DKIM does not work: DKIM verify result: DKIM verification failed: signature verification failed – Plesk Help Center

Applicable to:

Plesk 12.5 for Linux
Plesk Onyx for Linux

Note: This article has the reference to the issue with the fix available:

#PPPM-5149 "Support issue #PPPM-5149"
Fixed in:
- Plesk Onyx 17.0 Release 15 November 2016
- Plesk Onyx Update 6 14 November 2016 (Linux)

Please consider updating your server:

Symptoms

The following mail settings are turned on: Allow signing outgoing mail and Verify incoming mail in Tools & Settings > Mail Server Settings on sending and receiving mail servers.
Use DKIM spam protection system to sign outgoing email messages is enabled in Home > Domains > example.com > Mail Settings.
/var/log/maillog on receiving server contains the following error:
CONFIG_TEXT: DKIM verify result: DKIM verification failed: signature verification failed

Cause

Product bug PPPM-5149 is created. DKIM has two canonicalization modes - simple and relaxed. c=simple/simple mode is used by default. But some servers and mail clients can make changes in e-mail headers and body such as a number or white spaces, letters case in header, spaces in the end of body string. And DKIM signature gets invalid.

More information can be found here.

Resolution

The bug was fixed in Plesk Onyx Update 6.
Install the latest Plesk updates.

Also, for Plesk Onyx 17.0 on Debian 8.6 the following workaround can be applied:

Connect to the server via SSH
Download the hotfix for Plesk Onyx 17.0.17:

# cd /root
# wget https://support.plesk.com/hc/en-us/article_attachments/115004356765/dk_sign
Backup the file /opt/psa/handlers/hooks/dk_sign:

# cp /opt/psa/handlers/hooks/dk_sign /opt/psa/handlers/hooks/dk_sign.orig
Replace the original file with the downloaded one:

# mv -f /root/dk_sign /opt/psa/handlers/hooks/

Additional information

Plesk DKIM check fails for incoming message sent from subdomain: DKIM verify result: signature verification failed

dk_sign
30 KB Download

Comments

2 comments

Fahd May 17, 2018 00:42

I follow your steps, but after install the new DK sign and enabling Use DKIM spam protection system to sign outgoing email messages in mail server setting the http://dkimvalidator.com saying that my email does not contain a DKIM Signature. Why it happened like that. does the DK sign file has a problem?

0

Ivan Postnikov May 29, 2018 10:34

Hello @Fahd!

Please, let me know, what Plesk version do you use and OS version?

0

Please sign in to leave a comment.

Have more questions? Submit a request

Articles in this section