Hi. I set other server in system/config/email to use DKIM on other server. If i send messages DKIM works, gets pass. But if same message contains a invoice PDF, the DKIM fails. If i manually send same PDF DKIM also works. So in some way, the ispconfig sendsystem have this error: dkim=fail (body hash did not verify). Is this a know bug or any solution available ? The problem is ofcourse that Hotmail and others drop our invoices in a black hole. ISPconfig 3.1.11, Billing 2.0.3 rev 33.
Hi ofc. Its another Windows server(sorry about that, will change in future) that has our primary domain and DKIM.
You might have to check the logs of the windows system then, to see why it does not sign the messages.
It always sign the messages, but as soon there is an invoice PDF attached, receiver fail the check like it was altered content. Manually adding PDF on the sending server then DKIM does not fail. Thats why i suspects that there is something wrong when sending from controlpanel, that the code ads PDF as wrong type or whatever. I can send you an example if you want to check headers with DKIM.
I'm not aware that Dkim signing fails when Linux servers are used for signing, so it's probably a Windows failure when Windows is only able to sign PDF attachments that are not sent from a Linux system.
The signing is done always on Windowsserver in this case. Our controlpanel just use SMTP and sends authenticated. ALL other mails sent from controlpanel in Linux does NOT fail, just those with invoice attached. Windows HMAILSERVER does not have any other fail.
As hotmail receiver: dkim=fail (body hash did not verify) Server debug Log, seems OK, no errors about DKIM, exept that Microsofts own certifiate fails: "DEBUG" 5500 "2018-01-31 12:54:26.541" "Signing message using DKIM..." "DEBUG" 5500 "2018-01-31 12:54:26.666" "Starting external delivery process. Server: hotmail-com.olc.protection.outlook.com (104.47.37.33), Port: 25, Security: 2, User name: " "DEBUG" 5500 "2018-01-31 12:54:26.666" "Creating session 76748" "DEBUG" 5628 "2018-01-31 12:54:26.822" "TCP connection started for session 76748" "SMTPC" 5628 76748 "2018-01-31 12:54:26.963" "104.47.37.33" "RECEIVED: 220 CY1NAM02FT027.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Wed, 31 Jan 2018 11:54:27 +0000" "SMTPC" 5628 76748 "2018-01-31 12:54:26.963" "104.47.37.33" "SENT: EHLO mail30.inviso.se" "SMTPC" 5588 76748 "2018-01-31 12:54:27.119" "104.47.37.33" "RECEIVED: 250-CY1NAM02FT027.mail.protection.outlook.com Hello [91.208.221.30][nl]250-SIZE 49283072[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-STARTTLS[nl]250-8BITMIME[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250 SMTPUTF8" "SMTPC" 5588 76748 "2018-01-31 12:54:27.119" "104.47.37.33" "SENT: STARTTLS" "SMTPC" 5596 76748 "2018-01-31 12:54:27.291" "104.47.37.33" "RECEIVED: 220 2.0.0 SMTP server ready" "DEBUG" 5596 "2018-01-31 12:54:27.291" "Performing SSL/TLS handshake for session 76748. Verify certificate: True, Expected remote host name: hotmail-com.olc.protection.outlook.com" "DEBUG" 5596 "2018-01-31 12:54:27.447" "Certificate verification failed for session 76748. Expected host: hotmail-com.olc.protection.outlook.com, Windows error code: -2146762481, Windows error message: The certificate's CN name does not match the passed value." "SMTPC" 5592 76748 "2018-01-31 12:54:27.603" "104.47.37.33" "SENT: EHLO mail30.inviso.se" "SMTPC" 5604 76748 "2018-01-31 12:54:27.760" "104.47.37.33" "RECEIVED: 250-CY1NAM02FT027.mail.protection.outlook.com Hello [91.208.221.30][nl]250-SIZE 49283072[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-8BITMIME[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250 SMTPUTF8" "SMTPC" 5604 76748 "2018-01-31 12:54:27.760" "104.47.37.33" "SENT: MAIL FROM:<[email protected]>" "SMTPC" 5596 76748 "2018-01-31 12:54:27.916" "104.47.37.33" "RECEIVED: 250 2.1.0 Sender OK" "SMTPC" 5596 76748 "2018-01-31 12:54:27.916" "104.47.37.33" "SENT: RCPT TO:<[email protected]>" "SMTPC" 5596 76748 "2018-01-31 12:54:28.072" "104.47.37.33" "RECEIVED: 250 2.1.5 Recipient OK" "SMTPC" 5596 76748 "2018-01-31 12:54:28.088" "104.47.37.33" "SENT: DATA" "SMTPC" 5628 76748 "2018-01-31 12:54:28.228" "104.47.37.33" "RECEIVED: 354 Start mail input; end with <CRLF>.<CRLF>" "SMTPC" 5604 76748 "2018-01-31 12:54:28.978" "104.47.37.33" "SENT: [nl]." "SMTPC" 5596 76748 "2018-01-31 12:54:29.291" "104.47.37.33" "RECEIVED: 250 2.6.0 <[email protected]> [InternalId=60941291047168, Hostname=CY1NAM02HT140.eop-nam02.prod.protection.outlook.com] 167172 bytes in 0.499, 327.010 KB/sec Queued mail for delivery" "SMTPC" 5596 76748 "2018-01-31 12:54:29.291" "104.47.37.33" "SENT: QUIT" "SMTPC" 5628 76748 "2018-01-31 12:54:29.447" "104.47.37.33" "RECEIVED: 221 2.0.0 Service closing transmission channel" "DEBUG" 5628 "2018-01-31 12:54:29.447" "Ending session 76748" "DEBUG" 5500 "2018-01-31 12:54:29.447" "External delivery process completed" "DEBUG" 5500 "2018-01-31 12:54:29.447" "Summarizing delivery result" "DEBUG" 5500 "2018-01-31 12:54:29.447" "Summarized delivery results" "DEBUG" 5500 "2018-01-31 12:54:29.447" "Deleting message" "DEBUG" 5500 "2018-01-31 12:54:29.447" "Deleting message file."
Did your windows-server signs other mails send by ispconfig (ie quota-warnings). Maybe your windows-servers checks different header-fields to choose the proper key.
Yes, all other emails sent by ISPconfig Billing module is DKIM PASS. It seems that the quota warnings does not send via settings in /system/main config/Mail/Use SMTP to send system mails. https://www.hmailserver.com/documentation/latest/?page=reference_domain I have tried all settings for body + header ie both simple and relaxed method + signing algo.
Maybee i need to rethink this if its not ISPconfig bug. I cant solve it if there is a hmailserver bug. Either move the primary domain to a linuxserver now. Or sign DKIM emails directly on controlpanel server and not use "smarthost". Im not sure yet how to proceed with that, since the domain can not be local of that controlpanel, else mails sent to local adresses will fail. The controlpanel itself can not sign quota warnings ?
you can install amavis on your server, configure dkim-signing and send the signed mail to the relayhost.