Applicable to:
- Plesk 12.5 for Linux
- Plesk Onyx for Linux
Note: This article has the reference to the issue with the fix available:
- #PPPM-5149 "Support issue #PPPM-5149"
Fixed in:- Plesk Onyx 17.0 Release 15 November 2016
- Plesk Onyx Update 6 14 November 2016 (Linux)
Symptoms
- The following mail settings are turned on: Allow signing outgoing mail and Verify incoming mail in Tools & Settings > Mail Server Settings on sending and receiving mail servers.
- Use DKIM spam protection system to sign outgoing email messages is enabled in Home > Domains > example.com > Mail Settings.
- /var/log/maillog on receiving server contains the following error:
CONFIG_TEXT: DKIM verify result: DKIM verification failed: signature verification failed
Cause
Product bug PPPM-5149 is created. DKIM has two canonicalization modes - simple and relaxed.
c=simple/simple mode is used by default. But some servers and mail clients can make changes in e-mail headers and body such as a number or white spaces, letters case in header, spaces in the end of body string. And DKIM signature gets invalid.
More information can be found here.
Resolution
The bug was fixed in Plesk Onyx Update 6.
Install the latest Plesk updates.
Also, for Plesk Onyx 17.0 on Debian 8.6 the following workaround can be applied:
-
Connect to the server via SSH
-
Download the hotfix for Plesk Onyx 17.0.17:
# cd /root
# wget https://support.plesk.com/hc/en-us/article_attachments/115004356765/dk_sign -
Backup the file
/opt/psa/handlers/hooks/dk_sign:# cp /opt/psa/handlers/hooks/dk_sign /opt/psa/handlers/hooks/dk_sign.orig
-
Replace the original file with the downloaded one:
# mv -f /root/dk_sign /opt/psa/handlers/hooks/
Comments
6 comments
I follow your steps, but after install the new DK sign and enabling Use DKIM spam protection system to sign outgoing email messages in mail server setting the http://dkimvalidator.com saying that my email does not contain a DKIM Signature. Why it happened like that. does the DK sign file has a problem?
Hello @Fahd!
Please, let me know, what Plesk version do you use and OS version?
Hi,
I have Plesk 17.8.11 on Ubuntu 14.04.
Will this help to cure "DKIM-signature verification failed"?
Regards,
Jan
Hello Jan,
That particular problem does not exist in 17.8, it was fixed in 17.0, however, the error itself is general and the reason might be in something else.
I recommend to review /var/log/maillog for more details and try to search with additional symptoms.
Hi
the errors shown are
db_check[12345]: DKIM verify result: DKIM Feed: No signature
plesk sendmail[12345]: Canonname is not correct fqdn
plesk sendmail[12345]: It is impossible to detect the FQDN of the host. Please make sure that the hostname is correctly specified in /etc/hosts and goes right after the host's IP address. Depending on your OS, you might need to set the host in /etc/HOSTNAME or /etc/hostname.
there seems to be a problem with etc/hosts and etc/hostname
----
etc/hosts
127.0.0.1 localhost.localdomain localhost
127.0.0.1 rs123456
# The following lines are desirable fpr IPv6 capable hosts
::1 localhost.localdomain localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::1 ip6-allrouters
37.999.999.123 server.mydomainname.domains server
---
hostname
rs123456
---
I guess "rs12345" must be changed in "server.mydomainname.domains"
Since it is a vserver I will have to ask the Provider if that does not cause problems with them.
Also it seems that magicspam cannot handle IPv6, is that a known problem?
Regards,
Jan
Hello @Jan van Leeuwen,
If the solution with changing hostname is not helpful, please contact Plesk support for assistance:
https://support.plesk.com/hc/en-us/requests/new
We don't have information about MagicSpam restrictions. I suggest contacting MagicSpam community or support available using the link below for assistance:
https://www.magicspam.com/support.php
Please sign in to leave a comment.