure if DKIM will fail or pass, depents hardly on the mailserver on the other side
> All your lines end with LF = DKIM will fail quite often, however, some Mailservers will display DKIM as neutral bc. they can't read the DKIM-Signature, however DKIM will never pass
> All your Lines end with CRLF = DKIM will pass almost everytime. Don't include lines that are too long (Begin a new line after a closing tag if possible) and everything is fine
Be careful though for CRLF and LF get inserted when hitting Return depending on the formatting of your Text- or HTML-Editor.
Best practice would be opening up your Signature in Notepad++ and then go to "Search & Replace" and Search for "\n" and replace with "\n\r" (Searchmode has to be "Extended")
By replacing the Linefeeds with CRLF's I got the (otherways exactly) same signature working in the DKIM Validator AND Gmail - (tested with Thunderbird and Webmail).
Re: Account signatures trigger DKIM to fail
Do you antivirus on your system that is is 'inspecting' mail?
A hardware router / firewall / UTM device perhaps?
There are many things it could be after hmailserver adds the DKIM signature...
A hardware router / firewall / UTM device perhaps?
There are many things it could be after hmailserver adds the DKIM signature...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Account signatures trigger DKIM to fail
Apologies for reviving an old thread, but I am also having an issue with DKIM failing on emails sent via Rainloop webmail. Messages not sent through Rainloop are fine. Messages sent using plain text in Rainloop are fine. Messages sent using HTML (default) in Rainloop fail with gmail: "neutral (body hash did not verify)", dkimvalidator.com "body has been altered". I have no idea how long this has been happening.
Rainloop plain text message body (DKIM pass):
Rainloop HTML message body (DKIM fail):
Message path should be: Rainloop -> hMailServer -> SMTP Relayer -> Recipient
Any suggestions on what I can look at to determine why everything but Rainloop HTML passes, but Rainloop HTML fails?
Rainloop plain text message body (DKIM pass):
Code: Select all
test
Code: Select all
----=_RainLoop_986_167136428.1646157441
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
test
----=_RainLoop_986_167136428.1646157441
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"tex=
t/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=
=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;">test</=
div></body></html>
----=_RainLoop_986_167136428.1646157441--
Any suggestions on what I can look at to determine why everything but Rainloop HTML passes, but Rainloop HTML fails?