Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Selecting header fields (tags) for DKIM signature

Discussion in 'E-mail Discussion' started by kstirn, Jun 4, 2019.

Tags:
  1. kstirn

    kstirn Registered

    Joined:
    May 14, 2007
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    153
    Hello,

    emails sent from our WHM/Cpanel servers are DKIM signed; valid and working fine.

    A lot of email headers are included in the DKIM signature:

    Content-Type:Message-ID:Date:Subject:Reply-To:To:From:Sender:Cc:MIME-Version:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;

    My question is: how can we add additional or remove existing headers from DKIM signatures?

    Thank you
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,529
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @kstirn,

    Exim documents the dkim_sign_headers option under the Signing outgoing messages section on the link below:

    57. DKIM and SPF

    Changing this value is unsupported, but you should be able to simply add a custom dkim_sign_headers line under the dkim_remote_smtp section in the Exim configuration file using the example instructions found on the link below:

    How to Edit the exim.conf File - cPanel Knowledge Base - cPanel Documentation

    Note the Advanced Editor does not support a change to this specific option, so you'd need to follow the instructions listed on the above document:

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    kstirn likes this.
  3. kstirn

    kstirn Registered

    Joined:
    May 14, 2007
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    153
    Thank you, Michael!

    Just a heads up for everyone else why we are doing this:

    We found that if the message doesn't have a MIME-Version header (it's not a MIME-formatted) and has a valid DKIM signature, Microsoft (outlook.com) will automatically add the "MIME-Version=1.0" header.

    Because Exim by default includes the MIME-Version header (or lack thereof) in the DKIM signature, outlook.com will verify DKIM as FAILED in this case; MIME-Version wasn't in the original body hash, but it is in their calculated body hash because they have added it themselves, hence body hash mismatch.

    Of course, no one else (Google, AOL, Yahoo, Cpanel servers, ...) will do such a stu..d thing and all DKIM signature tests show pass.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice