dkim signature is not valid :(

3 posts / 0 new
Topic locked
Last post
#1 Mon, 08/03/2015 - 19:02
szer0p

dkim signature is not valid :(

Hello,

Again and Again till now i cant find any soultion for this problem ! i asked so many expert here and outside and no one could help me ..

i hope this time to get it work ..

i dont know where is the problem but the dkim signature is not valid

you can see the Test here

http://www.mail-tester.com/web-fqL5E2 and http://www.mail-tester.com/web-BEODc4

the two tests are for 2 domains in the same server ..

what should i do ?

any idea ?

thank u for helping me

Mon, 08/03/2015 - 19:24
szer0p

the resulte from auth-results@verifier.port25.com

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         fail
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  server.xxxx.com
Source IP:      79.143.179.239
mail-from:      a.kh@xxxx.com

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: smtp.mailfrom=a.kh@xxxx.com
DNS record(s):
    xx.com. SPF (no records)
    xxx.com. 86400 IN TXT "v=spf1 a mx a:server.xx.com mx:xxxxx.com
mx:xxx.de ip4:79.143.179.239 ip6:2a02:c200:0000:0010:0003:0000:6420:0001
?all"
    xxx.com. 86400 IN A 79.143.179.239

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=a.kh@xxx.com
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
    From:'20'"Ahmed'20'Khalil"'20'<a.kh@xxxx.com>'0D''0A'
    Subject:'20''0D''0A'
    To:'20''20'check-auth2@verifier.port25.com'0D''0A'
    Message-Id:'20'<1438642024.3567@xxx.com>'0D''0A'
    Date:'20'Tue,'20'04'20'Aug'20'2015'20'00:47:04'20'+0200'20'(CEST)'0D''0A'
    Content-Type:'20'text/plain'0D''0A'
    DKIM-Signature:'20'v=1;'20'a=rsa-sha256;'20'c=simple/simple;'20'd=xxx.com;'0D''0A'
    '09's=paldkim;'20't=1438642047;'0D''0A'
    '09'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;'0D''0A'
    '09'h=From:Subject:To:Message-Id:Date:Content-Type;'0D''0A'
    '09'b=

Canonicalized Body:
    '0D''0A'
   

DNS record(s):
    paldkim._domainkey.xxx.com. 86400 IN TXT "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6PlVi2cOL1SFSyUOjzUpsRE1qAk6Hix8gp4jVz6lXcSnjd/zXZV8B0AMFoi8+POnKDZ/lfF9yJs9hXsw3CegRI1C9LNwdusi67JKlMF6qJCmJgE+OfUADVAcF5SafKe8dbbgy8Tg0olS6EHnK9MGet8lLZT8nMtmklc+vbsjZRW4rUlmnHx/0E8oYaQk4SO3SRlBIm9wYzoGJ80bxxzXf9LBSKcoFgrLscjHn9vtYGO8/zSbSV7wj7pbMt/jdPsOm6Rw85cl85+rq7XHPWpq0HQMn/kin5ukeqB4+0QbQtHAF8SB67r2VHLm+zg5AzZKDvQ40lyFLwRuS387mRJFwIDAQAB"

Public key used for verification: paldkim._domainkey.xxxx.com (2048 bits)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: header.From=a.kh@xxxxx.com
DNS record(s):
    xxxxx.com. SPF (no records)
    xxxx.com. 86400 IN TXT "v=spf1 a mx a:server.xxxx.com mx:xxxxx.com
mx:xxxx.de ip4:79.143.179.239 ip6:2a02:c200:0000:0010:0003:0000:6420:0001
?all"
    xxxxx.com. 86400 IN A 79.143.179.239

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.0 (2014-02-07)

Result:         ham  (2.2 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS               SPF: sender matches SPF record
-0.2 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
-0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20%
                            [score: 0.0569]
0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
2.3 EMPTY_MESSAGE          Message appears to have no textual parts and no
                            Subject: text
0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
0.0 T_FROM_12LTRDOM        From a 12-letter domain

==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================

SPF and Sender-ID Results
=========================

"none"
      No policy records were published at the sender's DNS domain.

"neutral"
      The sender's ADMD has asserted that it cannot or does not
      want to assert whether or not the sending IP address is authorized
      to send mail using the sender's DNS domain.

"pass"
      The client is authorized by the sender's ADMD to inject or
      relay mail on behalf of the sender's DNS domain.

"policy"
     The client is authorized to inject or relay mail on behalf
      of the sender's DNS domain according to the authentication
      method's algorithm, but local policy dictates that the result is
      unacceptable.

"fail"
      This client is explicitly not authorized to inject or
      relay mail using the sender's DNS domain.

"softfail"
      The sender's ADMD believes the client was not authorized
      to inject or relay mail using the sender's DNS domain, but is
      unwilling to make a strong assertion to that effect.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability to
      retrieve a policy record from DNS.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being absent or
      a syntax error in a retrieved DNS TXT record.  A later attempt is
      unlikely to produce a final result.


DKIM and DomainKeys Results
===========================

"none"
      The message was not signed.

"pass"
      The message was signed, the signature or signatures were
      acceptable to the verifier, and the signature(s) passed
      verification tests.

"fail"
      The message was signed and the signature or signatures were
      acceptable to the verifier, but they failed the verification
      test(s).

"policy"
      The message was signed but the signature or signatures were
      not acceptable to the verifier.

"neutral"
      The message was signed but the signature or signatures
      contained syntax errors or were not otherwise able to be
      processed.  This result SHOULD also be used for other
      failures not covered elsewhere in this list.

"temperror"
      The message could not be verified due to some error that
      is likely transient in nature, such as a temporary inability
      to retrieve a public key.  A later attempt may produce a
      final result.

"permerror"
      The message could not be verified due to some error that
      is unrecoverable, such as a required header field being
      absent. A later attempt is unlikely to produce a final result.


==========================================================
Original Email
==========================================================

Return-Path: <a.kh@xxx.com>
Received: from server.xxx.com (79.143.179.239) by verifier.port25.com id
hnvno420i3gh for <check-auth2@verifier.port25.com>; Mon, 3 Aug 2015 18:47:30 -0400
(envelope-from <a.kh@xxxx.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=a.kh@xxxx.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed)
header.From=a.kh@xxxx.com
Authentication-Results: verifier.port25.com; dkim=fail (signature doesn't verify)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=a.kh@xxx.com
Received: from server.xxx.com (localhost [127.0.0.1])
by server.xxxx.com (Postfix) with SMTP id 8A16411A0674
for <check-auth2@verifier.port25.com>; Tue,  4 Aug 2015 00:47:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xxx.com;
s=paldkim; t=1438642047;
bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;
h=From:Subject:To:Message-Id:Date:Content-Type;
b=WXQrZVpu97N+f5UAN8jUGSO5ckcHCkwY9XSX1fetke8HIjV8mUmyYTfTSR+6E0Hjn
2z/3nSLZYr93CjgP1g0DAyqOUUxCIwl7vGgNCwV5Bl5S+nDsJ4ZGcQqOwXWs4fnE46
XPawriQUjVQO71E83eCX9gMQDdt8jmP4eauAyKw29Adn6u48CH5rB8k1S2BxHtIfVV
Obp1tGe5UhpvAiJdkd/PpSEWRRsfe6ymzMGlKI/+kEYJmRPAhlqnmyc8soxMpwxkOz
G4B5Q5nbpQweYUHjD0cKVIh6KJW7abPGc1tOXycHD3quN3lgaZNwCCmt5jh4n9IRwL
6ksOqhKu4dOTQ==
From: "Ahmed Khalil" <a.kh@xxxx.com>
Subject:
To:  check-auth2@verifier.port25.com
Message-Id: <1438642024.3567@xxxx.com>
X-Mailer: Usermin 1.670
Date: Tue, 04 Aug 2015 00:47:04 +0200 (CEST)
Content-Type: text/plain
Thu, 08/06/2015 - 21:20
inteq

Have you tried going to "Server Configuration" > "DomainKey Options" and "Generate new key" ?

Topic locked