PHPJunkyard support forum


https://developers.phpjunkyard.com/

when an email is sent from Hesk to hotmail the validation dkim = fail (the signature was not verified)

https://developers.phpjunkyard.com/viewtopic.php?t=6420

Page 1 of 1

when an email is sent from Hesk to hotmail the validation dkim = fail (the signature was not verified)

Posted: Sun Aug 11, 2019 9:04 am
by roymx
Hi, Hello, I will be as brief as possible

I have an email configured in hesk, through SMTP, it is configured with SSL on port 465, So far everything in order, Hesk sends and receives emails without problems apparently.

I also have the same email congo configured in a php script called Dolibarr

Also configure mail in Microsoft outlook with the same settings as in Hesk.

I reply from hesk to a test ticket that has a hotmail email from the client that picked up the email and sent it to spam

MAIL SENT FROM HESK to MAIL@HOTMAIL.COM
dkim = fail (signature did not verify)

Code: Select all

Authentication-Results: spf=pass (sender IP is 158.1xx.1xx.2xx)

 smtp.mailfrom=pc******.com.mx; hotmail.com; dkim=fail (signature did not verify)

 header.d=pc******.com.mx;hotmail.com; dmarc=bestguesspass action=none

 header.from=pc******.com.mx;

Received-SPF: Pass (protection.outlook.com: domain of pc******.com.mx designates

 158.1xx.1xx.2xx as permitted sender) receiver=protection.outlook.com;

 client-ip=158.1xx.1xx.2xx; helo=cp**-tx.***********.net;

Received: from cp**-tx.*************.net (158.1xx.1xx.2xx) by

 BL2NAM02FT044.mail.protection.outlook.com (10.152.77.35) with Microsoft SMTP

 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id

 15.20.2157.15 via Frontend Transport; Sun, 11 Aug 2019 03:10:40 +0000
it seems that there may be problems with the reputation of the IP or domain and that is why hotmail sends them to spam, but ...

Now send from the ERP an email to the same hotmail account and this was the result:

FROM ERP DOLIBARR to MAIL@HOTMAIL.COM:
dkim=pass (signature was verified)

Code: Select all

Authentication-Results: spf=pass (sender IP is 158.1xx.1xx.2xx)

smtp.mailfrom=pc******.com.mx; hotmail.com; dkim=pass (signature was verified)

header.d=pc******.com.mx;hotmail.com; dmarc=pass action=none

header.from=pc******.com.mx;

Received-SPF: Pass (protection.outlook.com: domain of pc******.com.mx designates

158.1xx.1xx.2xx as permitted sender) receiver=protection.outlook.com;

client-ip=158.1xx.1xx.2xx; helo=cp**-tx.**********.net;

Received: from cp**-tx.************.net (158.1xx.1xx.2xx) by

AM5EUR02FT038.mail.protection.outlook.com (10.152.9.12) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id

15.20.2157.15 via Frontend Transport; Sun, 11 Aug 2019 08:43:19 +0000
MAIL SENT FROM MICROSOFT OUTLOOK to MAIL@HOTMAIL.COM
Configured the same credentials, with the same name in the sender, the same title of the mail and the same content of the mail
dkim=pass (signature was verified)

Code: Select all

Authentication-Results: spf=pass (sender IP is 158.1xx.1xx.2xx)

 smtp.mailfrom=pc******.com.mx; hotmail.com; dkim=pass (signature was verified)

 header.d=pc******.com.mx;hotmail.com; dmarc=pass action=none

 header.from=pc******.com.mx;

Received-SPF: Pass (protection.outlook.com: domain of pc******.com.mx designates

 158.1xx.1xx.2xx as permitted sender) receiver=protection.outlook.com;

 client-ip=158.1xx.1xx.2xx; helo=cp**-tx.*********.net;

Received: from cp**-tx.*********.net (158.1xx.1xx.2xx) by

 BL2NAM02FT039.mail.protection.outlook.com (10.152.77.152) with Microsoft SMTP

 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

 15.20.2157.15 via Frontend Transport; Sun, 11 Aug 2019 08:56:15 +0000

In short, emails that are sent to hotmail from hesk come to spam

The emails sent with the same microsoft outlook credentials or from the erp system (dolibarr) IF YOU ARRIVE IN THE INPUT TRAY.

I think this can be on the hesk side because only here is the fault.

Thank you for your collaborations.

Re: when an email is sent from Hesk to hotmail the validation dkim = fail (the signature was not verified)

Posted: Sun Aug 11, 2019 12:47 pm
by Klemen
I would have to see the full email headers to confirm, but I think I know what the problem is.

(skip this part if you are not interested in the technical details)
There is a bug at Microsoft that I reported to them a while ago, but don't have high hopes they will fix it... What happens is if an email doesn't have the "MIME" header tag (which is not required for non-MIME emails), Microsoft automatically adds one. They do that BEFORE checking DKIM, so if MIME header is included in DKIM calculation (one of the tags) the resulting DKIM checksum is wrong (DKIM was signed with an empty MIME tag, Microsofts adds the tag then calculates the hash with THEIR new MIME tag included so it always fails).


Anyway, try this:
1. open file inc/email_functions.inc.php in a plain text editor, I recommend Notepad++ that will preserve correct encoding
2. find this line

Code: Select all

$headers.= "Message-ID: " . hesk_generateMessageID() . "\n";
3. jut BELOW that line add

Code: Select all

$headers.= "MIME-Version: 1.0\n";
4. find this line

Code: Select all

"Message-ID: " . hesk_generateMessageID(),
5. just BELOW that line add

Code: Select all

"MIME-Version: 1.0",
6. save, upload and test with a new email notification

Re: when an email is sent from Hesk to hotmail the validation dkim = fail (the signature was not verified)

Posted: Mon Aug 12, 2019 4:31 am
by roymx
Thank you very much, Klemen.

Your solution was incredible :o , it worked perfectly, thank you very much.

I think that many users who use hesk will have the same problem.

I can ask something?

Why not add this solution in the hesk source code for the current version and the new versions, would this solve many headaches?

The emails received in gmail and other accounts did not give spam problems when testing after this change.

Re: when an email is sent from Hesk to hotmail the validation dkim = fail (the signature was not verified)

Posted: Mon Aug 12, 2019 5:54 am
by Klemen
Glad to hear it worked. And yes, it definitely will be included in the next update.

Emails in Gmail and other providers don't have this problem because it's a Microsoft bug. They shouldn't be modifying any headers included in DKIM verification or if they do, they should verify first, then modify.

Re: when an email is sent from Hesk to hotmail the validation dkim = fail (the signature was not verified)

Posted: Mon Aug 12, 2019 3:00 pm
by roymx
Thanks for listening to my suggestions.

You are an expert in the subject.

I will gladly recommend the software, with the purchase of the license.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited