This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM Broken in 9.706-9?

Hey everyone,

is anyone using DKIM on the Sophos UTM - and has anybody else problems with it after the update to 9.706-9? We had reports that after the update multiple customers were blocking us due to spam detection. We then checked the headersin mxtoolbox, and we get a DKIM error: "Body Hash did not Verify". When we implemented DKIM and DMARC we tested both, and it was working for several months now. We also checked the headers, there were no porblems before. 

I did not find anything relating to this, but I know that exim was updated in the last versions, and I saw that exim has a bug with DKIM (https://help.atmail.com/hc/en-us/articles/900007082823-Exim-v-4-94-2-and-DKIM). But I do not want to change any mailserver config files on the sophos, so the fix in this website is nothing I want to try...

Anyone with a similar problem?

Thanks in Advance



This thread was automatically locked due to age.
Parents
  • I now have a response from Sophos Support - they sent me the manual for DKIM configuration. So I just reconfigured it with a new key created on the Sophos directly (before I did it on some debian server) - now it works. I cannot say what it was, but now the DKIM hashes are okay.

    I also checked mxtoolbox again - if I try the "header analyzer" I will still get a hash error. But before I also had errors in multiple other dkim test tools. A test that is now working for example is this: https://mxtoolbox.com/deliverability - You just send  an email to the mxtoolbox address, and you then get the report if your mails are okay. This report shows me that everything is okay with my DKIM now. It wasn't before, but now it looks good.

    Now we have get us removed from the bad reputation list from our customers - 4 days with broken DKIM seem to have a bad impact...

    Thanks!

  • We are using keys that were generated long before the exim patch to the UTM, and the keys were generated not via UTM. All DKIM checks work out, so I would say the patch is not the issue.

Reply Children
No Data