DKIM: encountered the following problem validating domain : bodyhash_mismatch

lfpiaggio

Member
May 20, 2018
12
0
1
Brazil
cPanel Access Level
DataCenter Provider
Hello, guys.

I have 2 cpanel's servers. CP4 and CP6

A client opened a support saying that the email has been returned.

What the client sent:

Return-path: <[email protected]>
Received: from [IPREMOVED] (port=54890 helo=DESKTOPTSBTF9A)
by domain-cp4.domain.com.br with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.91)
(envelope-from <[email protected]>)
id 1fgW6M-000Fkw-EC; Fri, 20 Jul 2018 11:09:50 -0300
From: "Luiz Portnoi" <[email protected]>
To: "'Eliezer'" <[email protected]>
References: <[email protected]od.outlook.com> <[email protected]od.outlook.com>,<[email protected]od.outlook.com> <[email protected]od.outlook.com>,<[email protected]od.outlook.com> <[email protected]od.outlook.com>,<[email protected]od.outlook.com>,<[email protected]od.outlook.com>,<[email protected]od.outlook.com> <[email protected]od.outlook.com>,<[email protected]od.outlook.com> <[email protected]od.outlook.com>,<FR1PR80MB0069 78F84DD297A1B
A [email protected]80.prod.outlook.com> <[email protected]od.outlook.com>,<[email protected]od.outlook.com> <CP2PR80MB186[email protected]om>,<[email protected]od.outlook.com> <[email protected]od.outlook.com>,<[email protected]> <[email protected]od.outlook.com>,<[email protected]> <[email protected]od.outlook.com> <[email protected]>
In-Reply-To: <[email protected]>
Subject: =?iso-8859-1?Q?ENC:_{Spam=3F}_Re:_{Spam=3F}_Re:_{Spam=3F}_Re:_ES_M=D3VEIS?=
=?iso-8859-1?Q?_EIRELI_-_ME_AP_81.0118.0014433?=
Date: Fri, 20 Jul 2018 11:11:14 -0300
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0071_01D4201A.5FFF1C60"
X-Mailer: Microsoft Outlook 15.0
Content-Language: pt-br
Thread-Index: AQD6bWQcLwIq180ZedSlzPgmh5+dKgHPM72zAkzXcrQBhIkJJQGwBAQSAX/LZbQBU3tsEQDAOwEOAmGqXYUB9kGqUwJsxxH7AeSh9rUCdZ6WtAJLZiBjAftNP+YBndXrdwIffz0sAkCiEAoCXTlPjgLHxu6+AbvuODwBikCGfQD8qchppP4K7XA=
X-cPanel-MailScanner-Information: Please contact the ISP for more information
X-cPanel-MailScanner-ID: 1fgW6M-000Fkw-EC
X-cPanel-MailScanner: Found to be clean
X-cPanel-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=1.122, required 3, ALL_TRUSTED -1.00, AWL -2.38,
BAYES_00 -1.90, CPANEL_LOTS_OF_EMPTY_LINE 0.80, HTML_MESSAGE 0.00,
KAM_NUMSUBJECT 0.50, LOTS_OF_MONEY 0.00, URIBL_BLOCKED 0.00,
URIBL_SBL 5.00, URIBL_SBL_A 0.10)
X-cPanel-MailScanner-SpamScore: s
X-cPanel-MailScanner-From: [email protected]
X-Spam-Status: No
X-Exim-DSN-Information: Due to administrative limits only headers are returned
I had tested with a account [email protected] sending e-mails to [email protected] and [email protected]. And it doesn't appear problem with the DKIM.

What can it be?

The DKIM assinature of two domains is fine. I have been tested it on mailtester.
The CP4 and CP6 is different servers, but in same local.

Look the prints bellow
 

Attachments

Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,282
313
Houston
Hi @lfpiaggio


Based on the header output (which I modified to remove the actual domain names) it looks like you're using MailScanner because this isn't something directly supported by cPanel I'd like to know if you're still getting the error with it disabled.

Also out of curiosity I'd like to know what you have set for the following at WHM>>Service Configuration>>Configuration Manager:

Allow DKIM verification for incoming messages
By default, Exim verifies syntactically valid signatures in incoming mail, even when Exim is not configured to act on the results of the check. This verification process can degrade your server's performance.

Reject DKIM failures
Reject mail at SMTP time if the sender fails DKIM key validation.
 

lfpiaggio

Member
May 20, 2018
12
0
1
Brazil
cPanel Access Level
DataCenter Provider
Hi @lfpiaggio


Based on the header output (which I modified to remove the actual domain names) it looks like you're using MailScanner because this isn't something directly supported by cPanel I'd like to know if you're still getting the error with it disabled.

Also out of curiosity I'd like to know what you have set for the following at WHM>>Service Configuration>>Configuration Manager:

Allow DKIM verification for incoming messages
By default, Exim verifies syntactically valid signatures in incoming mail, even when Exim is not configured to act on the results of the check. This verification process can degrade your server's performance.

Reject DKIM failures
Reject mail at SMTP time if the sender fails DKIM key validation.
As i said:

Its happens sometimes with our clients.

I tested and it doesnt not appear problem with the dkim key.

The dkim verification qnd reject fails is enabled
 

lfpiaggio

Member
May 20, 2018
12
0
1
Brazil
cPanel Access Level
DataCenter Provider
I tried to emulate the fail dkim, with the same configurations of outlook client of my client. Same domain to same recipients. But it doesnt appear the erro and the msg delivery with sucess
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,282
313
Houston
As i said:

Its happens sometimes with our clients.

I tested and it doesnt not appear problem with the dkim key.

The dkim verification qnd reject fails is enabled
I understood what you said but mailscanner has been known to cause issues similar to this. Because it's a 3rd party plugin which is not supported by cPanel and this behavior does not normally occur on systems with cPanel's default configuration I want to rule this out as a cause. Please let us know if the issue persists with MailScanner disabled.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,282
313
Houston
Hi lfpiaggio

I can't see that being related to the issue at hand at this point (this long after a modification). If you're still having an issue with the DKIM records getting hash mismatch errors can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

QAZwsxED

Member
Oct 4, 2020
9
0
1
Australia
cPanel Access Level
Website Owner
I recently solved a similar issue.
Solution: manually add a Message-Id (note not a Message-ID) header then connect and send an email.
cPanel WHM adds a Message-ID header and re-arranges the 'h' record in the DKIM signature which invalidates it, causing a DKIM:fail in the recipients mailbox.