Account signatures trigger DKIM to fail

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-13 22:11

Hello,

I have a fully setup hMail Server using spf and DKIM to avoid that my mails are being marked as spam.
However I do have a strange problem:

When using Rainloop Webmail the DKIM keeps failing because of "altered body".

Funny enough this only happens when I enable either the Domain-Level Default-Signature or set a specific Account-Signature in hMail.
If no (HTML or Text) signature is added at all it works just fine and the DKIM passes perfectly.

However: As soon as I re-enable the account or domain-level signature in hMail the DKIM keeps failing again.

I tried switching to Afterlogic-Webmail but that did not do the trick, DKIM kept failing here as well.

Any ideas on this? Is this a bug or do I have to check a certain box or smth? :D

EDIT: Using Version 5.6.7 B2420 - Windows Server 2016
Last edited by LKNickname on 2017-11-13 22:35, edited 1 time in total.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-13 22:17

To be clear are you dkim signing by hms? Or is the dkim signature being applied by your webmail?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-13 22:20

Thx for your quick response :)
I am signing through hms

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-14 00:42

It doesnt make sense.

Can you run this and post the results please: viewtopic.php?f=20&t=30914
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-14 01:00

ALSO, how do you know that it fails?

Where do you get an error?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 01:48

I noticed it by looking through the daily DMARC-Reports.
I ran a test on http://dkimvalidator.com/ afterwards to make sure it really is failing.

And after a while of trial and error I pinned down the Mail-Signatures to be causing the problem.
(Sidenote: I am using the Active-Directory Integration if thats helpful to know)

I'll run the Debugscript and update you shortly :)

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 01:51

[code]2017-11-14 Hmailserver: 5.6.7-B2420

DOMAINS

"Domain1.com" - knxxxxxxxxxxx.de Enabled: True

SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\bin\kntrdkim.key
Selector: 1510446879.kneipentruppe
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 213.202.247.178 - 213.202.247.178 Priority: 21 Name: Webmail

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False


IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False


IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False


!! Warning: DEFAULT DOMAIN is SET !! - "Domain1.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 5 (0,08 hours, 0,00 days)
Minutes to Autoban: 30 (0,50 hours, 0,02 days)

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------

MIRRORING Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind: 213.202.247.178
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 100 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.

POP3
No. Connections: 0

IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: True Verify DKIM: True - 5
Subject Text: "[SPAM]"
Spam delete threshold: 10 Maximum message size: 1024

DNSBL ENTRIES:
zen.spamhaus.org Score: 3 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
2.0.0.127.b.barracudacentral.org Score: 3 Result: 127.0.0.2
dnsbl.sorbs.net Score: 3 Result: 127.0.0.2-5|127.0.0.7-14
spam.dnsbl.sorbs.net Score: 3 Result: 127.0.0.6

SURBL ENTRIES:
multi.surbl.org Score: 3

GREYLISTING:
Greylisting: False

WHITELISTING
No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS: No application configured.

Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL/TLS
SSL 3.0 : True
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :

ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------

TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Required
0.0.0.0 / 110 / POP3 - StartTLS Required
0.0.0.0 / 143 / IMAP - StartTLS Required
0.0.0.0 / 465 / SMTP - SSL/TLS
0.0.0.0 / 587 / SMTP - StartTLS Required
0.0.0.0 / 993 / IMAP - SSL/TLS
0.0.0.0 / 995 / POP3 - SSL/TLS
-----------------------------------------------------------------------------------------------

LOGGING Logging Enabled: False

Paths:-
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-11-14.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL Compact

IPv6 support is available in operating system.

ERROR: Backup directory has not been specified.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events

[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------

[/code]
Generated by HMSSettingsDiagnostics v1.84, Hmailserver Forum.

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-14 02:05

What is in your error.log?

You shouldn't have port 25 as 'REQUIRE StartTLS', that should be 'Optional StartTLS'
I'd also de-select SSLv3.0 unless you have a reason to keep that - it is a compromised protocol (As is TLSv1.0 really, but many servers still use that including Facebook)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 02:14

Thx I fixed the points you mentioned :)

However DKIM still failing when enabling Mail-signature (sadly as expected)

>>
Public Key DNS Lookup

Building DNS Query for 1510446879.kneipentruppe._domainkey.kneipentruppe.de
Retrieved this publickey from DNS: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoDRa2tTmoqWt7fhiktA2ptHzNm4DvRYEXFpjxaTvUOwUHB5Hk4h0+j0KTo7rEl1qKQapw7LWjsFEycnadSpaRTSMCEO/9GHFFPYAlbvV7uBwnvQB2QeIZk4G9lIPF03IefO5rISNbjy9CB6bftqN49TU4FrqVcil7Ge8cU4x/VwIDAQAB
Validating Signature

result = fail
Details: body has been altered
<<

hms latest errorlog is 2 days old - I can't find anything for today and yesterday :( (Searching in C:\Program Files (x86)\hMailServer\Logs)
Last edited by LKNickname on 2017-11-14 02:19, edited 2 times in total.

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 02:17

Same Test with Mail-Signature disabled:
>>
Public Key DNS Lookup

Building DNS Query for 1510446879.kneipentruppe._domainkey.kneipentruppe.de
Retrieved this publickey from DNS: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoDRa2tTmoqWt7fhiktA2ptHzNm4DvRYEXFpjxaTvUOwUHB5Hk4h0+j0KTo7rEl1qKQapw7LWjsFEycnadSpaRTSMCEO/9GHFFPYAlbvV7uBwnvQB2QeIZk4G9lIPF03IefO5rISNbjy9CB6bftqN49TU4FrqVcil7Ge8cU4x/VwIDAQAB
Validating Signature

result = pass
Details:
<<

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-14 02:34

Also, I just tested http://dkimvalidator.com and I got a pass with a Domain level HTML Signature and domain level plain text signature

Are you using HTML or plaintext signatures, are you testing both account and domain level?

I normally don't have any account level signatures, although I normally do use domain level signatures
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 09:40

I am normally using both levels with html only.

A domain level default one if none is specified in sender's account.
And an account-level "personal" signature.

However: Neither domain nor account-level can be used without DKIM failing.
I tried using both, only account or domain or none.

DKIM signing only works properly when I am using no signature at all.

To me it seems that the signature get's added to the body after DKIM-signing the mail. However that makes no sense at all because I am not signing in my webmail and it worked quite well a few months ago.
Only things that changed was the migration of the DNS over to cloudflare and the migration of Active-Directory Account funcionality.

Could either one of them trigger DKIM to fail? Maybe a wrong Cloudflare DNS-routing?
That's the only thing I could think of right now but (as far as I understand it) DKIM signing happens on Mailserverlevel doesn't it?
So the only thing that happens on DNS level is the validation of the public key after the mail is signed, isn't it?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-14 09:55

LKNickname wrote:Only things that changed was the migration of the DNS over to cloudflare and the migration of Active-Directory Account funcionality.
Maybe those DNS servers are not using the correct public DKIM key or are seeing an old or incorrect one. ie, So the key they find is used to generate the current email contents and makes an signature string which the rest of the worlds servers wont match with because they decipher using and incorrect key

IOW: regenerate your private and public key. Also check that the public key stored on the DNS records is in correct format (BIND-based dnsservers are particularly tricky). Reference: viewtopic.php?f=21&t=29402

BTW (unrelated): you have a DNSBL listed in your setup that is incorrect:

Code: Select all

2.0.0.127.b.barracudacentral.org      Score: 3     Result: 127.0.0.2
That is ALWAYS going to fail because the final submitted string will be "98.67.45.23.2.0.0.127.b.barracudacentral.org" (where 23.45.67.98 is the tested address) and that is invalid.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 12:21

Hey, thx for your advice.

I deleted all DKIM-Settings withing hmail and removed the DNS entry completely.
After that I generated an new DKIM-Record and configured it in hmail and my DNS.

However: Exactly the same behaviour as before...
No Mail-Signature -> DKIM pass
Mail Signature -> DKIM fail "altered body"

I verified that the new record get's displayed correctly and (as far as I see) everything is fine.

The DKIM-Signing keeps failing when using a Mail- or Domain-Level Text-/HTML-Signature - No Text-/HTML-Signature and everything is fine...

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 12:34

Maybe something is broken within the signature?

Code: Select all

<table>
<tbody>
<tr>
<td style="padding: 0 8px 0 0;" valign="top"><img style="height: 120px;" src="https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png" /></td>
<td style="font-size: 80%; font-family: Arial; border-left: 3px solid; border-color: #f8941c; padding: 0 0 0 8px;" valign="top">
<div style="font-size: 1.2em;">Kneipentruppe-Team</div>

<div style="font-size: 0.9em;">Kneipentruppe - DEIN Multigamingclan</div>
<div style="line-height: 1em; font-size: 1em;">&nbsp;</div>
<div><span style="font-size: 0.9em; color: #ababab;">w:&nbsp;</span><a style="color: #000000; text-decoration: none; font-size: 0.9em;" href="https://www.kneipentruppe.de" target="_blank" rel="noopener">www.kneipentruppe.de</a>&nbsp;<span style="font-size: 0.9em; color: #ababab;">e:&nbsp;</span><a style="font-size: 0.9em; color: #000000; text-decoration: none;" href="mailto:info@kneipentruppe.de" target="_blank" rel="noopener">info@kneipentruppe.de</a>&nbsp;</div>
<div style="line-height: 1em; font-size: 1em;">&nbsp;</div>
<div><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://facebook.com/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://twitter.com/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://youtube.com/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://steamcommunity.com/groups/kneipentruppe" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span><a style="display: inline-block;" href="https://kneipentruppe.de" target="_blank" rel="noopener"><img src="https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" /></a><span style="display: inline-block; width: 3px; height: 3px; color: white; font-size: 16px;">.</span></div>
</td>
</tr>
</tbody>
</table>
<div style="line-height: 10px; font-size: 10px;">&nbsp;</div>
However...it looks fine pasted into a HTML-Editor like https://htmledit.squarefree.com/

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-14 13:08

UPDATE: Funny enough....if i am using a hms HTML-Signature (no plaintext) like "test 123" without any HTML formatting, DKIM passes. If I am using this as plaintext it works too.
I think it's a problem within the signature itself

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-15 00:53

My signatures have to be in <body> tags for them to work

Try putting the <body> ... </body> tags around your html and see if that makes a difference

It may also be the external image...

ALSO, does this still happen when you use Thunderbird or another email client, or does this ONLY happen with roundcube
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 09:08

It seems to have something to do with the length...

Code: Select all

<table style="background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing="0" cellpadding="0" border="0">
<tbody><tr><td style="padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign="top"><img id="preview-image-url" src="https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style="padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style="background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing="0" cellpadding="0" border="0">
<tbody><tr><td colspan="2" style="padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Lars Klein</td></tr>
<tr><td colspan="2" style="color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangründer & Clanleitung</span></td></tr>
<tr><td colspan="2" style="color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style="vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width="20" valign="top">w:</td><td style="vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign="top"><a href="https://kneipentruppe.de" style=" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a>&nbsp;&nbsp;<span style="color: #f8941c;">e:&nbsp;</span><a href="mailto:lknickname@kneipentruppe.de" style="color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan="2" style="padding-top: 5px;"><a href="https://facebook.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width="24" height="24"></a>&nbsp;&nbsp;<a href="https://twitter.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width="24" height="24"></a>&nbsp;&nbsp;<a href="https://twitter.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width="24" height="24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
works perfectly....however if I copy the last Block:

Code: Select all

&nbsp;&nbsp;<a href="https://twitter.com/kneipentruppe" style="border-width:0px; border:0px; text-decoration: none;"><img style="border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src="https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width="24" height="24"></a>
and append it (speaking of copy&pasting the Block right after the </a>-Tag of the last Block) on the HTML-Code...it suddenly fails.
The Code on top is 175 Chars long....is there any sort of character limit (prob. 200 Chars) within hms that I am unaware of? :shock:

I'll test with Thunderbird and update you afterwards

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-15 09:37

If I copy mine to notepad++ and view summary it shows


Characters (without blanks): 2379
Words: 390
Lines: 11
Current document length: 2399
2379 selected characters (2399 bytes) in 1 range

My longest line has 520 characters in it, I have at least three over 450 characters

perhaps it is the word '!important' in your last line
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 09:58

Sorry I forgot to mention that: Putting them into <body>-Tags did not make any difference - Exactly the same behaviour as mentioned above :(

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 10:40

Eliminating the "!important"-Tags did not make any difference.

Using Thunderbird everything worked perfectly so I am guessing It's an error with the way the webmail handels it itself?
I tried "Afterlogic Webmail Lite" AND "Rainloop"-Webmail so far, both with the exact same problem. Any guesses on how to handle this? :?

UPDATE: Thunderbird does'nt seem to apply the signature at all though, report says:

Code: Select all

Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
   by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id C1DC320077E
   for <e0WDDBnRt17ZTR@dkimvalidator.com>; Wed, 15 Nov 2017 08:06:25 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
   c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
   bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
   b=oKRkg/aHvtofLrmkfuIroyQ9EWhqrilvJWlNrtmOmQyXjxzJdlOVpCrfW1DhM37gjaCGzRkrdqf4zJsWSRem25lCCeglKY0D1Ukb3e5GvKQl33Nl4HHoRhKo3YDzz2vKAONsEUBHd2bwfvPZQNzttkatIwP/E43IhjP02445b58=
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
 with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
 ; Wed, 15 Nov 2017 09:06:24 +0100
To: e0WDDBnRt17ZTR@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: test
Message-ID: <06e0e938-d06c-ac2b-3021-1881734df6c9@kneipentruppe.de>
Date: Wed, 15 Nov 2017 09:06:22 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

test

Here is the record from Rainloop

Code: Select all

Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
   by relay-4.us-west-2.relay-prod (Postfix) with ESMTPS id 8432B160923
   for <MyyQRnveLeS0BY@dkimvalidator.com>; Wed, 15 Nov 2017 08:32:25 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
   c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
   bh=RlZUHaH+Oa44UMohhFV2hngYtiZhNrPneam6jpABWR4=;
   b=lf50zCeBXz7fWP/rOpGCnnKhhsuvCqBKN7tRHs2f6UVaWIn7nc2cZbMXOkAn+hBlOaoXHT7fbLSbBUhSwyXS1LnC9KknPhkw7bTBSLo9Uso5MmiCeT0kASqJ55HL3Tz2cwfPxW/B7LgstfceVuO6OJ1aS081QH0Dw1qiHjA/YFw=
Received: from clanleitung.kneipentruppe.de (rs002432.KNTR.local [213.202.247.178]) by
 mail.kneipentruppe.de with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
 bits=128) ; Wed, 15 Nov 2017 09:32:23 +0100
Mime-Version: 1.0
Date: Wed, 15 Nov 2017 08:32:23 +0000
Content-Type: multipart/alternative; boundary="--=_RainLoop_858_920792391.1510734743"
X-Mailer: RainLoop/1.11.3
From: lknickname@kneipentruppe.de
Message-ID: <52cddc3045f60388672ca03d0b19420e@kneipentruppe.de>
Subject: test
To: MyyQRnveLeS0BY@dkimvalidator.com


----=_RainLoop_858_920792391.1510734743
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

test


----=_RainLoop_858_920792391.1510734743
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;">test<br><br><signature></signature> </div></body></html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a>&nbsp;&nbsp;<span style=3D"color: #f8941c;">e:&nbsp;</span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
 sp;&nbsp;<a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
----=_RainLoop_858_920792391.1510734743--

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-15 10:59

Adding a signature within hMailserver should be completely independent from the mail client...

To be certain, are you sending mail from a local account, to an external account, where the external account is NOT hosted on your hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 12:01

Yes, it is used as a normal mailserver for our online-community.
Some Mails are internal->internal, some are internal<->external (send to or received from @gmail, @yahoo etc.)

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-15 12:12

run this, lets see if there is something obvious: viewtopic.php?f=20&t=30914
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-15 12:54

LKNickname wrote:Some Mails are internal->internal, some are internal<->external (send to or received from @gmail, @yahoo etc.)
And which ones are you checking for DKIM signatures?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 13:32

mattg wrote:
LKNickname wrote:Some Mails are internal->internal, some are internal<->external (send to or received from @gmail, @yahoo etc.)
And which ones are you checking for DKIM signatures?
I am sending from my hms accounts example@mydomain.com to let's say anotherexample@gmail.com.
And I am checking (through the DMARC Reports) if the mail I sent is correctly signed and thus accepted by anotherexample@gmail.com.

So I am checking internal->external
Last edited by LKNickname on 2017-11-15 13:34, edited 1 time in total.

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 13:33

jimimaseye wrote:run this, lets see if there is something obvious: viewtopic.php?f=20&t=30914
[code]2017-11-15 Hmailserver: 5.6.7-B2420

DOMAINS

"Domain1.com" - knxxxxxxxxxxx.de Enabled: True

SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\bin\dkim.Domain1.com.pem
Selector: 1510654003.kneipentruppe
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 213.202.247.178 - 213.202.247.178 Priority: 21 Name: Webmail

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False


IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False


IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False


!! Warning: DEFAULT DOMAIN is SET !! - "Domain1.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 5 (0,08 hours, 0,00 days)
Minutes to Autoban: 30 (0,50 hours, 0,02 days)

There is a total of 2 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------

MIRRORING Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind: 213.202.247.178
Host: EXTERNAL.TLD Empty sender: True Batch recipients: 10
Max Msg Size: 20480 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: False
Max number commands: 100 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.

POP3
No. Connections: 0

IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: False
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: True Verify DKIM: True - 5
Subject Text: "[SPAM]"
Spam delete threshold: 10 Maximum message size: 1024

DNSBL ENTRIES:
zen.spamhaus.org Score: 3 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
dnsbl.sorbs.net Score: 3 Result: 127.0.0.2-5|127.0.0.7-14
spam.dnsbl.sorbs.net Score: 3 Result: 127.0.0.6

SURBL ENTRIES:
multi.surbl.org Score: 3

GREYLISTING:
Greylisting: False

WHITELISTING
No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS: No application configured.

Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL/TLS
SSL 3.0 : False
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :

ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------

TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Optional
0.0.0.0 / 110 / POP3 - StartTLS Required
0.0.0.0 / 143 / IMAP - StartTLS Required
0.0.0.0 / 465 / SMTP - SSL/TLS
0.0.0.0 / 587 / SMTP - StartTLS Required
0.0.0.0 / 993 / IMAP - SSL/TLS
0.0.0.0 / 995 / POP3 - SSL/TLS
-----------------------------------------------------------------------------------------------

LOGGING Logging Enabled: False

Paths:-
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-11-15.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL Compact

IPv6 support is available in operating system.

Backup directory C:\BACKUP\hmail is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events

[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
-----------------------------------------------------------------------------------------------

[/code]
Generated by HMSSettingsDiagnostics v1.84, Hmailserver Forum.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-15 16:13

As a means of testing: try disabling DKIM signing completely. Then send a test email from the WEBMAIL and send an identical email from Thunderbird

The post the source so we can compare the structure of the emials as they appear with signing.

Then re-enable DKIM signing and do the same thing again
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 16:54

DKIM disabled - Webmail - HTML-Signature in hmail enabled

Code: Select all

Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
	by relay-5.us-west-2.relay-prod (Postfix) with ESMTPS id 9C39D609B3
	for <qgsDikpCM96y3F@dkimvalidator.com>; Wed, 15 Nov 2017 14:43:50 +0000 (UTC)
Received: from clanleitung.kneipentruppe.de (rs002432.KNTR.local [213.202.247.178]) by
 mail.kneipentruppe.de with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
 bits=128) ; Wed, 15 Nov 2017 15:43:49 +0100
Mime-Version: 1.0
Date: Wed, 15 Nov 2017 14:43:49 +0000
Content-Type: multipart/alternative; boundary="--=_RainLoop_901_190273969.1510757029"
X-Mailer: RainLoop/1.11.3
From: lknickname@kneipentruppe.de
Message-ID: <1563d4146cc07a267b378f2d138853c0@kneipentruppe.de>
Subject: NO DKIM - WEBMAIL - HTML SIGNATURE
To: qgsDikpCM96y3F@dkimvalidator.com


----=_RainLoop_901_190273969.1510757029
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

NO DKIM - WEBMAIL - HTML SIGNATURE


----=_RainLoop_901_190273969.1510757029
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;"> <br>NO DKIM - WEBMAIL - HTML SIGNATURE<br><signature></signature> </div></body></html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a>&nbsp;&nbsp;<span style=3D"color: #f8941c;">e:&nbsp;</span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
 sp;&nbsp;<a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
----=_RainLoop_901_190273969.1510757029--
DKIM RESULT: This message does not contain a DKIM Signature

####################################################

DKIM enabled - Webmail - HTML-Signature in hmail enabled

Code: Select all

Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
	by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id 0ED1C2008ED
	for <eUmrfVnuztDUDo@dkimvalidator.com>; Wed, 15 Nov 2017 14:44:40 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
	c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
	bh=ESnBikMjtk+piKB7iozi6LF+mt7x8J+Z/Jq4Q9N8xDU=;
	b=ZQ5HARHi0Co0/5Ai/MlgSqmgjMozlLvT8lge0CzJDP7P5TAFzV92uePNWX4cFc3Sj37Y82eB/Jw8Mq6GarFPF3pbdyCukj3cGSs/tUd42kA9CTkwpsMZjtrO+YyJPOFLoKjldHWcKMJEbG1OO5Zjucg481Ej2MDeHpo0ORgOM48=
Received: from clanleitung.kneipentruppe.de (rs002432.KNTR.local [213.202.247.178]) by
 mail.kneipentruppe.de with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256
 bits=128) ; Wed, 15 Nov 2017 15:44:39 +0100
Mime-Version: 1.0
Date: Wed, 15 Nov 2017 14:44:39 +0000
Content-Type: multipart/alternative; boundary="--=_RainLoop_193_743105665.1510757079"
X-Mailer: RainLoop/1.11.3
From: lknickname@kneipentruppe.de
Message-ID: <04d10d83c7fc28780785aea03f64b85e@kneipentruppe.de>
Subject: DKIM - WEBMAIL - HTML SIGNATURE
To: eUmrfVnuztDUDo@dkimvalidator.com


----=_RainLoop_193_743105665.1510757079
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

DKIM - WEBMAIL - HTML SIGNATURE


----=_RainLoop_193_743105665.1510757079
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;">DKIM - WEBMAIL - HTML SIGNATURE</div></body></html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a>&nbsp;&nbsp;<span style=3D"color: #f8941c;">e:&nbsp;</span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
 sp;&nbsp;<a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>
----=_RainLoop_193_743105665.1510757079--
DKIM RESULT: fail - Details: body has been altered

####################################################

DKIM disabled - Thunderbird - HTML-Signature in hmail enabled

Code: Select all

Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
	by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id B2FEB200BAF
	for <RXMF1aLfKk0uJM@dkimvalidator.com>; Wed, 15 Nov 2017 14:47:55 +0000 (UTC)
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
 with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
 ; Wed, 15 Nov 2017 15:47:54 +0100
To: RXMF1aLfKk0uJM@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: NO DKIM - THUNDERBIRD - HTML SIGNATURE
Message-ID: <d4547dda-9e48-b4cc-0264-28c798dddc56@kneipentruppe.de>
Date: Wed, 15 Nov 2017 15:47:54 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

NO DKIM - THUNDERBIRD - HTML SIGNATURE
DKIM RESULT: This message does not contain a DKIM Signature

####################################################

DKIM enabled - Thunderbird - HTML-Signature in hmail enabled

Code: Select all

Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
	by relay-1.us-west-2.relay-prod (Postfix) with ESMTPS id 5C438E02EA
	for <Ekn4kfkK8KLdww@dkimvalidator.com>; Wed, 15 Nov 2017 14:46:28 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
	c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	bh=1fRFfP41cllo39X7iACJ5+QGEkqKYA0IRbYozrBZv/s=;
	b=bmfEIu1sKrFTSpHyxsRHxEhqeXIRXw/bmdv5SD/IWQkDXKiRyb6JeF5TJP0OvA4FFtRKBnD4KdscEjRbI2umnAaBbxFbTqiuuf/SBNt0KbgUoQmd1fUma2jcLKZ2LIn17fWd30j85StncegCgZYgJzn9XNrK0UaN5LrzpMdlplw=
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
 with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
 ; Wed, 15 Nov 2017 15:46:26 +0100
To: Ekn4kfkK8KLdww@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: DKIM - THUNDERBIRD - HTML SIGNATURE
Message-ID: <df595197-72d2-cc80-9e74-46d04da45544@kneipentruppe.de>
Date: Wed, 15 Nov 2017 15:46:26 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

DKIM - THUNDERBIRD - HTML SIGNATURE
DKIM RESULT: pass - Details: none

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-15 18:40

Observations:

DKIM from Thunderbird
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=1fRFfP41cllo39X7iACJ5+QGEkqKYA0IRbYozrBZv/s=;

DKIM From WEBMAIL
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
bh=ESnBikMjtk+piKB7iozi6LF+mt7x8J+Z/Jq4Q9N8xDU=;
Note the 'Content-Transfer-Encoding' is not selected.


Also, unfortunately your examples are not complete like for like. Your "DKIM enabled - Thunderbird - HTML-Signature in hmail enabled" code is a plain text email without any html signature ("Content-Type: text/plain;") - unless, of course, you havent pasted the full contents of tha particular email. Can you try that one again so we can do a true compare?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 21:29

Thunderbird seems to ignore the hmail setting, tested twice now without thunderbird appling the signature to the mail at all.

Besided that: "Content-Transfer-Encoding" is missing ok, where do I have to search then?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-15 21:43

LKNickname wrote:Thunderbird seems to ignore the hmail setting, tested twice now without thunderbird appling the signature to the mail at all.
Note that it is the COMPOSE format of the email that determines the type of signature thats applied.

ie, in thunderbird, if you com[pose PLAIN TEXT emails, then it will only apply a plain text signature. If you compose a RICH TEXT email (bold italics, et al) then the HTML signature will be applied.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 21:56

jimimaseye wrote:
LKNickname wrote:Thunderbird seems to ignore the hmail setting, tested twice now without thunderbird appling the signature to the mail at all.
Note that it is the COMPOSE format of the email that determines the type of signature thats applied.

ie, in thunderbird, if you com[pose PLAIN TEXT emails, then it will only apply a plain text signature. If you compose a RICH TEXT email (bold italics, et al) then the HTML signature will be applied.
Oh, ok well that's nice to know :D
Now the HTML-Signature gets applied correctly, however DKIM is now failing in Thunderbird too (bc. of the signature being added now ofc)

DKIM enabled - THUNDERBIRD - HTML-Signature enabled
-> Result: fail - Details: body has been altered

Code: Select all

Received: from mail.kneipentruppe.de (mail.kneipentruppe.de [213.202.247.178])
	by relay-5.us-west-2.relay-prod (Postfix) with ESMTPS id BEB9860A2D
	for <soFg4HZ2BGgl2B@dkimvalidator.com>; Wed, 15 Nov 2017 19:53:49 +0000 (UTC)
dkim-signature: v=1; a=rsa-sha256; d=kneipentruppe.de; s=1510654003.kneipentruppe;
	c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	bh=QBzcCxYHOPSTePcbiw2BdrDAwf5Hiwp+hWrkAJp7Yvk=;
	b=knUTYj11oZZFXG6/t0qAkHYDTRiLq6DabhyweZSa+E/nEEZbz6i7mziR+vqqhoPojIivj6Ve0E4+kzLtUTZhJV3GzmnhXoi5PDzEQksgMwFJYS/hWkPcC1JXEP88i/wJmm0OnwWF/Sns/doMlzBx/RcfDbfV+lVOrX2TYeuv0zQ=
Received: from [213.202.247.178] (rs002432.KNTR.local [213.202.247.178]) by mail.kneipentruppe.de
 with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128)
 ; Wed, 15 Nov 2017 20:53:47 +0100
To: soFg4HZ2BGgl2B@dkimvalidator.com
From: Vorname Nachname <lknickname@kneipentruppe.de>
Subject: test
Message-ID: <9875eae8-db6e-b4a5-97ae-ae39d8a0206f@kneipentruppe.de>
Date: Wed, 15 Nov 2017 20:53:47 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>

    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p>test<br>
    </p>
  </body>
</html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/uploads/2016/11/Logo-150x150.png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Vorname Nachname</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a>&nbsp;&nbsp;<span style=3D"color: #f8941c;">e:&nbsp;</span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/facebook.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://twitter.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/twitter.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://youtube.com/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: medium none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/youtube.png" width=3D"24" height=3D"24"></a>&nb
 sp;&nbsp;<a href=3D"https://steamcommunity.com/groups/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/steam.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://kneipentruppe.de" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px ; height: 24px; max-height: 24px ;" src=3D"https://img.newoldstamp.com/s/ico/square/24/origin/wordpress.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-15 22:13

In a way that is a result.

I just tested using YOUR signature: with your signature as a DOMAIN signature, an email sent by thunderbird does DKIM sign correctly. That is a different result to you. (Nice image, by the way).

[code]
Authentication-Results: mta1004.mail.ne1.yahoo.net from=mydomain.net; domainkeys=neutral (no sig); from=mydomain.net; dkim=pass (ok)
Received: from mydomain.net (Unknown [192.168.0.200]) by jim.com with
ESMTP ; Wed, 15 Nov 2017 20:07:30 +0000
dkim-signature: v=1; a=rsa-sha256; d=mydomain.net; s=dkim; c=relaxed/relaxed; q=dns/txt;
h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type; bh=wmoGlvuXcyJGndUUJfLIHAV563RlxeabVCP4LJ2hI1E=;
b=Ck/ysckIvr3dlzwjdmZg2r7W0O7hxDL8/GJ8pdKm3LtTGfOYPQSM7hTTSRWG6qk+b3PHgQ58mNo//uoa5xlJQ7bQf+4pz0H1q0zLI4lFOrt4niaGO170Y+RuXvC71rAeFhetvknneZ/84yjOQ0cJdndGMCD4pSxYZAF5patuJy8=
Received: from [192.168.0.200] (mailserver [192.168.0.200]) by mydomain.net with
ESMTPA ; Wed, 15 Nov 2017 20:07:31 +0000
From: mydomain Sales <sylvester@mydomain.net>
Subject: [SPAM] test2
To: grumbler <user1@jim.com>
Message-ID: <5A0C9E83.4010900@mydomain.net>
Date: Wed, 15 Nov 2017 20:07:31 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------000301070001080407000804"

This is a multi-part message in MIME format.
--------------000301070001080407000804
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable


--------------000301070001080407000804
Content-Type: multipart/related; boundary="------------050808080506070009010401"


--------------050808080506070009010401
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<br/>
<br><br><table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 0; padding-right: 7px; border-top: 0; border-bottom: 0: border-left: 0; border-right: solid 3px #f8941c" valign=3D"top"><img id=3D"preview-image-url" src=3D"https://kneipentruppe.de/wp-content/upl ... .png"></td>
<td style=3D"padding-top: 0; padding-bottom: 0; padding-left: 12px; padding-right: 0;">
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
<tbody><tr><td colspan=3D"2" style=3D"padding-bottom: 5px; color: #f8941c; font-size: 18px; font-family: Arial, Helvetica, sans-serif;">Lars Klein</td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><span>Clangr=C3=BCnder & Clanleitung</span></td></tr>
<tr><td colspan=3D"2" style=3D"color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;"><strong>Kneipentruppe - DEIN Multigamingclan</strong></td></tr>
<tr><td style=3D"vertical-align: top; width: 20px; color: #f8941c; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" width=3D"20" valign=3D"top">w:</td><td style=3D"vertical-align: top; color: #333333; font-size: 14px; font-family: Arial, Helvetica, sans-serif;" valign=3D"top"><a href=3D"https://kneipentruppe.de" style=3D" color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">kneipentruppe.de</a>&nbsp;&nbsp;<span style=3D"color: #f8941c;">e:&nbsp;</span><a href=3D"mailto:lknickname@kneipentruppe.de" style=3D"color: #f8941c; text-decoration: none; font-weight: normal; font-size: 14px;">lknickname@kneipentruppe.de</a></td></tr>
<tr><td colspan=3D"2" style=3D"padding-top: 5px;"><a href=3D"https://facebook.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... cebook.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://twitter.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... witter.png" width=3D"24" height=3D"24"></a>&nbsp;&nbsp;<a href=3D"https://twitter.net/kneipentruppe" style=3D"border-width:0px; border:0px; text-decoration: none;"><img style=3D"border: none; width: 24px; max-width: 24px !important; height: 24px; max-height: 24px !important;" src=3D"https://img.newoldstamp.net/s/ico/squar ... witter.png" width=3D"24" height=3D"24"></a></td></tr>
</tbody></table>
</td></tr></tbody></table>

--------------000301070001080407000804--
[/code]


Its definitely something to do with our setup somehow.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-15 22:30

AN IDEA: Dont rely on the DKIM Validator that you are using. Send an email to an address like Yahoo or Gmail (that will display their own DKIM results in the headers). I say this because I have proven in the past that where one provider may pass another provider can fail it. (Trust me I have the evidence and its somewhere in here if you care to read: viewtopic.php?f=21&t=29402)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-15 22:54

Just lol....tested WEBMAIL and THUNDERBIRD with the exact same signature and it passes for gmail...what the actual fuck?
I mean why??? JUST WHY??? :lol:

Well nvm. case closed then...but I do have a bad feeling about this for it was working in the tester as well when using a shorter signature....really strange

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-15 23:07

I guess Ive just earned my money then. :|
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-16 01:06

So it's the validator that doesn't like something in the hmailserver HTML signature at times - that is weird beyond belief
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

tunis
Senior user
Senior user
Posts: 256
Joined: 2015-01-05 20:22
Location: Sweden

Re: Account signatures trigger DKIM to fail

Post by tunis » 2017-11-16 10:12

Could be that html signature are added after body and html tags are closed.
Then it's not valid html code and maybe that's what it complain about.

Code: Select all

<html>
  <head>

    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p>test<br>
    </p>
  </body>
</html>
<br/>
<table style=3D"background: none; border-width: 0px; border: 0px; margin: 0; padding: 0;" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">
...
The html signature maybe should be add before body tag is closed </body>.
HMS 5.6.8 B2494.25 on Windows Server 2019 Core VM.
HMS 5.6.8 B2505.27 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-16 10:26

Tunis, we have concluded that it is not failing - it is just that particular website that is complaining. Gmail etc are happy with the body element and the signature. Also its the same signature in all cases - both with thunderbird and roundcube.

So no. :mrgreen:
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tunis
Senior user
Senior user
Posts: 256
Joined: 2015-01-05 20:22
Location: Sweden

Re: Account signatures trigger DKIM to fail

Post by tunis » 2017-11-16 10:56

jimimaseye wrote:Tunis, we have concluded that it is not failing - it is just that particular website that is complaining. Gmail etc are happy with the body element and the signature. Also its the same signature in all cases - both with thunderbird and roundcube.

So no. :mrgreen:
I no it's not failing I only give a explanation why that particular website is complaining. :D
HMS 5.6.8 B2494.25 on Windows Server 2019 Core VM.
HMS 5.6.8 B2505.27 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-16 11:09

I figured it out by the way and it is kinda weird:

My HTML-Signature included some lines ending with a "LF" (\n = Linefeed) and some ended with "CRLF" (\n\r = Carriagereturn Linefeed).

Basically what happens is the following:

> You have some lines ending with LF and some with CRLF = It is unsure if DKIM will fail or pass, depents hardly on the mailserver on the other side
> All your lines end with LF = DKIM will fail quite often, however, some Mailservers will display DKIM as neutral bc. they can't read the DKIM-Signature, however DKIM will never pass
> All your Lines end with CRLF = DKIM will pass almost everytime. Don't include lines that are too long (Begin a new line after a closing tag if possible) and everything is fine

Be careful though for CRLF and LF get inserted when hitting Return depending on the formatting of your Text- or HTML-Editor.
Best practice would be opening up your Signature in Notepad++ and then go to "Search & Replace" and Search for "\n" and replace with "\n\r" (Searchmode has to be "Extended")

By replacing the Linefeeds with CRLF's I got the (otherways exactly) same signature working in the DKIM Validator AND Gmail - (tested with Thunderbird and Webmail).

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2017-11-16 11:22

Well that is good to know

Thanks for the post back
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

LKNickname
New user
New user
Posts: 22
Joined: 2017-11-13 22:03

Re: Account signatures trigger DKIM to fail

Post by LKNickname » 2017-11-16 11:27

mattg wrote:Well that is good to know

Thanks for the post back
No problem...I am just relieved that it is working as expected now :D

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Account signatures trigger DKIM to fail

Post by jimimaseye » 2017-11-18 13:13

LKNickname wrote:I figured it out by the way and it is kinda weird:

My HTML-Signature included some lines ending with a "LF" (\n = Linefeed) and some ended with "CRLF" (\n\r = Carriagereturn Linefeed).

Basically what happens is the following:

> You have some lines ending with LF and some with CRLF = It is unsure if DKIM will fail or pass, depents hardly on the mailserver on the other side
> All your lines end with LF = DKIM will fail quite often, however, some Mailservers will display DKIM as neutral bc. they can't read the DKIM-Signature, however DKIM will never pass
> All your Lines end with CRLF = DKIM will pass almost everytime. Don't include lines that are too long (Begin a new line after a closing tag if possible) and everything is fine

Be careful though for CRLF and LF get inserted when hitting Return depending on the formatting of your Text- or HTML-Editor.
Best practice would be opening up your Signature in Notepad++ and then go to "Search & Replace" and Search for "\n" and replace with "\n\r" (Searchmode has to be "Extended")

By replacing the Linefeeds with CRLF's I got the (otherways exactly) same signature working in the DKIM Validator AND Gmail - (tested with Thunderbird and Webmail).
I have added your case (by link) as a note of caution to others in my EASY DKIM CREATION how to. Thanks for sharing.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

seansco
New user
New user
Posts: 26
Joined: 2006-07-28 20:19

Re: Account signatures trigger DKIM to fail

Post by seansco » 2018-08-02 18:04

I'm having the same signature issue. I have followed all the guidelines and am still getting the validation error by http://dkimvalidator.com

Code: Select all

Validating Signature

result = fail
Details: body has been altered
.
.
.
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
jimimaseye wrote:
2017-11-18 13:13
LKNickname wrote:I figured it out by the way and it is kinda weird:

My HTML-Signature included some lines ending with a "LF" (\n = Linefeed) and some ended with "CRLF" (\n\r = Carriagereturn Linefeed).

Basically what happens is the following:

> You have some lines ending with LF and some with CRLF = It is unsure if DKIM will fail or pass, depents hardly on the mailserver on the other side
> All your lines end with LF = DKIM will fail quite often, however, some Mailservers will display DKIM as neutral bc. they can't read the DKIM-Signature, however DKIM will never pass
> All your Lines end with CRLF = DKIM will pass almost everytime. Don't include lines that are too long (Begin a new line after a closing tag if possible) and everything is fine

Be careful though for CRLF and LF get inserted when hitting Return depending on the formatting of your Text- or HTML-Editor.
Best practice would be opening up your Signature in Notepad++ and then go to "Search & Replace" and Search for "\n" and replace with "\n\r" (Searchmode has to be "Extended")

By replacing the Linefeeds with CRLF's I got the (otherways exactly) same signature working in the DKIM Validator AND Gmail - (tested with Thunderbird and Webmail).
I have added your case (by link) as a note of caution to others in my EASY DKIM CREATION how to. Thanks for sharing.

User avatar
mattg
Moderator
Moderator
Posts: 21103
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Account signatures trigger DKIM to fail

Post by mattg » 2018-08-03 01:02

Do you antivirus on your system that is is 'inspecting' mail?
A hardware router / firewall / UTM device perhaps?

There are many things it could be after hmailserver adds the DKIM signature...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply