DKIM fail if WHM adds Message-ID, should be Message-Id
I created a client library to send emails for a webapp.
After connecting to the SMTP server with credential setup in CPANEL, and then do NOT add Message-Id header, the DKIM signature 'h' record created by dovecot/WHM is wrong, and a Message-ID (with a capital D) header is added, invalidating the generated DKIM signature value.
This causes outlook, yahoo, gmail and other email recipients to add 'dkim:fail' to the message, and thus relegate it to junk or spam.
The work around is to add to the message a Message-Id with a little 'd' header. Then the SMTP server processes the email with the correct generated DKIM, correct DKIM 'h' record and does not add a Message-ID header.
My SMTP hosting providers that run the WHM/dovecot/CPANEL software are refusing to raise this as a bug and have requested that I do it.
Regards
Robert
On 12-10-2020 10:16, Robert Martin wrote:
I created a client library to send emails for a webapp.
After connecting to the SMTP server with credential setup in CPANEL, and then do NOT add Message-Id header, the DKIM signature 'h' record created by dovecot/WHM is wrong, and a Message-ID (with a capital D) header is added, invalidating the generated DKIM signature value.
This causes outlook, yahoo, gmail and other email recipients to add 'dkim:fail' to the message, and thus relegate it to junk or spam.
The work around is to add to the message a Message-Id with a little ‘d’ header. Then the SMTP server processes the email with the correct generated DKIM, correct DKIM ‘h’ record and does not add a Message-ID header.
My SMTP hosting providers that run the WHM/dovecot/CPANEL software are refusing to raise this as a bug and have requested that I do it.
Hi Robert,
Dovecot does not add DKIM headers, Dovecot doesn't even send email. Aside from that:
The RFC states that "Message-ID" is the actual spelling: https://tools.ietf.org/html/rfc5322#section-3.6.4
The DKIM signer implementation in CPANEL/WHM seems to do the right thing: It adds a Message-ID header if it's missing, and creates a DKIM signature. It seems unlikely that the CPANEL/WHM DKIM implementation generates invalid DKIM signatures for all Message-ID headers it generates, as lots of people would have issues with that.
It's unclear from your inital message what's wrong with the generated DKIM signature, and it's also unclear where the "Message-Id" header (with lowercase 'd') comes from. Could you please explain? Can you show full headers for a message with the broken DKIM and all the relevant headers?
Kind regards,
Tom
On 12 Oct 2020, at 03:06, Tom Hendrikx <tom@whyscream.net> wrote:
On 12-10-2020 10:16, Robert Martin wrote:
I created a client library to send emails for a webapp.
After connecting to the SMTP server with credential setup in CPANEL, and then do NOT add Message-Id header, the DKIM signature 'h' record created by dovecot/WHM is wrong, and a Message-ID (with a capital D) header is added, invalidating the generated DKIM signature value.
This causes outlook, yahoo, gmail and other email recipients to add 'dkim:fail' to the message, and thus relegate it to junk or spam.
The work around is to add to the message a Message-Id with a little ‘d’ header. Then the SMTP server processes the email with the correct generated DKIM, correct DKIM ‘h’ record and does not add a Message-ID header.
My SMTP hosting providers that run the WHM/dovecot/CPANEL software are refusing to raise this as a bug and have requested that I do it.
Hi Robert,
Dovecot does not add DKIM headers, Dovecot doesn't even send email. Aside from that:
- The RFC states that "Message-ID" is the actual spelling: https://tools.ietf.org/html/rfc5322#section-3.6.4
The RFC (5322) states that the headers are not case sensitive:
"This specification uses the Augmented Backus-Naur Form (ABNF) notation for the formal definitions of the syntax of messages. "
RFC 5234 NOTE:
ABNF strings are case insensitive and the character set for these
strings is US-ASCII.
So message-id:, MessAGE-iD:, and Message-Id: are all valid.
-- Penny! *Everything* is better with BlueTooth
On 12-10-2020 19:16, Robert Martin wrote:
I created a client library to send emails for a webapp.
After connecting to the SMTP server with credential setup in CPANEL, and then do NOT add Message-Id header, the DKIM signature 'h' record created by dovecot/WHM is wrong, and a Message-ID (with a capital D) header is added, invalidating the generated DKIM signature value.
This causes outlook, yahoo, gmail and other email recipients to add 'dkim:fail' to the message, and thus relegate it to junk or spam.
The work around is to add to the message a Message-Id with a little 'd' header. Then the SMTP server processes the email with the correct generated DKIM, correct DKIM 'h' record and does not add a Message-ID header.
My SMTP hosting providers that run the WHM/dovecot/CPANEL software are refusing to raise this as a bug and have requested that I do it.
Hardly a bug imo. Best to add the Message-Id header from your library and this will become a non-issue. There are certain filters who don't quite like emails without message-id header, or incorrectly formatting ones because this is an usual fingerprint of a broken client / spam bot, this is why your provider is adding that header.
-- Adi Pircalabu
participants (4)
-
@lbutlr
-
Adi Pircalabu
-
Robert Martin
-
Tom Hendrikx