Page 1 of 1

DKIM: bad rsa signature

Posted: Thu Aug 01, 2019 6:21 pm
by geqo
I can't send emails because bad rsa signature. Domain arhboy.com
I've tried change certs and change TXT mail._domainkey value, but it did not help.
Here's report
SpoilerShow
============================================================================
This is SPF/DKIM/DMARC/RBL report generated by a test tool provided
by AdminSystem Software Limited.

Any problem, please contact support@emailarchitect.net
============================================================================
Report-Id: 0a0aeccb
Sender: <root@arhboy.com>
Header-From: <root@arhboy.com>
HELO-Domain: arhboy.com
Source-IP: 93.125.18.70
Validator-Version: 1.08
============================================================================
Original email header:

x-sender: root@arhboy.com
x-receiver: test-0a0aeccb@appmaildev.com
Received: from arhboy.com ([93.125.18.70]) by appmaildev.com with Microsoft SMTPSVC(8.5.9600.16384);
Thu, 1 Aug 2019 18:13:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arhboy.com;
s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version:
Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=; b=ezelE6Os2IAH56j2hyXvZBbJTr
aOiBSyc+6WxsCbuOb285oDlwsj4juj+2EHIRQobF4jG3/Ks2lkvO6HUqh3NmqgK5Q5d0oJuyRiST4
Cbhh8uNjxHoJeC0WjpElmToWvfEMB1AfQnatDQ9KCo0/EwIiS/+Etl5VhAuPEqCVh0EU=;
Received: from root by arhboy.com with local (Exim 4.89)
(envelope-from <root@arhboy.com>)
id 1htFa2-0003Pr-TQ
for test-0a0aeccb@appmaildev.com; Thu, 01 Aug 2019 21:13:34 +0300
Subject: Hello my friend
To: <test-0a0aeccb@appmaildev.com>
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <E1htFa2-0003Pr-TQ@arhboy.com>
From: root@arhboy.com
Date: Thu, 01 Aug 2019 21:13:34 +0300
Return-Path: root@arhboy.com
X-OriginalArrivalTime: 01 Aug 2019 18:13:36.0002 (UTC) FILETIME=[D6009620:01D54894]

============================================================================
SPF: Pass
============================================================================

SPF-Record: v=spf1 ip4:93.125.18.70 ~all
Sender-IP: 93.125.18.70
Sender-Domain-Helo-Domain: arhboy.com

Query TEXT record from DNS server for: arhboy.com
[TXT]: google-site-verification=ifFRVr7RS2iEP5RtRneyCCTKIQdGirNorc4LpGhA2rE
[TXT]: v=spf1 ip4:93.125.18.70 ~all
Parsing SPF record: v=spf1 ip4:93.125.18.70 ~all

Mechanisms: v=spf1

Mechanisms: ip4:93.125.18.70
Testing mechanism ip4:93.125.18.70
Testing CIDR: source=93.125.18.70; 93.125.18.70/128
ip4:93.125.18.70 hit, Qualifier: +

============================================================================
DKIM: fail
============================================================================

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arhboy.com;
s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version:
Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=; b=ezelE6Os2IAH56j2hyXvZBbJTr
aOiBSyc+6WxsCbuOb285oDlwsj4juj+2EHIRQobF4jG3/Ks2lkvO6HUqh3NmqgK5Q5d0oJuyRiST4
Cbhh8uNjxHoJeC0WjpElmToWvfEMB1AfQnatDQ9KCo0/EwIiS/+Etl5VhAuPEqCVh0EU=;
Signed-by: root@arhboy.com
Expected-Body-Hash: qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=
Public-Key: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwjovFWB42Cq+D8jbXtnE7DQCfROOcdxZxiHj8sQCfMIqDFQBOsNJCwKEcoFzibYV5R5yOcLspY8zhkczxoHzuy2UbUIpSun/5bF1MqghG3qpqD0ShtL78SG76IXYoKahiy2B4cepVnVNkLV0zEAYg8m3BVfPizBM/DWG53QiIwwIDAQAB;

DKIM-Result: fail (bad signature)

============================================================================
DMARC: pass
============================================================================

_dmarc.arhboy.com: v=DMARC1; rua=mailto:dmark@arhboy.com; p=quarantine; pct=90; sp=none
Received-SPF: pass (appmaildev.com: domain of root@arhboy.com designates 93.125.18.70 as permitted sender) client-ip=93.125.18.70
Authentication-Results: appmaildev.com;
dkim=fail header.d=arhboy.com;
spf=pass (appmaildev.com: domain of root@arhboy.com designates 93.125.18.70 as permitted sender) client-ip=93.125.18.70;
dmarc=pass (adkim=r aspf=r p=quarantine) header.from=arhboy.com;

============================================================================
DomainKey: none
============================================================================

DomainKey-Result: none (no signature)
If DKIM result is passed, you can ignore DomainKey result: none

============================================================================
PTR: ExistsRecord
============================================================================

Sender-IP: 93.125.18.70
Query 70.18.125.93.in-addr.arpa
Host: arhboy.com

============================================================================
RBL: NotListed
============================================================================

bl.spamcop.net:Not Listed (OK) - http://bl.spamcop.net
cbl.abuseat.org:Not Listed (OK) - http://cbl.abuseat.org
b.barracudacentral.org:Not Listed (OK) - http://www.barracudacentral.org/rbl/removal-request
dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
http.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
dul.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
misc.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
smtp.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
socks.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
spam.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
web.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
zombie.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net
pbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/pbl/
sbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/sbl/
xbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/xbl/
zen.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/zen/
ubl.unsubscore.com:Not Listed (OK) - http://www.lashback.com/blacklist/
rbl.spamlab.com:Not Listed (OK) - http://tools.appriver.com/index.aspx?tool=rbl
dyna.spamrats.com:Not Listed (OK) - http://www.spamrats.com
noptr.spamrats.com:Not Listed (OK) - http://www.spamrats.com
spam.spamrats.com:Not Listed (OK) - http://www.spamrats.com
cbl.anti-spam.org.cn:Not Listed (OK) - http://www.anti-spam.org.cn/?Locale=en_US
cdl.anti-spam.org.cn:Not Listed (OK) - http://www.anti-spam.org.cn/?Locale=en_US
dnsbl.inps.de:Not Listed (OK) - http://dnsbl.inps.de/index.cgi?lang=en
drone.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch
httpbl.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch
korea.services.net:Not Listed (OK) - http://korea.services.net
spamrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch
wormrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch
virbl.bit.nl:Not Listed (OK) - http://virbl.bit.nl
rbl.suresupport.com:Not Listed (OK) - http://suresupport.com/postmaster
dsn.rfc-ignorant.org:Not Listed (OK) - http://www.rfc-ignorant.org/policy-dsn.php
spamguard.leadmon.net:Not Listed (OK) - http://www.leadmon.net/SpamGuard/
dnsbl.tornevall.org:Not Listed (OK) - http://opm.tornevall.org
netblock.pedantic.org:Not Listed (OK) - http://pedantic.org
multi.surbl.org:Not Listed (OK) - http://www.surbl.org
ix.dnsbl.manitu.net:Not Listed (OK) - http://www.dnsbl.manitu.net
tor.dan.me.uk:Not Listed (OK) - http://www.dan.me.uk/dnsbl
rbl.efnetrbl.org:Not Listed (OK) - http://rbl.efnetrbl.org
dnsbl.dronebl.org:Not Listed (OK) - http://www.dronebl.org
access.redhawk.org:Not Listed (OK) - http://www.redhawk.org/index.php?option ... &Itemid=33
db.wpbl.info:Not Listed (OK) - http://www.wpbl.info
rbl.interserver.net:Not Listed (OK) - http://rbl.interserver.net
query.senderbase.org:Not Listed (OK) - http://www.senderbase.org/about
bogons.cymru.com:Not Listed (OK) - http://www.team-cymru.org/Services/Bogons/
csi.cloudmark.com:Not Listed (OK) - http://www.cloudmark.com/en/products/cl ... ence/index

short.rbl.jp:DnsTimeout - http://www.rbl.jp
virus.rbl.jp:DnsTimeout - http://www.rbl.jp


============================================================================
Original message source
============================================================================
x-sender: root@arhboy.com
x-receiver: test-0a0aeccb@appmaildev.com
Received: from arhboy.com ([93.125.18.70]) by appmaildev.com with Microsoft SMTPSVC(8.5.9600.16384);
Thu, 1 Aug 2019 18:13:35 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arhboy.com;
s=mail; h=Date:From:Message-Id:To:Subject:Sender:Reply-To:Cc:MIME-Version:
Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=qLKbpaSndNO6Wp/cm+OE7R8kTAxUkYfIjerX8SOSVtc=; b=ezelE6Os2IAH56j2hyXvZBbJTr
aOiBSyc+6WxsCbuOb285oDlwsj4juj+2EHIRQobF4jG3/Ks2lkvO6HUqh3NmqgK5Q5d0oJuyRiST4
Cbhh8uNjxHoJeC0WjpElmToWvfEMB1AfQnatDQ9KCo0/EwIiS/+Etl5VhAuPEqCVh0EU=;
Received: from root by arhboy.com with local (Exim 4.89)
(envelope-from <root@arhboy.com>)
id 1htFa2-0003Pr-TQ
for test-0a0aeccb@appmaildev.com; Thu, 01 Aug 2019 21:13:34 +0300
Subject: Hello my friend
To: <test-0a0aeccb@appmaildev.com>
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <E1htFa2-0003Pr-TQ@arhboy.com>
From: root@arhboy.com
Date: Thu, 01 Aug 2019 21:13:34 +0300
Return-Path: root@arhboy.com
X-OriginalArrivalTime: 01 Aug 2019 18:13:36.0002 (UTC) FILETIME=[D6009620:01D54894]

How are you?
============================================================================

Re: DKIM: bad rsa signature

Posted: Wed Aug 21, 2019 8:00 am
by twoup
Have you double checked that the DKIM key listed in the Vesta admin panel and the key listed on cloudflare are the same? Vesta will sign outgoing mail using the key listed in the local named server.

Re: DKIM: bad rsa signature

Posted: Fri Aug 30, 2019 3:18 am
by sysdop
The aggregate in Cloudflare s a little different, you must take into account the separators "