DKIM problem with MaxBulk Mailer & Email Really Service

SAW

Member
We are using a new Email Relay Service (http://www.smtp.com) and are having trouble getting our DKIM signatures to work properly.

Their tech support department asked me to ask you (Stan / MaxBulk Mailer Team) the following question:

Unfortunately, all emails failed DKIM verification due to their body hash modifications. Even our default DKIM under selector "smtpcustomer" failed and couldn't sign your emails properly:

1) dkim=neutral (body hash did not verify) header.i=@mail-knsaw.com header.s=mailknsawcom header.b=tsoutZ8q;
      dkim=neutral (body hash did not verify) header.i=@smtpserver.email header.s=smtpcustomer header.b=aTjCGER+;

Hence, my question is - are you sure that your sending application/software doesn't apply any changes to your mail content before it reaches our system?

Our tech support department thinks that the MaxBulk Mailer application is generating additional body hash by QP encoding and our system cannot verify it properly.
Please advise. Thanks Stan! :D

Best, Stephen

p.s. These are the errors I see when I test the email DKIM myself.

Code:
[b]mail-knsaw[/b]

[url]http://www.appmaildev.com/en/dkim[/url]

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail-knsaw.com; 
 i=@mail-knsaw.com; q=dns/txt; s=mailknsawcom; t=1503430921; 
 h=Message-Id : Mime-Version : From : To : Subject : Date : Content-Type 
 : List-Unsubscribe : From : Subject : Date; 
 bh=PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=; 
 b=U15uJGpPaFzmCMXO/8FNrXY0Vh1+V/o7EYZEwgWtjoRgkQLPP8Gt5A9QStYFq8Zqehh5Tf
 i7MzaPGt/ZxK48obHWakyZimHF0R+4Y4Ltfcm9zyWM8gw9cOwvIYy29bXNvqr5vSXHhgS+3S
 jM4sxHLMGHlk78P7JXtLEJgvjmNDZFIT9LITKelhgHsaqCtz0cQjxBAFkJXYbf1EN6Lb9iDZ
 oY8HRuOh5utJfF0a9jQVl8DINsrW9CFnsmJ6zH1gUWVKKFcgom84ySM/QTFIe1nokhZ3FXvp
 SJJf2/Du1ARgvEEg7SblP4Y8TCb6Yg1tnovYmVCSjiya3XoZUNgdSU8w==
Signed-by: knsaw@mail-knsaw.com
Expected-Body-Hash: qWt+2cdGlSBiROWppjc1acf8BVIlVkjK8X2o++vYT2A=

[b][color=#BF00FF]DKIM-Result: fail (wrong body hash: PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=)[/color][/b]

- - -

[url]http://www.mail-tester.com[/url]

[b][color=#FF00FF]You have more than one DKIM signature in your message.[/color][/b]
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
You have more than one DKIM signature in your message.
Please enable only one signature, you should let your mail server sign the message and disable DKIM on your Newsletter software.
Signature 1 : 

	v=1;
	a=rsa-sha256;
	c=relaxed/simple;
	d=mail-knsaw.com;
	i=@mail-knsaw.com;
	q=dns/txt;
	s=mailknsawcom;
	t=1503427119;
	h=Message-Id:Mime-Version:From:To:Subject:Date:Content-Type:List-Unsubscribe:From:Subject:Date;
	bh=5BCtzBbwIhdflPWpqfzn9QgPmfzMWMCKUa9DMmdsxrE=;
	b=BBSG2uE14IahrHUPrsMohBgmE0jICTxPDm4jBm6tWyz5K56hdmveby4vnTJxy23bHZuI1l2+NRDcp7i7MaJdWWs2oIwLARQPvTV3W7L8gMD7w6Fk0V+zw9SzCjGrbx9i2Fx4FN++yVcEe/8naTmhPv07idXDp3vBcWm6yaQZpmSAfCGwzyeco33aWeYZYqLRVx3TV5ZhPatvNNI8A5POiRUEzgNJI9DRzzQP4VYZZ/5/OZyJaLiiJACZJv8AXrluNR4qcWpWv2MZ1j6KrV08uvwOXK44aX1a189QV2ClayJcJzzf5oMhrALyqO2WW1zncq3o2f3kIQLMLeXGN1YsnQ==
Signature 2 : 

	v=1;
	a=rsa-sha256;
	c=relaxed/simple;
	d=smtpserver.email;
	i=@smtpserver.email;
	q=dns/txt;
	s=smtpcustomer;
	t=1503427119;
	h=Message-Id:Mime-Version:From:To:Subject:Date:Content-Type:List-Unsubscribe:From:Subject:Date;
	bh=5BCtzBbwIhdflPWpqfzn9QgPmfzMWMCKUa9DMmdsxrE=;
	b=hJ/z2MQAbK+f5tGDPBVzEsjMEB5aUov4f70muhjz4Y5tiXh5x+mmdCi1dj3J/YkpMbH5xV4nuZPcAvG/mH1B2ogQPyKg94pEue6Xci1U7YRzxlcpCEiITMfq8ZLQmkFYYmLZqy+TGz/+KPE1djsr4eWTGqAqIkPtJ7dh+oXA/lK2LuwJF7lutDnZQMTRCU6tMCWvto/NdhH/hvUZJ6Wgi9M9LlC058PWM6y39MGM6vDHTZzcapTevEJ97TBkscI/u41R26BXbaqHrXb4urjIt8GePUg+UxOyc3TUNH4Cyl26ISYM0ncteYqzfEp5oz94+9aOgxs3B+OQRfxzDvfYQg==
 

SAW

Member
Hi Stan, we have some more intel and a more specific question for you.

We are getting errors that the Body Hash is wrong: Error: body hash did not verify / wrong body hash
Q: What can we do about that?

This is what we have found out:

1)
When we send via MaxBulk Mailer with the Format set to “Text|HTML” (as we have always done)
the DKIM Fails - because of the error about the Body Hash being wrong.
Code:
DKIM-Result: fail (wrong body hash: PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=)
2)
However,
IF we send via MaxBulk Mailer with the Format set to “HTML only” (which is frowned upon by SpamAssassin*),
the DKIM Passes!

* = SpamAssassin: -1.105 points MIME_HTML_ONLY Message only has text/html MIME parts
You should also include a text version of your message (text/plain)


That points to a problem with the way MBM is handling “Text|HTML” because it is triggering the Error: body hash did not verify / wrong body hash

Note, we get the same error with our lengthy newsletter, as our test email, which is as simple as this. With both the DKIM Fails because of the Body Hash did not verify error.

Format set to “Text|HTML
Code:
t-e-s-t
<html>

	<head>
		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
		<title>02 mail-kn</title>
	</head>

	<body>
		<p>t-e-s-t</p>
	</body>

</html>
Thank you to looking into this Stan!

We are stuck and standing by for your wisdom.

Best, Stephen
 

SAW

Member
Any headway yet on a fix, solution or work around for the Body Hash being wrong when Format is set to “Text|HTML?

Thanks Stan! Best, Stephen
 

SAW

Member
I spent 2 more hours with SMTP.com (the Email Relay Service) working on this problem.
It really does look like MaxBulk Mailer is writing incorrect Body Hash - with the Format set to “Text|HTML”.

Q:
Is there a way for me or of you to set MaxBulk Mailer to “stop” writing the Body Hash?

This was suggested as a potential fix to the problem.

Again, the Bad Body Hash is causing the otherwise good DKIM record to fail.

Thanks Stan!
 

SAW

Member
Hi Stan. Keeping you informed.
I worked with SMTP.com for more time and together we did the following testing:

Tried each Encoding option:

Automatic
Quoted Printable
8 Bits
7 Bits
Base 64

Also tried these Character Encoding:

Encoding:
utf-8
vs
ISO-8859-1


Every single test responded the same as before:

1)
When we send via MaxBulk Mailer with the Format set to “Text|HTML” (as we have always done)
the DKIM Fails - because of the error about the Body Hash being wrong.
Code:
DKIM-Result: fail (wrong body hash: PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=)
2)
However,
IF we send via MaxBulk Mailer with the Format set to “HTML only” (which is frowned upon by SpamAssassin*),
the DKIM Passes!


I am letting you know just how hard I am trying to get this working.

Any ideas?
 

stanbusk

Administrator
Staff member
I don't think it has anything to do with the message encoding or charset. I believe it has to do with the differences between the Text and HTML versions.

Google returns lot of pages on this issue: https://www.google.es/search?client=saf ... 8wfPg7qoBA

Some of the pages suggest disabling any anti-virus running on the system.

Have you tried to set the alternative text message to an empty string?

--
Follow maxprog.com on Facebook | Google+ | Linkedin | Twitter | YouTube
and keep up-to-date with the latest Max Programming updates!
 

SAW

Member
Hi Stan. It looks like the engineers at SMTP.com may have uncovered the problem! :D

This is what SMTP wrote to me:

We have also installed MaxBulk Mailer and sent test emails with "Text|HTML" format to Yahoo, AOL, Hotmail, Gmail through our SMTP server. DKIM passed validation everywhere except Gmail. Gmail doesn't validate the data from hash after DKIM decryption with the original email content. After deepest investigation finally we realized that MaxBulk mailer uses old format for "?arriage return" symbol (symbol for the new line) - ^M. Email is sending in MIME format and since your mail reader (as Gmail) does not understand this format, some or all content of this message may not be legible, thus Gmail think that body hash was modified and fail DKIM validation.

Stan, does this make sense? And could you potentially resolve this issue?

Thanks!
 

SAW

Member
Hi Stan. Here is SMTP.com’s detailed description of the error and why it is happening.


SMTP wrote:

Thank you for sharing this information with us. I would like to inform you that Max Bulk Mailer sends letters consisting from two parts in multipart/alternative format. The first part is plain/text, the second part is text/html.
But, before these parts the application put in the text which will be showed those email clients who cannot read the text in parts (This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible). This text isn't shown in the normal format, because the text is out of content borders, but the text is the part of the letter body. In the end it is two strings.

Our have received this letter on our MTA and in this letter there is one string:
(This message is in MIME format. Since your mail reader does not understand^Mthis format, some or all of this message may not be legible)

Please, pay attention to ^M. It is an old symbol of a carriage return character without a line feed. As our system doesn't change the letter our DKIM hashing this sting as it is in body hash recording what we see.

But, the recipient's system understands that it is an old symbol and changes ^M to a new CRLF.

In this case, most systems understand that there are no changes, that's why body hash is passed.

But, Gmail considers that there are some changes, so body hash is failed.


Stan, please tell me your thoughts. Thanks! Stephen
 
Top