DKIM fails when email signature is activated

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
181874
Posts: 34
Joined: Fri Feb 15, 2019 5:44 am
Location: Austria

DKIM fails when email signature is activated

Post by 181874 »

Dear team,

I am using Zimbra OCS (current version) but having an issue currently:
I have activated DKIM a few months ago which works so far BUT just without any kind of email signature (text + HTML).

As soon as an email signature is activated (withing web portal as well as Thunderbird) DKIM fails.

Steps to reproduce:
Send a blank email without anything to check-auth@verifier.port25.com -> everything pass
Send an email with signature to check-auth@verifier.port25.com -> fails with error:

Code: Select all

DKIM check details:
----------------------------------------------------------
Result:         fail (wrong body hash: expected BHq4oJWxzxyFsLulcSVJ4wzZz7wnZZqAn5K6rgwqTW4=)
ID(s) verified: 

Canonicalized Headers:
    date:Mon,'20'18'20'Feb'20'2019'20'21:58:21'20'+0100'20'(CET)'0D''0A'
    from:Mathias'20'=?utf-8?Q?M=C3=BChlbacher?='20'<mathias.muehlbacher@hks-projekt.at>'0D''0A'
    to:check-auth@verifier.port25.com'0D''0A'
    message-id:<2120121276.2139.1550523501414.JavaMail.zimbra@hks-projekt.at>'0D''0A'
    mime-version:1.0'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=hks-projekt.at;'20's=81BFB7CE-CC86-11E8-8DC4-91CA4D724663;'20't=1550523501;'20'bh=huNNLF3Uf6i6ot5TU5C/vBLXQyX8jr+ZQPYTdJGXtd8=;'20'h=Date:From:To:Message-ID:MIME-Version;'20'b=

Canonicalized Body:
    '0D''0A'
    --=_160d4225-0aa8-4152-b95a-25a52a542779'0D''0A'
    Content-Type:'20'text/plain;'20'charset=utf-8'0D''0A'
    Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
    '0D''0A'
    '0D''0A'
    '0D''0A'
    Freundliche'20'Gr=C3=BC=C3=9Fe,=20'0D''0A'
    '0D''0A'
    Mathias'20'M=C3=BChlbacher=20'0D''0A'
    '0D''0A'
    --=_160d4225-0aa8-4152-b95a-25a52a542779'0D''0A'
    Content-Type:'20'text/html;'20'charset=utf-8'0D''0A'
    Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
    '0D''0A'
    <html><body><div'20'style=3D"font-family:'20'arial,'20'helvetica,'20'sans-serif;'20'font-s='0D''0A'
    ize:'20'12pt;'20'color:'20'#000000"><div><br></div><div><br></div><div'20'data-marker='0D''0A'
    =3D"__SIG_PRE__">Freundliche'20'Gr=C3=BC=C3=9Fe,<br><br>Mathias'20'M=C3=BChlbache='0D''0A'
    r</div></div></body></html>'0D''0A'
    --=_160d4225-0aa8-4152-b95a-25a52a542779--'0D''0A'
Does anyone have an idea why DKIM is failing?

Best regards,
Mathias
pokkio
Posts: 2
Joined: Wed Feb 27, 2019 3:52 pm

Re: DKIM fails when email signature is activated

Post by pokkio »

hi,
the problem may be the signature itself, more specifically some weird character in it, like carriage returns.
try with a simpler signature to see if you still get the error.

if you don't, then you've got a signature to fix :)

also found a more detailed explanation here: https://www.hmailserver.com/forum/viewtopic.php?t=26640
User avatar
king0770
Outstanding Member
Outstanding Member
Posts: 242
Joined: Fri Sep 12, 2014 10:44 pm
Contact:

Re: DKIM fails when email signature is activated

Post by king0770 »

This is just a mere suggestion, when you get a chance, can you check for the "FixCRLF" line in the /opt/zimbra/conf/opendkim.conf.in file?

grep FixCRLF opendkim.conf.in
FixCRLF no

If FixCRLF is set to no, can you change it to yes in the /opt/zimbra/conf/opendkim.conf.in file?

Just make sure to restart opendkim after the changes, and see if that helps?

zmopendkimctl restart
--
Rick King
181874
Posts: 34
Joined: Fri Feb 15, 2019 5:44 am
Location: Austria

Re: DKIM fails when email signature is activated

Post by 181874 »

Thank you both for your replies!

@pokkio: I have tried to use alternative characters ü -> ue and so on - still fails.

@king0770: Thanks for the hint. The parameter was set to "no" so I changed it to "yes". But unfortunately it still fails when sending emails to check-auth@verifier.port25.com
Any other ideas what to check?
User avatar
king0770
Outstanding Member
Outstanding Member
Posts: 242
Joined: Fri Sep 12, 2014 10:44 pm
Contact:

Re: DKIM fails when email signature is activated

Post by king0770 »

We actually have a few cases on this issue. Right now, we have an internal escalation to have the developers look into this issue; still un-resolved at this time.
--
Rick King
181874
Posts: 34
Joined: Fri Feb 15, 2019 5:44 am
Location: Austria

Re: DKIM fails when email signature is activated

Post by 181874 »

Okay - would be great to keep me updated regarding this topic although I just use the OSE!
Sunny
Posts: 1
Joined: Wed Mar 13, 2019 6:35 am

Re: DKIM fails when email signature is activated

Post by Sunny »

Hello Support Team,

Can you please update the status of the escalation. I am also facing the same issue.

Thanks,
181874
Posts: 34
Joined: Fri Feb 15, 2019 5:44 am
Location: Austria

Re: DKIM fails when email signature is activated

Post by 181874 »

Hi there,

are there any news/update on this topic?
User avatar
DavidMerrill
Advanced member
Advanced member
Posts: 126
Joined: Thu Jul 30, 2015 2:44 pm
Location: Portland, ME
ZCS/ZD Version: 8.8.15 P19
Contact:

Re: DKIM fails when email signature is activated

Post by DavidMerrill »

Exploring DKIM as well, would love to hear more on this when details are available.
___________________________________
David Merrill - Zimbra Practice Lead
OTELCO Zimbra Hosting, Licensing and Professional Services
Zeta Alliance
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: DKIM fails when email signature is activated

Post by phoenix »

DavidMerrill wrote:Exploring DKIM as well, would love to hear more on this when details are available.
It works fine with Rspamd. :)
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
Post Reply