• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

[Plesk 11.5] DomainKeys Failing with Postfix

P

PTS

New Pleskian
I've never had issues with getting DomainKeys to pass with qmail but after switching to Postfix, they only work when the email is sent from webmail.

Anyone know where to start to debug this one? It seems like the DomainKeys sent in both cases are identical. Not sure why it only passes through webmail.

I'm running Plesk 11.5.30 on a CentOS 6.5 dedicated server from GoDaddy.

Here's the failed message sent from Outlook

Code: 
==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   fail
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  m1plded02-02.prod.mesa1.secureserver.net
Source IP:      64.202.189.19
mail-from:      paul@domain.com

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         fail (bad signature)
ID(s) verified: header.From=paul@domain.com
DNS record(s):
    default._domainkey.domain.com. 86400 IN TXT "p=y7J08Md0x57veWQfsoZCDue47kAd/QR7Yx3ptu2qGWpGsX7XDzTJFpYB8ym5f9jweK3jpenOybF3AuwElY9ghC1XiN0NfVwv+uIii9swYjBmTUP5lEI21z3nYJ2AM66FVJuSqwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCemdXc34mRb6RUVJ2ShoO3CmwDXtSmVNQa3x/Q;"


==========================================================
Original Email
==========================================================

Return-Path: <paul@domain.com>
Received: from m1plded02-02.prod.mesa1.secureserver.net (64.202.189.19) by verifier.port25.com id hbq9fu11u9c3 for <check-auth@verifier.port25.com>; Mon, 28 Apr 2014 13:42:23 -0400 (envelope-from <paul@domain.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=paul@domain.com
Authentication-Results: verifier.port25.com; domainkeys=fail (bad signature) header.From=paul@domain.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=paul@domain.com
Received: from domain.com ([255.***.***.1])
   by m1plded02-02.prod.mesa1.secureserver.net with : DED :
   id vViM1n03F1dT9qo01ViMRp; Mon, 28 Apr 2014 10:42:22 -0700
x-originating-ip: 255.***.***.1
Received: from av-engine.localhost (domain.com [127.0.0.1])
   by domain.com (Postfix) with ESMTP id AFAF35004EC
   for <check-auth@verifier.port25.com>; Mon, 28 Apr 2014 10:42:08 -0700 (MST)
Received: 535e92f027184e0ef82380e1a26e7e
Received: from STARGATE (cpe-174-***-***-121.carolina.res.rr.com [174.***.***.121])
   by domain.com (Postfix) with ESMTPA id 49D2C5004EB
   for <check-auth@verifier.port25.com>; Mon, 28 Apr 2014 10:42:08 -0700 (MST)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws;
  s=default; d=domain.com;
  b=YVZoOzemCwHW68UbvzL01+7W/mjHOWpcpqgzZAHFFYm3f6poe08vhMaoKd+TsvC1LFjVhocHJJueRoYwz+zBoC4wXcgKV9E1EWUiq44IaTcMrYX1x4eAqAXpx7xIaiLG2u39zdwW7G7Nm573WSzpMHrwIbrJOnGo4uh4TucvG4c=;
  h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language;
From: "Paul" <paul@domain.com>
To: <check-auth@verifier.port25.com>
Subject: Verifier From Outlook
Date: Mon, 28 Apr 2014 13:42:20 -0400
Message-ID: <004201cf6309$34ff8450$9efe8cf0$@domain.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_000_0043_01CF62E7.ADEE3270"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac9jCTRnN0v+42dOQfe9QZcaTMplvQ==
Content-Language: en-us

Here's the passed message sent from Webmail

Code: 
==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   pass
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  m1plded02-02.prod.mesa1.secureserver.net
Source IP:      64.202.189.19
mail-from:      paul@domain.com

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: header.From=paul@domain.com
DNS record(s):
    default._domainkey.domain.com. 86400 IN TXT "p=y7J08Md0x57veWQfsoZCDue47kAd/QR7Yx3ptu2qGWpGsX7XDzTJFpYB8ym5f9jweK3jpenOybF3AuwElY9ghC1XiN0NfVwv+uIii9swYjBmTUP5lEI21z3nYJ2AM66FVJuSqwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCemdXc34mRb6RUVJ2ShoO3CmwDXtSmVNQa3x/Q;"

==========================================================
Original Email
==========================================================

Return-Path: <paul@domain.com>
Received: from m1plded02-02.prod.mesa1.secureserver.net (64.202.189.19) by verifier.port25.com id hbq9qg11u9co for <check-auth@verifier.port25.com>; Mon, 28 Apr 2014 13:45:12 -0400 (envelope-from <paul@domain.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=paul@domain.com
Authentication-Results: verifier.port25.com; domainkeys=pass header.From=paul@domain.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=paul@domain.com
Received: from domain.com ([255.***.***.1])
   by m1plded02-02.prod.mesa1.secureserver.net with : DED :
   id vVlB1n03b1dT9qo01VlBzs; Mon, 28 Apr 2014 10:45:11 -0700
x-originating-ip: 255.***.***.1
Received: from av-engine.localhost (domain.com [127.0.0.1])
   by domain.com (Postfix) with ESMTP id 5EBE2500552
   for <check-auth@verifier.port25.com>; Mon, 28 Apr 2014 10:44:58 -0700 (MST)
Received: 535e939ab59586f41a75f60712f96d
Received: from webmail.domain.com (domain.com [127.0.0.1])
   by domain.com (Postfix) with ESMTPA id 1EE1F50053F
   for <check-auth@verifier.port25.com>; Mon, 28 Apr 2014 10:44:58 -0700 (MST)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws;
  s=default; d=domain.com;
  b=PEy9p6k6b8XhhviFtKZBYIKkxsgNy+NhHlTse8PFvFtnJeIO44hfKtKq+9Go8xQih18xkuTAL4aRzZRwDXAmx52qG0uZyIu3ds3/bFb+OUyCm5uTsJk3G/tJ4jo+zwFc/ERYZoVpnwQYcpZl62nPqIvy+VNTdovDvOt0SeVFYjI=;
YVZoOzemCwHW68UbvzL01+7W/mjHOWpcpqgzZAHFFYm3f6poe08vhMaoKd+TsvC1LFjVhocHJJueRoYwz+zBoC4wXcgKV9E1EWUiq44IaTcMrYX1x4eAqAXpx7xIaiLG2u39zdwW7G7Nm573WSzpMHrwIbrJOnGo4uh4TucvG4c=
  h=MIME-Version:Date:From:To:Subject:Message-ID:X-Sender:User-Agent;
MIME-Version: 1.0
Date: Mon, 28 Apr 2014 13:44:58 -0400
From: paul@domain.com
To: check-auth@verifier.port25.com
Subject: Verifier From Webmail
Message-ID: <9511a4d37beb0e9b9366b3ddc4577595@domain.com>
X-Sender: paul@domain.com
User-Agent: Roundcube Webmail/0.9.5
 
You have mangled your headers, probably to protect your domain or something. That makes this question hard to debug. We need the untouched/unedited mail.

However, please note that Plesk only supports DomainKey, and _NOT_ DKIM! DomainKey can be considered deprecated, and services such as Google only check for DKIM records, not DomainKey records. I would worry alot about DomainKey, as nothing/nobody seems to do anything with DomainKey signed e-mail. By that I mean that it doesn't help solve deliverability issues with eg. Google. You need DKIM for that.
 
You must log in or register to reply here.

Similar threads

EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
988
EnriqueR
EnriqueR
Erwin Fiten
Question Spam sent from my server by other hosts ???
Replies
4
Views
566
Bitpalast
Bitpalast
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
499
W4ru
W
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
M
Question Hackers are sending tons of mails
Replies
4
Views
1K
MrPleskLearner
M
Back
Top