Incoming messages are rejected when DomainKeys spam protection is enabled

Created:

2016-11-16 12:55:40 UTC

Modified:

2017-04-24 11:21:20 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Incoming messages are rejected when DomainKeys spam protection is enabled

Applicable to:

  • Plesk for Linux
  • Plesk 12.0 for Windows

Symptoms

The DomainKeys policy "Verify incoming mail" is enabled in Parallels Plesk at Tools & Settings > Mail Server Settings > DomainKeys spam protection > Verify incoming mail . An email message sent to a domain hosted on the Parallels Plesk server is not delivered to the recipient and a "bounce" message is sent to the sender. The following error is logged in /usr/local/psa/var/log/maillog :

Apr 17 07:15:42 <plesk server> qmail-local-handlers[7869]: call_handlers:
stop call handlers because handler 'dd52-domainkeys' not PASS (31)
Apr 17 07:15:42 <plesk server> qmail-local-handlers[7869]: call_handlers:
stop call handlers from dir '/var/qmail/handlers/before-local/global'

Cause

The incoming message is signed with DomainKey, and its header contains the corresponding signature:

DomainKey-Signature:
a=rsa-sha1; q=dns; c=nofws;
s=default; d=example.net;
b=IoRzhocoTbfvlju+CxylElcsxApapLFyKGfXbOk8Wfcyv6EGpjCdDG0I/4ACrzxdB1dTwcWQgBdigzvNhftkTErpXoRUGNbjchiGRzXV8t7nLKpZzxWG1pRuDOge7OOy;

However, the public key of the domain does not exist in its DNS zone or does not correspond to the signature listed in the message header.

Resolution

Use the DomainKeys and DKIM step-by-step verification article to verify the correctness of the DomainKey-Signature, contact the sender, and suggest to fix the DomainKey configuration for the domain if it is not correct.

As an alternative, turn off DomainKeys verification by Parallels Plesk while accepting incoming messages.

See also How to enable DomainKey spam protection of outgoing mail for a domain

Have more questions? Submit a request
Please sign in to leave a comment.