0
Settings Emails Signing
Question asked by Miguel Enrique - 9/12/2023 at 11:56 AM
Answered
In delivery log and I find many errors of this type:

11:38:42.424 [27789236] Exception getting DKIM signature System.ArgumentException: The list of headers to sign SHOULD NOT include the 'Bcc' header.
Parameter name: headers
    at MimeKit.Cryptography.DkimSigner.Sign(FormatOptions options, MimeMessage message, IList`1 headers)
    at SmarterMail.Common.MailSigning.DKIM.DKIM.Sign(MimeMessage mime, db_domain_settings_readonly domainSettings, DkimSignatureField sigField, MessageSigningArgs signingArgs, List`1& logLines)
    at MailService.RelayServer.RemoteDeliverySession.GetDkimSignature()

I imagine that the sender has sent the email using some recipient in BBC. The email is sent to the recipient, but I do not know if it will be signed correctly with DKIM.

How should I configure the DKIM signing settings? 

Currently I have:

Key size: 2048 (Recommended)
Max messages: 0
Body canonicalization: Relaxed
Header canonicalization: Relaxed
Header fields to use: All non-repeatable fields

Should I change any?

Greetings.
Miguel Enrique.

2 Replies

Reply to Thread
0
Miguel Enrique Replied
Hello.

Maybe I expressed myself wrong. English is not my native language and I use Google Translate a lot.

I would appreciate it if other SmarteMail users (administrators) who use DKIM signing could confirm if the configuration I am using is the same one they use.

Key size: 2048 (Recommended)
Max messages: 0
Body canonicalization: Relaxed
Header canonicalization: Relaxed
Header fields to use: All non-repeatable fields

Also, if someone uses SmarterMail 8629 (Aug 17, 2023), and has the same configuration that I use for DKIM signing, they could check if they have exceptions in their delivery logs with the following text: "Exception: The list of headers to sign SHOULD NOT include the 'Bcc' header"

I have sent emails that use BCC to dkimvalidator.com and it doesn't seem that SmarterMail includes the BCC header in the DKIM signature, so I don't really understand the exception.

Validation of dkimvalidator.com indicates that it is signed without BCC:

DKIM-Signature: v=1; a=rsa-sha256; d=monmariola.com; s=secure;
c=relaxed/relaxed; t=1694680295;
h=from:to:cc:subject:date:message-id:mime-version:x-mailer:thread-index:
x-declude-sender:x-declude-spoolname:x-declude-refid:x-declude-scan:
x-declude-tests:x-country-chain:x-declude-code:x-declude-recipcount:x-helo:
x-revdns:x-fpreview-weight;
bh=(omited);

Thank you
Miguel Enrique
Mon Mariola, S.L.
0
Employee Replied
Employee Post Marked As Answer
Hi Miguel,

Would you please open a support ticket? This will allow us to review the issue directly. There may be some debug logs thatyou can enable to help understand this behavior. 

Kind regards,

Reply to Thread