DKIM Broken in 9.706-9?

Hey everyone,

is anyone using DKIM on the Sophos UTM - and has anybody else problems with it after the update to 9.706-9? We had reports that after the update multiple customers were blocking us due to spam detection. We then checked the headersin mxtoolbox, and we get a DKIM error: "Body Hash did not Verify". When we implemented DKIM and DMARC we tested both, and it was working for several months now. We also checked the headers, there were no porblems before. 

I did not find anything relating to this, but I know that exim was updated in the last versions, and I saw that exim has a bug with DKIM (https://help.atmail.com/hc/en-us/articles/900007082823-Exim-v-4-94-2-and-DKIM). But I do not want to change any mailserver config files on the sophos, so the fix in this website is nothing I want to try...

Anyone with a similar problem?

Thanks in Advance

Parents
  • I now have a response from Sophos Support - they sent me the manual for DKIM configuration. So I just reconfigured it with a new key created on the Sophos directly (before I did it on some debian server) - now it works. I cannot say what it was, but now the DKIM hashes are okay.

    I also checked mxtoolbox again - if I try the "header analyzer" I will still get a hash error. But before I also had errors in multiple other dkim test tools. A test that is now working for example is this: https://mxtoolbox.com/deliverability - You just send  an email to the mxtoolbox address, and you then get the report if your mails are okay. This report shows me that everything is okay with my DKIM now. It wasn't before, but now it looks good.

    Now we have get us removed from the bad reputation list from our customers - 4 days with broken DKIM seem to have a bad impact...

    Thanks!

Reply
  • I now have a response from Sophos Support - they sent me the manual for DKIM configuration. So I just reconfigured it with a new key created on the Sophos directly (before I did it on some debian server) - now it works. I cannot say what it was, but now the DKIM hashes are okay.

    I also checked mxtoolbox again - if I try the "header analyzer" I will still get a hash error. But before I also had errors in multiple other dkim test tools. A test that is now working for example is this: https://mxtoolbox.com/deliverability - You just send  an email to the mxtoolbox address, and you then get the report if your mails are okay. This report shows me that everything is okay with my DKIM now. It wasn't before, but now it looks good.

    Now we have get us removed from the bad reputation list from our customers - 4 days with broken DKIM seem to have a bad impact...

    Thanks!

Children