is anyone using DKIM on the Sophos UTM - and has anybody else problems with it after the update to 9.706-9? We had reports that after the update multiple customers were blocking us due to spam detection. We then checked the headersin mxtoolbox, and we get a DKIM error: "Body Hash did not Verify". When we implemented DKIM and DMARC we tested both, and it was working for several months now. We also checked the headers, there were no porblems before. I did not find anything relating to this, but I know that exim was updated in the last versions, and I saw that exim has a bug with DKIM (https://help.atmail.com/hc/en-us/articles/900007082823-Exim-v-4-94-2-and-DKIM). But I do not want to change any mailserver config files on the sophos, so the fix in this website is nothing I want to try...Anyone with a similar problem?
Thanks in Advance
We're on 9.507 and using DKIM. But we get a lot of trouble with false positives too . But our trouble is more inbound false positive, but outbound too. I give it a try and can confirm your result: Body Hash Did Not Verify.So we are at least 2 with the same problem. DKIM seems broken in 9.705-7 too.
at least I am not alone...
Did you already install the update with the new exim version (9.705-7?)? And do you have the possibility to check if the Body Hash problem existed before this?By chance I had test emails in my external mailbox, and I could verity that the problem was not present at least a few weeks before the UTM update - headers were accepted in these messages.
Yes, that was the one with the exim patch. But can't confirm that the result of before the update now... still searching. I'll give an update later.
Well, in my case mxtoolbox gives the same error on an older message. Maybe the test isn’t working or there is an other problem in my case. Nevertheless thanks for bringing this in my focus.
From my point of view the test at mxtoolbox is broken or I missed something, because it gives the same error for other mails from third parties too. But to be fair, without a complete upload I can't test emails from another person.So maybe DKIM in UTM isn't broken. I just can't tell. Maybe someone else.