DKIM problem with MaxBulk Mailer & Email Really Service

SAW

Member
We are using a new Email Relay Service (http://www.smtp.com) and are having trouble getting our DKIM signatures to work properly.

Their tech support department asked me to ask you (Stan / MaxBulk Mailer Team) the following question:

Unfortunately, all emails failed DKIM verification due to their body hash modifications. Even our default DKIM under selector "smtpcustomer" failed and couldn't sign your emails properly:

1) dkim=neutral (body hash did not verify) [email protected] header.s=mailknsawcom header.b=tsoutZ8q;
dkim=neutral (body hash did not verify) [email protected] header.s=smtpcustomer header.b=aTjCGER+;

Hence, my question is - are you sure that your sending application/software doesn't apply any changes to your mail content before it reaches our system?

Our tech support department thinks that the MaxBulk Mailer application is generating additional body hash by QP encoding and our system cannot verify it properly.
Please advise. Thanks Stan! :D

Best, Stephen

p.s. These are the errors I see when I test the email DKIM myself.

Code:
[b]mail-knsaw[/b]

[url]http://www.appmaildev.com/en/dkim[/url]

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail-knsaw.com;
[email protected]; q=dns/txt; s=mailknsawcom; t=1503430921;
h=Message-Id : Mime-Version : From : To : Subject : Date : Content-Type
: List-Unsubscribe : From : Subject : Date;
bh=PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=;
b=U15uJGpPaFzmCMXO/8FNrXY0Vh1+V/o7EYZEwgWtjoRgkQLPP8Gt5A9QStYFq8Zqehh5Tf
i7MzaPGt/ZxK48obHWakyZimHF0R+4Y4Ltfcm9zyWM8gw9cOwvIYy29bXNvqr5vSXHhgS+3S
jM4sxHLMGHlk78P7JXtLEJgvjmNDZFIT9LITKelhgHsaqCtz0cQjxBAFkJXYbf1EN6Lb9iDZ
oY8HRuOh5utJfF0a9jQVl8DINsrW9CFnsmJ6zH1gUWVKKFcgom84ySM/QTFIe1nokhZ3FXvp
SJJf2/Du1ARgvEEg7SblP4Y8TCb6Yg1tnovYmVCSjiya3XoZUNgdSU8w==
Signed-by: [email protected]
Expected-Body-Hash: qWt+2cdGlSBiROWppjc1acf8BVIlVkjK8X2o++vYT2A=

[b][color=#BF00FF]DKIM-Result: fail (wrong body hash: PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=)[/color][/b]

- - -

[url]http://www.mail-tester.com[/url]

[b][color=#FF00FF]You have more than one DKIM signature in your message.[/color][/b]
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
You have more than one DKIM signature in your message.
Please enable only one signature, you should let your mail server sign the message and disable DKIM on your Newsletter software.
Signature 1 :

    v=1;
    a=rsa-sha256;
    c=relaxed/simple;
    d=mail-knsaw.com;
    [email protected];
    q=dns/txt;
    s=mailknsawcom;
    t=1503427119;
    h=Message-Id:Mime-Version:From:To:Subject:Date:Content-Type:List-Unsubscribe:From:Subject:Date;
    bh=5BCtzBbwIhdflPWpqfzn9QgPmfzMWMCKUa9DMmdsxrE=;
    b=BBSG2uE14IahrHUPrsMohBgmE0jICTxPDm4jBm6tWyz5K56hdmveby4vnTJxy23bHZuI1l2+NRDcp7i7MaJdWWs2oIwLARQPvTV3W7L8gMD7w6Fk0V+zw9SzCjGrbx9i2Fx4FN++yVcEe/8naTmhPv07idXDp3vBcWm6yaQZpmSAfCGwzyeco33aWeYZYqLRVx3TV5ZhPatvNNI8A5POiRUEzgNJI9DRzzQP4VYZZ/5/OZyJaLiiJACZJv8AXrluNR4qcWpWv2MZ1j6KrV08uvwOXK44aX1a189QV2ClayJcJzzf5oMhrALyqO2WW1zncq3o2f3kIQLMLeXGN1YsnQ==
Signature 2 :

    v=1;
    a=rsa-sha256;
    c=relaxed/simple;
    d=smtpserver.email;
    [email protected];
    q=dns/txt;
    s=smtpcustomer;
    t=1503427119;
    h=Message-Id:Mime-Version:From:To:Subject:Date:Content-Type:List-Unsubscribe:From:Subject:Date;
    bh=5BCtzBbwIhdflPWpqfzn9QgPmfzMWMCKUa9DMmdsxrE=;
    b=hJ/z2MQAbK+f5tGDPBVzEsjMEB5aUov4f70muhjz4Y5tiXh5x+mmdCi1dj3J/YkpMbH5xV4nuZPcAvG/mH1B2ogQPyKg94pEue6Xci1U7YRzxlcpCEiITMfq8ZLQmkFYYmLZqy+TGz/+KPE1djsr4eWTGqAqIkPtJ7dh+oXA/lK2LuwJF7lutDnZQMTRCU6tMCWvto/NdhH/hvUZJ6Wgi9M9LlC058PWM6y39MGM6vDHTZzcapTevEJ97TBkscI/u41R26BXbaqHrXb4urjIt8GePUg+UxOyc3TUNH4Cyl26ISYM0ncteYqzfEp5oz94+9aOgxs3B+OQRfxzDvfYQg==
 
Last edited by a moderator:

SAW

Member
Hi Stan, we have some more intel and a more specific question for you.

We are getting errors that the Body Hash is wrong: Error: body hash did not verify / wrong body hash
Q: What can we do about that?

This is what we have found out:

1)
When we send via MaxBulk Mailer with the Format set to Text|HTML (as we have always done)
the DKIM Fails - because of the error about the Body Hash being wrong.
Code:
DKIM-Result: fail (wrong body hash: PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=)
2)
However,
IF we send via MaxBulk Mailer with the Format set to HTML only (which is frowned upon by SpamAssassin*),
the DKIM Passes!

* = SpamAssassin: -1.105 points MIME_HTML_ONLY Message only has text/html MIME parts
You should also include a text version of your message (text/plain)


That points to a problem with the way MBM is handling Text|HTML because it is triggering the Error: body hash did not verify / wrong body hash

Note, we get the same error with our lengthy newsletter, as our test email, which is as simple as this. With both the DKIM Fails because of the Body Hash did not verify error.

Format set to Text|HTML
Code:
t-e-s-t
<html>

    <head>
        <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
        <title>02 mail-kn</title>
    </head>

    <body>
        <p>t-e-s-t</p>
    </body>

</html>
Thank you to looking into this Stan!

We are stuck and standing by for your wisdom.

Best, Stephen
 
Last edited by a moderator:

SAW

Member
Any headway yet on a fix, solution or work around for the Body Hash being wrong when Format is set to Text|HTML?

Thanks Stan! Best, Stephen
 
Last edited by a moderator:

SAW

Member
I spent 2 more hours with SMTP.com (the Email Relay Service) working on this problem.
It really does look like MaxBulk Mailer is writing incorrect Body Hash - with the Format set to Text|HTML.

Q:
Is there a way for me or of you to set MaxBulk Mailer to stop writing the Body Hash?

This was suggested as a potential fix to the problem.

Again, the Bad Body Hash is causing the otherwise good DKIM record to fail.

Thanks Stan!
 
Last edited by a moderator:

SAW

Member
Hi Stan. Keeping you informed.
I worked with SMTP.com for more time and together we did the following testing:

Tried each Encoding option:

Automatic
Quoted Printable
8 Bits
7 Bits
Base 64

Also tried these Character Encoding:

Encoding:
utf-8
vs
ISO-8859-1


Every single test responded the same as before:

1)
When we send via MaxBulk Mailer with the Format set to Text|HTML (as we have always done)
the DKIM Fails - because of the error about the Body Hash being wrong.
Code:
DKIM-Result: fail (wrong body hash: PgbwPLQ/VPm48OdWTpalIBwcpxBVVqmFYsrnNlaWh2c=)
2)
However,
IF we send via MaxBulk Mailer with the Format set to HTML only (which is frowned upon by SpamAssassin*),
the DKIM Passes!


I am letting you know just how hard I am trying to get this working.

Any ideas?
 
Last edited by a moderator:

stanbusk

Administrator
Staff member
I don't think it has anything to do with the message encoding or charset. I believe it has to do with the differences between the Text and HTML versions.

Google returns lot of pages on this issue: https://www.google.es/search?client=saf ... 8wfPg7qoBA

Some of the pages suggest disabling any anti-virus running on the system.

Have you tried to set the alternative text message to an empty string?

--
Follow maxprog.com on Facebook | Google+ | Linkedin | Twitter | YouTube
and keep up-to-date with the latest Max Programming updates!
 

SAW

Member
Hi Stan. It looks like the engineers at SMTP.com may have uncovered the problem! :D

This is what SMTP wrote to me:

We have also installed MaxBulk Mailer and sent test emails with "Text|HTML" format to Yahoo, AOL, Hotmail, Gmail through our SMTP server. DKIM passed validation everywhere except Gmail. Gmail doesn't validate the data from hash after DKIM decryption with the original email content. After deepest investigation finally we realized that MaxBulk mailer uses old format for "?arriage return" symbol (symbol for the new line) - ^M. Email is sending in MIME format and since your mail reader (as Gmail) does not understand this format, some or all content of this message may not be legible, thus Gmail think that body hash was modified and fail DKIM validation.

Stan, does this make sense? And could you potentially resolve this issue?

Thanks!
 

SAW

Member
Hi Stan. Here is SMTP.com detailed description of the error and why it is happening.


SMTP wrote:

Thank you for sharing this information with us. I would like to inform you that Max Bulk Mailer sends letters consisting from two parts in multipart/alternative format. The first part is plain/text, the second part is text/html.
But, before these parts the application put in the text which will be showed those email clients who cannot read the text in parts (This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible). This text isn't shown in the normal format, because the text is out of content borders, but the text is the part of the letter body. In the end it is two strings.

Our have received this letter on our MTA and in this letter there is one string:
(This message is in MIME format. Since your mail reader does not understand^Mthis format, some or all of this message may not be legible)

Please, pay attention to ^M. It is an old symbol of a carriage return character without a line feed. As our system doesn't change the letter our DKIM hashing this sting as it is in body hash recording what we see.

But, the recipient's system understands that it is an old symbol and changes ^M to a new CRLF.

In this case, most systems understand that there are no changes, that's why body hash is passed.

But, Gmail considers that there are some changes, so body hash is failed.


Stan, please tell me your thoughts. Thanks! Stephen
 
Last edited by a moderator:

sojan chandy

New Member
For every email DKIM shows a different hash for bh, make no sense that copying it to mxtoolbox will display it correctly for the reason it is a copy. (not sure if i am right )

partial lines from email1, (looking at original mail)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=whatevermycompany.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aQjX9o0iBrQIdlhsiKRWB8b6LtSUTA7QILQh3zdh8GY=;

partial lines from email1 (looking at original mail)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=whatevermycompany.com; q=dns/txt; s=zendesk1; t=1641950243; bh=+DwSBuk0cez+zvf1xPV91xL0jqoo3G9VB47OTVZjmA4=; h=date:from:reply-to:to:message-id:in-reply-to:subject:mime-version:content-type:content-transfer-encoding;
 

stanbusk

Administrator
Staff member
Not sure I understand what you mean. MaxBulk Mailer DKIM support is provided by third-party libraries. We haven't implemented this ourselves on our own. I never heard of problems apart from DNS settings errors.
 
Top