DKIM_INVALID and T_DKIM - DKIM signature not valid

Support Spam & Virus Protection
1

Hello Support,

let me first tell you that i really love your software. I am using it for my personal usage and i love it. I see also throughout the years massive improvements. Great job!

Now to my problem:

  • running on a VPS with Centos 8.x
  • Axigen version: 10.3.2.12

I have a problem reaching and not able to reach maximum spam score. This is leading for some providers (Exchange) to a delayes delivery (my emails are delivered constantly 50 minutes later) up to not being delivered at all. This is only with company Exchanges. Sending emails to gmx, gmail is delivered instant. The problem appeared since i configured DKIM.

Heres my config:

  • in /var/opt/axigen i have 2 files (dkim.privkey.4elges_de.pem and dkim.pubkey.4elges_de.pem)

  • in my DNS (hosted at contabo) i created this entry
    se._domainkey.4elges.de 86400 TXT 0 v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPeTdFi2fQ7a7ZnmQ8yP0qnx5P/+YOSqgaHOjDKRBJDkIYcfDlINUZ7tsYLHi1SVsAlg2NxrC4K5v+mLGiPjHlQecydUlDoKarhpPfSvkYfCuA8+9eSgjpb00Ts2wkUZDq9OC06C8/UQGBmkwC1iOXTeBVcI4IoPocqy+OGk44cR7cP/q/CcSjQg8NG0wZggm7FxPhaAYnwfn2Rhvoco7j7pET1jUhGoz//07e1NCeUapXTjm6heOM3AZspaAdQsSM+xhZxc/S1k7CYdWAcc3UQNQAc0filOA3fSOzXYAIN/L8aouWRYLpSVH4oGqqGT1gtyBQzMMxnJ9Cs+Aqra4wIDAQAB
    (tried with ending “;” and without - no difference)

  • Webadmin settings are Advanced Acceptance / Routing Rules

  • Rule “DomainSign-4elges_de” (ALL incoming, sender domain is “4elges.de” with authenticated checked, DK Selecter se, DKIM Selector se, DK Key Path dkim.privkey.4elges_de.pem, DKIM Key Path dkim.privkey.4elges_de.pem, Sign Domain Key, Sign DKIM

What is wrong in my config and why i am getting the DKIM_SIGNED shown as invalid?

Appreciate your help!

Best
Swen

  • testing emails got this result

    SpamAssassin check details:

    SpamAssassin v3.4.0 (2014-02-07)
    Result: ham (-2.0 points, 5.0 required)
    pts rule name description

    -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
    [score: 0.0000]
    0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    See
    -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
    -0.0 SPF_PASS SPF: sender matches SPF record
    0.0 HTML_MESSAGE BODY: HTML included in message
    -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author’s
    domain
    -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
    0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

and on mail tester i got this:

Der bekannte Spamfilter SpamAssassin. Ergebnis: -0.1.
Ein Ergebnis unter -5 wird als Spam eingestuft.

-0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
This rule is automatically applied if your email contains a DKIM signature but other positive rules will also be added if your DKIM signature is valid. See immediately below.
0.001 SPF_HELO_PASS SPF: HELO matches SPF record
0.001 SPF_PASS SPF: sender matches SPF record
Wunderbar! Ihr SPF-Eintrag ist gültig.
-0.01 T_DKIM_INVALID Your DKIM signature is not valid

2

Funny. Checked your DKIM key on 2 sites, both report it as valid.
any issues with the way you set things in axigen either.

Would you mind sending me an e-mail from that server?
info (a) keerl-it dot com

3

email sent. Thanks Jeroen for helping me.

4

Hiya, kein Problem!

So, here’s what my Axigen server thinks:

DomainKey-Status: good
DKIM-Status: good
X-Axi-Text-Appender: cg4XSnwcT3fST+wYtfGRuXynaV+Gds6UQODXuyM2hk1qmY3WUZrB4bDC8v5UiKbuEZkSk7uak72CUfna5eXUvlucUFJjOhWfC3TlsMYUZaCq3Ig51+R1Ld63VWgKw8D+BfaI16r/wQoSlnmG9Af1XJqCGsJoemyupJ8EsvBF6ZYSrlkaklchpnkK368bsxsTFSN3Cufaj4IOf2wkl4P2kg==
X-AXIGEN-DK-Result: Ok
X-AXIGEN-DKIM-Result: Ok
X-CTCH-RefID: str=0001.0A782F15.5F661FF7.003B,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-CTCH-Flags: 0
X-AxigenVirus-Level: 1
X-CTCH-AV-ThreatsCount: 0
X-CTCH-VOD: Unknown
X-AxigenSpam-Level: 3
X-CTCH-Spam: Unknown

I don’t see any issues.
These Exchange users, are they hosted at Microsoft 365 / Exchange / Outlook Online?
I had my fun with them, due to my IP having been misused as a spam sender, way before I got it.

5

hello @swen
Some times there is rules in Antispam of recipient point. It checkes many factors that depends on your DNS servers and theirs.
When you send an email to GMail, click on the top right 3 dots and click on ‘Show original’ and check the situation of SPF, DKIM, DMARC.
they must be PASS.
The best spam score is -1 (you can check with dkimvalidator.com)
and if they still recive emails with delay I assure you its because of their antispam and DNS servers.