Cannot verify contacts from other chatmail instances and from other "standard" mail server

[roughnecks]

• Operating System (Linux/Mac/Windows/iOS/Android): Android 10 and Windows 10
• Delta Chat Version: Android: Delta Chat 1.44.0 | Windows: Delta Chat Desktop | 1.44.1 (git: v1.33.0-669-gc878fc787) Portable
• Chatmail: commit e4f8c78efef98b0d9211a4680760ed64dab8e683 on Debian 12
• Expected behavior: When adding a contact to a chatmail account on our server, from another chatmail server or from a standard mail server (in this case Postfix and Dovecot on Debian 12, but also other servers), they should get verification and so encryption working.
• Actual behavior: In our case we are getting weird behaviors, like sometimes it says account verified and we get a green checkmark, then after a while it says "not able to verify contact". Messages sent from our chatmail server to "outside" contacts never reach their destination.
• Screenshots: Chatmail account: Counterpart from standard mail server account:
• Logs: Logs from the Android device: deltachat-log-20240505-202058.txt

Chatmail server is: "chatmail.woodpeckersnest.space" Last time I tried cmdeploy dns it said to set CAA (I cannot do like it asks because my DNS registrar doesn't allow that) and also to set opendkim: this one I have set up already and I believe it's working, so not sure why it complains.

dig opendkim._domainkey.chatmail.woodpeckersnest.space txt

; <<>> DiG 9.18.24-1-Debian <<>> opendkim._domainkey.chatmail.woodpeckersnest.space txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9106
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;opendkim._domainkey.chatmail.woodpeckersnest.space. IN TXT

;; ANSWER SECTION:
opendkim._domainkey.chatmail.woodpeckersnest.space. 1799 IN TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqn59He19md5/lJdxMAW6Mo0y0nWEFtQz7FnBXuHB5Jj8Ws4+MSGBbJCmW3P5G3gwMNOZjYjA8BiZWzGqJMxVZjq9sMcsIjUdqZllK7iAt/rWp3LONAnklrFptBQyo+4jXAinMz+0gHkY70MQiW8owzp8YGIdA0cAmcMOkRqp3Dp/LiHovrIuTFQVm9Z8BPTHQf" " mckxOirghHrh3NrUoEE89G9+otqi1UX6C3CjcQqIviGrHEH3YUR2WGmXVTgNf6/3RLH/Wr1s8R1mpWO9EwNCn2n/0YdzNUS9EFZ5mHoxdZGgbmKTgmRDSZLLh+kw/CmkhW5vhN3M6rp62cKj4EwIDAQAB;s=email;t=s"

;; Query time: 20 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sun May 05 20:36:59 CEST 2024
;; MSG SIZE  rcvd: 514

Thanks

[roughnecks]

Forgot to say that we used QR code links to verify one another.

[missytake]

I see the following DKIM DNS record:

$ dig TXT opendkim._domainkey.chatmail.woodpeckersnest.space

; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> TXT opendkim._domainkey.chatmail.woodpeckersnest.space
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4652
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;opendkim._domainkey.chatmail.woodpeckersnest.space. IN TXT

;; ANSWER SECTION:
opendkim._domainkey.chatmail.woodpeckersnest.space. 1799 IN TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqn59He19md5/lJdxMAW6Mo0y0nWEFtQz7FnBXuHB5Jj8Ws4+MSGBbJCmW3P5G3gwMNOZjYjA8BiZWzGqJMxVZjq9sMcsIjUdqZllK7iAt/rWp3LONAnklrFptBQyo+4jXAinMz+0gHkY70MQiW8owzp8YGIdA0cAmcMOkRqp3Dp/LiHovrIuTFQVm9Z8BPTHQf" " mckxOirghHrh3NrUoEE89G9+otqi1UX6C3CjcQqIviGrHEH3YUR2WGmXVTgNf6/3RLH/Wr1s8R1mpWO9EwNCn2n/0YdzNUS9EFZ5mHoxdZGgbmKTgmRDSZLLh+kw/CmkhW5vhN3M6rp62cKj4EwIDAQAB;s=email;t=s"

;; Query time: 32 msec
;; SERVER: 9.9.9.9#53(9.9.9.9) (UDP)
;; WHEN: Mon May 06 13:09:34 CEST 2024
;; MSG SIZE  rcvd: 514

And there is a space too much, after one of the " characters.

full difference:

currently it is:

opendkim._domainkey.chatmail.woodpeckersnest.space. 1799 IN TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqn59He19md5/lJdxMAW6Mo0y0nWEFtQz7FnBXuHB5Jj8Ws4+MSGBbJCmW3P5G3gwMNOZjYjA8BiZWzGqJMxVZjq9sMcsIjUdqZllK7iAt/rWp3LONAnklrFptBQyo+4jXAinMz+0gHkY70MQiW8owzp8YGIdA0cAmcMOkRqp3Dp/LiHovrIuTFQVm9Z8BPTHQf" " mckxOirghHrh3NrUoEE89G9+otqi1UX6C3CjcQqIviGrHEH3YUR2WGmXVTgNf6/3RLH/Wr1s8R1mpWO9EwNCn2n/0YdzNUS9EFZ5mHoxdZGgbmKTgmRDSZLLh+kw/CmkhW5vhN3M6rp62cKj4EwIDAQAB;s=email;t=s"

it should be:

opendkim._domainkey.chatmail.woodpeckersnest.space. 1799 IN TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqn59He19md5/lJdxMAW6Mo0y0nWEFtQz7FnBXuHB5Jj8Ws4+MSGBbJCmW3P5G3gwMNOZjYjA8BiZWzGqJMxVZjq9sMcsIjUdqZllK7iAt/rWp3LONAnklrFptBQyo+4jXAinMz+0gHkY70MQiW8owzp8YGIdA0cAmcMOkRqp3Dp/LiHovrIuTFQVm9Z8BPTHQf" "mckxOirghHrh3NrUoEE89G9+otqi1UX6C3CjcQqIviGrHEH3YUR2WGmXVTgNf6/3RLH/Wr1s8R1mpWO9EwNCn2n/0YdzNUS9EFZ5mHoxdZGgbmKTgmRDSZLLh+kw/CmkhW5vhN3M6rp62cKj4EwIDAQAB;s=email;t=s"

only the relevant part:

currently it is:

HQf" " mckx

it should be:

HQf" "mckx

[roughnecks]

weird, I copy pasted it.. anyway, thanks, I just fixed it, waiting a bit and testing again, will let you know.

[roughnecks]

Still not working properly. DNS record looks fine now but..

from chatmail account it says verified:

from standard account still nope:

[roughnecks]

Think I found something: postfix tries to connect over IPv6 but this chatmail instance only got IPv4

Network is unreachable

Wait, I also see connection timed out for IPv4 addresses

[roughnecks]

Tried telnet externalmailserver 25 and it timeouts Tried telnet externalmailserver 587 and it works

Asking our VPS provider soon.

mailq in chatmail is full of messages with same errors: network unreachable for IPv6 and connections timeout for v4.

[roughnecks]

Looks fixed after vps host opened port 25 :)

Thanks

[clayt0nk]

Looks fixed after vps host opened port 25 :)

Thanks for the hint, that is exactly my problem as well.

I am test driving this on Digital Ocean, and they refuse to open port25. Do not use Digital Ocean.