Email Signing Stop Working (DKIM)
Problem reported by Nicolas Le Merle - November 24, 2017 at 2:55 AM
Resolved
Customers are complaining that recipients are advising that their emails are going into Junk, I have found that the email signing keeps breaking.

Gmail shows the below when an email has not been signed
I have setup email signing, tested that it works fine when I send an email to my personal gmail account:
 
A week later, I received the same complaint so ran another test to my gmail account and notice its showing as unsigned again. The only change since then and now is that I upgraded from v16.3.6530 to v16.3.6535

11 Replies

Reply to Thread
2
Nick Jansen Replied
SmarterMail isn't signing outgoing mail for me either, even though I've gone through the DKIM setup process. It's never worked for me actually, but I'm a new user--I started with version 16.3.6535 since it was the latest version when I bought SM, and I'm on 16.3.6551 now, which is the latest version as of this writing. I switched from a different mail server product, with which DKIM signing was working properly. Like yours, mine also says "DKIM is running on this domain and signing outgoing mail.", and I believe I've created the correct DNS entries (the DKIM setup in SmarterMail verified them), but test messages that I've sent to other servers don't have anything about DKIM in the headers, and a couple of DKIM testing sites I found tell me that the test messages they received from my server didn't have a DKIM signature at all.
 
Regarding your last sentence, unfortunately I can't add any evidence about whether or not the change from 6530 to 6535 may have had anything to do with it since I only started on 6535, but I wonder if a bug may have been introduced there.
3
Valentin Ciocan Replied
I`ve been experiencing the same on Version: 16.3.6474
5
Patrick Mattson Replied
I ran into this too.  It seems after going from version 14 to 16 the DKIM broke.  It seems in this version SmarterMail creates a new DNS entry.  I have to update all my DNS records for the accounts I had.  Before I used: secure._domainKey.domainname.com, now it seems and probably a good thing generates a unique key name, now it is something like 123456789._domainKey.domainname.com.  I would disable it if enabled, then enable it.  I have only seen I can view the key and name one time, so I am making a copy.  Update my DNS records.  I use the 1024 key I have not figured out how 2048 in BIND.  The records (notes this for BIND) I use and I pass Google's tests:
 
_domainkey.domainname.com    IN    TXT    "o=~;"
123456789._domainKey.domainname.com    IN    TXT    "k=rsa; key provided"
_adsp._domainkey.domainname.com    IN    TXT    "dkim=all"
 
I also have a DMARC record
_dmarc.domainname.com    IN    TXT    "v=DMARC1; p=reject; rua=mailto:postmaster@domainname.com"
 
I also have an SPF record.
 
These all seem to give me three thumbs up on Gmail's security.
 
5
Matthew Sine Replied
We are seeing a similar issue in 16.3.6544
DKIM that was setup since SM15, now seems to be non-working.
We are doing testing on both internal and production servers, none have been updated past 16.3.6544, yet.
Matthew J. Sine, General Manager8Dweb LLC"Making the Web a Happy Place"
3
Tim Uzzanti Replied
Employee Post Marked As Resolution
We were able to replicate the issues on upgrade.  A fix will be released shortly.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
pjeski Replied
16.3.6558 Still not signing for me (according to mailtest@unlocktheinbox.com)
0
Nick Jansen Replied
I had to go through the DKIM setup in SmarterMail again after updating to 16.3.6558 before mine would start signing.
0
Tim Uzzanti Replied
Employee Post
We did find in certain scenarios that the private key might be lost after an upgrade. We can't retroactively fix this because the key no longer exists and you will need to re-apply.

What we did fix, is the scenarios in which the key was lost so future upgrades will not be impacted.

We also included some additional information in the DKIM area so you can see what is active etc.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
pjeski Replied
That did work, however:
When I open the domain settings general tab, I see the message that "DKIM is running on this domain and signing outgoing mail.", and when I look at the record, it matches the record in DNS. There is no clue that the private key has been whacked, or that I should reconfigure DKIM setup.
 
After I click disable, when I click enable again, I get the record display. When I click close, DKIM Is not enabled, I have to enable it a second time.
0
Sergey Sh Replied
SmarterMail Enterprise Edition
Version: 16.3.6642
DKIM enabled, but message don't signed
'outlook.com; dkim=none (message not signed) '
 
0
Andrea Rogers Replied
Employee Post
Hi Sergey. Would you please try upgrading your mail server to the latest release? There have been some fixes to DKIM since your minor version:
 
"Fixed: DKIM headers fields can be erroneously set to null or a zero-length array causing NullReference exceptions." (16.3.6733)
"Fixed: DKIM email signing uses non-FIPS compliant algorithms." (16.3.6691)
"Fixed: Improperly folding in the DKIM signature causes it to fail." (16.3.6670)
"Fixed: In some instances, system messages, such as specific types of bounce messages, are not being DKIM signed and, therefore, get sent to Spam Folders." (16.3.6649)

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

Reply to Thread