Ref Synology NAS > DS118 > Package > Mail server
SPF DKIM DMARC is activated > DKIM Selector=key1
My ISP block Outgoing Port 25 to solve this
by using Dynu SMTP Outbound RELAY Services
I create Dynu Private and Public keys > DKIM Selector=key2
Finally I get my mail server running
Mails sending to gmail.com > SPF=pass DKIM=neutral DMARC=pass
Google Authentication-Results: dkim=neutral (body hash did not verify)
My DNS Zone setup, see below
QST How to fix google dkim=neutral (body hash did not verify)
The issue could be several things, and it would likely be difficult to hone in the problem without a thorough review of the infrastructure at play.
The error dkim=neutral (body hash did not verify) implies there is modification in some ways occurring during the email path to delivery. First off, have you verified that the correct key pairs are being used? Meaning, the public key published in your DNS is the correct key for the pair used with the selector in question?
In this example, is the DKIM signing done by Dynu outbound gateway, or something else beforehand?
AM, There is modification in some ways occurring during the email path to delivery.
Agree, yes I try out add some commands like include: not working…
AM, Have you verified that the correct key pairs are being used?
Yes, Tested with Dmarcian DKIM Records checker all ok.
AM, Is the DKIM signing done by Dynu outbound gateway, or something else beforehand?
Dynu DomainKeys Identified Mail (DKIM) Step 2 : Save the private key on your email server for easy reference.
To solve my problem I change philosophy using the 2 DKIM key’s:
01 Client connect to the server using IMAP-SSL Port 993 (secure connection).
02 Dynu SMTP Relay using TLS Outgoing Port 587 (secure connection).
03 Dynu DKIM Public key2 are in place to control mail transfer (Secure).
Mains all communication IN and OUT the mail server is secure connected.
QST Do I still need the DKIM DMARC from my Synology mail server?
I don’t thinks so, maybe I am wrong tell me…
So I disable DKIM DMARC in the mail server and remove DKIM key1, DNS TXT Record.
From here I test Gmail again SPF DKIM DMARC resulting ALL PASS.
If you’re seeing the message “dkim=neutral (body hash did not verify)” in the Google Authentication-Results for your emails, it means that the DKIM signature in your outgoing emails is not valid. This can happen if there is an issue with the DKIM key, the DNS configuration, or the email server configuration.
Here are some steps you can take to fix the issue:
Check the DKIM selector: Make sure that you’re using the correct DKIM selector in your email server configuration and DNS records. In your case, you have two DKIM selectors (key1 and key2), so make sure that you’re using the correct selector in your outgoing emails.
Verify the DKIM key: Check that the DKIM key is valid and matches the one specified in your DNS records. You can use online DKIM validators to check the validity of your DKIM key.
Check DNS configuration: Make sure that your DNS records are correctly configured. In particular, check that the DKIM public key is correctly published in the DNS TXT record for your domain.
Test email deliverability: Send a test email to a different email service provider, such as Yahoo or Outlook, to see if the DKIM signature is valid. If the signature is valid for other email providers but not for Gmail, then it could be an issue with Gmail’s spam filters.
Contact Google support: If the above steps don’t solve the issue, you can contact Google support for further assistance.
I hope this helps you fix the issue with your DKIM signature! For other historical insights check out this page.
