Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio DKIM signature in outgoing mail fails SpamAssassin T_DKIM_INVALID rule
  •  
TuKerMaN

Messages: 5
Karma: 0
Send a private message to this user
Tested in Kerio Connect 9.2.3 and 9.2.5 p3, several domains (all using the same 1024 bit key). The test where done in several online and mail checkers, and sent through Outlook 2013, Kerio Connect (webmail), Firebird...

Original message as seen in Kerio Connect sents:

Date: Wed, 11 Oct 2017 16:43:47 -0300
Subject: Testing DKIM Signature
X-Mailer: Kerio Connect 9.2.5 patch 3/Kerio Connect Client
X-User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101
Firefox/52.0
Message-ID: <7566235-2872<_at_>mail.host-media.com.ar>
From: Martin Rozanski <tukerman<_at_>tukerman.com.ar>
To: FLPpTuiQqsCgzj@dkimvalidator.com, mailtest<_at_>unlocktheinbox.com,
84799@SpamScoreChecker.com, ins-x2h3igwc<_at_>isnotspam.com
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-FHZS0InOUT1h3fhwtm+S"

--=-FHZS0InOUT1h3fhwtm+S
Content-Type: text/plain; charset="utf-8"



--=-FHZS0InOUT1h3fhwtm+S
Content-Type: text/html; charset="utf-8"

<html><head></head><body><br></body></html>
--=-FHZS0InOUT1h3fhwtm+S--


Unlock The Inbox response: (www . unlocktheinbox . com)

Publication: RFC 6376 DKIM Validation Check
Signature Found: Yes
SmarterMail DKIM Test: Passed
MailBee.NET DKIM Test: Passed
LimiLabs DKIM Test: Passed
SpamAssassin DKIM Test: Failed - Bad Signature

Publication: RFC 6376 DKIM Signature Additional Information
Version: v=1
Key Algorithm: a=rsa-sha256
Canonicalization: c=simple/simple
Domain Name: d=tukerman.com.ar
Selector: s=mail
Signed Headers: h=from:subject:date:message-id:to:mime-version:content-type
Body Hash: bh=U6zAeLyJYQm/gKrk5e+xEUWY+1CpnS/MWbNJf6uXLpA=
Signature Data: b=Y3Iy7HWt99qKzmyZ/2HC8QM5EZL2sKWH4OMmfogrWzNqolTNSWXLSiJwXv SE1agFWvS9PBl5lONYD
56DcCn7eGRimupLCF8XFd6vU3hcf9trEEc7f/nnWfvqFGz3jrA+2SG7IphDo v6WfvMyzMfYcvGv/A7
rFlG5J6vMFWdKtSQ=

Public DKIM Key
Selector Location: mail._domainkey.tukerman.com.ar
DNS Record Found: Yes
Record Syntax: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6UfYzXzWNG8 eiR/vk4xtksLDSPWT36iRIKMBsbc7XcEP8L6B/vXqHXh+3/M6fPb288H/IH6 zSly8N2aREWgFPm31GOqMhc5Mn7Dgd/WHVeNgL1gPVNfCHmbqhyIkpQkE9xI sGqZG8vwmhySN5iSxbzYPp4yl187GqaGN/Q8D7+wIDAQAB
Key Size: 1024 bits
Record Length: 226 bytes

Spam Assassian Results
Content analysis details: (You scored -2.3 points, 5.0 or higher is considered to be spam)
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at www . dnswl . org, medium trust [200.42.89.132 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.1066]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid



DKIM Validator: (dkimvalidator . com)

Original message:
Received: from mail.host-media.com.ar (mail.host-media.com.ar [200.42.89.132])
by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id C39962003F1
for <FLPpTuiQqsCgzj<_at_>dkimvalidator.com>; Wed, 11 Oct 2017 19:43:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=tukerman.com.ar; s=mail;
h=from:subject:date:message-id:to:mime-version:content-type;
bh=U6zAeLyJYQm/gKrk5e+xEUWY+1CpnS/MWbNJf6uXLpA=;
b=Y3Iy7HWt99qKzmyZ/2HC8QM5EZL2sKWH4OMmfogrWzNqolTNSWXLSiJwXv SE1agFWvS9PBl5lONYD
56DcCn7eGRimupLCF8XFd6vU3hcf9trEEc7f/nnWfvqFGz3jrA+2SG7IphDo v6WfvMyzMfYcvGv/A7
rFlG5J6vMFWdKtSQ=
X-Footer: dHVrZXJtYW4uY29tLmFy
Received: from localhost ([127.0.0.1])
by mail.host-media.com.ar (Kerio Connect 9.2.5 patch 3) with ESMTPSA
for FLPpTuiQqsCgzj<_at_>dkimvalidator.com;
Wed, 11 Oct 2017 16:43:47 -0300
Date: Wed, 11 Oct 2017 16:43:47 -0300
Subject: Testing DKIM Signature
X-Mailer: Kerio Connect 9.2.5 patch 3/Kerio Connect Client
X-User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101
Firefox/52.0
Message-ID: <7566235-2872<_at_>mail.host-media.com.ar>
From: Martin Rozanski <tukerman<_at_>tukerman.com.ar>
To: FLPpTuiQqsCgzj@dkimvalidator.com, mailtest<_at_>unlocktheinbox.com,
84799@SpamScoreChecker.com, ins-x2h3igwc<_at_>isnotspam.com
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-FHZS0InOUT1h3fhwtm+S"

--=-FHZS0InOUT1h3fhwtm+S
Content-Type: text/plain; charset="utf-8"



--=-FHZS0InOUT1h3fhwtm+S
Content-Type: text/html; charset="utf-8"

<html><head></head><body><br></body></html>
--=-FHZS0InOUT1h3fhwtm+S--


DKIM Information:

DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=tukerman.com.ar; s=mail;
h=from:subject:date:message-id:to:mime-version:content-type;
bh=U6zAeLyJYQm/gKrk5e+xEUWY+1CpnS/MWbNJf6uXLpA=;
b=Y3Iy7HWt99qKzmyZ/2HC8QM5EZL2sKWH4OMmfogrWzNqolTNSWXLSiJwXv SE1agFWvS9PBl5lONYD
56DcCn7eGRimupLCF8XFd6vU3hcf9trEEc7f/nnWfvqFGz3jrA+2SG7IphDo v6WfvMyzMfYcvGv/A7
rFlG5J6vMFWdKtSQ=


Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: simple/simple
d= Domain: tukerman.com.ar
s= Selector: mail
q= Protocol:
bh= U6zAeLyJYQm/gKrk5e+xEUWY+1CpnS/MWbNJf6uXLpA=
h= Signed Headers: from:subject:date:message-id:to:mime-version:content-type
b= Data: Y3Iy7HWt99qKzmyZ/2HC8QM5EZL2sKWH4OMmfogrWzNqolTNSWXLSiJwXvSE 1agFWvS9PBl5lONYD
56DcCn7eGRimupLCF8XFd6vU3hcf9trEEc7f/nnWfvqFGz3jrA+2SG7IphDo v6WfvMyzMfYcvGv/A7
rFlG5J6vMFWdKtSQ=
Public Key DNS Lookup

Building DNS Query for mail._domainkey.tukerman.com.ar
Retrieved this publickey from DNS: v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6UfYzXzWNG8 eiR/vk4xtksLDSPWT36iRIKMBsbc7XcEP8L6B/vXqHXh+3/M6fPb288H/IH6 zSly8N2aREWgFPm31GOqMhc5Mn7Dgd/WHVeNgL1gPVNfCHmbqhyIkpQkE9xI sGqZG8vwmhySN5iSxbzYPp4yl187GqaGN/Q8D7+wIDAQAB
Validating Signature

result = pass


SpamAssassin:
SpamAssassin Score: -0.388
Message is NOT marked as spam
Points breakdown:
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at www . dnswl . org, medium trust [200.42.89.132 listed in list.dnswl.org]
1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all mail and suggests discarding the rest
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 TVD_SPACE_RATIO No description available.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid



Spam Score Checker (spamscorechecker . com)

SpamAssassin Rules Broken
* 1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all mail and [score:
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid


Postmark Spam Check (spamcheck . postmarkapp . com)

pts rule name description
---- ---------------------- --------------------------------------------------
1.8 DKIM_ADSP_DISCARD No valid author signature, domain signs all mail
and suggests discarding the rest

-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at www . dnswl . org, medium
trust
[200.42.89.132 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 TVD_SPACE_RATIO TVD_SPACE_RATIO
0.0 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image




What can be wrong? Other DKIM checkers/validators shows "passed", only SpamAssassin "T_DKIM_INVALID" rule fails. I'm not sure it's an SpamAssassin problem because sending mails for this domain, with the same private/public keys but from another MTA different from Kerio's one goes OK, but I can't find anything different between the signatures created except Kerio fragment the "b=" field in 3 lines, and the other MTA sends it as one entire line.

Example in Kerio:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=tukerman.com.ar; s=mail;
h=from:subject:date:message-id:to:mime-version:content-type;
bh=U6zAeLyJYQm/gKrk5e+xEUWY+1CpnS/MWbNJf6uXLpA=;
b=Y3Iy7HWt99qKzmyZ/2HC8QM5EZL2sKWH4OMmfogrWzNqolTNSWXLSiJwXv SE1agFWvS9PBl5lONYD
56DcCn7eGRimupLCF8XFd6vU3hcf9trEEc7f/nnWfvqFGz3jrA+2SG7IphDo v6WfvMyzMfYcvGv/A7
rFlG5J6vMFWdKtSQ=


Example in Exchange with DKIM plug-in:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=tukerman.com.ar; s=mail;
h=from:subject:date:message-id:to:mime-version:content-type;
bh=U6zAeLyJYQm/gKrk5e+xEUWY+1CpnS/MWbNJf6uXLpA=;
b=Y3Iy7HWt99qKzmyZ/2HC8QM5EZL2sKWH4OMmfogrWzNqolTNSWXLSiJwXv SE1agFWvS9PBl5lONYD56DcCn7eGRimupLCF8XFd6vU3hcf9trEEc7f/nnWf vqFGz3jrA+2SG7IphDov6WfvMyzMfYcvGv/A7rFlG5J6vMFWdKtSQ=
  •  
rigo

Messages: 123
Karma: -3
Send a private message to this user
Is this a new DMIM setup, if so I remember DNS could not handle long key and ended up using short key. If so there is a file associated in Kerio that holds key, just cut-n-paste new short key, restart server.
Also had another domain bark at key, also a DNS issue and ended deleting DNS record (modifying did not do it) and that got it going.
  •  
TuKerMaN

Messages: 5
Karma: 0
Send a private message to this user
DKIM is setup correctly, and correctly validated by major providers (Google, MS, Yahoo, etc). The problem arises with mail servers using SpamAssassin as SPAM filters. SA does not validates the DKIM signature Kerio is doing, and this adds SPAM score.

Don't know if it's a Kerio or SA bug. Kerio Connect signatures get validated everywhere except with SA, and SA validates another signatures (ex. Exchange w/ DKIM plugin) correctly but not Kerio's ones, at least with my setup Sad
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
I have tested with www.unlocktheinbox.com as you did, but my results with Kerio Connect are positive:

Quote:
Spam Assassian Results
Content analysis details: (You scored -1.6 points, 5.0 or higher is considered to be spam)

Pts Rule Name Description

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME

0.0 HTML_MESSAGE BODY: HTML included in message

-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%

[score: 0.0000]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain


So it seems that your DKIM setup is different.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Greylisting broken?
Next Topic: Foreign Calendar Names changeable
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 10:22:30 CEST 2017

Total time taken to generate the page: 0.00421 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.