1 (edited by gpapaiko 2022-06-04 14:37:21)

Topic: DKIM Fails from local network

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi I have a  strange issue with DKIM failing.
When I ran sudo amavisd-new testkeys all domains pass with the exception of onw that I am not concerned about.see below.
TESTING#1 icednetworks.info: dkim._domainkey.icednetworks.info => pass
TESTING#2 icednetworks.net: dkim._domainkey.icednetworks.net => fail (bad RSA signature)
TESTING#3 icednetworks.com: dkim._domainkey.icednetworks.com => pass
TESTING#4 icednetworks.com.au: dkim._domainkey.icednetworks.com.au => pass
TESTING#5 futuristicdrive.com.au: dkim._domainkey.futuristicdrive.com.au => pass

Note the keys are correct in the dns and you can use the  icednetworks.info to do any dns checks.
when I log into sogo for the icednetworks.info and send am email to my gmail account dkim fails see below.

Message ID    <57e-62975380-7-464dfb80@113585921>
Created at:    Wed, Jun 1, 2022 at 9:54 PM (Delivered after 7 seconds)
From:    xx xx<xx@icednetworks.info>
To:    xxxx@gmail.com
Subject:    test 2154
SPF:    PASS with IP 27.32.225.101 Learn more
DKIM:    'FAIL' with domain icednetworks.info Learn more
DMARC:    'PASS' Learn more

ARC-Seal: i=1; a=rsa-sha256; t=1654084506; cv=none;
        d=google.com; s=arc-20160816;
        b=msJEM/8Kpy4PJ6sybwQIub5sYFyS+48g6UsFPPNsPB1o0SIkBfpPmdHxX3e9w/mf7G
         m2WYvVCVoAs3Hh6dXhK5sNhwHARJQaWMPbl7euavAjQfgNWMT1KlXNGmTuQANxtx68vy
         c3A3Ah2/WGBsF8G6wClMi2+pyur3zDzHzbjGQO4mlQnYKhbexse6JGHFpIJc3Ik1inYd
         Ndsd4X3/PsPsSFUaZacffzKPqDAzasZPrVIbgMkJKHPsgK8pw0hrSS+egbDvfuOYLDJp
         evd9mQTQlBltftsEf8MsGAeKgadIC8bwHNuPKtiBXcbiQBeO1i4FzdhAP8B66s6s1Egd
         f2uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:subject:date:mime-version:user-agent:to:from
         :dkim-signature;
        bh=Bq7fOeZ8gLtQW+iZMFlNSCC2I94B1ASYj66UMwFo5V8=;
        b=uiRFEvQliqUtksN0MN2BWXZxhQFwDLkW+6h2VGymDafgJZH9gOT5j+tx1IJmxRywFa
         M+ZRsVFjB4nrx8jXF+NxaTBM0X4ujhkYR2tPhlMQRRlmclQf9hRxN9BkFkUWGJAQi9ic
         XvKikZYGhMWcQXLcfzHTvV51MZO1w6fzq3aEnHvKz9GCrL/MBAt8MN0utk5UKuhwlVud
         FLu+mQ5y1QJalr0OABhr6hhTSuAAmfg9jppXyQlu9Y04w1jUyMlz751YNZ+uJR2uqMDi
         UDLO2hOs3+FERF7QRWD7RZCbqjTMf0vldGT0Hko2SGOou6qcpLDRxSDNTcDtJjTPjCca
         Osdg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@icednetworks.info header.s=dkim header.b=kf12fKN2;
       spf=pass (google.com: domain of xx@icednetworks.info designates 27.32.225.101 as permitted sender) smtp.mailfrom=xx@icednetworks.info;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=icednetworks.info
Return-Path: <xx@icednetworks.info>
Received: from mail.icednetworks.info (mail.icednetworks.info. [27.32.225.101])
        by mx.google.com with ESMTPS id ge7-20020a17090b0e0700b001d2865c095fsi2115278pjb.61.2022.06.01.04.55.05
        for <xxxx@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Jun 2022 04:55:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of xxxx@icednetworks.info designates 27.32.225.101 as permitted sender) client-ip=27.32.225.101;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@icednetworks.info header.s=dkim header.b=kf12fKN2;
       spf=pass (google.com: domain of xxxx@icednetworks.info designates 27.32.225.101 as permitted sender) smtp.mailfrom=xxxx@icednetworks.info;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=icednetworks.info
Received: from mail.icednetworks.info (ip6-localhost [127.0.0.1]) by mail.icednetworks.info (Postfix) with ESMTP id 4LCndM19YJzKsTy for <xxxx@gmail.com>; Wed,
  1 Jun 2022 21:55:03 +1000 (AEST)
Authentication-Results: mail.icednetworks.info (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=icednetworks.info
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= icednetworks.info; h=content-type:message-id:subject:date :mime-version:user-agent:to:from; s=dkim; t=1654084500; x= 1656676501; bh=0Dz/BTbMVQ9VaF/HOx0mkzRKhUYrMkY9m4iCxVKtjdg=; b=k f12fKN2FY4/1/P5pS88NruUV6NZyb3M9JVhPq7sSaYbXf1jz/LfQrJL/tHFklPJw f+nAamIrJ0/Y3h/gYF0ev5UHSDF4WhthRe4n482wjyaDoBGMVwLXz8CYyRAcpepE jRglPaJbHkn2Av52v3ESViHACtSCODZZGgFGMIcPDXlv532DxkqaqyHlkTQ2N6ta gXWom4bTwnfreiaJCr0tw51bYBba/kVan6DO0sH7+079hhjVKjirmVnPQMTPx6bN sk/k4s6kzLGSFk6DCC6wDKakmlmE9opQPisbPy0CsLWPjo2aG9UNyD5LShDccnze 0gDIoZEnKZcJivlEeiCnw==
X-Amavis-Modified: Mail body modified (using disclaimer) - mail.icednetworks.info.

NOW..
I have added the email domain to my mobile using and using the default app on that with the smpt/imap conection, and when i send an email from the same domain icednetworks.info to my gmail account it passes dkim see below.

Message ID    <4LCmKH05w4zKscr@mail.icednetworks.info>
Created at:    Wed, Jun 1, 2022 at 8:56 PM (Delivered after 0 seconds)
From:    xxxx <xxxx@icednetworks.com.au>
To:    xx xx <xxxx@gmail.com>
Subject:    Test 2055
SPF:    PASS with IP 27.32.225.101 Learn more
DKIM:    'PASS' with domain icednetworks.com.au Learn more
DMARC:    'PASS' Learn more

ARC-Seal: i=1; a=rsa-sha256; t=1654080965; cv=none;
        d=google.com; s=arc-20160816;
        b=xJQAdjmaeaaSK4ikqpyrmvhjwdX49tkxkEfP9ax/1EhUQ86uRfaIRCfwCZdsDenwTt
         S3rJw7BY1NStTBk7ZuMGugarfz4DNZgWZsSX6Gpz5vDNIiqTuv/Hjm4PaWqnflhWcL57
         V/j0CP7GcZdN0b9EJbnHcrHUObbUqDzUieoNfeDny0KOvEMKWU/kDSPu6mddG1BE98kw
         E/XE+iOrSj07veVO9dALatkMYccLIjhlYUZdpGVJlpIdL+q8WclvQ3D80pzNHLPeOw04
         KTTQ1CfzUN/rioMqs/pBocl9tji0Uv3ZUjhytxek3l5pZxgmbfseFc2xtYEw6loH4GTz
         3O7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:mime-version:to:from:importance:subject:date
         :savedfromemail:dkim-signature;
        bh=yl++jTZhYbMvpMRq1PEvDlS0J7oapiXwACYg7W2I87U=;
        b=dISIwar4NhIoNIzi5h7Exodoo3n24yoji6J0k0KS3loGHuSjXuLg7QWinax4pzUUaT
         vyqL3M5nw/SJw0e4iBk+c0zjLj0UYyE6DnJef/h4YCPUdf65gF5xbSdaOiY7ilU1jQRu
         0upBlrRM+7wTyy7nzVDs2zBwxxJkSqezEiDgZHDaRVegj13uFU5zNQhV6gJI0jgGe6qo
         CZgP2PcGI64RshglubT3UCf74RG7xaoTsJBo+01qdBxPVlD7xgem0UgPLZZFRNx5SVMX
         SuzyB8oMrQDEsXLKsrs8gELxdT3NdIFzDXkA1OvVxK7VNFqB6JkRhwhi8Ia91GjDWoma
         sXlQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@icednetworks.com.au header.s=dkim header.b=jYQGSa7H;
       spf=pass (google.com: domain of xxxx@icednetworks.com.au designates 27.32.225.101 as permitted sender) smtp.mailfrom=xxxx@icednetworks.com.au;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=icednetworks.com.au
Return-Path: <xxxx@icednetworks.com.au>
Received: from mail.icednetworks.info (mail.icednetworks.info. [27.32.225.101])
        by mx.google.com with ESMTPS id k8-20020a17090a590800b001e097ba5d29si1874356pji.11.2022.06.01.03.56.04
        for <xxxx@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Jun 2022 03:56:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of xxxx@icednetworks.com.au designates 27.32.225.101 as permitted sender) client-ip=27.32.225.101;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@icednetworks.com.au header.s=dkim header.b=jYQGSa7H;
       spf=pass (google.com: domain of xxxx@icednetworks.com.au designates 27.32.225.101 as permitted sender) smtp.mailfrom=xxxx@icednetworks.com.au;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=icednetworks.com.au
Received: from mail.icednetworks.info (ip6-localhost [127.0.0.1]) by mail.icednetworks.info (Postfix) with ESMTP id 4LCmKH05w4zKscr for <xxxx@gmail.com>; Wed,
  1 Jun 2022 20:56:03 +1000 (AEST)
Authentication-Results: mail.icednetworks.info; dkim=pass (2048-bit key; unprotected) header.d=icednetworks.com.au header.i=@icednetworks.com.au header.a=rsa-sha256 header.s=dkim header.b=jYQGSa7H; dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= icednetworks.com.au; h=content-type:mime-version:to:from:subject :date; s=dkim; t=1654080962; x=1656672963; bh=yl++jTZhYbMvpMRq1P EvDlS0J7oapiXwACYg7W2I87U=; b=jYQGSa7HgIVy5HAESXl81INwoogmI+GfJ6 kvv21BwLP0V0d9gczDdIZEGur6GLUIhN4uzJIBZrcXsaC0gasWbddUh5fde5Mpri CIT3oT2n3rydiIiJgQf/rNFO4N/+qeErvxcqEJWRXVvJ6mAldASNtC0pVAT5UiSy 0RDCvrenRLf63dSnBQH8mHK0BTr9B6W9GjtrJ45EY12LfmKwePLwA9HvNWSZlFEI hK0YS+h0kBOqHyXGtnU5rYZcxIgwU+d6jRL+ZGm76FyY/wta76ob4wt24H/D0Otg hnhqqwS8oI5BFomKNyIiH/PWn2OANL04cV0SuMrfBXZGEGPKIYMw==
X-Amavis-Modified: Mail body modified (using disclaimer) - mail.icednetworks.info


If you need more info please let me know.

FYI this is happening with all the domains

So hence I am at a loss as to why this is happing.
Open to any suggestions as to what anyone has.

Thank you all in advance for your help
George.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team.

2

Re: DKIM Fails from local network

gpapaiko wrote:

when I log into sogo for the icednetworks.info and send am email to my gmail account dkim fails see below.

- Which iRedMail release are you running? (check /etc/iredmail-release)
- Which SOGo release are you running?
- Show me output of command below:

$ grep -E 'SOGo(SMTP|Mailing)' /etc/sogo/sogo.conf
gpapaiko wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Please always input above info in new forum topic, otherwise i may ask you to input them to get basic info of your iRedMail server first, then help troubleshoot. You're wasting yours and my time to wait. smile

3

Re: DKIM Fails from local network

Sorry forgot to include those.
I have update to the latest versions:
iRedMail = 1.6.0 MARIADB edition
iRedAdmin = 1.7
OD: Ubuntu  20.04 LTS
DB: Mysql/MariaDB
downloadable installer

Sogo Version 5.0.1

# grep -E 'SOGo(SMTP|Mailing)' /etc/sogo/sogo.conf
    SOGoSMTPServer = 127.0.0.1;
    SOGoMailingMechanism = smtp;
    //SOGoSMTPAuthenticationType = PLAIN;

I have include two of the mail logfile I extracted.

Post's attachments

gpmail.com.log 115.13 kb, 1 downloads since 2022-06-07 

gpmail.log 117.19 kb, 1 downloads since 2022-06-07 

You don't have the permssions to download the attachments of this post.

4

Re: DKIM Fails from local network

Your SOGo config file is not up to date.
Please update them to:

     SOGoSMTPServer = "smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
     SOGoMailingMechanism = smtp;
     SOGoSMTPAuthenticationType = PLAIN;

Also:

    SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";

Then restart sogo service.

FYI: https://docs.iredmail.org/upgrade.sogo.4.to.5.html

5

Re: DKIM Fails from local network

Hi Zang,

I have made the changes as suggested, restarted the services, and still fails.
I am using Sogo as the mail email client, and all test are via that.

I have decided to do a test using round cube and the emails are passing DKIM  when the original is viewed in gmail

"
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@icednetworks.com header.s=dkim header.b=kJJnFzow;
       spf=pass (google.com: domain of xx@icednetworks.com designates 27.32.225.101 as permitted sender) smtp.mailfrom=gpapaiko@icednetworks.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=icednetworks.com

SPF:    PASS with IP 27.32.225.101 Learn more
DKIM:    'PASS' with domain icednetworks.com Learn more
DMARC:    'PASS' Learn more
"

So the issue maybe confined to Sogo.
I have attached two log file one using the sogo and the other round cub (RC).

Thanks in advance for all your help.
George

Post's attachments

gpmail-20220610-2041.log 306.87 kb, 1 downloads since 2022-06-10 

gpmail-RC-20220610-2056.log 310.29 kb, 1 downloads since 2022-06-10 

You don't have the permssions to download the attachments of this post.

6

Re: DKIM Fails from local network

Jun 10 20:39:18 mail amavis[380735]: (380735-03) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:39190 ... dkim_new=dkim:icednetworks.com...

Jun 10 20:57:01 mail amavis[2007]: (02007-01) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:41492 ... dkim_new=dkim:icednetworks.com...

Seems both added the DKIM keys.

7

Re: DKIM Fails from local network

Hi Zhang,

Thanks for that.

I understand that this might be outside your scope/expertise.
But would you  have any idea , as to why when I send an email from the same domain, via Sogo to my gmail account it fails DKIM, but when I use roundcube it passes.

Is it possible that SOGo could be modifying the email file after it did the dkim validation?

Do you know of any process that I use to do a  step-in debug ?
This one has go me baffled.
Thanks in advance.

8

Re: DKIM Fails from local network

Try this:

- Edit file /etc/postfix/master, find the transport "pickup" like below:

pickup    unix  n       -       n       60      1       pickup

- Append one line right after it:

pickup    unix  n       -       n       60      1       pickup
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

WARNING: There's at least one whitespace before '-o' in this case.
- Restart postfix service.

9

Re: DKIM Fails from local network

ZhangHuangbin wrote:

Try this:

- Edit file /etc/postfix/master, find the transport "pickup" like below:

pickup    unix  n       -       n       60      1       pickup

- Append one line right after it:

pickup    unix  n       -       n       60      1       pickup
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

WARNING: There's at least one whitespace before '-o' in this case.
- Restart postfix service.

Hi Zhnag,

Thanks, and I check my config and those options are already set, and still makes no difference to the DKIM failing for email sent from SOGo only.