Emails from StandardBank.co.za to a cPanel hosted server fails with bodyhash_mismatch – DKIM issues

cPanel bodyhas_mismatch

Emails from StandardBank.co.za to a cPanel hosted server fails with bodyhash_mismatch – DKIM issues

Email from standardbank.co.za might fail with bodyhash_mismatch.

Since it’s a bank most people panic and think it’s their own email systems that are at fault.

Actually, it takes two to tango and big companies also have problems.

In order to settle the customer services your cPanel side, you can do this:

WHM >> Exim Configuration Manager, try turning the following option off: Allow DKIM verification for incoming messages

Updating “Allow DKIM verification for incoming messages” from “On” to “Off”.
“Allow DKIM verification for incoming messages” was updated.

This is anyway a non default. You’ll probably have more spam but less problems.

Below is an an example received from MS Office 365:

Example:

Original Message Details
Created Date: 1/10/2025 1:23:11 PM
Sender Address: user@standardbank.co.za
Recipient Address: example@cpanelserver.com
Subject: Whatever – Updating information
Error Details
Error: 550 5.0.350 Remote server returned an error -> 550 DKIM: encountered the following problem validating standardbank.co.za:;bodyhash_mismatch
Message rejected by: our-server.example.com
Notification Details
Sent by: DBAPR08MB5574.eurprd08.prod.outlook.com

The message is pretty ominous. It means it was modified in transit. Good luck escalating to Standard Bank.

Here is another problem with Standard Bank’s email services which goes over Microsoft to a OpenDKIM server hosted on Linux Virtualmin and causes:

opendkim[1458102]: 82A1E4B6806: failed to parse authentication-results: header field

There are two separate Authentication-Results headers in the email:

Authentication-Results: server.example.com; dkim=pass (1024-bit key; unprotected) header.d=standardbank.co.za header.i=@standardbank.co.za header.a=rsa-sha256 header.s=selector1 header.b=xFzksmAx; dkim-atps=neutral

authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=standardbank.co.za;

The second header is misleading because:

•It states dkim=none, but DKIM actually passed according to the first result.

•It contradicts the valid DKIM signature provided by selector1 for standardbank.co.za.

Why OpenDKIM Fails:

•OpenDKIM expects a single Authentication-Results header or at least a consistent structure.

•When it sees conflicting authentication results, particularly with different DKIM evaluations, it may fail to parse them.

•The lowercase authentication-results: (from Microsoft’s servers) and the correctly formatted uppercase Authentication-Results: (from your server) could also be problematic.

Nedbank, FNB, and Wesbank

21 May 2025

The curious case of “Your access to submit messages to this e-mail system has been rejected.”

It seems on or about the week of 21 May 2025, numerous South African banks decided to bounce emails, with the most beautiful generic RBL message under the sun. Let me categorically state, I checked our server’s IP address and domains and they were all consistent:

  • No black lists
  • No SPF, DMARC, or DKIM issues
  • Across at least two domains

Here are the bounces, with recipients redacted:

<R…r@Nedbank.co.za>: host mxgw18.Nedbank.co.za[168.142.192.182] said: 550
#5.7.1 Your access to submit messages to this e-mail system has been
rejected. (in reply to DATA command)

<S…d@Nedbank.co.za>: host mxgw04.Nedbank.co.za[168.142.192.38] said: 550
#5.7.1 Your access to submit messages to this e-mail system has been
rejected. (in reply to DATA command)

<M…a@Nedbank.co.za>: host mxgw14.Nedbank.co.za[168.142.192.93] said: 550
#5.7.1 Your access to submit messages to this e-mail system has been
rejected. (in reply to DATA command)

<r…s@nedbank.co.za>: host mxgw08.nedbank.co.za[168.142.192.79] said: 550
#5.7.1 Your access to submit messages to this e-mail system has been
rejected. (in reply to DATA command)

Hello .182, .38, .93, and .79. A bit trigger happy on the RBL? Maybe get updated bounces for your millions of clients??

Unsurprisingly, more generics from FNB and Wesbank, owned by the same bank:

<J…s@fnb.co.za>: host mx1.hc858-6.c3s2.iphmx.com[216.71.159.37] said: 550
#5.7.1 Your access to submit messages to this e-mail system has been
rejected. (in reply to DATA command)

<w…s@fnb.co.za>: host mx1.hc858-6.c3s2.iphmx.com[216.71.159.37]
said: 550 #5.7.1 Your access to submit messages to this e-mail system has
been rejected. (in reply to DATA command)

<S…a@wesbank.co.za>: host
mx2.hc858-6.c3s2.iphmx.com[68.232.159.245] said: 550 #5.7.1 Your access to
submit messages to this e-mail system has been rejected. (in reply to DATA
command)

O wait. What do we see here?

“Your access to submit messages to this e-mail system has been rejected.”

Looks like some security vendor has just made a big mistake.

Tags

  • Updated:

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright 2025 © All rights Reserved