1 (edited by gpapaiko 2022-06-04 14:37:21)

Topic: DKIM Fails from local network

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi I have a  strange issue with DKIM failing.
When I ran sudo amavisd-new testkeys all domains pass with the exception of onw that I am not concerned about.see below.
TESTING#1 icednetworks.info: dkim._domainkey.icednetworks.info => pass
TESTING#2 icednetworks.net: dkim._domainkey.icednetworks.net => fail (bad RSA signature)
TESTING#3 icednetworks.com: dkim._domainkey.icednetworks.com => pass
TESTING#4 icednetworks.com.au: dkim._domainkey.icednetworks.com.au => pass
TESTING#5 futuristicdrive.com.au: dkim._domainkey.futuristicdrive.com.au => pass

Note the keys are correct in the dns and you can use the  icednetworks.info to do any dns checks.
when I log into sogo for the icednetworks.info and send am email to my gmail account dkim fails see below.

Message ID    <57e-62975380-7-464dfb80@113585921>
Created at:    Wed, Jun 1, 2022 at 9:54 PM (Delivered after 7 seconds)
From:    xx xx<xx@icednetworks.info>
To:    xxxx@gmail.com
Subject:    test 2154
SPF:    PASS with IP 27.32.225.101 Learn more
DKIM:    'FAIL' with domain icednetworks.info Learn more
DMARC:    'PASS' Learn more

ARC-Seal: i=1; a=rsa-sha256; t=1654084506; cv=none;
        d=google.com; s=arc-20160816;
        b=msJEM/8Kpy4PJ6sybwQIub5sYFyS+48g6UsFPPNsPB1o0SIkBfpPmdHxX3e9w/mf7G
         m2WYvVCVoAs3Hh6dXhK5sNhwHARJQaWMPbl7euavAjQfgNWMT1KlXNGmTuQANxtx68vy
         c3A3Ah2/WGBsF8G6wClMi2+pyur3zDzHzbjGQO4mlQnYKhbexse6JGHFpIJc3Ik1inYd
         Ndsd4X3/PsPsSFUaZacffzKPqDAzasZPrVIbgMkJKHPsgK8pw0hrSS+egbDvfuOYLDJp
         evd9mQTQlBltftsEf8MsGAeKgadIC8bwHNuPKtiBXcbiQBeO1i4FzdhAP8B66s6s1Egd
         f2uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:subject:date:mime-version:user-agent:to:from
         :dkim-signature;
        bh=Bq7fOeZ8gLtQW+iZMFlNSCC2I94B1ASYj66UMwFo5V8=;
        b=uiRFEvQliqUtksN0MN2BWXZxhQFwDLkW+6h2VGymDafgJZH9gOT5j+tx1IJmxRywFa
         M+ZRsVFjB4nrx8jXF+NxaTBM0X4ujhkYR2tPhlMQRRlmclQf9hRxN9BkFkUWGJAQi9ic
         XvKikZYGhMWcQXLcfzHTvV51MZO1w6fzq3aEnHvKz9GCrL/MBAt8MN0utk5UKuhwlVud
         FLu+mQ5y1QJalr0OABhr6hhTSuAAmfg9jppXyQlu9Y04w1jUyMlz751YNZ+uJR2uqMDi
         UDLO2hOs3+FERF7QRWD7RZCbqjTMf0vldGT0Hko2SGOou6qcpLDRxSDNTcDtJjTPjCca
         Osdg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@icednetworks.info header.s=dkim header.b=kf12fKN2;
       spf=pass (google.com: domain of xx@icednetworks.info designates 27.32.225.101 as permitted sender) smtp.mailfrom=xx@icednetworks.info;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=icednetworks.info
Return-Path: <xx@icednetworks.info>
Received: from mail.icednetworks.info (mail.icednetworks.info. [27.32.225.101])
        by mx.google.com with ESMTPS id ge7-20020a17090b0e0700b001d2865c095fsi2115278pjb.61.2022.06.01.04.55.05
        for <xxxx@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Jun 2022 04:55:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of xxxx@icednetworks.info designates 27.32.225.101 as permitted sender) client-ip=27.32.225.101;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@icednetworks.info header.s=dkim header.b=kf12fKN2;
       spf=pass (google.com: domain of xxxx@icednetworks.info designates 27.32.225.101 as permitted sender) smtp.mailfrom=xxxx@icednetworks.info;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=icednetworks.info
Received: from mail.icednetworks.info (ip6-localhost [127.0.0.1]) by mail.icednetworks.info (Postfix) with ESMTP id 4LCndM19YJzKsTy for <xxxx@gmail.com>; Wed,
  1 Jun 2022 21:55:03 +1000 (AEST)
Authentication-Results: mail.icednetworks.info (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=icednetworks.info
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= icednetworks.info; h=content-type:message-id:subject:date :mime-version:user-agent:to:from; s=dkim; t=1654084500; x= 1656676501; bh=0Dz/BTbMVQ9VaF/HOx0mkzRKhUYrMkY9m4iCxVKtjdg=; b=k f12fKN2FY4/1/P5pS88NruUV6NZyb3M9JVhPq7sSaYbXf1jz/LfQrJL/tHFklPJw f+nAamIrJ0/Y3h/gYF0ev5UHSDF4WhthRe4n482wjyaDoBGMVwLXz8CYyRAcpepE jRglPaJbHkn2Av52v3ESViHACtSCODZZGgFGMIcPDXlv532DxkqaqyHlkTQ2N6ta gXWom4bTwnfreiaJCr0tw51bYBba/kVan6DO0sH7+079hhjVKjirmVnPQMTPx6bN sk/k4s6kzLGSFk6DCC6wDKakmlmE9opQPisbPy0CsLWPjo2aG9UNyD5LShDccnze 0gDIoZEnKZcJivlEeiCnw==
X-Amavis-Modified: Mail body modified (using disclaimer) - mail.icednetworks.info.

NOW..
I have added the email domain to my mobile using and using the default app on that with the smpt/imap conection, and when i send an email from the same domain icednetworks.info to my gmail account it passes dkim see below.

Message ID    <4LCmKH05w4zKscr@mail.icednetworks.info>
Created at:    Wed, Jun 1, 2022 at 8:56 PM (Delivered after 0 seconds)
From:    xxxx <xxxx@icednetworks.com.au>
To:    xx xx <xxxx@gmail.com>
Subject:    Test 2055
SPF:    PASS with IP 27.32.225.101 Learn more
DKIM:    'PASS' with domain icednetworks.com.au Learn more
DMARC:    'PASS' Learn more

ARC-Seal: i=1; a=rsa-sha256; t=1654080965; cv=none;
        d=google.com; s=arc-20160816;
        b=xJQAdjmaeaaSK4ikqpyrmvhjwdX49tkxkEfP9ax/1EhUQ86uRfaIRCfwCZdsDenwTt
         S3rJw7BY1NStTBk7ZuMGugarfz4DNZgWZsSX6Gpz5vDNIiqTuv/Hjm4PaWqnflhWcL57
         V/j0CP7GcZdN0b9EJbnHcrHUObbUqDzUieoNfeDny0KOvEMKWU/kDSPu6mddG1BE98kw
         E/XE+iOrSj07veVO9dALatkMYccLIjhlYUZdpGVJlpIdL+q8WclvQ3D80pzNHLPeOw04
         KTTQ1CfzUN/rioMqs/pBocl9tji0Uv3ZUjhytxek3l5pZxgmbfseFc2xtYEw6loH4GTz
         3O7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:mime-version:to:from:importance:subject:date
         :savedfromemail:dkim-signature;
        bh=yl++jTZhYbMvpMRq1PEvDlS0J7oapiXwACYg7W2I87U=;
        b=dISIwar4NhIoNIzi5h7Exodoo3n24yoji6J0k0KS3loGHuSjXuLg7QWinax4pzUUaT
         vyqL3M5nw/SJw0e4iBk+c0zjLj0UYyE6DnJef/h4YCPUdf65gF5xbSdaOiY7ilU1jQRu
         0upBlrRM+7wTyy7nzVDs2zBwxxJkSqezEiDgZHDaRVegj13uFU5zNQhV6gJI0jgGe6qo
         CZgP2PcGI64RshglubT3UCf74RG7xaoTsJBo+01qdBxPVlD7xgem0UgPLZZFRNx5SVMX
         SuzyB8oMrQDEsXLKsrs8gELxdT3NdIFzDXkA1OvVxK7VNFqB6JkRhwhi8Ia91GjDWoma
         sXlQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@icednetworks.com.au header.s=dkim header.b=jYQGSa7H;
       spf=pass (google.com: domain of xxxx@icednetworks.com.au designates 27.32.225.101 as permitted sender) smtp.mailfrom=xxxx@icednetworks.com.au;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=icednetworks.com.au
Return-Path: <xxxx@icednetworks.com.au>
Received: from mail.icednetworks.info (mail.icednetworks.info. [27.32.225.101])
        by mx.google.com with ESMTPS id k8-20020a17090a590800b001e097ba5d29si1874356pji.11.2022.06.01.03.56.04
        for <xxxx@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Jun 2022 03:56:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of xxxx@icednetworks.com.au designates 27.32.225.101 as permitted sender) client-ip=27.32.225.101;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@icednetworks.com.au header.s=dkim header.b=jYQGSa7H;
       spf=pass (google.com: domain of xxxx@icednetworks.com.au designates 27.32.225.101 as permitted sender) smtp.mailfrom=xxxx@icednetworks.com.au;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=icednetworks.com.au
Received: from mail.icednetworks.info (ip6-localhost [127.0.0.1]) by mail.icednetworks.info (Postfix) with ESMTP id 4LCmKH05w4zKscr for <xxxx@gmail.com>; Wed,
  1 Jun 2022 20:56:03 +1000 (AEST)
Authentication-Results: mail.icednetworks.info; dkim=pass (2048-bit key; unprotected) header.d=icednetworks.com.au header.i=@icednetworks.com.au header.a=rsa-sha256 header.s=dkim header.b=jYQGSa7H; dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= icednetworks.com.au; h=content-type:mime-version:to:from:subject :date; s=dkim; t=1654080962; x=1656672963; bh=yl++jTZhYbMvpMRq1P EvDlS0J7oapiXwACYg7W2I87U=; b=jYQGSa7HgIVy5HAESXl81INwoogmI+GfJ6 kvv21BwLP0V0d9gczDdIZEGur6GLUIhN4uzJIBZrcXsaC0gasWbddUh5fde5Mpri CIT3oT2n3rydiIiJgQf/rNFO4N/+qeErvxcqEJWRXVvJ6mAldASNtC0pVAT5UiSy 0RDCvrenRLf63dSnBQH8mHK0BTr9B6W9GjtrJ45EY12LfmKwePLwA9HvNWSZlFEI hK0YS+h0kBOqHyXGtnU5rYZcxIgwU+d6jRL+ZGm76FyY/wta76ob4wt24H/D0Otg hnhqqwS8oI5BFomKNyIiH/PWn2OANL04cV0SuMrfBXZGEGPKIYMw==
X-Amavis-Modified: Mail body modified (using disclaimer) - mail.icednetworks.info


If you need more info please let me know.

FYI this is happening with all the domains

So hence I am at a loss as to why this is happing.
Open to any suggestions as to what anyone has.

Thank you all in advance for your help
George.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: DKIM Fails from local network

gpapaiko wrote:

when I log into sogo for the icednetworks.info and send am email to my gmail account dkim fails see below.

- Which iRedMail release are you running? (check /etc/iredmail-release)
- Which SOGo release are you running?
- Show me output of command below:

$ grep -E 'SOGo(SMTP|Mailing)' /etc/sogo/sogo.conf
gpapaiko wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Please always input above info in new forum topic, otherwise i may ask you to input them to get basic info of your iRedMail server first, then help troubleshoot. You're wasting yours and my time to wait. smile

3

Re: DKIM Fails from local network

Sorry forgot to include those.
I have update to the latest versions:
iRedMail = 1.6.0 MARIADB edition
iRedAdmin = 1.7
OD: Ubuntu  20.04 LTS
DB: Mysql/MariaDB
downloadable installer

Sogo Version 5.0.1

# grep -E 'SOGo(SMTP|Mailing)' /etc/sogo/sogo.conf
    SOGoSMTPServer = 127.0.0.1;
    SOGoMailingMechanism = smtp;
    //SOGoSMTPAuthenticationType = PLAIN;

I have include two of the mail logfile I extracted.

Post's attachments

gpmail.com.log 115.13 kb, 1 downloads since 2022-06-07 

gpmail.log 117.19 kb, 1 downloads since 2022-06-07 

You don't have the permssions to download the attachments of this post.

4

Re: DKIM Fails from local network

Your SOGo config file is not up to date.
Please update them to:

     SOGoSMTPServer = "smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
     SOGoMailingMechanism = smtp;
     SOGoSMTPAuthenticationType = PLAIN;

Also:

    SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";

Then restart sogo service.

FYI: https://docs.iredmail.org/upgrade.sogo.4.to.5.html

5

Re: DKIM Fails from local network

Hi Zang,

I have made the changes as suggested, restarted the services, and still fails.
I am using Sogo as the mail email client, and all test are via that.

I have decided to do a test using round cube and the emails are passing DKIM  when the original is viewed in gmail

"
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@icednetworks.com header.s=dkim header.b=kJJnFzow;
       spf=pass (google.com: domain of xx@icednetworks.com designates 27.32.225.101 as permitted sender) smtp.mailfrom=gpapaiko@icednetworks.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=icednetworks.com

SPF:    PASS with IP 27.32.225.101 Learn more
DKIM:    'PASS' with domain icednetworks.com Learn more
DMARC:    'PASS' Learn more
"

So the issue maybe confined to Sogo.
I have attached two log file one using the sogo and the other round cub (RC).

Thanks in advance for all your help.
George

Post's attachments

gpmail-20220610-2041.log 306.87 kb, 1 downloads since 2022-06-10 

gpmail-RC-20220610-2056.log 310.29 kb, 1 downloads since 2022-06-10 

You don't have the permssions to download the attachments of this post.

6

Re: DKIM Fails from local network

Jun 10 20:39:18 mail amavis[380735]: (380735-03) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:39190 ... dkim_new=dkim:icednetworks.com...

Jun 10 20:57:01 mail amavis[2007]: (02007-01) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:41492 ... dkim_new=dkim:icednetworks.com...

Seems both added the DKIM keys.

7

Re: DKIM Fails from local network

Hi Zhang,

Thanks for that.

I understand that this might be outside your scope/expertise.
But would you  have any idea , as to why when I send an email from the same domain, via Sogo to my gmail account it fails DKIM, but when I use roundcube it passes.

Is it possible that SOGo could be modifying the email file after it did the dkim validation?

Do you know of any process that I use to do a  step-in debug ?
This one has go me baffled.
Thanks in advance.

8

Re: DKIM Fails from local network

Try this:

- Edit file /etc/postfix/master, find the transport "pickup" like below:

pickup    unix  n       -       n       60      1       pickup

- Append one line right after it:

pickup    unix  n       -       n       60      1       pickup
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

WARNING: There's at least one whitespace before '-o' in this case.
- Restart postfix service.

9

Re: DKIM Fails from local network

ZhangHuangbin wrote:

Try this:

- Edit file /etc/postfix/master, find the transport "pickup" like below:

pickup    unix  n       -       n       60      1       pickup

- Append one line right after it:

pickup    unix  n       -       n       60      1       pickup
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

WARNING: There's at least one whitespace before '-o' in this case.
- Restart postfix service.

Hi Zhnag,

Thanks, and I check my config and those options are already set, and still makes no difference to the DKIM failing for email sent from SOGo only.

10

Re: DKIM Fails from local network

Fixed the issue.
This had to do with the length of the disclaimer.
It needs to be no more then 990 Characters.

Updated mine and they failure went away.