When it fails it says dkim=fail (body hash did not verify) They have a valid SPF record also setup and every email through the testing procedure seems to pass on the SPF checks without any failures. There is no DMARC record setup yet, but as far as I can see this is the next step after we have got DKIM working correctly.
HiWe have a client who has just had a DKIM domainkey setup for them. Unfortunately some emails are not getting through to the end users (especially if using Mimecast mail servers).
We have been doing some testing and have found that:
Emails that do not have an attached file - it pass the DKIM checks.
If emails have attached documents, they seem to pass OK as well.
If emails have got an attached email that was originally from the sender, it passes OK
If an email has an attached email from a third party (that has originally been changed with DKIM) it fails the DKIM test on our/the recipients servers. This has happened to us and we use exchange online servers.
When it fails it says dkim=fail (body hash did not verify)
They have a valid SPF record also setup and every email through the testing procedure seems to pass on the SPF checks without any failures.
There is no DMARC record setup yet, but as far as I can see this is the next step after we have got DKIM working correctly.
Unfortunately our client who is having this problem quite often forward a lot of emails during their working day so need this resolving.
Any help would be appreciated.
We're sending out e-mails with EXIM 4.71 from a PHP application. DKIM is enabled and is working properly, unless when sending a specific type of mails, which results in dkim=neutral (body hash did not verify).
The type of e-mail which fails contains a message entered via a HTML form on the site, and other mails sent from this application are fine. I have been suspecting mixed line endings to be the culprit, but haven't been able to improve the situation by normalizing line endings.
Is EXIM performing some cleanup after it creates the DKIM hash?
Any ideas?
Oscar
OscarOscar
1 Answer
This was very odd, but the following seems to be true:
This does not work, resulting in DKIM body hash fail
But this works as it should
Not the space before the last [LF].
OscarOscar