Back to Community Threads
DKIM not working even after build 7957
Problem reported by Ionel Aurelian Rau - 10/15/2021 at 7:32 AM
Resolved
Hi all,

After installing Build 7950 (Oct 7, 2021), emails were no longer being signed with DKIM. We updated to Build 7957 (Oct 14, 2021) and the issue is not fixed - emails have no DKIM signature even though DKIM is configured for the domain (we never changed this setting or the key).

Is DKIM working for you after Build 7957?
Michael Replied
10/15/2021 at 9:21 AM
We did some test sending to Gmail and DKIM is signing properly in Build 7950. I wonder what special cases they saw which made developers release 7957? Is it language or encoding issues?
C
Chris Replied
10/17/2021 at 12:33 AM
Hi,

I update to the latest build (7957) today, and i don't have issue about DKIM.

I think you have a configuration mistake because usually smartemail always put DKIM in message but issues are about invalid signature.


Regards.
Sébastien Riccio Replied
10/17/2021 at 7:19 AM
I was intrigued by this topic as we had a few months ago issues with DKIM signing incorrectly the mail (and that was fixed in a later build).

I just did a test again on a domain that was previous perfectly working and it now fails again. This is incredible.

Steps
1) Send a mail from webmail to auth-check@verifier.port25.com
2) Wait for the reply that will indicate DKIM signature is invalid.

I've double checked the public key reported by SM for the domain and the DNS record. It matches so It shouldn't fail.

Is DKIM logic broken again in SM ??

ps: Recreating the DKIM configuration for 5000+ domains would be a no-go especially for the domains that aren't on our DNS servers (would involve the customer to change the DNS entry)
Sébastien Riccio System & Network Admin https://swisscenter.com
Sébastien Riccio Replied
10/17/2021 at 7:35 AM
I tested with 3 other domains, they all fail. That would explain why many customers reported delivery issues recently. If their DKIM signature is invalid it is probably going to spam or even completly rejected, depending the dmarc rules.
Sébastien Riccio System & Network Admin https://swisscenter.com
Sébastien Riccio Replied
10/17/2021 at 7:49 AM
I notice we're on 7950 and that there was DKIM fix in 7957. I think I might have to try an update... pfff

Build 7957 (Oct 14, 2021)

  • Fixed: Extra space on DKIM-signature line can cause DKIM issues.

edit: After update to 7957 DKIM signing for outgoing mails seems to be working again here.
A chance that I was browsing the forum and saw this topic. Thanks !
Sébastien Riccio System & Network Admin https://swisscenter.com
Ionel Aurelian Rau Replied
10/17/2021 at 10:31 PM
We`re already on 7957, that`s why I opened this thread.
We`ve had DKIM working for the last ~2 years without touching it, so nothing changed here.
Sébastien Riccio Replied
10/17/2021 at 10:41 PM
You might need to open a ticket, if not already done.

In our case DKIM was broken with 7950 (even tried to regenerate it for some domains without success).
Once I've updated to 7957 all DKIM signing that was failing on 7950 started working correctly again.

Anyway, this is still a complete mess to have DKIM signing flapping to working/not working anymore/working again/not working anymore.
(not talking about the other issues we had ...)
QA of the product = 0
Sébastien Riccio System & Network Admin https://swisscenter.com
Ionel Aurelian Rau Replied
10/18/2021 at 3:45 AM
OK, so I`ve completely removed the DKIM from DNS and deleted it from SM, then recreated it in SM and DNS but it`s still not signing anything - no DKIM signature is including the emails.
Testing with MXToolbox and other tools shows that he DKIM DNS record is correct, but anyway, SM is not signing emails.
I`ll have to open a ticket now as I`m out of ideas on what to do next.
Thank you all!
Zach Sylvester Replied
10/19/2021 at 11:00 AM
Employee Post

Hello Ionel,


I'm sorry that you're having issues with DKIM still and thank you for opening a ticket so we can look into this. We are not yet aware of what's preventing DKIM from signing messages. At the moment, we are aware of a workaround where you can remove the DKIM record, temporarily save the key size to something else, then change it back to the original value and re-enable DKIM. This should generate a new DKIM key that can be added to DNS and resolve the signature issue.


However, we understand this isn't an ideal method for anyone who is having this issue across a large number of domains. We will continue to look into this and will post updates here as they come.


Best Regards,
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
Ionel Aurelian Rau Replied
10/20/2021 at 12:04 AM
Thanks Zach, your work-around did the trick and now SM is signing with DKIM outgoing emails.
Nick Tsif Replied
10/30/2021 at 10:00 AM
I have the same problem and i open a ticket , but as i saw later on if the key is 1024 the problem solved .
Try to see that is working
Sébastien Riccio Replied
10/30/2021 at 10:11 AM
Hmmm you mean it still doesn't work with 2048 ? It should. Maybe it is how you insert the public key into the DNS. Some DNS servers need splitting of the key.
https://www.unixfu.ch/how-to-split-dns-dkim-records/
Sébastien Riccio System & Network Admin https://swisscenter.com
Montague WebWorks Replied
11/3/2021 at 6:59 AM
Hmm... if removing DKIM and adding it back doesn't fix the issue, but setting it to 2048, saving, then setting it back to 1024 and saving DOES fix it, it appears to me someone should look closely at the routine that works and have that be used elsewhere in the system. Also, look closely at the email sending routine.
Mik MullerMontague WebWorks
Zach Sylvester Replied
11/3/2021 at 12:37 PM
Employee Post
Hello Everyone, 

Just wanted to follow up on this issue. We have a custom build that fixes this DKIM issue. If you're having issues with DKIM please reach out to us and we will provide the custom build once we confirm that it is the same issue. 

Best Regards, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
Kyle Kerst Replied
11/23/2021 at 3:31 PM
Employee Post
@Ron: If you're not receiving active DKIM signing/validation complaints you're probably in good shape! A good test might be sending a quick test message from any critical domains to a Gmail account, then click ...>Show Original on that message to see the DKIM alignment status. I hope that helps!
Kyle Kerst Lead Internal Network/System Administrator SmarterTools Inc. smartertools.com
Montague WebWorks Replied
11/26/2021 at 9:50 PM
Hey Kyle and Zach, I did the upgrade to Build 7957 just now and there is no DKIM signing unless I delete the record set it to 768, save it, delete it, set it back to 1024, save it, add the new value to my DNS and propagate. Let me know what I need to do. Thanks.
Mik MullerMontague WebWorks
Sébastien Riccio Replied
11/27/2021 at 12:00 AM
Damn these DKIM issues are getting crazy. We need a way to be able to check for every domain that has DKIM activated, that it still works... BEFORE customers complain.

The only way I see is to send a mail to some DKIM checking services for example check-auth@verifier.port25.com, from an account on each  and every domain and parse the reply for failures.
But damn that's a pain....

I never had to worry about DKIM signing issues with the other mail servers we use :(
Sébastien Riccio System & Network Admin https://swisscenter.com
Montague WebWorks Replied
11/27/2021 at 8:09 AM
The good news is my ThunderBird email client is not having issues anymore. Looking forward to see if the upgrade also fixed the iPhone/iPad issue, where sometimes it would report there was zero email in my inbox -- just of one account -- despite there actually being about 5000 emails in there, 20+ unread. Happened about once a month, and I have two customers tell me the same. Will report back in a while on that.
Mik MullerMontague WebWorks
Zach Sylvester Replied
11/29/2021 at 7:10 AM
Employee Post
Hello,

Just following up. Please open a ticket if you're experiencing DKIM issues. This way we can verify if it's the same issue. If it is we have a custom build that we can provide you that will fix this issue. 

Best Regards, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
Montague WebWorks Replied
11/29/2021 at 9:00 AM
Ok, the problem on Apple devices persists. I'm looking at my Inbox on my iPad and see only eight emails (I saw zero last night but couldn't log in to this forum on my iPad to report it), and the note at the bottom shows "Updated 4 minutes ago / 18 Unread"

Huh. I just clicked the little filter icon on the left (at the bottom of the Inbox list) and it showed all the unread emails. When I unclicked the filter icon, all emails showed up again. I've done this in the past to see if it'll kick something into action and it didn't work, but it did just now. I'll try that again the next time it happens to see if that's a new temporary fix.

Anyway, just reporting some clues.

Let me know if there's something I can do to fix the DKIM issue, too.

Thanks
Mik MullerMontague WebWorks
Endr Replied
12/1/2021 at 7:29 AM
Is there any new version update about this DKIM problem. Till 14th October, there is no new updates. Any aprx ETA?
Zach Sylvester Replied
12/1/2021 at 1:59 PM
Employee Post
Hey Endr, 

I've created a ticket for you so we can look into your DKIM issue and see if it's the same issue as what we are seeing. Please refer to that ticket so we can get your issues sorted. If anyone else is having DKIM issues please open a ticket with us so we can help you. At this time we do not have a time frame for when the release will be ready for the public but so far the custom build has been working for the people that have been using it. 

Best Regards, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
Setting up Email Signing (DKIM) for a DomainSmarterMail > Domain/User Configuration and Management
Migrating SmarterMail to LinuxSmarterMail > Server Configuration and Management
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Understanding SNI in SmarterMailSmarterMail > Server Configuration and Management