01-26-2017 04:38 PM
Hello,
When i send an emai from my personal account to my corporate email Cisco ESA can't verify DKIM signature. The message is dkim=hardfail (body hash did not verify [final])
But when i send an email from the personal accont to the Gmail, eveything is OK, Gmail can verify DKIM signature with result "Pass".
What might be a reason?
01-26-2017 08:54 PM
Hello,
Body hash errors are typical of something modifying the message in transit before it gets to the point of verification. Then, once we try and verify the hash it does not properly match the content from when it was signed.
You may wish to first check if anything is modifying the message prior to it being received on the ESA.
Thanks!
-Dennis M.
01-26-2017 08:54 PM
Hello,
We use ESA as an EDGE server for SMTP connection, so there is no device that can modify messages...
01-27-2017 03:38 AM
Hello,
If that's the case then you may wish to open a ticket with TAC. From there we can verify the ESA configuration along with any DKIM headers/signatures/keys/ETC. You may wish to also confirm you're seeing hardfails from other sending domains (different personal accounts) when testing.
Thanks
-Dennis M.
01-27-2017 05:23 AM
Please see the below urls for detailed information on DKIM and its setting.
Common Errors Causing DKIM Verification Failures
http://blogs.cisco.com/security/common_errors_causing_dkim_verification_failures?_ga=1.54724526.40254077.1485266151
http://www.cisco.com/c/dam/en/us/products/collateral/security/esa-spf-dkim-dmarc.pdf
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200881-Why-is-the-ESA-handling-DKIM-authenticat.html
Hope to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide