Mailing List Archive

[Bug 2947] dkim=fail (signature did not verify) delivery to Microsoft Exchange
https://bugs.exim.org/show_bug.cgi?id=2947

--- Comment #2 from Simon Arlott <bugzilla.exim.simon@arlott.org> ---
You'll need to provide a complete copy of the email including headers as
received at Gmail and Microsoft. Preferably with identical content (by sending
the same email to recipients at both services).

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2947] dkim=fail (signature did not verify) delivery to Microsoft Exchange [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2947

--- Comment #1 from Jeremy Harris <jgh146exb@wizmail.org> ---
> Our service provider states this is a known issue and there are no solutions.

Perhaps you could get them to give some detail?

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2947] dkim=fail (signature did not verify) delivery to Microsoft Exchange [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2947

--- Comment #3 from Andre Leroux <drandre222@gmail.com> ---
Here are the two full email headers:

(1) Header #1: Exim to Gmail
(2) Header #2: Exim to O365

click here (https://www.dropbox.com/t/zQZzVA91ULjbR26p) to download. Password
is ' password123 '.


Below is my service providers response:

---
This appears to be a global issue with cPanel. Here is what cPanel' support
department have said regarding the matter:

When emails are sent from Exim and received in Outlook, the DKIM signature is
invalid.

dkim=fail (signature did not verify)

Description

In Exim, DKIM signed headers are added according to RFC standards.

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_and_dmarc.html

When unspecified, the header names listed in RFC4871 will be used,
whether or not each header is present in the message.
The default list is available for the expansion in
the macro “_DKIM_SIGN_HEADERS” and an oversigning variant
is in “_DKIM_OVERSIGN_HEADERS”.

When the option is left unset, the defaults are used. However, Outlook reports
the DKIM signature is incorrect, while many other providers indicate the
signature is correct. For comparison, we sent the same email to Hotmail/Outlook
servers and Gmail servers. Gmail servers always validated the DKIM as correct,
while Outlook servers marked the signature as invalid.

We've opened an internal case for our development team to investigate this
further. For reference, the case number is CPANEL-37039. Follow this article to
receive an email notification when a solution is published in the product.

Workaround

A workaround is unclear at this time.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2947] dkim=fail (signature did not verify) delivery to Microsoft Exchange [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2947

--- Comment #4 from Andreas Metzler <eximusers@bebt.de> ---
Hello,

I think what we need is both a copy of the raw message before it was sent on to
O365 and a copy of the raw message as O365 saved it. No need to go via dropbox,
you can add attachments here.

cu Andreas

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2947] dkim=fail (signature did not verify) delivery to Microsoft Exchange [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2947

--- Comment #5 from Simon Arlott <bugzilla.exim.simon@arlott.org> ---
Your emails are missing a Message-ID but this is included in the signature.
Neither of the headers validates successfully unless the Message-ID that both
Gmail and Microsoft added is removed.

The body fails to validate in the Gmail case but they may have reformatted it.
The message is omitted for the Microsoft version.

You need to enable submission mode on the email coming from your MUA clients so
that it will add a Message-ID automatically:
https://www.exim.org/exim-html-4.95/exim-html-current/doc/html/spec_html/ch-message_processing.html

If you test again, the original message (as sent) would be useful even if it
lacks the DKIM signature.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2947] dkim=fail (signature did not verify) delivery to Microsoft Exchange [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2947

Lena <Lena@lena.kiev.ua> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |Lena@lena.kiev.ua

--- Comment #6 from Lena <Lena@lena.kiev.ua> ---
> You need to enable submission mode on the email coming from your MUA clients
> so that it will add a Message-ID automatically

An example:

accept hosts = +relay_from_hosts
control = submission/domain=

accept authenticated = *
control = submission/domain=

(with nothing after "domain=").

If that helps, tell the cPanel people.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##