Whitelist for DKIM verification in WHM?

Ovidiu Sopa

Member
Jun 19, 2017
5
1
3
Sibiu, Romania
cPanel Access Level
Root Administrator
Hello,

In the last few days I tried to find the issue one of my clients has, he can't receive emails from 2 suppliers because the server rejects the emails with this error :
Code:
+++ 1hlsBn-0001Lu-Ki has not completed +++
2019-07-12 12:50:04 1hlsBn-0001Lu-Ki PDKIM: d=me**-i**ge.ro s=pps1 [failed key import]
2019-07-12 12:50:04 1hlsBn-0001Lu-Ki H=mx0a-00259c01.pp**ted.com [148.163.157.101]:45830 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no rejected DKIM : DKIM: encountered the following problem validating me**-**age.ro: pubkey_dns_syntax
The thing is I can't find anything wrong with the sender domain DKIM, MX ToolBox says is valid: Network Tools: DNS,IP,Email

I tried to add the IP address of the sender in Sender verification bypass IP addresses and in Trusted SMTP IP addresses lists in WHM, but the emails are still rejected. I don't really want to disable REJECT DKIM FAILURES, but instead I would love to be able to add the sender IP in a whitelist, but I don't know if it's possible.

Can I somehow setup WHM to skip DKIM validation from certain IPs ?

Thank you
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,814
541
263
Houston
cPanel Access Level
DataCenter Provider
Hi @Ovidiu Sopa

It looks like what's being recieved in the lookup for the domain is a syntax issue with the public key for the DKIM record. Since you don't control that domain's DNS you'd would need to make an allowance for it if you're going to reject DKIM failures. You should be able to do this by adding their domain + MX IP addresses in WHM>>Service Configuration>>Exim Configuration Manager -> Access Lists - >
Trusted SMTP IP addresses
IP addresses exempt from all SMTP sender, recipient, spam, and relaying checks. IP addresses you enter here are stored in /etc/skipsmtpcheckhosts. These senders must still use an RFC-compliant HELO name if the Require RFC-compliant HELO setting is enabled.