Skip to content

DKIM-Signature Body Hash Not Verified #1172

Closed
Closed
DKIM-Signature Body Hash Not Verified#1172
@vincentcox

Description

@vincentcox
vincentcox
opened on Jun 5, 2019

Context

I used the dkim configuration, but when I try to send an email, it gives a DKIM error
image
Site where I tested the mailheaders: https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx

Expected Behavior

Properly signed DKIM signature

Actual Behavior

DKIM-Signature Not Correct

Possible Fix

/

Steps to Reproduce

Get latest image:

docker pull tvial/docker-mailserver:latest

Get the tools:

Download the docker-compose.yml, the .env and the setup.sh files:

curl -o setup.sh https://raw.githubusercontent.com/tomav/docker-mailserver/master/setup.sh; chmod a+x ./setup.sh

curl -o docker-compose.yml https://raw.githubusercontent.com/tomav/docker-mailserver/master/docker-compose.yml.dist

curl -o .env https://raw.githubusercontent.com/tomav/docker-mailserver/master/.env.dist

Create a docker-compose environment

Edit the .env to your liking. Adapt this file with your FQDN.

# -----------------------------------------------------------------------------------------------------------------------------
# --------------------- General Settings --------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------

HOSTNAME=mail
DOMAINNAME=your-website.be
CONTAINER_NAME=mail

# empty => uses the `hostname` command to get the mail server's canonical hostname
# => Specify a fully-qualified domainname to serve mail for.  This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
OVERRIDE_HOSTNAME=your-website.be

Please note that:

  • The HOSTNAME shouldn't contain dot's, so dont take the domainname as HOSTNAME.
  • OVERRIDE_HOSTNAME should be the same as the hostname

Create your mail accounts

./setup.sh email add <email> [<password>]
# for example: ./setup.sh email add [email protected] password

Generate DKIM keys

./setup.sh config dkim
 cat config/opendkim/keys/yourdomain.be/mail.txt

This will output something like this:

mail._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; "
"p=XXXXXXXXX"
"AAAAAA" )  ; ----- DKIM key mail for yourdomain.be

Put the following in in a TXT DNS record:

image

spin up the docker container:

	docker-compose up -d mail

Now test if you can send an email with:

Install 'swaks': apt install swaks or brew install swaks.

Then:

sudo apt-get install libnet-ssleay-perl
sudo apt-get install libcrypt-ssleay-perl
swaks -f [email protected] --server 127.0.0.1:587 -tlsos --auth-user [email protected] -body "Dit bericht is van de server" -t <receiver-address>

My Environment

  • Amount of RAM available: 2Gb
  • Mailserver version used: latest version at 5 June 2019
  • Docker version used: Docker version 18.09.3, build 774a1f4
  • Environment settings relevant to the config: see steps to reproduce
  • Any relevant stack traces ("Full trace" preferred): /

What already tried:

  • Using 1024 bit dkim
  • Updating to the latest mailserver version (5 June 2019)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions