DkimSigner doesn't sign messages (Gmail, etc) #366
Comments
|
Can you try and move number 13 Exchange DkimSigner to the top and see if this works
|
|
It helped: Is it OK to leave it like this?
|
|
I read this in a manual when i setup my Dkim |
|
In general, that article is wrong. The dialog even says that the signing agent should be at the bottom. I suggest [YevgeniyN] tries moving the agent down one step at a time, testing one by one. The reasoning for the agent being at the bottom is that other agents in the list may modify the header, which would then invalidate the signature generated by the signing agent. |
|
Howdy,
The problem with this configuration is that DKIM signing is done before any
of the other Transport Agents get to look at the message and potentially
modify it, which will result in DKIM validation errors at the recipient's
end.
I suspect that "Vamsoft ORF Routing Agent" is the Agent responsible for
preventing DKIM signing taking place. I'd suggest making both Vamsoft
entries Priority 12 (the SMTP one) and 13 (the Routing one) and make
Exchange DkimSigner Priority 11. This should then result in DKIM signing
taking place after all other Agents have looked at the message and made
their changes if needed, but before the Vamsoft agents take action on the
messages.
I'm not familiar with these Vamsoft agents, so I'd strongly recommend you
check Vamsoft documentation to see what impact changing the priority of
these agents has on the functionality of the Vamsoft components.
…On Thu, 26 May 2022 at 20:11, YevgeniyN ***@***.***> wrote:
It helped:
https://www.mail-tester.com/test-utj411xxs
Is it OK to leave it like this?
[image: image]
<https://user-images.githubusercontent.com/2317470/170467218-cceacf75-0362-46af-918f-4f5ee41f8c80.png>
—
Reply to this email directly, view it on GitHub
<#366 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEEHYXJT5Y7TXTLPM2IQ4ZTVL5E3JANCNFSM5XACU4HA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
Regards,
Chris Knight
|
|
It works fine as soon as I place DkimSigner before the Attachment Filtering Agent
|
|
Good to hear.
I'd suggest comparing your Transport Agent priority with a clean install of
Exchange Server 2016 CU13 without any third party software installed to see
what the order and agents are.
I'd then review the Transport Agents to see what message modifications they
perform, if any.
I'd then choose appropriate priorities for my third party agents so they
all worked reliably.
I'd then choose my DKIM signing headers so that any agents that run after
my DKIM signing won't affect DKIM validation if they modify the message
headers. If they affect the message body, then I'd need to review my third
party software to see if the third party software was capable of performing
the features I selected it for as well as DKIM signing, as DKIM signing
only works once all message headers and the message body have been modified
to meet all the other requirements of valid mail delivery.
…On Fri, 27 May 2022 at 21:57, YevgeniyN ***@***.***> wrote:
It works fine as soon as I place DkimSigner before the Attachment
Filtering Agent
[image: image]
<https://user-images.githubusercontent.com/2317470/170694724-53c8f02e-df23-446b-ac76-13a1114f188f.png>
—
Reply to this email directly, view it on GitHub
<#366 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEEHYXJMNK27IKGTOPBR23TVMC2EDANCNFSM5XACU4HA>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Regards,
Chris Knight
|
|
Hi, Related to the same subject. Do I need to add a TXT record into my local windows DNS server or it is enough to publish it on the ISP DNS side Regards |
|
I tried to move the DKIM Signer down one at a time and test .... it is still not working ! |
Versions
Description
DkimSigner installed on Edge Transport server.
Algorithm: RsaSha256.
Header and Body canonicalzation: Simple or Relaxed (I've tested both)
Configuration:
Steps to Reproduce
Expected behavior:
dkim=pass in message source
Actual behavior:
no signs of dkim header in message source
The text was updated successfully, but these errors were encountered: