Hello Support,
let me first tell you that i really love your software. I am using it for my personal usage and i love it. I see also throughout the years massive improvements. Great job!
Now to my problem:
- running on a VPS with Centos 8.x
- Axigen version: 10.3.2.12
I have a problem reaching and not able to reach maximum spam score. This is leading for some providers (Exchange) to a delayes delivery (my emails are delivered constantly 50 minutes later) up to not being delivered at all. This is only with company Exchanges. Sending emails to gmx, gmail is delivered instant. The problem appeared since i configured DKIM.
Heres my config:
- in /var/opt/axigen i have 2 files (dkim.privkey.4elges_de.pem and dkim.pubkey.4elges_de.pem)
- in my DNS (hosted at contabo) i created this entry
se._domainkey.4elges.de 86400 TXT 0 v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPeTdFi2fQ7a7ZnmQ8yP0qnx5P/+YOSqgaHOjDKRBJDkIYcfDlINUZ7tsYLHi1SVsAlg2NxrC4K5v+mLGiPjHlQecydUlDoKarhpPfSvkYfCuA8+9eSgjpb00Ts2wkUZDq9OC06C8/UQGBmkwC1iOXTeBVcI4IoPocqy+OGk44cR7cP/q/CcSjQg8NG0wZggm7FxPhaAYnwfn2Rhvoco7j7pET1jUhGoz//07e1NCeUapXTjm6heOM3AZspaAdQsSM+xhZxc/S1k7CYdWAcc3UQNQAc0filOA3fSOzXYAIN/L8aouWRYLpSVH4oGqqGT1gtyBQzMMxnJ9Cs+Aqra4wIDAQAB
(tried with ending “;” and without - no difference) - testing emails got this result
- Webadmin settings are Advanced Acceptance / Routing Rules
- Rule “DomainSign-4elges_de” (ALL incoming, sender domain is “4elges.de” with authenticated checked, DK Selecter se, DKIM Selector se, DK Key Path dkim.privkey.4elges_de.pem, DKIM Key Path dkim.privkey.4elges_de.pem, Sign Domain Key, Sign DKIM
What is wrong in my config and why i am getting the DKIM_SIGNED shown as invalid?
Appreciate your help!
Best
Swen
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: pass
"iprev" check: pass
DKIM check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: box.4elges.de
Source IP: 161.97.97.137
mail-from: swen@4elges.de
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mailfrom=swen@4elges.de
DNS record(s):
4elges.de. 300 IN TXT "v=spf1 a mx ip4:161.97.97.137 ~all"
4elges.de. 300 IN A 161.97.97.137
----------------------------------------------------------
"iprev" check details:
----------------------------------------------------------
Result: pass (matches box.4elges.de)
ID(s) verified: policy.iprev=161.97.97.137
DNS record(s):
137.97.97.161.in-addr.arpa. 300 IN PTR box.4elges.de.
box.4elges.de. 300 IN A 161.97.97.137
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: swen@4elges.de)
ID(s) verified: header.d=4elges.de
Canonicalized Headers:
from:Swen'20'Elges'20'<swen@4elges.de>'0D''0A'
date:Wed,'20'16'20'Sep'20'2020'20'22:26:41'20'+0200'0D''0A'
to:check-auth@verifier.port25.com'0D''0A'
message-id:<1600288001249049209@4elges.de>'0D''0A'
subject:ein'20'test'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'd=4elges.de;'20's=se;'20'c=relaxed/relaxed;'20'q=dns/txt;'20'h=from:date:to:cc:message-id:subject;'20'bh=gXnW0zOLpvsy/4GEjzqjO9VLhenvY6sZs/ow4Gj314s=;'20'b=;
Canonicalized Body:
This'20'is'20'a'20'MIME'20'message.'20'You'20'may'20'need'20'a'20'MIME'20'compliant'20'mail'20'user'20'agent.'0D''0A'
--===axigen=7252792051304167898145226003579104658743=axigen==='0D''0A'
Content-Type:'20'text/plain;'0D''0A'
'20'charset="utf-8"'0D''0A'
Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
Content-Disposition:'20'inline'0D''0A'
'0D''0A'
richtiger'20'Test'0D''0A'
VG'0D''0A'
S=E2=80=8B'0D''0A'
Email'20'sent'20'using'20'Axigen'20'Free'20'Mail'20'Server:'0D''0A'
http://www.axigen.com/mail-server/free'0D''0A'
--===axigen=7252792051304167898145226003579104658743=axigen==='0D''0A'
Content-Type:'20'text/html;'0D''0A'
'20'charset="utf-8"'0D''0A'
Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
Content-Disposition:'20'inline'0D''0A'
'0D''0A'
<html><head><style'20'id=3D"axi-htmleditor-style"'20'type=3D"text/css">p'20'{'20'margin='0D''0A'
:'20'0px;'20'}</style></head><body'20'dir=3D""'20'style=3D"font-size:'20'10pt;'20'font-family='0D''0A'
:'20'"Source'20'Sans'20'Pro",'20'sans-serif;'20'background-image:'20'none;'20'backgrou='0D''0A'
nd-repeat:'20'repeat;'20'background-attachment:'20'fixed;">richtiger'20'Test<div>VG</di='0D''0A'
v><div>S=E2=80=8B</div>'0D''0A'
<br>'0D''0A'
Email'20'sent'20'using'20'Axigen'20'Free'20'Mail'20'Server:<br>http://www.axigen.com/mail-ser='0D''0A'
ver/free</body></html>'0D''0A'
--===axigen=7252792051304167898145226003579104658743=axigen===--'0D''0A'
DNS record(s):
se._domainkey.4elges.de. 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPeTdFi2fQ7a7ZnmQ8yP0qnx5P/+YOSqgaHOjDKRBJDkIYcfDlINUZ7tsYLHi1SVsAlg2NxrC4K5v+mLGiPjHlQecydUlDoKarhpPfSvkYfCuA8+9eSgjpb00Ts2wkUZDq9OC06C8/UQGBmkwC1iOXTeBVcI4IoPocqy+OGk44cR7cP/q/CcSjQg8NG0wZggm7FxPhaAYnwfn2Rhvoco7j7pET1jUhGoz//07e1NCeUapXTjm6heOM3AZspaAdQsSM+xhZxc/S1k7CYdWAcc3UQNQAc0filOA3fSOzXYAIN/L8aouWRYLpSVH4oGqqGT1gtyBQzMMxnJ9Cs+Aqra4wIDAQAB;"
Public key used for verification: se._domainkey.4elges.de (2048 bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.0 (2014-02-07)
Result: ham (-2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: axigen.com]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
==============================================================
Explanation of the possible results (based on RFCs 7601, 7208)
==============================================================
DKIM Results
============
none: The message was not signed.
pass: The message was signed, the signature or signatures were
acceptable to the ADMD, and the signature(s) passed verification
tests.
fail: The message was signed and the signature or signatures were
acceptable to the ADMD, but they failed the verification test(s).
policy: The message was signed, but some aspect of the signature or
signatures was not acceptable to the ADMD.
neutral: The message was signed, but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result is also used for other failures not
covered elsewhere in this list.
temperror: The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a public key. A later attempt may produce a final
result.
permerror: The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent. A
later attempt is unlikely to produce a final result.
SPF Results
===========
none: Either (a) no syntactically valid DNS domain name was extracted from
the SMTP session that could be used as the one to be authorized, or
(b) no SPF records were retrieved from the DNS.
neutral: The ADMD has explicitly stated that it is not asserting whether
the IP address is authorized.
pass: An explicit statement that the client is authorized to inject mail
with the given identity.
fail: An explicit statement that the client is not authorized to use the
domain in the given identity.
softfail: A weak statement by the publishing ADMD that the host is probably
not authorized. It has not published a stronger, more definitive policy
that results in a "fail".
temperror: The SPF verifier encountered a transient (generally DNS) error
while performing the check. A later retry may succeed without further
DNS operator action.
permerror: The domain's published records could not be correctly interpreted.
This signals an error condition that definitely requires DNS operator
intervention to be resolved.
"iprev" Results
===============
pass: The DNS evaluation succeeded, i.e., the "reverse" and
"forward" lookup results were returned and were in agreement.
fail: The DNS evaluation failed. In particular, the "reverse" and
"forward" lookups each produced results, but they were not in
agreement, or the "forward" query completed but produced no
result, e.g., a DNS RCODE of 3, commonly known as NXDOMAIN, or an
RCODE of 0 (NOERROR) in a reply containing no answers, was
returned.
temperror: The DNS evaluation could not be completed due to some
error that is likely transient in nature, such as a temporary DNS
error, e.g., a DNS RCODE of 2, commonly known as SERVFAIL, or
other error condition resulted. A later attempt may produce a
final result.
permerror: The DNS evaluation could not be completed because no PTR
data are published for the connecting IP address, e.g., a DNS
RCODE of 3, commonly known as NXDOMAIN, or an RCODE of 0 (NOERROR)
in a reply containing no answers, was returned. This prevented
completion of the evaluation. A later attempt is unlikely to
produce a final result.
==========================================================
Original Email
==========================================================
Return-Path: <swen@4elges.de>
Received: from box.4elges.de (161.97.97.137) by verifier.port25.com id hc9qg82e8s4a for <check-auth@verifier.port25.com>; Wed, 16 Sep 2020 20:26:44 +0000 (envelope-from <swen@4elges.de>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=swen@4elges.de;
iprev=pass (matches box.4elges.de) policy.iprev=161.97.97.137;
dkim=pass (matches From: swen@4elges.de) header.d=4elges.de
DKIM-Signature: v=1; a=rsa-sha256; d=4elges.de; s=se; c=relaxed/relaxed;
q=dns/txt; h=from:date:to:cc:message-id:subject;
bh=gXnW0zOLpvsy/4GEjzqjO9VLhenvY6sZs/ow4Gj314s=;
b=Y9DgH4fDTP7LjdVoREeslqoRucJhHF3UPYdbubWlG2qWRoYD+HcnPf7TEDiNn1tkRGLrLT/XVjvHWzQhUu0613pfhe9JnKp9DAXSmFSHSa5Hv7WZhhp7d0X3lOApn58qxWnfmjPbVpEYhlPJbu7R0v66lrMET3ZQ2cs1dGnJgjJp1zC7PBHQ+7tt7fPnAsoTyQbqGC3j4LlK6jMJ6zPlq7ST+DZub/rU8/rnzDWzuXk6fF0OYz4GXBEWDE1Eo76YCZhDdEA7g7yad5joAxVsGCwyu8OD0k3Q7h0n8r+uw8rnrXtfxsf+E/3W9HKBjJbXHpTqeUpEaJr5ychyhGtGng==;
DomainKey-Signature: a=rsa-sha1;
b=Zu42XeckZiaW6OWPiLI6TWB3DNwteNC59ik/CzJNJb+9BuWAeGZEPnU5Euu/iIDDizZsNSZQDU7j1HIUh3lJ4MQm1uNIpUUxVtvh06/FuRePoJsytZDo9r8UKcOkfmUxOlgq4ILxmdrOeqO0ivoiBVha7OC/SJv19XTbClM5bcEuFERqEYUkO7hndhbDP5mezKoMnhvWFouRcOlXd32mMMkU7N3xHLVW4N7rymoL+ernLfIvAwsq7DNtVkfeXGl5O77fsNC7OqJaMPnVxWYGxF/JDJU3FZiErw6dajh0/ZbDJ8rNsewFTlK/J8yShaLN15j62omM21F5YfbnuPpKqw==;
c=nofws; q=dns; d=4elges.de; s=se; h=from:date:to:message-id:subject:cc;
Received: from [94.31.99.233] by 4elges.de with HTTP;
Wed, 16 Sep 2020 22:26:41 +0200
From: Swen Elges <swen@4elges.de>
Date: Wed, 16 Sep 2020 22:26:41 +0200
X-Mailer: Axigen WebMail
To: check-auth@verifier.port25.com
Reply-To: Swen Elges <swen@4elges.de>
Message-ID: <1600288001249049209@4elges.de>
Subject: ein test
Importance: Normal
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="===axigen=7252792051304167898145226003579104658743=axigen==="
Received-SPF:
X-AXIGEN-SPF-Result: Ok
X-AXIGEN-DK-Result: Ok
DomainKey-Status: good
X-AXIGEN-DKIM-Result: Ok
DKIM-Status: good
X-AxigenSpam-Level: 4
X-Axi-Text-Appender: EqszDo8sN6AWzFdnGDPh4210PMKBVGF6MO7pxEAYF/kL16QiwCbhLhkLGEt+Pas3Y8XMGlF8T7ZbjEjheVR/W6Pmxg7VKIgrBnB2CIQsBT8iKZM6fQ0vNoSb3sIOX8ABloD10eyckWT6XScKm9iWMr4TiAf+YHgSlGTf1aaQcU+xuTvvZ8LFOur3dGyhdFVoY966b3/R1fd6/bcLHCyFsg==
This is a MIME message. You may need a MIME compliant mail user agent.
--===axigen=7252792051304167898145226003579104658743=axigen===
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
richtiger Test
VG
S=E2=80=8B
Email sent using Axigen Free Mail Server:
http://www.axigen.com/mail-server/free
--===axigen=7252792051304167898145226003579104658743=axigen===
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<html><head><style id=3D"axi-htmleditor-style" type=3D"text/css">p { margin=
: 0px; }</style></head><body dir=3D"" style=3D"font-size: 10pt; font-family=
: "Source Sans Pro", sans-serif; background-image: none; backgrou=
nd-repeat: repeat; background-attachment: fixed;">richtiger Test<div>VG</di=
v><div>S=E2=80=8B</div>
<br>
Email sent using Axigen Free Mail Server:<br>http://www.axigen.com/mail-ser=
ver/free</body></html>
--===axigen=7252792051304167898145226003579104658743=axigen===--
and on mail tester i got this:
Der bekannte Spamfilter SpamAssassin. Ergebnis: -0.1.
Ein Ergebnis unter -5 wird als Spam eingestuft.-0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
This rule is automatically applied if your email contains a DKIM signature but other positive rules will also be added if your DKIM signature is valid. See immediately below.
0.001 SPF_HELO_PASS SPF: HELO matches SPF record
0.001 SPF_PASS SPF: sender matches SPF record
Wunderbar! Ihr SPF-Eintrag ist gültig.
-0.01 T_DKIM_INVALID Your DKIM signature is not valid
Seems like my DKIM is still not correct.