DKIM: bad rsa signature

[geqo]

I can't send emails because bad rsa signature. Domain arhboy.com
I've tried change certs and change TXT mail._domainkey value, but it did not help.
Here's report

SpoilerShow

============================================================================
This is SPF/DKIM/DMARC/RBL report generated by a test tool provided
by AdminSystem Software Limited.

Any problem, please contact [email protected]
============================================================================
Report-Id: 0a0aeccb
Sender: <[email protected]>
Header-From: <[email protected]>
HELO-Domain: arhboy.com
Source-IP: 93.125.18.70
Validator-Version: 1.08
============================================================================
Original email header:

x-sender: [email protected]
x-receiver: [email protected]
Received: from arhboy.com ([93.125.18.70]) by appmaildev.com with Microsoft SMTPSVC(8.5.9600.16384);
Thu, 1 Aug 2019 18:13:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arhboy.com;
s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version:
Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=; b=ezelE6Os2IAH56j2hyXvZBbJTr
aOiBSyc+6WxsCbuOb285oDlwsj4juj+2EHIRQobF4jG3/Ks2lkvO6HUqh3NmqgK5Q5d0oJuyRiST4
Cbhh8uNjxHoJeC0WjpElmToWvfEMB1AfQnatDQ9KCo0/EwIiS/+Etl5VhAuPEqCVh0EU=;
Received: from root by arhboy.com with local (Exim 4.89)
(envelope-from <[email protected]>)
id 1htFa2-0003Pr-TQ
for [email protected]; Thu, 01 Aug 2019 21:13:34 +0300
Subject: Hello my friend
To: <[email protected]>
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <[email protected]>
From: [email protected]
Date: Thu, 01 Aug 2019 21:13:34 +0300
Return-Path: [email protected]
X-OriginalArrivalTime: 01 Aug 2019 18:13:36.0002 (UTC) FILETIME=[D6009620:01D54894]

============================================================================
SPF: Pass
============================================================================

SPF-Record: v=spf1 ip4:93.125.18.70 ~all
Sender-IP: 93.125.18.70
Sender-Domain-Helo-Domain: arhboy.com

Query TEXT record from DNS server for: arhboy.com
[TXT]: google-site-verification=ifFRVr7RS2iEP5RtRneyCCTKIQdGirNorc4LpGhA2rE
[TXT]: v=spf1 ip4:93.125.18.70 ~all
Parsing SPF record: v=spf1 ip4:93.125.18.70 ~all

Mechanisms: v=spf1

Mechanisms: ip4:93.125.18.70
Testing mechanism ip4:93.125.18.70
Testing CIDR: source=93.125.18.70; 93.125.18.70/128
ip4:93.125.18.70 hit, Qualifier: +

============================================================================
DKIM: fail
============================================================================

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arhboy.com;
s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version:
Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=; b=ezelE6Os2IAH56j2hyXvZBbJTr
aOiBSyc+6WxsCbuOb285oDlwsj4juj+2EHIRQobF4jG3/Ks2lkvO6HUqh3NmqgK5Q5d0oJuyRiST4
Cbhh8uNjxHoJeC0WjpElmToWvfEMB1AfQnatDQ9KCo0/EwIiS/+Etl5VhAuPEqCVh0EU=;
Signed-by: [email protected]
Expected-Body-Hash: qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=
Public-Key: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwjovFWB42Cq+D8jbXtnE7DQCfROOcdxZxiHj8sQCfMIqDFQBOsNJCwKEcoFzibYV5R5yOcLspY8zhkczxoHzuy2UbUIpSun/5bF1MqghG3qpqD0ShtL78SG76IXYoKahiy2B4cepVnVNkLV0zEAYg8m3BVfPizBM/DWG53QiIwwIDAQAB;

DKIM-Result: fail (bad signature)

============================================================================
DMARC: pass
============================================================================

_dmarc.arhboy.com: v=DMARC1; rua=mailto:[email protected]; p=quarantine; pct=90; sp=none
Received-SPF: pass (appmaildev.com: domain of [email protected] designates 93.125.18.70 as permitted sender) client-ip=93.125.18.70
Authentication-Results: appmaildev.com;
dkim=fail header.d=arhboy.com;
spf=pass (appmaildev.com: domain of [email protected] designates 93.125.18.70 as permitted sender) client-ip=93.125.18.70;
dmarc=pass (adkim=r aspf=r p=quarantine) header.from=arhboy.com;

============================================================================
DomainKey: none
============================================================================

DomainKey-Result: none (no signature)
If DKIM result is passed, you can ignore DomainKey result: none

============================================================================
PTR: ExistsRecord
============================================================================

Sender-IP: 93.125.18.70
Query 70.18.125.93.in-addr.arpa
Host: arhboy.com

============================================================================
RBL: NotListed
============================================================================

bl.spamcop.net:Not Listed (OK) - http://bl.spamcop.net
cbl.abuseat.org:Not Listed (OK) - http://cbl.abuseat.org
b.barracudacentral.org:Not Listed (OK) - http://www.barracudacentral.org/rbl/removal-request
dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
http.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
dul.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
misc.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
smtp.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
socks.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
spam.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
web.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
zombie.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
pbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/pbl/
sbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/sbl/
xbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/xbl/
zen.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/zen/
ubl.unsubscore.com:Not Listed (OK) - http://www.lashback.com/blacklist/
rbl.spamlab.com:Not Listed (OK) - http://tools.appriver.com/index.aspx?tool=rbl
dyna.spamrats.com:Not Listed (OK) - http://www.spamrats.com
noptr.spamrats.com:Not Listed (OK) - http://www.spamrats.com
spam.spamrats.com:Not Listed (OK) - http://www.spamrats.com
cbl.anti-spam.org.cn:Not Listed (OK) - http://www.anti-spam.org.cn/?Locale=en_US
cdl.anti-spam.org.cn:Not Listed (OK) - http://www.anti-spam.org.cn/?Locale=en_US
dnsbl.inps.de:Not Listed (OK) - http://dnsbl.inps.de/index.cgi?lang=en
drone.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch
httpbl.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch
korea.services.net:Not Listed (OK) - http://korea.services.net
spamrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch
wormrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch
virbl.bit.nl:Not Listed (OK) - http://virbl.bit.nl
rbl.suresupport.com:Not Listed (OK) - http://suresupport.com/postmaster
dsn.rfc-ignorant.org:Not Listed (OK) - http://www.rfc-ignorant.org/policy-dsn.php
spamguard.leadmon.net:Not Listed (OK) - http://www.leadmon.net/SpamGuard/
dnsbl.tornevall.org:Not Listed (OK) - http://opm.tornevall.org
netblock.pedantic.org:Not Listed (OK) - http://pedantic.org
multi.surbl.org:Not Listed (OK) - http://www.surbl.org
ix.dnsbl.manitu.net:Not Listed (OK) - http://www.dnsbl.manitu.net
tor.dan.me.uk:Not Listed (OK) - http://www.dan.me.uk/dnsbl
rbl.efnetrbl.org:Not Listed (OK) - http://rbl.efnetrbl.org
dnsbl.dronebl.org:Not Listed (OK) - http://www.dronebl.org
access.redhawk.org:Not Listed (OK) - http://www.redhawk.org/index.php?option ... &Itemid=33
db.wpbl.info:Not Listed (OK) - http://www.wpbl.info
rbl.interserver.net:Not Listed (OK) - http://rbl.interserver.net
query.senderbase.org:Not Listed (OK) - http://www.senderbase.org/about
bogons.cymru.com:Not Listed (OK) - http://www.team-cymru.org/Services/Bogons/
csi.cloudmark.com:Not Listed (OK) - http://www.cloudmark.com/en/products/cl ... ence/index

short.rbl.jp:DnsTimeout - http://www.rbl.jp
virus.rbl.jp:DnsTimeout - http://www.rbl.jp


============================================================================
Original message source
============================================================================
x-sender: [email protected]
x-receiver: [email protected]
Received: from arhboy.com ([93.125.18.70]) by appmaildev.com with Microsoft SMTPSVC(8.5.9600.16384);
Thu, 1 Aug 2019 18:13:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arhboy.com;
s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version:
Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=; b=ezelE6Os2IAH56j2hyXvZBbJTr
aOiBSyc+6WxsCbuOb285oDlwsj4juj+2EHIRQobF4jG3/Ks2lkvO6HUqh3NmqgK5Q5d0oJuyRiST4
Cbhh8uNjxHoJeC0WjpElmToWvfEMB1AfQnatDQ9KCo0/EwIiS/+Etl5VhAuPEqCVh0EU=;
Received: from root by arhboy.com with local (Exim 4.89)
(envelope-from <[email protected]>)
id 1htFa2-0003Pr-TQ
for [email protected]; Thu, 01 Aug 2019 21:13:34 +0300
Subject: Hello my friend
To: <[email protected]>
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <[email protected]>
From: [email protected]
Date: Thu, 01 Aug 2019 21:13:34 +0300
Return-Path: [email protected]
X-OriginalArrivalTime: 01 Aug 2019 18:13:36.0002 (UTC) FILETIME=[D6009620:01D54894]

How are you?
============================================================================

[twoup]

Have you double checked that the DKIM key listed in the Vesta admin panel and the key listed on cloudflare are the same? Vesta will sign outgoing mail using the key listed in the local named server.

[sysdop]

The aggregate in Cloudflare s a little different, you must take into account the separators "