DKIM=fail

Vitos

New Member
May 18, 2022
4
0
1
Hi,
they use a working DNS record and DKIM keys that were used under ScrollOUT F1 (everything works in ScrollOUT), and in PMG I get DKIM =fail. I tried different options, generated new keys. always the result is one DKIM=fail.

test send mail to gmail.com:
telnet ip 26 - Proxmox PMG - Fortigate - internet - gmail.com

dig +short txt dkim._domainkey
"v=DKIM1; p= MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEcGpbxzJSsB44qzSlKA2r9kU/ SLNNmpPhflwwr/YIbukrnSCpZSWgBWJhnG2SxHia3hyJfAkflFFWg5tVr3Md3yy4 5vGOGKB5X11iPsPDmYD0Gdp1dxoPbazQhGxfhcN3kH1hL1/94wsBisAzFQ+3Orko umrPjhCTCFhMETriLQIDAQAB"

pmgsh get /config/dkim/selector
200 OK
{
"keysize" : 1024,
"record" : "dkim._domainkey\tIN\tTXT\t( \"v=DKIM1; h=sha256; k=rsa; \"\n\t \"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEcGpbxzJSsB44qzSlKA2r9kU/SLNNmpPhflwwr/YIbukrnSCpZSWgBWJhnG2SxHia3hyJfAkflFFWg5tVr3Md3yy45vGOGKB5X11iPsPDmYD0Gdp1dxoPbazQhGxfhcN3kH1hL1/94wsBisAzFQ+3OrkoumrPjhCTCFhMETriLQIDAQAB\" ) ; ----- DKIM key dkim",
"selector" : "dkim"
}

Delivered-To: @gmail.com
Received: by 2002:a05:612c:71f:b0:2ab:412b:e002 with SMTP id ft31csp500797vqb;
Wed, 18 May 2022 04:44:46 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw13z3iZUTDScc/jtEFrxwi6dj9Ehz/BakOcA/ZfdlGyQhLHPPxhnV1A3zqxgXwyW48lcmv
X-Received: by 2002:a2e:b744:0:b0:253:c8da:746 with SMTP id k4-20020a2eb744000000b00253c8da0746mr2010585ljo.401.1652874286563;
Wed, 18 May 2022 04:44:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652874286; cv=none;
d=google.com; s=arc-20160816;
b=Sf8iGt/YAUn4RsJNCAcA1xsBibZuKXJaLJSVff2nThkb9d8UVkKqovxSNU0aDaQmKy
pqlTa4MssUA0vbv2u+aK4mg2CQOfnMIEuC5TE4pf1thaC7soRakPaf2Hg1utwU85ldIY
yL2+wHjtz/tMGlOVYltH0i9i19VTOWQYT6cCN42Ar1/VEVOmrF1gt8y0Ic5b30gTrpMF
E6cGIBLrH1GS4rPrz7beHA5z1/ywd7auUplMuOER5HmF7mruU/qbWJizulSaVs1mWar3
+kLRFakvq0sPKcBVV6yVlTtsqRAtZ5FjiiCHtY7J0/hT7wGv5kCi+oektTl0lfIT+74I
0DoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=from:date:message-id:dkim-signature;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=mUSrvHvefBzeqY8az0r4scKYnG+EHsPl26/tomJtJQzKAZgxRvS32eYxJmPykII8El
e7luIHyLfn72phkLcozMMFDZE0YAR/1I+ir92HVGDBiAnGyMKsyINsSlryRvAMw4BG6r
xRNu5dzyfBT81ahFyoBzDxcg6OeNyBJAluQyfl9GvFCE2z5D8q+NBMcHrOrHVGfT+hGl
qHpYDTKvnbYrmaFha6kzO0NVpzMakAr1ldhmZj/pfU1o92Qx1p0CX0Fv4kx5mrcleeyW
r+AsjUOyJ8kJYuXWXuR0NqYmMkh0KNiRpfGppDCHeZypTnFA98nSx4dOZw1PaYMAhfym
slKA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=fail header.i=@mydomain.com header.s=dkim header.b=a1ctMNJo;
spf=pass (google.com: domain of user@mydomain.com designates 6.29.22.12 as permitted sender) smtp.mailfrom=user@mydomain.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mydomain.com
Return-Path: <user@mydomain.com>
Received: from mail.mydomain.com (mail.mydomain.com. [6.29.22.12])
by mx.google.com with ESMTP id o25-20020ac24e99000000b004724d727094si1413533lfr.303.2022.05.18.04.44.46
for <@gmail.com>;
Wed, 18 May 2022 04:44:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of user@mydomain.com designates 6.29.22.12 as permitted sender) client-ip=6.29.22.12;
Authentication-Results: mx.google.com;
dkim=fail header.i=@mydomain.com header.s=dkim header.b=a1ctMNJo;
spf=pass (google.com: domain of user@mydomain.com designates 6.29.22.12 as permitted sender) smtp.mailfrom=user@mydomain.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=user@mydomain.com
Received: from SPNX04 (localhost [127.0.0.1]) by mail.mydomain.com (Proxmox) with ESMTP id 3D8F2141A54 for <user@mydomain.com>; Wed, 18 May 2022 14:44:46 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com;
h=cc:from:reply-to:subject:to; s=dkim; bh=g3zLYH4xKxcPrHOD18z9Y fpQcnk/GaJedfustWU5uGs=; b=a1ctMNJoNFYQNPtXKbSXWuC2w4ri97oRg1kLl iQPh/pQl2f0aLd6gXE5C5rNh/fcD6m9gk2c1qTyyy2db4vd+k2vcyCyUq5BLeIJA BciZoRKCOBN/ovfWLBrqIR7df/LwPGtBx8Vj/HGUl0YtqSjozY9T3EPi89O9SrQH mj845E=
Received: from admin.local (IT01.BURG.local [10.10.31.231]) by mail.mydomain.com (Proxmox) with ESMTP id 2F391141A47 for <@gmail.com>; Wed, 18 May 2022 14:44:29 +0300 (MSK)
Message-Id: <20220518114446.3D8F2141A54@mail.mydomain.com>
Date: Wed, 18 May 2022 14:44:46 +0300 (MSK)
From: user@mydomain.com

test
 
elnet ip 26 - Proxmox PMG - Fortigate - internet - gmail.com
could it be that the fortinet modifies the mail in any way? (we had a few such cases here in the forum)?
 
could it be that the fortinet modifies the mail in any way? (we had a few such cases here in the forum)?
I've already thought about this topic, but then how does Scrollout F1 work without any problems, according to the same scheme?
 
I've already thought about this topic, but then how does Scrollout F1 work without any problems, according to the same scheme?
see the point there .. (sorry overread that part ).

it's a bit difficult with a semianonymized report and headers to see where the issue is or could be
gmail supposedly provides a bit more info in the user-interface about what failed regarding the dkim config

else you could compare the dkim-signature of a mail through pmg and the same one through scrollout - maybe you see the difference
 
see the point there .. (sorry overread that part ).

it's a bit difficult with a semianonymized report and headers to see where the issue is or could be
gmail supposedly provides a bit more info in the user-interface about what failed regarding the dkim config

else you could compare the dkim-signature of a mail through pmg and the same one through scrollout - maybe you see the difference

ScrollOUT F1:

Delivered-To: @gmail.com
Received: by 2002:a05:612c:71f:b0:2ab:412b:e002 with SMTP id ft31csp568321vqb;
Wed, 18 May 2022 06:13:07 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyUsd/fKpfmEdGBq3kD2vLJC7+T9pVMyDaj5Kss+LbTWvbQUvGEFJON6LJ62hhl+7V4RRdp
X-Received: by 2002:a19:4f55:0:b0:472:1f2b:6d12 with SMTP id a21-20020a194f55000000b004721f2b6d12mr19943804lfk.388.1652879587158;
Wed, 18 May 2022 06:13:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652879587; cv=none;
d=google.com; s=arc-20160816;
b=ksgJGVtTtcTQw1u8tcGvMhGDA5L8gty+e8UzvWGLXh1xTM68/gFObbY92WpPKU9svs
Ty8+NUscJmZlFOXJg5Tngm4Tqk0KBRXrKQBp4KSAFlzmxNDKoQQ+zeyRVUbiJv5v7wtP
BPcmYoEySro3yMpqok7ePtFA+ip9BGGIBkA0QHmSzTNRpgpfhXA2eoM39fkkdjIqYdLI
MkEcR1bIdmpzRtYKuu5tq46oAPq6lERpUnKFQxP71vwkwI8Gdk2ThHoMH/oveNUiZMWj
Fi6wJKFk0Xl5kP3NAkB6cwCBjnbjimB30X1gNMtTkPQieczNdGPTC+Hn6rKMYfQrxHXq
PXqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=mime-version:content-language:accept-language:message-id:date
:return-receipt-to:disposition-notification-to:thread-index
:thread-topic:subject:to:from:dkim-signature;
bh=dpypWiiuQd9/QxUk5paWJy52POOg5nmGdQVYq5gUO/4=;
b=PyBHNz2YEkLwQJAeuPixrvPDuZ5lbgmDxot6L/j5c5zfWvL58NrJe4W4tV9VeqDZ2r
wp8ouef+BNHCuwnZfPQBJkMDl64gH+1TJ5GlkQts2XD1BiGvjx/8hncSp6u4Qb16ICrJ
KwWkf/9bjUJLOP25c3qX/E/cKzWWaVZL7mo7GFc5Juv5jGW6TcHRw6xmypZ2/Wwwh+aL
WUEz0H+3wIbdULaM6g1DiqhFnU++rDf5Lpmr2D8ucJKkqYlxbKbAODMCdVhismpeCmDd
iVfo9AQX1sRnT2iBrPzlm38hXQVC+6otObSGqqCxWXC4cDI20PrpdycL7eOCj/8peMGr
XXbw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@mydomain.com header.s=dkim header.b=roGxvJ+b;
spf=pass (google.com: domain of user@mydomain.com designates 6.29.22.12 as permitted sender) smtp.mailfrom=user@mydomain.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mydomain.com
Return-Path: <user@mydomain.com>
Received: from mail.mydomain.com (mail.mydomain.com. [6.29.22.12])
by mx.google.com with ESMTPS id m25-20020ac24ad9000000b00477a840b483si1630439lfp.588.2022.05.18.06.13.06
for <user@mydomain.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
Wed, 18 May 2022 06:13:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of user@mydomain.com designates 6.29.22.12 as permitted sender) client-ip=6.29.22.12;
Authentication-Results: mx.google.com;
dkim=pass header.i=@mydomain.com header.s=dkim header.b=roGxvJ+b;
spf=pass (google.com: domain of user@mydomain.com designates 6.29.22.12 as permitted sender) smtp.mailfrom=user@mydomain.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mydomain.com
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.mydomain.com (Postfix) with ESMTP id 4L3D1t73fnzwQ0k for <@gmail.com>; Wed, 18 May 2022 16:13:06 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com;
h=mime-version:content-type:content-type:content-language :accept-language:message-id:date:date:subject:subject:from:from :received:received:received; s=dkim; t=1652879574; x=1654693975;
bh=dpypWiiuQd9/QxUk5paWJy52POOg5nmGdQVYq5gUO/4=; b=roGxvJ+bSNpB wS6gG/C3+XLSQ/ZnmoGxfn+cpJOLgePtWXuiGqgIxj2s0r7gW9HQuxy0Z6NJCAxC Z4i4MzUOEgKcHyyPxyPR55oENksGYpIfxQigTz8PVHazNtsw7EJgJvYAcMjZ4zS1 DhWo4yI+jJIYo9JQuSFF7F4ydhHVvWg=
X-Amavis-Modified: Mail body modified (using disclaimer) - mail.mydomain.com
X-Virus-Scanned: Scrollout F1 at mydomain.com
Received: from mail.mydomain.com ([127.0.0.1]) by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id mDFs57_7YhtH for <@gmail.com>; Wed, 18 May 2022 16:12:54 +0300 (MSK)
Received: from MAIL00.ADMIN.local (unknown [10.1.1.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: user@mydomain.com) by mail.mydomain.com (Postfix) with ESMTPSA id 4L3D1f2qXxzwPS0 for <@gmail.com>; Wed, 18 May 2022 16:12:54 +0300 (MSK)
Received: from MAIL01.ADMIN.local ([fe80::b507:bffc:fb26:4327]) by MAIL00.ADMIN.local ([::1]) with mapi id 14.03.0439.000; Wed, 18 May 2022 16:12:51 +0300
From: "user@mydomain.com" <user@mydomain.com>
To: "'@gmail.com'" <@gmail.com>
Subject: test
Thread-Topic: test
Thread-Index: AdhquPnlEGoN9D9AQjuHYRseIXSQFw==
Disposition-Notification-To: "user@mydomain.com" <user@mydomain.com>
Return-Receipt-To: <user@mydomain.com>
Date: Wed, 18 May 2022 13:12:51 +0000
Message-ID: <BB872051D9B19141B3B1FD2AC2766C7C3B3B641F@MAIL01.ADMIN.local>
Accept-Language: ru-RU, en-US
Content-Language: ru-RU
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.31.31]
Content-Type: multipart/alternative; boundary="_000_BB872051D9B19141B3B1FD2AC2766C7C3B3B641FSPMAIL01ADMINlo_"
MIME-Version: 1.0
 
ScrollOUT F1:
thanks - but with all the anonymizing it does not really help me at all - it's not like I could run the mail through some test and see what your private key would make out of it..

I suggested that you compare the mails with a diffing tool on your machines - where you have the information ready..
 
thanks - but with all the anonymizing it does not really help me at all - it's not like I could run the mail through some test and see what your private key would make out of it..

I suggested that you compare the mails with a diffing tool on your machines - where you have the information ready..
I looked at it from different angles, I don't see it, so I decided to write here.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!