DKIM-Signature Body Hash Not Verified

[vincentcox]

Context

I used the dkim configuration, but when I try to send an email, it gives a DKIM error

Site where I tested the mailheaders: https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx

Expected Behavior

Properly signed DKIM signature

Actual Behavior

DKIM-Signature Not Correct

Possible Fix

/

Steps to Reproduce

Get latest image:

docker pull tvial/docker-mailserver:latest

Get the tools:

Download the docker-compose.yml, the .env and the setup.sh files:

curl -o setup.sh https://raw.githubusercontent.com/tomav/docker-mailserver/master/setup.sh; chmod a+x ./setup.sh

curl -o docker-compose.yml https://raw.githubusercontent.com/tomav/docker-mailserver/master/docker-compose.yml.dist

curl -o .env https://raw.githubusercontent.com/tomav/docker-mailserver/master/.env.dist

Create a docker-compose environment

Edit the .env to your liking. Adapt this file with your FQDN.

# -----------------------------------------------------------------------------------------------------------------------------
# --------------------- General Settings --------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------

HOSTNAME=mail
DOMAINNAME=your-website.be
CONTAINER_NAME=mail

# empty => uses the `hostname` command to get the mail server's canonical hostname
# => Specify a fully-qualified domainname to serve mail for.  This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
OVERRIDE_HOSTNAME=your-website.be

Please note that:

• The HOSTNAME shouldn't contain dot's, so dont take the domainname as HOSTNAME.
• OVERRIDE_HOSTNAME should be the same as the hostname

Create your mail accounts

./setup.sh email add <email> [<password>]
# for example: ./setup.sh email add info@domain.be password

Generate DKIM keys

./setup.sh config dkim
 cat config/opendkim/keys/yourdomain.be/mail.txt

This will output something like this:

mail._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
"p=XXXXXXXXX"
"AAAAAA" )  ; ----- DKIM key mail for yourdomain.be

Put the following in in a TXT DNS record:

spin up the docker container:

	docker-compose up -d mail

Now test if you can send an email with:

Install 'swaks': apt install swaks or brew install swaks.

Then:

sudo apt-get install libnet-ssleay-perl
sudo apt-get install libcrypt-ssleay-perl
swaks -f test@yourdomain.be --server 127.0.0.1:587 -tlsos --auth-user test@yourdomain.be -body "Dit bericht is van de server" -t <receiver-address>

My Environment

• Amount of RAM available: 2Gb
• Mailserver version used: latest version at 5 June 2019
• Docker version used: Docker version 18.09.3, build 774a1f4
• Environment settings relevant to the config: see steps to reproduce
• Any relevant stack traces ("Full trace" preferred): /

What already tried:

• Using 1024 bit dkim
• Updating to the latest mailserver version (5 June 2019)

[erik-wramner]

This is not a very helpful answer as you seem to have done your homework, but can you try with the latest image again? The project has picked up speed during the summer, so perhaps your issue has been fixed. DKIM seems to be working for me and I think I have a similar setup.

[vincentcox]

I'll try again if I do another phishing campaign for work. Thanks for letting me know. Do you mind keeping this issue open?

[hmlkao]

The same trouble for me (MXToolBox DKIM validation fails) but if I try different validator (eg. dkimvalidator.com, check-auth@verifier.port25.com) it pass well...
However also Google report that DKIM fails to ruf configured in my _DMARC DNS TXT record.

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>noreply-dmarc-support@google.com</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>73176901622121314821</report_id>
    <date_range>
      <begin>1585785600</begin>
      <end>1585871999</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>example.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>quarantine</sp>
    <pct>5</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>1.2.3.4</source_ip>
      <count>5</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>fail</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>example.com</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>example.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

[ninkaninus]

I believe that MXToolbox.com has an error on the DKIM test i have the same problem with my site, other palces i tested it passed.
https://mxtoolbox.com/SuperTool.aspx?action=dkim%3amail.borresen.one&run=networktools

[m-a-v]

@ninkaninus If you enter the following string in the text box, it works: borresen.one:mail

But when you copy the URL it doesn't work anymore. Then the string becomes dkim:mail.borresen.one.

[georglauterbach]

This issue was closed due to one or more of the following reasons:

1. Age
2. Contributor inactivity
3. The issue seems to be resolved

If you think this happened by accident, or feel like this issue was not actually resolved, please feel free to re-open it. If there is an issue you could resolve in the meantime, please open a PR based on the current master branch so we can review it.