DKIM Body Hash Did Not Verify

Discussion in 'General' started by Nexus Fred, Mar 31, 2020.

  1. Nexus Fred

    Nexus Fred Member

    I have an email issue
    All the emails I send are flagged as spam on Gmail, Yahoo, Hotmail ...
    So I tested my emails with the "Email Deliverability" mxtoolbox


    DMARC Compliant
    SPF Alignment = Ok
    SPF Authenticated = Ok
    DKIM Alignment = Ok
    DKIM Authenticated = Problem

    DKIM Signature Body Hash Verified = Body Hash Did Not Verify

    I don't understand what is the issue here.
    I have enabled DKIM in Mail Domain
    I copied the public key into my DNS on Gandi (registrar).
    default._domainkey TXT 1800 "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDw6/A7tMshTX8oNpfRvqKMLjs/2fgWfegqntUpLJQf39wR9nhoFGIkqRQwolABm7xdKhnlXadX1OC/Werx6+WwuFof02r/K+MRPDmzxb/qT003jRP14mOVy0zED1R8LqFmwQ/kN9A6iB/owBCLm3PKjoB3emTzx2yb7DkIvw7BUQIDAQAB"

    Somebody can guide me to solve this issue, or at least help me to understand what "Body Hash Did Not Verify" means?

    PS(I am a beginner using ISPConfig and I am not a Unix expert, one of my friends graciously installs ISPConfig for me on an Ubuntu server ;-)

    Best Regards
    Last edited: Apr 1, 2020
  2. Yahav

    Yahav New Member

    Have you been able to find a solution?
    Facing the same issue.

  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It means the dkim hash can't be verified, so either the private key used to sign doesn't match the public key in dns, or the message was changed since being signed (eg. subject, from or body changed).
    Yahav likes this.
  4. Yahav

    Yahav New Member


    Thank you for your reply.

    Assuming the message was sent through the server directly (for testing) and I've generated the key once again, should I check anything else in the ISP Config?

    Thanks again,

    Attached Files:

    • BH.png
      File size:
      105.2 KB
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    What do you mean sent through the server directly? You should send by authenticating on port 587 or 465, the are cases where signing might not happen otherwise.

Share This Page