Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: DKIM Signature Do Not Validate When Using SMTP To Send Mail

  1. #1
    Citricguy is offline Beginner Member
    Join Date
    Sep 2012
    Posts
    1
    Rep Power
    2

    Default DKIM Signature Do Not Validate When Using SMTP To Send Mail

    When I send a message using an external SMTP client, DKIM signauteres on messages will not successfully validate.

    When I use the built in Zimbra webmail client they validate successfully every time.

    Both tests use the same email address, username/password etc. The only difference is the client used to send the mail.

    I used this guide: Configuring for DKIM Signing - Zimbra :: Wiki to configure DKIM without any issues other than the one noted above.



    $zmcontrol -v
    Release 8.0.0.GA.5434.UBUNTU10.64 UBUNTU10_64 FOSS edition.





    To test DKIM, I used the port25.com service. Upon emailing check-auth@verifier.port25.com, here are the relevent results I recieved for both the Webmail send, and the SMTP send.

    SMTP Test:
    Result: fail (wrong body hash: expected RzsU67ywQxiXDb1FZkrH7WnlatX9SyWIGQ8D3jY6geA=)

    Webmail Test:
    Result: pass (matches From: notifications@removed.com)

    I get the same results using Gmail's "mailed-by:" and "signed-by:" headers. Messages send using the Zimbra Webmail client are 'signed' whereas messages sent using a SMTP are also signed, but do not validate.

    What other pertanent information can I supply to help?

  2. #2
    houarnet-tech is offline New Member
    Join Date
    Nov 2012
    Posts
    4
    Rep Power
    2

    Default

    I have the same problem than you have and found that the dkim was not validated only for my thunderbird linux client.
    it's ok for thunderbird under windows, outlook...
    I tryed to change the Content-Type from utf8 to ISO-8859-15 but without success.
    Please post if you find the solution, i'm greatly interested.

  3. #3
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default has anyone solved the problem?

    Quote Originally Posted by houarnet-tech View Post
    I have the same problem than you have and found that the dkim was not validated only for my thunderbird linux client.
    it's ok for thunderbird under windows, outlook...
    I tryed to change the Content-Type from utf8 to ISO-8859-15 but without success.
    Please post if you find the solution, i'm greatly interested.
    I have the same problem.
    With Zimbra 8.0.1, sending with Thunderbird (Windows, ver. 16, 17) from account-A@mydomain to account-B@mydomain on the server itself, makes DKIM signatures check fail.
    Other clients as well as sending from Zimbra web interface between the same accounts is OK.

    How to fix that? And who is causing problems - ZCS or Thundrbird?

    Regards
    Piotr

  4. #4
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    Can you post full headers from each mail message?
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #5
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default sure

    Quote Originally Posted by quanah View Post
    Can you post full headers from each mail message?
    Sure, I'll try to attach 3 files to this post. The files are meant only for research here.

    The first mail is between two accounts on the problematic host. DKIM fails.
    The second one is mail to another domain (also running ZCS 8.0.1) sent with webmail - DKIM is OK.
    And the last is the same sent with Thunderbird - DKIM fails.

    All 3 emails were sent by one sender (from the same account). Every mail sent by this sender to any account (on their ZCS or on my ZCS) with Thunderbird will fail. Emails sent to Gmail - no problem, Gmail says DKIM ok.
    I cannot reproduce it on my accounts. I installed Thunderbird on my Ubuntu laptop but I cannot force it to fail.

    Regards
    Piotr
    Attached Files Attached Files
    Last edited by bloom; 12-02-2012 at 04:23 PM.

  6. #6
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    Thanks. I notice both of the failed emails use HTML style mail rather than plain text. Does changing Thunderbird to use plain text email resolve the issue?
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  7. #7
    Alex_Filatau is offline New Member
    Join Date
    Dec 2010
    Posts
    3
    Rep Power
    4

    Default

    I've looked through your messages an got confused that all of them have "Content-Type: multipart/alternative;", but non have actual body content or at least both parts, only "Content-Type: text/plain; charset=UTF-8; format=flowed" at best.
    Thunderbird or ZWC are sending both parts like in following example:
    Content-Type: multipart/alternative;
    boundary="------------070600010706050305000505"

    This is a multi-part message in MIME format.
    --------------070600010706050305000505
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit



    --------------070600010706050305000505
    Content-Type: text/html; charset=ISO-8859-1
    Content-Transfer-Encoding: 7bit

    <html>
    <head>
    <meta content="text/html; charset=ISO-8859-1"
    http-equiv="Content-Type">
    </head>
    <body bgcolor="#FFFFFF" text="#000000">
    <br>
    </body>
    </html>

    --------------070600010706050305000505--

    So did you cut the end of the messages or they were like this? Because DKIM signed Content-Type, and if some parts got missing after it, that's valid case of DKIM verification failure.

  8. #8
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default

    So did you cut the end of the messages or they were like this? Because DKIM signed Content-Type, and if some parts got missing after it, that's valid case of DKIM verification failure.
    @Alex_Filatau: Yes, they were cut to show the headers. Here is the full message.
    @quanah: Here is the full message in plaintext only. DKIM fails.

    Code:
    Return-Path: k.drosd@waran.pl
    Received: from mx1.waran.pl (LHLO mx1.waran.pl) (10.30.0.3) by mx1.waran.pl
     with LMTP; Wed, 5 Dec 2012 15:56:22 +0100 (CET)
    Received: from localhost (localhost [127.0.0.1])
    	by mx1.waran.pl (Postfix) with ESMTP id 81B6DB60A2E
    	for <pkam@waran.pl>; Wed,  5 Dec 2012 15:56:22 +0100 (CET)
    X-Virus-Scanned: amavisd-new at new.waran.pl
    X-Spam-Flag: NO
    X-Spam-Score: -2.78
    X-Spam-Level:
    X-Spam-Status: No, score=-2.78 tagged_above=-10 required=6.6
    	tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1,
    	T_DKIM_INVALID=0.01, T_UNKNOWN_ORIGIN=0.01] autolearn=no
    Authentication-Results: mx1.waran.pl (amavisd-new); dkim=fail (1024-bit key)
    	reason="fail (message has been altered)" header.d=waran.pl
    Received: from mx1.waran.pl ([127.0.0.1])
    	by localhost (mx1.waran.pl [127.0.0.1]) (amavisd-new, port 10026)
    	with ESMTP id aDkji-6_WMLY for <pkam@waran.pl>;
    	Wed,  5 Dec 2012 15:56:21 +0100 (CET)
    Received: from [192.168.1.157] (unknown [192.168.1.157])
    	by mx1.waran.pl (Postfix) with ESMTPSA id C7EC7B60A2A
    	for <pkam@waran.pl>; Wed,  5 Dec 2012 15:56:21 +0100 (CET)
    X-DKIM: OpenDKIM Filter v2.6.0 mx1.waran.pl C7EC7B60A2A
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=waran.pl;
    	s=BD0CFCB4-0E74-11E2-A350-C78F06A280BF; t=1354719381;
    	bh=EuvG3uxm1m1caBXVLhQTCzfLPR5zRp8T2kmFitun5QY=;
    	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
    	 Content-Transfer-Encoding;
    	b=hnIRIwKk3x5+lZZA2++0xa1ghRQoos6zvBG68Wi0dXfO5VBL47LxlDSOPnF24IVA5
    	 vUgskK8SUinJClk9+JnoMKdFA8lvO3mHh2SjHik8vysJ87jgTdUmpMC9edNM4T+8ru
    	 ijbxOEHwJEc2ed8MByUMmiGkGK0DXd+z7zdzwWIc=
    Message-ID: <50BF6096.10906@waran.pl>
    Date: Wed, 05 Dec 2012 15:56:22 +0100
    From: Krzysztof Drosd <k.drosd@waran.pl>
    User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Thunderbird/17.0
    MIME-Version: 1.0
    To: pkam@waran.pl
    Subject: gcxhnfghfgxh
    Content-Type: text/plain; charset=UTF-8; format=flowed
    Content-Transfer-Encoding: quoted-printable
    
    dfhdfdfdfh
    --=20
    z wyrazami szacunku / Best Regards
    
    Krzysztof Drosd
    Project Coordinator
    k.drosd@waran.pl
    T: NOWY NUMER TELEFONU +48 56 699 44 00
    F: +48 56 699 44 09
    
    
    WARAN sp. z ograniczon=C4=85 odpowiedzialno=C5=9Bci=C4=85 sp. k.
    Ceglana 6, 87-100 Toru=C5=84, PL
    REGON: 340676257
    NIP: 879-261-40-28
    VATUE: PL8792614028
    www.waran.pl
    www.waran.pl/en
    
    
    Tre=C5=9B=C4=87 powy=C5=BCszej wiadomo=C5=9Bci oraz do=C5=82=C4=85czone d=
    o niej pliki s=C4=85 przeznaczone=20
    dla konkretnego Adresata i mog=C4=85 zawiera=C4=87 informacje podlegaj=C4=
    =85ce=20
    ochronie. Je=C5=9Bli w efekcie pomy=C5=82ki wiadomo=C5=9B=C4=87 ta trafi =
    do r=C4=85k Osoby=20
    trzeciej, prosimy poinformowa=C4=87 o b=C5=82=C4=99dzie Nadawc=C4=99 i j=C4=
    =85 usun=C4=85=C4=87.=20
    Rozpowszechnianie, kopiowanie, drukowanie lub wykorzystywanie informacji=20
    zawartych w mailu jest dzia=C5=82aniem prawnie zabronionym.
    This e-mail and any files attached with it are confidential and intended=20
    solely for the use of the individual to whom it is addressed. If you are=20
    not the intended recipient of the e-mail you should not copy, modify,=20
    distribute or take any action based on it. If you have received this=20
    e-mail by mistake please notify the sender and delete this e-mail from=20
    your system. Unauthorized publication, use, distribution, forwarding,=20
    printing or copying of this e-mail and its attachments is strictly=20
    prohibited.
    ---
    Prosz=C4=99 pomy=C5=9Bl o ochronie =C5=9Brodowiska. Wydrukuj ten e-mail t=
    ylko w=20
    przypadku konieczno=C5=9Bci.
    Please consider the environment. Please, print this e-mail only if=20
    necessary.

  9. #9
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    Is the disclaimer on the bottom part of the original message, or added by something else?
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  10. #10
    bloom is offline Intermediate Member
    Join Date
    Nov 2012
    Location
    Poland
    Posts
    16
    Rep Power
    2

    Default

    Quote Originally Posted by quanah View Post
    Is the disclaimer on the bottom part of the original message, or added by something else?
    It is part of the original message. I believe it is a signature defined in Thunderbird, but I would have to ask the sender to be sure.
    The message was sent with Thunderbird to my account on the (same) server, displayed by me in Zimbra Webmail, and copy-and-pasted here.

    Regards.
    Piotr

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DKIM Signature
    By ashrocks in forum Administrators
    Replies: 3
    Last Post: 12-03-2010, 02:03 PM
  2. DKIM Signature
    By ashrocks in forum Users
    Replies: 0
    Last Post: 12-03-2010, 11:51 AM
  3. Replies: 8
    Last Post: 02-19-2010, 08:55 AM
  4. Replies: 3
    Last Post: 01-10-2009, 11:02 PM
  5. Send mail via ISP SMTP
    By mcevoys in forum Administrators
    Replies: 12
    Last Post: 05-09-2006, 08:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •