This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM Broken in 9.706-9?

Hey everyone,

is anyone using DKIM on the Sophos UTM - and has anybody else problems with it after the update to 9.706-9? We had reports that after the update multiple customers were blocking us due to spam detection. We then checked the headersin mxtoolbox, and we get a DKIM error: "Body Hash did not Verify". When we implemented DKIM and DMARC we tested both, and it was working for several months now. We also checked the headers, there were no porblems before.

I did not find anything relating to this, but I know that exim was updated in the last versions, and I saw that exim has a bug with DKIM (https://help.atmail.com/hc/en-us/articles/900007082823-Exim-v-4-94-2-and-DKIM). But I do not want to change any mailserver config files on the sophos, so the fix in this website is nothing I want to try...

Anyone with a similar problem?

Thanks in Advance

This thread was automatically locked due to age.

Parents

0 Alexander Busch over 3 years ago

We're on 9.507 and using DKIM. But we get a lot of trouble with false positives too . But our trouble is more inbound false positive, but outbound too. I give it a try and can confirm your result: Body Hash Did Not Verify.
So we are at least 2 with the same problem. DKIM seems broken in 9.705-7 too.

Best regards

Alex

-
Cancel
Vote Up 0 Vote Down

Cancel
0 _Tobias_ over 3 years ago in reply to Alexander Busch

Hi Alex,

at least I am not alone...

Did you already install the update with the new exim version (9.705-7?)? And do you have the possibility to check if the Body Hash problem existed before this?
By chance I had test emails in my external mailbox, and I could verity that the problem was not present at least a few weeks before the UTM update - headers were accepted in these messages.
Cancel
Vote Up 0 Vote Down

Cancel
0 Alexander Busch over 3 years ago in reply to _Tobias_

Yes, that was the one with the exim patch. But can't confirm that the result of before the update now... still searching. I'll give an update later.

-
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Alexander Busch over 3 years ago in reply to _Tobias_

Yes, that was the one with the exim patch. But can't confirm that the result of before the update now... still searching. I'll give an update later.

-
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Alexander Busch over 3 years ago in reply to Alexander Busch

Well, in my case mxtoolbox gives the same error on an older message. Maybe the test isn’t working or there is an other problem in my case. Nevertheless thanks for bringing this in my focus.

-
Cancel
Vote Up 0 Vote Down

Cancel
0 Alexander Busch over 3 years ago in reply to Alexander Busch

From my point of view the test at mxtoolbox is broken or I missed something, because it gives the same error for other mails from third parties too. But to be fair, without a complete upload I can't test emails from another person.
So maybe DKIM in UTM isn't broken. I just can't tell. Maybe someone else.

-
Cancel
Vote Up 0 Vote Down

Cancel