DKIM problem signing

Support General Configuration
1

Hello,
we are trying to configure DKIM on our mail server.
I followed all the steps described in the document, but i have a problem when sending an email from the local domain to others.

Checking the processing LOG it reports:

The PROCESSING log reports:

2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Shepherd thread received signal for processing
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Set recipient otherdomainaddress state to RECEIVED
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Set mail state to PROCESSING
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Start processing mail
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Set recipient otherdomainaddress state to PROCESSING
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Start filter AV:ClamAV of type socket filter from server
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Processing started
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Shepherd thread finished processing signal
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: >> SCAN
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: >> D:\Axigen Mail Server\queue\30\D35B5.00
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: << D:\Axigen Mail Server\queue\30\D35B5.00: OK
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Filter ClamAV(127.0.0.1:3310):[PASS]: OK
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Finished filtering mail object 3035B5 with filter: AV:ClamAV of type socket filter from server
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Set recipient otherdomainaddress data version to 1
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Set recipient otherdomainaddress state to PROCESSING
2019-04-09 18:34:39 +0200 08 ns312345 PROCESSING:003035B5: Start filter AV:SpamAssassin of type socket filter from server
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: >> CHECK SPAMC/1.2
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: >> Content-length:
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: >> 3573
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: >>
2019-04-09 18:34:39 +0200 16 ns312345 PROCESSING:003035B5: >> Send mail stream: 3035B5
2019-04-09 18:34:40 +0200 16 ns312345 PROCESSING:003035B5: << SPAMD/1.1 0 EX_OK
2019-04-09 18:34:40 +0200 16 ns312345 PROCESSING:003035B5: << Spam: False ; 2.7 / 6.3
2019-04-09 18:34:40 +0200 08 ns312345 PROCESSING:003035B5: Filter SpamAssassin Filter(127.0.0.1:783):[PASS]: Spam: False ; 2.7 / 6.3
2019-04-09 18:34:40 +0200 08 ns312345 PROCESSING:003035B5: Finished filtering mail object 3035B5 with filter: AV:SpamAssassin of type socket filter from server
2019-04-09 18:34:40 +0200 08 ns312345 PROCESSING:003035B5: Set recipient otherdomainaddress data version to 2
2019-04-09 18:34:40 +0200 08 ns312345 PROCESSING:003035B5: Set recipient otherdomainaddress state to PROCESSING
2019-04-09 18:34:40 +0200 08 ns312345 PROCESSING:003035B5: Start filter onProcessing event

after that line the message remains stuck forever in the messages queue

any help is appreciated

2

Hello,

Please provide me the entire PROCESSING session with ID 003035B5 that can be obtained from Command prompt using a command similar with:

more "C:\Program Files\Axigen Mail Server\log\LOG_FILE.txt" | find "PROCESSING:003035B5" > session.txt

replacing “C:\Program Files\Axigen Mail Server\log\LOG_FILE.txt” with you log file that cover that session.

Also attach a screenshot with the Advanced rules (Check_DomainKeys_and_DKIM and DomainSign-domain1_com)

Regards,
Florin

3

Hello Florin,
thanks for your reply

that’s exactly the full log fot that seession, it stops at “Start filter onProcessing event”

here attached the screenshot of the rule (of course mydomain.com is a fake domain)

image
image.png1452×694 12.6 KB

4

Hello,

Provide me the output of below command:

dir “D:\Axigen Mail Server\*.pem”

Regards,
Florin

5

Hello,
i have the following files in that directory:

axigen_cert.pem
axigen_dh.pem
private_axigen.pem

not sure what are the first 2 files (a collegue installed Axigen few years ago when I was not in the company yet), but the last one, private_axigen.pem, is the one i created.

it contains the private key i generated with the format:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,XXXXXXXXXXXXXXXXXXXXX




-----END RSA PRIVATE KEY-----

If i rename that file, the Processing log says “file not found”; if i change something manually in the file (just for test), the log says “invalid certificate”

6

Hello,

The root cause is most probably the encrypted certificate (private_axigen.pem) used to sign:

Proc-Type: 4,ENCRYPTED

You may try to decrypt the certificate using the below command and after that edit the rule and update the certificate name:

openssl rsa -in private_axigen.pem -out private_axigen_decrypt.pem

Regards,
Florin

7

Great! it works now!!
i’ve decrypted the key and updated the key file and it passed the signing procedure

many thanks!