Email from standardbank.co.za might fail with bodyhash_mismatch
.
Since it’s a bank most people panic and think it’s their own email systems that are at fault.
Actually, it takes two to tango and big companies also have problems.
In order to settle the customer services your cPanel side, you can do this:
WHM >> Exim Configuration Manager, try turning the following option off: Allow DKIM verification for incoming messages
Updating “Allow DKIM verification for incoming messages” from “On” to “Off”.
“Allow DKIM verification for incoming messages” was updated.
This is anyway a non default. You’ll probably have more spam but less problems.
Below is an an example received from MS Office 365:
Example:
Original Message Details | ||||||||
|
||||||||
Error Details | ||||||||
|
||||||||
Notification Details | ||||||||
|
The message is pretty ominous. It means it was modified in transit. Good luck escalating to Standard Bank.
Here is another problem with Standard Bank’s email services which goes over Microsoft to a OpenDKIM server hosted on Linux Virtualmin and causes:
opendkim[1458102]: 82A1E4B6806: failed to parse authentication-results: header field
There are two separate Authentication-Results headers in the email:
Authentication-Results: server.example.com; dkim=pass (1024-bit key; unprotected) header.d=standardbank.co.za header.i=@standardbank.co.za header.a=rsa-sha256 header.s=selector1 header.b=xFzksmAx; dkim-atps=neutral
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=standardbank.co.za;
The second header is misleading because:
•It states dkim=none, but DKIM actually passed according to the first result.
•It contradicts the valid DKIM signature provided by selector1 for standardbank.co.za.
Why OpenDKIM Fails:
•OpenDKIM expects a single Authentication-Results header or at least a consistent structure.
•When it sees conflicting authentication results, particularly with different DKIM evaluations, it may fail to parse them.
•The lowercase authentication-results: (from Microsoft’s servers) and the correctly formatted uppercase Authentication-Results: (from your server) could also be problematic.