DKIM problem "body hash did not verify" ? Please help

trucmuche2005 · May 23, 2018, 7:04pm

Hello,

When I send a message using my email client, all tests are passed : SPF, DKIM, DMARC.
When I send a message using PHPList 3.3.3, SPF and DMARC are passed but DKIM fails with “dkim=neutral (body hash did not verify)”.
When I test DKIM signature of my domain using MXToolbox (and “default” key), the 2048 bits signature is found and everything seems to be OK.
When I test DKIM signature using DKIMCore.org tool, the key is found and validated.

BUT when I send a test email using PHPList to a Gmail address, I get :
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@mydomain.be header.s=default header.b=JszG5Ac4;
spf=pass (google.com: domain of noreply@mydomain.be designates 185.212.227.251 as permitted sender) smtp.mailfrom=noreply@mydomain.be;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mydomain.be
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mydomain.be;
s=default; h=Content-Type:…

When PHPList send a test email to the AppMailDev service, it gives me :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mydomain.be;
s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:List-Owner:
List-Subscribe:List-Unsubscribe:List-Help:Message-ID:Subject:From:To:Date:
Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Id:List-Post:List-Archive;
bh=5HL3CvzIlWM [ cut ] E5jg==;
Signed-by: noreply@mydomain.be
Expected-Body-Hash: cDr9I8f3UmClNIdfjX4UbUwPfFZy5vZEGgro0dNrVnE=

And when I PHPList send test email to mail tester.com address, it returns that DKIM signature is not valid :
La signature DKIM de votre message est :

v=1;
a=rsa-sha256;
q=dns/txt;
c=relaxed/relaxed;
d=mydomain.be;
s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:List-Owner:List-Subscribe:List-Unsubscribe:List-Help:Message-ID:Subject:From:To:Date:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Post:List-Archive;
bh=Hw/nEYpsMPGfupfU8pxoSn6OTZIC/Cz9Mt8IDxaP1gI=;
b=NycVPtVr9VEONULCNE1fiQP2siOXh71vXLPVX/6ggBeUHbPHIUz1GVTtXbbw3rBbXb67e+qogrf/AayFHBzyUnSFpVwIYSuq/y2TJPr52QbIf1fc+lvNn4CTaWeY9Rsk0rbdQUr8yBLp+Cx0cC8NojqqccXuYPGrUrBZHCnQW5MmukhjaYlM5bso8n64FNhRff2xYbWHP0FTbzGfwvfJMGhnIjFqZ/A9Opmv08nylm5MkN0HmmKuAqXRcIOi22zYmfrlDNBluTAvOIjGlX9jXTcE53eGLDmoQOqBmijUaHu83t27zmIPwD67S5n+5xZKSHYHzXisyk7HZiZNzxAFKA==;

Votre clé publique est :

“v=DKIM1;
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WJUHy1bBpoeXurvgZ3IyI/HUw7VB5jdVoWZYYlIRgTeItzVKuC7i2U/6BHcjg/tPAbuE6cyvtvhrnN24erxB986u5S+bb4vsBgzbHT03pD8BYJbX6ejBIfEkz281T29LqJOAntaEsi14+mkHtJpug1DGqanHnB2YiqEJnHlVCTGt2WOyrHBFJK2zZmJkyUL/48N+l0ukFLKRFtCwNpggZ5XhG83UTuWTSXypHQykliUrfjn/d3aZPn6F297yUlvJqN/nuevGkEKlBEuRkBPeG+Epj+ekIu0o1OLFz02fIuaNxAU1F5/k9F3Tom5gwzS9gpvQe83rD8lJphDVoxzqQIDAQAB;
”

What’s the problem ?? Should I update PHPMailer to 6.0 ?

Please help,

Many thanks,

T.

trucmuche2005 · May 28, 2018, 6:40am

Anyone to help me please ? That problem didn’t occur before the 3.3.3 update (I was using v3.1 I think).

SkyStryder · June 9, 2018, 3:32pm

I am having the same exact problem! php 5.6 phplist 3.3.3

trucmuche2005 · June 15, 2018, 12:22pm

I did not found a solution yet but maybe we have to look there (found here):

phpList seems to generate emails which contains different line endings then CRLFs, which are the only ones allowed in an e-mail. Normally this isn’t a problem, but as you can see it can cause problems with DKIM, as different line endings produces different hashes.

EDIT (14:37). I found that the DKIM signature encoded in the emails sent by PHPList is wrong. If I use my email client, the DKIM signature (“b=…”) can be base64-decoded but I cannot decode the DKIM signature integrated by PHPList. Now the question is : how can we fix the DKIM signature in PHPList ??

EDIT (15:15). I found THAT (see last post) and changed the class.phpmailer.php file accordingly. And It seems that DKIM signatures can now be decoded. BUT there is still the “(body hash did not verify)” problem. Still searching…

EDIT (15:32). I thought that I found the problem in the config.php file because I was using TLS and port 25 for sending emails with my STMP server instead of SSL and port 465. I also tried this but no, the problem remains…

EDIT (15:58). I found this. It seems to be a bug in PHPMailer class with CR/LF, which have been fixed in PHPMailer 6.0.3 (see here). So it seems that the solution would be to use PHPMailer 6.0.5 instead of PHPMailer 5.2.2 but I can’t understand how to do this… Someone ?

T.

trucmuche2005 · November 10, 2018, 10:45pm

I’m still loooking for a solution about this… I still have the same problem… Why can’t I setup PHPList correctly with DKIM on my CPanel VPS ??? I try this for months…