Mail. ot pass the test after update to 1.2.1

Hi,
i have configured new domain and create mail but it not pass the test i have other domain with mail account and test is 10/10 but with this domain after upgrade not pass the test.

The DKIM signature of your message is:

v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=byvoz.comm; s=mail; h=Message-ID:Subject:To:From:Date:Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WlSR75ow2lKU2r7gxy9RcWuH+KBmYS2L/aA/awlD5wU=; b=CDY6bY+FlGoitaGYtFpshpuy9mtkMLhNMxPYNfihlN2VJ1i2UEzhspSXHHf3dheS3Gril1qUrGsux02Wd0RcJwo9m3pR3QcLxCNj+NqsOS5cASvj2sF1MvsAk6+1zsRZ+uqQTvPQbg6EKqSwt2Oeg4uSh1LMtUVbiBPCgsO3r3g=;

Your public key is:

"“v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCY4sILSW3myTNTY63Ug4h8C+fbbuyYTPDBJqXDp0vxH39OjV8g4xcX51u9RdYCWUW3UAv7e+/sK+daHLOKGiF/AYtxzhPWtkk6T5iUp8O77kEBhffL6Uzj9lUm2jSz0ERqMdtwIZ8B8QM4h5hpujVdwLeY3k9HW533QHMC92adpQIDAQAB” "

Key length: 1024bits

Your DKIM signature is not valid

-3

Your message failed the DMARC verification

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.

You are not allowed to send a message with this address

DMARC DNS entry found for the domain _dmarc.byvoz.comm :

“v=DMARC1; p=quarantine; pct=100”

Verification details:

  • mail-tester.comm; dkim=temperror (0-bit key; unprotected) header.d=byvoz.comm [email protected] header.b=CDY6bY+F; dkim-atps=neutral
  • mail-tester.comm; dmarc=fail header.from=byvoz.comm
  • mail-tester.comm; dkim=temperror (0-bit key; unprotected) header.d=byvoz.comm [email protected] header.b=CDY6bY+F; dkim-atps=neutral

I have the same thing.

When I had created my server myself (without HestiaCP), I had a perfect score with OpenDKIM, with Hestia, I am downright at 0 and we have no control over that in HestiaCP (/etc/opendkim.conf does not exist not even …)

Why offer DKIM support if it’s badly done, I wonder …

Hestia support DKIM fine how ever it is set up differently you can enable dkim in edit mail domain and then update your DNS records. Everything else is fine

1 Like

Yes and no DKIM creates invalid signatures (all mail server testing services say the same thing.

Putting DKIM to put DKIM is useless if the result is incorrect.

Moreover, when I want to put SSL on the mail domain, I get an error

Error: Let’s Encrypt validation status 400 (mail.linkfor.run). Details: Unable to update challenge :: authorization must be pending

With Hestia, it’s cool there are lots of things you don’t have to do manually but there are errors everywhere that you have to go back to and waste a lot of time. For my next server, I won’t use Hestia anymore, too much trouble and not flexible enough.

Check: /var/log/hesita/LE-xxxx-xxx.log where xxx is your user and domain.com

If you are using Cloudflare disable the proxy…

The only suspicious element is :
{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}

Honestly, if you don’t set it up properly, it doesnt work. This is not a hestia sided issue. Checkout the docs: SSL Certificates and Let's Encrypt — Hestia Control Panel documentation

Having done nothing else but create a web server with its mail server through the interface of Hestia, if an error is committed, it is not by me …

Did you set up DNS and / or do you use Cloudflare with proxy enabled…

Well, then probaly you missed something which is required according to the docs. If you don’t create the needed records or following the requirements it’s basicly your fault :man_shrugging:.

Anyway, it doesnt make sense to hijack an 1 year old thread - if you want to get help for that related LE400 issue, please have a look at the docs. If you can’t get it running, you’re free to open a new thread.