DKIM Signing is Failed

pradeep sharma

Active Member
Dear @twisted1919

We are facing difficulty while signing emails with DKIM

Problem:
Mailwizz generates a default DKIM Key which we added to our DNS record and Domain is successfully verifed.
But the Key Fails..
dkim=fail header.i=@domain.com;

Later i check the dkim key selector
http://dkimcore.org/c/keycheck

which show that key has some error

then i removed and spaces newline etc in DKIM Private key and DKIM record and then verifed on http://dkimcore.org/c/keycheck

it was shown correct DKIM key but it still not validated by GMAIL/Yahoo etc.

I am totally stucked and Puzzled
FYI: we are facing this issue in 1.5.6.2 Version

How to resolve it
I expect Mailwizz to generate a DKIM (public+private key +DKIM DNS record) whcih should be validated & honored by ISPs

Plz help

Regards
 
@pradeep sharma - can you please try unzipping attached file and put the resulted .php file in apps/common/models folder then go back to your sending domain and copy the dkim key once again and tell me if that fixes it?
 

Attachments

yeah its verified at DKIM Core
but its not verified by Gmail..
i have tested 2 domains one have DNS records handled by Vestacp and another by Cloud flare but no success....:(

Does x-headers have any impact on DKIM verification just a clue for you to debug.
i am sendning following x-header on every email via delivery server

x-job : [CAMPAIGN_UID]
x-envid : [SUBSCRIBER_UID]
SUBSCRIBER_EMAIL : [SUBSCRIBER_EMAIL]
app_url : domain.com
 
I think the error could be with
last semicolon

i just checked many emails received by me of various companies none of then has last semicolon

like one i generated with postmarkapp

k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDCvht/yX4a6fFqjPo08q2qRQ0IshVZoV73aHq1gBmNFsLCKD4Y0hH0Dh3VDC5FC72H8P1gA0tZztISQX+Yy7NAAi/33VHDzASawpJSnAKjGT/qBLY9UBbif2tXtC551TF5RCrY4Q9DIQjbaB4r9HDLm6VdSIcibsxaQzFc8BwNQIDAQAB
 
@pradeep sharma - it does not matter how many headers it sends, the signature is done explicitly on the selected headers. mailwizz excludes return-path and the sender header, then all the others are used for signing.

Now, a problem would be if pmta removes a header that mailwizz has sent, then the signature would not match, but if you can see all the listed headers from the signature in the email, then it should be fine.
 
I just saw your screenshot. You have two dkim signature there, have you seen?
One from zoikmail.com and one from mailwizz. i guess that's the cause.
 
The signature from zoikmail, the one applied for the return-Path is the correct one. in that case you don't need to sign from mailwizz.
 
one DKIM is signed by PMTA
and another is signed by Mailwizz..
So the one which is signed by PMTA is working fine..
but the one which is signed by Mailwizz is not working ..
even if i stop signing by PMTA for still signed by Mailwizz is not working..
 
Back
Top