The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DKIM set, still test shows permerror

Discussion in 'E-mail Discussions' started by Marc Escabas, Jun 21, 2016.

Tags:
  1. Marc Escabas

    Marc Escabas Registered

    Joined:
    May 5, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Philippines
    cPanel Access Level:
    Root Administrator
    Hi,

    I'm new with WHM, it would be much appreciated if someone help me with my problem. I'm worried about the permerror result that I'm getting with our email. We do have several domains on our VPS and DKIM is set to all domains/accounts, but when verified, the result is permerror.

    I've tried uninstall/install, but nothing, still permerror.

    Can you guys help me please? I'm afraid that it might be the reason some of our emails go to spam.

    Code:
    ==========================================================
    Summary of Results
    ==========================================================
    SPF check:          pass
    DomainKeys check:   neutral
    DKIM check:         permerror
    Sender-ID check:    pass
    SpamAssassin check: ham
    
    ==========================================================
    Details:
    ==========================================================
    
    HELO hostname:  host.p******a.net
    Source IP:      x.x.x.x
    mail-from:      alerts@p******a.com
    
    ----------------------------------------------------------
    SPF check details:
    ----------------------------------------------------------
    Result:         pass
    ID(s) verified: smtp.mailfrom=alerts@p******a.com DNS record(s):
        pepperva.com. SPF (no records)
        pepperva.com. 2993 IN TXT "v=spf1 mx a ip4:x.x.x.x -all"
        pepperva.com. 71393 IN MX 0 p******a.com.
        pepperva.com. 71393 IN A x.x.x.x
    
    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result:         neutral (message not signed)
    ID(s) verified: header.From=alerts@p******a.com DNS record(s):
    
    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result:         permerror (no usable key records)
    ID(s) verified:
    Canonicalized Headers:
        message-id:<037968c598a2fae906f6feb32498754b@p******a.com>'0D''0A'
        subject:check'0D''0A'
        to:check-auth@verifier.port25.com'0D''0A'
        from:alerts@p******a.com'0D''0A'
        date:Tue,'20'21'20'Jun'20'2016'20'16:54:14'20'-0400'0D''0A'
        content-transfer-encoding:7bit'0D''0A'
        content-type:text/plain;'20'charset=US-ASCII;'20'format=flowed'0D''0A'
        mime-version:1.0'0D''0A'
        dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=p******a.com;'20's=default;'20'h=Message-ID:Subject:To:From:Date:'20'Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:'20'Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:'20'Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:'20'List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;'20'bh=FfcssIknOQgb6S3x5PI4WNmYIc+oSGP2Ncz1wnQcxF4=;'20'b=;
    
    Canonicalized Body:
        check'20'mic'20'test'0D''0A'
       
    
    DNS record(s):
        default._domainkey.p******a.com. 72000 IN CNAME p******a.com.
        p******a.com. 2992 IN TXT "v=spf1 mx a ip4:67.227.192.79 -all"
    
    NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.
    
    ----------------------------------------------------------
    Sender-ID check details:
    ----------------------------------------------------------
    Result:         pass
    ID(s) verified: header.From=alerts@p******a.com DNS record(s):
        pepperva.com. SPF (no records)
        pepperva.com. 2993 IN TXT "v=spf1 mx a ip4:x.x.x.x -all"
        pepperva.com. 71393 IN MX 0 p******a.com.
        pepperva.com. 71393 IN A x.x.x.x
    
    ----------------------------------------------------------
    SpamAssassin check details:
    ----------------------------------------------------------
    SpamAssassin v3.4.0 (2014-02-07)
    
    Result:         ham  (-1.8 points, 5.0 required)
    
    pts rule name              description
    ---- ---------------------- --------------------------------------------------
    -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
    -0.0 SPF_PASS               SPF: sender matches SPF record
    -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                                [score: 0.0000]
    0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
    0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
    
    ==========================================================
    Explanation of the possible results (from RFC 5451) ==========================================================
    
    SPF and Sender-ID Results
    =========================
    
    "none"
          No policy records were published at the sender's DNS domain.
    
    "neutral"
          The sender's ADMD has asserted that it cannot or does not
          want to assert whether or not the sending IP address is authorized
          to send mail using the sender's DNS domain.
    
    "pass"
          The client is authorized by the sender's ADMD to inject or
          relay mail on behalf of the sender's DNS domain.
    
    "policy"
         The client is authorized to inject or relay mail on behalf
          of the sender's DNS domain according to the authentication
          method's algorithm, but local policy dictates that the result is
          unacceptable.
    
    "fail"
          This client is explicitly not authorized to inject or
          relay mail using the sender's DNS domain.
    
    "softfail"
          The sender's ADMD believes the client was not authorized
          to inject or relay mail using the sender's DNS domain, but is
          unwilling to make a strong assertion to that effect.
    
    "temperror"
          The message could not be verified due to some error that
          is likely transient in nature, such as a temporary inability to
          retrieve a policy record from DNS.  A later attempt may produce a
          final result.
    
    "permerror"
          The message could not be verified due to some error that
          is unrecoverable, such as a required header field being absent or
          a syntax error in a retrieved DNS TXT record.  A later attempt is
          unlikely to produce a final result.
    
    
    DKIM and DomainKeys Results
    ===========================
    
    "none"
          The message was not signed.
    
    "pass"
          The message was signed, the signature or signatures were
          acceptable to the verifier, and the signature(s) passed
          verification tests.
    
    "fail"
          The message was signed and the signature or signatures were
          acceptable to the verifier, but they failed the verification
          test(s).
    
    "policy"
          The message was signed but the signature or signatures were
          not acceptable to the verifier.
    
    "neutral"
          The message was signed but the signature or signatures
          contained syntax errors or were not otherwise able to be
          processed.  This result SHOULD also be used for other
          failures not covered elsewhere in this list.
    
    "temperror"
          The message could not be verified due to some error that
          is likely transient in nature, such as a temporary inability
          to retrieve a public key.  A later attempt may produce a
          final result.
    
    "permerror"
          The message could not be verified due to some error that
          is unrecoverable, such as a required header field being
          absent. A later attempt is unlikely to produce a final result.
    
    
    ==========================================================
    Original Email
    ==========================================================
    
    Return-Path: <alerts@p******a.com>
    Received: from host.p******a.net (67.227.192.79) by verifier.port25.com id hd6kng20i3ga for <check-auth@verifier.port25.com>; Tue, 21 Jun 2016 16:54:16 -0400 (envelope-from <alerts@p******a.com>)
    Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=alerts@p******a.com
    Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=alerts@p******a.com
    Authentication-Results: verifier.port25.com; dkim=permerror (no usable key records)
    Authentication-Results: verifier.port25.com; sender-id=pass header.From=alerts@p******a.com
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=p******a.com; s=default; h=Message-ID:Subject:To:From:Date:
        Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:
        Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
        Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
        List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
         bh=FfcssIknOQgb6S3x5PI4WNmYIc+oSGP2Ncz1wnQcxF4=; b=lPZOg2a/yNHGDYVI5vwR5Tno+
        bky4S/ainXf6o+1+7btpDrhgQX8zgrmGGIX6hHVEa0+mICOCut/uV2bdYx2P8Ph1Cub2I0wRDJZ8d
        RgKc7CvJWI3rJiDDfkGjZNVfEYeZYWD8dQPga44v9KPxldSEd9qzqk3FN6sFdwEq63i4KhlzlL7gH
        8vdsI712FmqdydAGKwhU6IjTWRMICWKa4irQEK5z/PYEnUQt/xH69WF4lKUeByQOaGMYWR61FVrlE
        g8t/ccc/K6VT+HPaxYJOkcQkezq+L71o1LmG6mQP6DdNeNDH4RdYbDSKEeNr4LtPP0+SuSJlH2H4O
        KfDhir5eA==;
    Received: from [::1] (port=55178 helo=host.p******a.net)
        by host.p******a.net with esmtpa (Exim 4.87)
        (envelope-from <alerts@p******a.com>)
        id 1bFSgY-0005We-9b
        for check-auth@verifier.port25.com; Wed, 22 Jun 2016 04:54:14 +0800
    MIME-Version: 1.0
    Content-Type: text/plain; charset=US-ASCII;  format=flowed
    Content-Transfer-Encoding: 7bit
    Date: Tue, 21 Jun 2016 16:54:14 -0400
    From: alerts@p******a.com
    To: check-auth@verifier.port25.com
    Subject: check
    Message-ID: <037968c598a2fae906f6feb32498754b@pepperva.com>
    X-Sender: alerts@p******a.com
    User-Agent: Roundcube Webmail/1.1.4
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - host.p******a.net
    X-AntiAbuse: Original Domain - verifier.port25.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - p******a.com
    X-Get-Message-Sender-Via: host.p******a.net: authenticated_id: alerts@p******a.com
    X-Authenticated-Sender: host.p******a.net: alerts@p******a.com
    X-Source:
    X-Source-Args:
    X-Source-Dir:
    
    check mic test
    
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page