[FIXED BUG] DKIM header in email message sent from Plesk for Linux server contains length tag: Body Hash Did Not Verify

Follow

Comments

13 comments

  • Avatar
    Paulo Dias (Edited )

    Hello,

    I have the following error when i try to fix with the new file:

    "Mar 20 19:40:24 ns1 /usr/lib/plesk-9.0/psa-pc-remote[25906]: handlers_stderr: /opt/psa/handlers/hooks/dk_sign: error while loading shared libraries: libboost_filesystem-plesk.so.1.65.1: cannot open shared object file: No such file or directory"

    "root@ns1:~# dpkg -l | grep lesk-libboost-filesystem
    ii plesk-libboost-filesystem1.65 1.65.1-ubuntu.16.04.171017.1047 amd64 Boost filesystem C++ library."


    OS: Ubuntu 16.04
    Latest Version of Plesk Onyx

    Can someone help me?

    Thanks,
    Paulo

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Paulo,

    Please, make sure that the library file is owned by root and has permissions 755 :

    # stat /usr/lib64/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1
    File: `/usr/lib64/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1'
      Size: 1300130        Blocks: 2544      IO Block: 4096  regular file
    Device: 3ba0b621h/1000388129d  Inode: 540736      Links: 1
    Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)  Gid: (    0/    root)

    0
    Comment actions Permalink
  • Avatar
    Paulo Dias (Edited )

    Hello @Ivan

    In my OS the file are located at /usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1

    --

    root@ns1:~# find /usr/ -name "libboost_filesystem-plesk.so.1.65.1"
    /usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1

    --

    --

    root@ns1:~# stat /usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1
    File: '/usr/lib/x86_64-linux-gnu/libboost-plesk-1.65/libboost_filesystem-plesk.so.1.65.1'
    Size: 107208 Blocks: 216 IO Block: 4096 regular file
    Device: fd01h/64769d Inode: 293484 Links: 1
    Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2019-03-20 23:00:01.084472637 +0000
    Modify: 1985-01-01 17:00:00.000000000 +0000
    Change: 2018-10-17 13:27:15.357818000 +0100
    Birth: -

    --

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Paulo,

    Thank you for the provided information. I have double-checked the required permissions, 644 as you have is ok.

    The case requires deeper investigation. I would suggest submitting a request for Plesk Support.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Paulo,

    Let me correct the previous answer.

    The attached fix is for CentOS, that's why it does not work on your system.

    In a few hours, this information will be added to this article + we will add the fix that will suit you.

    0
    Comment actions Permalink
  • Avatar
    Paulo Dias

    Hello @Ivan,

    Thanks for your help. I will wait the fix for Ubuntu 16 :)

    Thanks

    0
    Comment actions Permalink
  • Avatar
    Danilo Nassaro

    I tried to apply the patch to my system (centOS 7) but the file is only 180Bytes and the extracetd dk_sign file is only 45 Bytes while the original file is 60488. The result is that sent emails are not signed so I had to roll back the changes.

    Is there another way to fix this problem?

    0
    Comment actions Permalink
  • Avatar
    Alexandr Nikolaenko

    Hello @Danilo Nassaro 

    Broken attachment has been replaced with proper one. Thank you for the information.

    The best way is to have the latest Plesk where the behavior has been fixed.

    0
    Comment actions Permalink
  • Avatar
    Danilo Nassaro

    Thank you very much Alexandr, unfortunately it is still not working. It extracts the file in ./var/www/vhosts/backuptest.test/httpdocs/sign. I tried to rename sign to dk_sign but when i move the file to the correct location (/usr/local/psa/handlers/hooks/) emails are not signed.

    I am running version Plesk Onyx Version 17.8.11 Update #61. It is my understanding that this is the latest stable release and that this bug is fixed only in release candidate / preview version which are not raccomanded for production environments. Am I missing something?

    Thank you very much for your assistance

    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Danilo Nassaro,

    Thank you for your question.

    Yes, you are correct.
    This bug is fixed in upcoming Plesk Obsidian, so the workaround can be applicable now only.

    So to investigate the issue deeper and find the resolution, please submit a request to Plesk Technical Support: How to submit a request to Plesk support?

    0
    Comment actions Permalink
  • Avatar
    YUSUF BULDUK

    Hello @Denis Bykov,

    Thank you for this information.
    I am using the newest version of Plesk. (Version 18.0.24, last updated on Mar 4, 2020 09:06 PM / Centos6.10 Final)
    DKIM settings on server and domain basis are correct. DNS records are correct. But l = (Length parameter) is still missing in the header of the sent mail.
    I know, this workaround is for the old version, but even though I tried it, the length parameter is still not created in the header.

    For this reason, I get the (Body Hash Did Not Verify) error seen in the picture and my mails are delivered to SPAM.

    0
    Comment actions Permalink
  • Avatar
    Thomas Long (Edited )

    I'm getting "Body Hash Did Not Verify" on mxtoolbox delivery report but green checks on all the other DKIM checks (Obsidian Version 18.0.25). There's no l= tag in the header but it's not verifying?

    Actually just realised my mistake. I had the wrong public key in the TXT record. The start and end of the keys look the same but were different in the middle.

    0
    Comment actions Permalink
  • Avatar
    Francisco Garcia

    Hi Thomas Long, thanks for your comment.

    YUSUF BULDUK, may it be that the DNS wasn't propagated yet? If it is, I suggest you to open a support request.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request