search

Pro / dkim-exchange

DKIM Signing Agent for Microsoft Exchange Server
Other
408 stars 143 forks source link

Exchange 2016 CU19 - not actually signing mail #344

Open BScalfProactive opened 3 years ago

BScalfProactive commented 3 years ago

Versions

Description

DKIM does not actually sign the messages, despite logging suggesting it is - confirmed w/ GMAIL and DKIMValidator.com

Steps to Reproduce

  1. Install DKIM Signer latest version
  2. Configure DKIM Settings - Keys w/ RSASha256, Relaxed/Relaxed
  3. Configure domain settings for single mail domain
  4. Deploy public key to domain registrar, deploy public key to internal DNS (Exchange server only checks here)
  5. Validate internal records w/ DKIM Signer, validate external records w/ MXToolbox + dmarcanalyzer
  6. Restart Transport Service and confirm DKIM settings load
  7. Send mail from address@domain.com via Outlook
  8. Confirm mail via event logs on ExchangeServer
  9. View Mail at destination and confirm no signer present and DKIMValidator.com indicates "This message does not contain a DKIM signature"

Expected behavior: Mail to be signed w/ DKIM signature or error indicating why mail was not signed

Actual behavior: Mail is sent w/o actually being signed

Logs:

  1. DEBUG: Got new message, checking if I can sign it...
  2. DEBUG: Parsing the MimeMessage
  3. DEBUG: Signing the message
  4. DEBUG: Got signing header: v=1; a=rsa-sha256; d=domain.com; s=key2_2021; c=relaxed/relaxed; t=1632416682; h=from:subject:to:date:message-id; bh=gOa.........DPg==

Settings.xml

<?xml version="1.0" encoding="UTF-8"?>

-

4 RsaSha256 Relaxed Relaxed

-

From Subject To Date MessageId

- -

domain.com key2_2021 domain.com.pem

cgbrooking commented 3 years ago

Have you moved the agent to the lowest priority (highest number)?

DJBenson commented 3 years ago

As suggested by @cgbrooking please ensure your setup is correct. I've just sent a test message from my domain to GMail and it is signed as expected.

BScalfProactive commented 3 years ago

Great question - thanks for the quick follow-up. I have tried with the agent having #1 out of 12 priority and #12 out of 12. I have been restarting the Transport service using the DKIM Signer GUI after making changes to Agent priority. I currently have the Exchange DKIMSigner Agent at the bottom of the list, #12 / 12 which I believe to be correct.