XF 2.3 Emails won't send

My Dime Is Up

My Dime Is Up

Member
Users have been reporting they aren't getting their OTP emails. After some DNS changes, the mail does send but will now always go to the spam folder. Using online email analyzers, it said that a DKIM record is invalid or not added at all, even though it is. I generated a DKIM in the email options of the Admin CP of XenForo and added it to our Cloudflare DNS records, and online DKIM checker tools say that "xenforo._domainkey" does return a valid DKIM, however when it comes to sending a test email, the DKIM signature is incorrect for some reason.

Here are the headers from the test email sent.
Code: 
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@{XXXXX}.com header.s=xenforo header.b=fXj91kqT;
       spf=pass (google.com: domain of admin@{XXXXX}.com designates {IP ADDY} as permitted sender) smtp.mailfrom=admin@{XXXXX}.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from={XXXXX}.com
1753246991867.webp
1753247021872.webp
1753247072539.webp
 
Last edited:
Sort by date Sort by votes
Let me suggest, run one of your emails through this service: https://www.learndmarc.com/ -- You send an email to their testing account from the domain you are having trouble with. This will go step by step to check the high level components. If all of this passes, then you could have other issues. DKIM testing is included here as well.
 
Upvote 0 Downvote
ENF said:
Let me suggest, run one of your emails through this service: https://www.learndmarc.com/ -- You send an email to their testing account from the domain you are having trouble with. This will go step by step to check the high level components. If all of this passes, then you could have other issues. DKIM testing is included here as well.
Click to expand...
I just updated the post because I never checked email headers. SPF and DMARC pass, but SKIM says the body hash did not verify. DNS is setup correctly, so I assume its a problem with XenForo signing the email? I'll send a test email to learndmarc and see what it says. Thanks for this!
 
  • Like
Reactions: ENF
Upvote 0 Downvote
So, interestingly enough... I did a fresh configuration and got the same DKIM failure for some reason. All other configuration aspects were correct, but DKIM failed the check. This is xf 2.3.7 I'm working with btw...

DNS records were configured correctly
Xenforo gave green status and confirmed that it was signing emails.
The test tool recognized that DKIM was included but failed when validating against the public key in the DNS record.

Hmmm.
 
Upvote 0 Downvote
ENF said:
So, interestingly enough... I did a fresh configuration and got the same DKIM failure for some reason. All other configuration aspects were correct, but DKIM failed the check. This is xf 2.3.7 I'm working with btw...

DNS records were configured correctly
Xenforo gave green status and confirmed that it was signing emails.
The test tool recognized that DKIM was included but failed when validating against the public key in the DNS record.

Hmmm.
Click to expand...
Very interesting, maybe its a bug with 2.3.7? Emails don't seem to be going to spam anymore, but the headers still show that the body hash doesn't match. Maybe I should make a bug report if others are experiencing this same issue.
 
Upvote 0 Downvote
My Dime Is Up said:
Very interesting, maybe its a bug with 2.3.7? Emails don't seem to be going to spam anymore, but the headers still show that the body hash doesn't match. Maybe I should make a bug report if others are experiencing this same issue.
Click to expand...
I'm still working on this, just juggling this with other tasks. I just wanted to finish a test with two earlier versions and then I was going to update this thread. So, let me do that and I'll come back here in a bit.
 
Upvote 0 Downvote
My Dime Is Up said:
Very interesting, maybe its a bug with 2.3.7? Emails don't seem to be going to spam anymore, but the headers still show that the body hash doesn't match. Maybe I should make a bug report if others are experiencing this same issue.
Click to expand...
I went all the way back to 2.3.0 and even with a minimal, basic setup, the DKIM setup always causes this dkim=neutral (body hash did not verify) error. The DKIM signature is validated and by all design, should work normally. If I switch to a SMTP service handler with a different DKIM on their side, it works fine.

Not sure if this is actually a bug or we're missing something obvious where other people aren't getting these kind of results.
 
Last edited:
Upvote 0 Downvote
@Jeremy P or @Chris D even...

In regards to this DKIM email discussion above...

dkim_work.webp
If I'm not mistaken, when you setup a DKIM record, this option data should reflect a privatekey value instead of 'false'.
Am I mistaken? And if not, any idea why a private key would not be set in this case?

I've looked at older site data in this same option field and there is a populated privatekey entry, exampled below:
{"enabled":true,"verified":true,"failed":false,"domain":"domaingoeshere.com","privateKey":"emailDkim-95ehkmLg-b.key"}

Thanks.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

DarkGizmo
  • Question Question
XF 2.3 Forum won't send emails.....gives server error.
Replies
2
Views
60
DarkGizmo
DarkGizmo
nakedzombo
  • Question Question
XF 2.3 Please help: Emails will not send (Fresh Install)
Replies
0
Views
34
nakedzombo
nakedzombo
M
  • Suggestion Suggestion
The ACP is too obscure. Example: the Test Outbound Email page should link to the page where you can send a formatted email to test branding, logo, etc
Replies
0
Views
47
MaximilianKohler
M
themago
  • Question Question
XF 2.2 Send welcome DM, but don't send welcome email, but send emails for other DMs
Replies
0
Views
22
themago
themago
snoopy5
  • Question Question
XF 2.2 Force change of TOS approval without sending emails
Replies
2
Views
33
snoopy5
snoopy5
Back
Top Bottom