SPF and DMARC PASS but DKIM 'FAIL' with domain XXX?

Question

After searching a lot and checking lots of tutorials and q&a, I didn't find the answer!

I'm using virtualmin on Debian. I enabled DKIM and use PHPMailer:

    require("external/mail2/class.phpmailer.php");
    require("external/mail2/class.smtp.php");

    $mail= new PHPMailer();
    $mail->IsSMTP();
    $mail->SMTPAuth=true;

    $mail->Host = "mail.rexobit.com";
    $mail->Username= "my user name";
    $mail->Password= 'my password';
    $mail->AddAddress('myemail@gmail.com', '');
    $mail->SetFrom('notifications@rexobit.com', 'REXOBIT Notify');

    $mail->DKIM_domain = 'rexobit.com';
    $mail->DKIM_selector = '4040';
    $mail->Encoding = "base64";
    $mail->DKIM_private = '/etc/dkim.key';
    $mail->DKIM_passphrase = '';
    $mail->DKIM_identity = 'notifications@rexobit.com';

    $mail->Subject = 'testing smtp email';
    $mail->IsHTML(true);
    $mail->MsgHTML('this is a test email');
    $mail->AltBody= 'email test';
    if (!$mail->Send()) {
        echo 'Mailer Error: '. $mail->ErrorInfo;
    } else {
        echo 'Message sent!';
    }

result on gmail : SPF: PASS with IP 2a02:4780:8:6:2:2b... DKIM: 'FAIL' with domain rexobit.com DMARC: 'PASS'

When I remove DKIM part on code like this :

    require("external/mail2/class.phpmailer.php");
    require("external/mail2/class.smtp.php");

    $mail= new PHPMailer();
    $mail->IsSMTP();
    $mail->SMTPAuth=true;

    $mail->Host = "mail.rexobit.com";
    $mail->Username= "my user name";
    $mail->Password= 'my password';
    $mail->AddAddress('myemail@gmail.com', '');
    $mail->SetFrom('notifications@rexobit.com', 'REXOBIT Notify');

    $mail->Subject = 'testing smtp email';
    $mail->IsHTML(true);
    $mail->MsgHTML('this is a test email');
    $mail->AltBody= 'email test';
    if (!$mail->Send()) {
        echo 'Mailer Error: '. $mail->ErrorInfo;
    } else {
        echo 'Message sent!';
    }

DKIM disappeared completely! no signing : result on gmail : SPF: PASS with IP 2a02:4780:8:6:2:2b... DMARC: 'PASS'

I used 2048 and 1024 keys, both same result. also I disabled DKIM on virtualmin server: no success. DNS created by DKIM automatically. but I created a key pair, added to dns and use it in phpmailer but same results!

google complete result :

    Delivered-To: hamidvaghari@gmail.com
    Received: by 2002:a9d:5a8:0:0:0:0:0 with SMTP id 37csp6792321otd;
            Tue, 14 Jan 2020 23:49:08 -0800 (PST)
    X-Google-Smtp-Source: APXvYqyipy6njznZ0kMNV2V+cOd1k8Bp/bf3OF92K2umRR4xYOUBOU9NvfxRiW6oMAPH5Vb26Sxo
    X-Received: by 2002:a17:906:e86:: with SMTP id p6mr27208898ejf.299.1579074548335;
            Tue, 14 Jan 2020 23:49:08 -0800 (PST)
    ARC-Seal: i=1; a=rsa-sha256; t=1579074548; cv=none;
            d=google.com; s=arc-20160816;
            b=ni1Zo9tfatMw4rukiT6Kq/s08pOGgjgYU6/Q/+QlDISkUnkGYzvs7wtC4iFYZX01Nl
             qHWRLUfqExqx5oJN+2g1NvOUp+UhZk9HarE6v/Xy7qjADDbiTXvNIFRBhlR6nC9t2ADq
             DmLVEzmtxEjYrYxbncbt1cl4kGWlQfu3X5/wPo66Mh89p3gdMOUJWVQbRb/akaivhIK/
             ZQjirZ8MAVzTdtJ1AjDesUu5F4+xLi8H1B1Nb7bLOwS81W+lWUn8EQFOYz3eOo7LFOlX
             CCVciMJFompewrqRurRCVwh5b5WyGJReDCMElXoJcHIhRfW2Nt8/Uze3bWGe4Cnyz/y5
             ij3w==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
            h=mime-version:message-id:reply-to:from:date:dkim-signature:subject
             :to;
            bh=/JG3Oa95UztnpL1MJZUL9Uqkjr7talhabzwuJCduqaw=;
            b=fSCo7HHsDKdSYxmlujr2tUGqbCx+08+dzrGTIEYUW/j5bABOzLjZSKP7jplZ4vzIv/
             KObFrCHjn4MhydtalG1+fQLRl0TzvMcIX+qAHHLuvlwTzhL3W15vHUdfsEOoI6cJJ30D
             /RQ2IL9JIvMbo2s2p2O5Fij3RnduqLc0NAywFKfxPaOaqSxQD67YsxDe2RN62z17w0dT
             J5EvjLXtBy+tmo6VW9l0MQiDWKN0vxi6MEJC8s3XVjgygJz1vcM5tPpR6ZH70usG7e15
             rLP8nJzP06XCzB8aWqRzIPdRHh4kGRIjpfsVvBoHy2TjKbHjSgmQ6VeanmgR6sqpQO4a
             fAfA==
    ARC-Authentication-Results: i=1; mx.google.com;
           dkim=neutral (bad format) header.i=@rexobit.com header.s=5050;
           spf=pass (google.com: domain of notifications@rexobit.com designates 2a02:4780:8:6:2:2b17:c6c2:18f5 as permitted sender) smtp.mailfrom=notifications@rexobit.com;
           dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=rexobit.com
    Return-Path: <notifications@rexobit.com>
    Received: from vps.server.local ([2a02:4780:8:6:2:2b17:c6c2:18f5])
            by mx.google.com with ESMTPS id h22si12150651ejc.261.2020.01.14.23.49.08
            for <hamidvaghari@gmail.com>
            (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
            Tue, 14 Jan 2020 23:49:08 -0800 (PST)
    Received-SPF: pass (google.com: domain of notifications@rexobit.com designates 2a02:4780:8:6:2:2b17:c6c2:18f5 as permitted sender) client-ip=2a02:4780:8:6:2:2b17:c6c2:18f5;
    Authentication-Results: mx.google.com;
           dkim=neutral (bad format) header.i=@rexobit.com header.s=5050;
           spf=pass (google.com: domain of notifications@rexobit.com designates 2a02:4780:8:6:2:2b17:c6c2:18f5 as permitted sender) smtp.mailfrom=notifications@rexobit.com;
           dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=rexobit.com
    Received: by vps.server.local (Postfix, from userid 1001) id F199223978; Wed, 15 Jan 2020 07:49:07 +0000 (UTC)
    To: hamidvaghari@gmail.com
    Subject: testing smtp email
    X-PHP-Originating-Script: 1001:class.phpmailer.php
    X-PHPMAILER-DKIM: phpmailer.worxware.com
    DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=340; s=5050; t=1579074547; c=relaxed/simple; h=From:To:Subject; d=rexobit.com; i=notifications@rexobit.com; z= | |Subject:=20testing=20smtp=20email; bh=R/emTcIGHSLVMGRNT6rmQdfikuw=; b=
    Date: Wed, 15 Jan 2020 07:49:07 +0000
    From: REXOBIT Notify <notifications@rexobit.com>
    Reply-to: REXOBIT Notify <notifications@rexobit.com>
    Message-ID: <933a2cee08fd835247b62fbddb5d763a@rexobit.com>
    X-Priority: 3
    X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="b1_933a2cee08fd835247b62fbddb5d763a"

    --b1_933a2cee08fd835247b62fbddb5d763a
    Content-Type: text/plain; charset = "utf-8"
    Content-Transfer-Encoding: base64

    ZW1haWwgdGVzdA==
    --b1_933a2cee08fd835247b62fbddb5d763a
    Content-Type: text/html; charset = "utf-8"
    Content-Transfer-Encoding: base64

    dGhpcyBpcyBhIHRlc3QgZW1haWw=
    --b1_933a2cee08fd835247b62fbddb5d763a--

any help plz?

score 0 · Answer 1 · answered Jan 23 '20 at 08:12

I think the issue is with your DNS entriy for the DKIM key. Please see the test bellow:

SPF check
1 SPF record found for the domain rexobit.com :

"v=spf1 a mx a:rexobit.com ip4:194.5.159.246 ~all"

DKIM check
No DNS record found for 4040._domainkey.rexobit.com

You need to have an entry like 4040._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=value_of_the_dkim_public_key"

Once you update your domain's DNS file, you should wait for the changes to propagate and then try again.

Or use any online DKIM domain checker and see if it works or not

score 0 · Answer 2 · answered Jan 06 '22 at 02:09

In addition to implementing the domainkey, your mail server might also require configuration; in my experience on Debian, exim / exim4 for example requires explicit setup for it to generate the DKIM (including letting it know which portions of the message to authenticate).

score 0 · Answer 3 · answered Feb 01 '22 at 11:01

SetFrom in theory also sets the Sender parameter by default. However I've sometimes explicitly set both to guarantee what the header is outputting, which sometimes helped me with DKIM issues.

$phpmailer->Sender='noreply@mydomain.com';
$phpmailer->SetFrom('noreply@mydomain.com', 'My Name', FALSE);

SPF and DMARC PASS but DKIM 'FAIL' with domain XXX?

3 Answers3