Applicable to:
- Plesk Onyx for Linux
Symptoms
-
In an attempt to check the email headers of the email message that was sent from the Plesk server where the DKIM policy is enabled using the MxToolbox utility, the error below is shown:
CONFIG_TEXT: Body Hash Did Not Verify
-
Length tag can be found in the email header (
l=663
):CONFIG_TEXT: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=default; t=1548437364; bh=XPOALMihvVieKHybTr2G8RH3tg93XgGJyTxTAoZreoI=; l=663; h=From:Subject:To; b=FlHzW/BaAAZibibuhoEvU45+nhJZncg59Jc/7dLsMhNr4alRyVYuPrnr6gNv3+b
Cause
Product issue #PPP-40448 "DKIM signing no longer uses the length tag in headers."
Fixed in:
- Plesk Obsidian 12 March 2019 (Linux)
Resolution
Please consider updating your server:
Workaround
In case the upgrade is not possible, apply one of the workarounds below, depending on the server OS:
-
Log into the server via SSH.
-
Create a backup for
/usr/local/psa/handlers/hooks/dk_sign
file:# cp -a /usr/local/psa/handlers/hooks/dk_sign{,.bak}
-
Download the archive with the patched file and unpack it by executing the commands below one by one:
# wget https://support.plesk.com/hc/en-us/article_attachments/360029725134/dk_sign.cos7.tar.gz
# tar -xzvf dk_sign.cos7.tar.gz
-
Replace the original file with the patched one:
# mv -f dk_sign /usr/local/psa/handlers/hooks/dk_sign
-
Log into the server via SSH.
-
Create a backup for
/usr/local/psa/handlers/hooks/dk_sign
file:# cp -a /usr/local/psa/handlers/hooks/dk_sign{,.bak}
-
Download the archive with the patched file and unpack it by executing commands below one by one:
# wget https://support.plesk.com/hc/en-us/article_attachments/360030544733/dk_sign.Ubt16_04.tar.gz
# tar -xzvf dk_sign.Ubt16_04.tar.gz
-
Replace the original file with the patched one:
# mv -f dk_sign /usr/local/psa/handlers/hooks/dk_sign
Comments
15 comments
Hello,
I have the following error when i try to fix with the new file:
"Mar 20 19:40:24 ns1 /usr/lib/plesk-9.0/psa-pc-remote[25906]: handlers_stderr: /opt/psa/handlers/hooks/dk_sign: error while loading shared libraries: libboost_filesystem-plesk.so.1.65.1: cannot open shared object file: No such file or directory"
"root@ns1:~# dpkg -l | grep lesk-libboost-filesystem
ii plesk-libboost-filesystem1.65 1.65.1-ubuntu.16.04.171017.1047 amd64 Boost filesystem C++ library."
OS: Ubuntu 16.04
Latest Version of Plesk Onyx
Can someone help me?
Thanks,
Paulo
Hello @Paulo,
Please, make sure that the library file is owned by root and has permissions 755 :
# stat /usr/lib64/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1
File: `/usr/lib64/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1'
Size: 1300130 Blocks: 2544 IO Block: 4096 regular file
Device: 3ba0b621h/1000388129d Inode: 540736 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Hello @Ivan
In my OS the file are located at /usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1
--
root@ns1:~# find /usr/ -name "libboost_filesystem-plesk.so.1.65.1"
/usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1
--
--
root@ns1:~# stat /usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1
File: '/usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1'
Size: 107208 Blocks: 216 IO Block: 4096 regular file
Device: fd01h/64769d Inode: 293484 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-03-20 23:00:01.084472637 +0000
Modify: 1985-01-01 17:00:00.000000000 +0000
Change: 2018-10-17 13:27:15.357818000 +0100
Birth: -
--
Hello @Paulo,
Thank you for the provided information. I have double-checked the required permissions, 644 as you have is ok.
The case requires deeper investigation. I would suggest submitting a request for Plesk Support.
Hello @Paulo,
Let me correct the previous answer.
The attached fix is for CentOS, that's why it does not work on your system.
In a few hours, this information will be added to this article + we will add the fix that will suit you.
Hello @Ivan,
Thanks for your help. I will wait the fix for Ubuntu 16 :)
Thanks
I tried to apply the patch to my system (centOS 7) but the file is only 180Bytes and the extracetd dk_sign file is only 45 Bytes while the original file is 60488. The result is that sent emails are not signed so I had to roll back the changes.
Is there another way to fix this problem?
Hello @Danilo Nassaro
Broken attachment has been replaced with proper one. Thank you for the information.
The best way is to have the latest Plesk where the behavior has been fixed.
Thank you very much Alexandr, unfortunately it is still not working. It extracts the file in ./var/www/vhosts/backuptest.test/httpdocs/sign. I tried to rename sign to dk_sign but when i move the file to the correct location (/usr/local/psa/handlers/hooks/) emails are not signed.
I am running version Plesk Onyx Version 17.8.11 Update #61. It is my understanding that this is the latest stable release and that this bug is fixed only in release candidate / preview version which are not raccomanded for production environments. Am I missing something?
Thank you very much for your assistance
Hello @Danilo Nassaro,
Thank you for your question.
Yes, you are correct.
This bug is fixed in upcoming Plesk Obsidian, so the workaround can be applicable now only.
So to investigate the issue deeper and find the resolution, please submit a request to Plesk Technical Support: How to submit a request to Plesk support?
Hello @Denis Bykov,
Thank you for this information.
I am using the newest version of Plesk. (Version 18.0.24, last updated on Mar 4, 2020 09:06 PM / Centos6.10 Final)
DKIM settings on server and domain basis are correct. DNS records are correct. But l = (Length parameter) is still missing in the header of the sent mail.
I know, this workaround is for the old version, but even though I tried it, the length parameter is still not created in the header.
For this reason, I get the (Body Hash Did Not Verify) error seen in the picture and my mails are delivered to SPAM.
I'm getting "Body Hash Did Not Verify" on mxtoolbox delivery report but green checks on all the other DKIM checks (Obsidian Version 18.0.25). There's no l= tag in the header but it's not verifying?
Actually just realised my mistake. I had the wrong public key in the TXT record. The start and end of the keys look the same but were different in the middle.
Hi Thomas Long, thanks for your comment.
YUSUF BULDUK, may it be that the DNS wasn't propagated yet? If it is, I suggest you to open a support request.
Hello,
I have this error in all my plesk servers. From 18.0.29 to 18.0.24. All domains in all the servers has this error. Can anyone tell me what to do?
Thank you
Hello SSP
If the issue is still actual for you, please, submit a support request to Plesk.
A support engineer will investigate the issue and involve RnD if required.
Please sign in to leave a comment.