Not getting reminders for Scoutbook created events now in IA

@JasonKracht


1 Like

Thank you for this information. I have forwarded that on to our mail provider.

During our troubleshooting yesterday, I found that if I completely turned off the SPAM detection on my account that the emails from Scoutbook would make it thru. I asked our provider to look into what was goin on with that. Thier response is below:


The DKIM signature provided by that e-mail for scoutbook.scouting.org is invalid -

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;

d=scoutbook.scouting.org; s=scoutbook;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
bh=d37MwUHNyg016si4HxRP2e/cssFkJW/Re/As3XUR9Cw=;
b=gKe8Dt1KmIQ/7Kmh02jYH4xYlckGTFVQ0znKI/Pypn5bXhAkDC+SfYxlOXWhgl6/
XGRgFcWYoUaFfYR2ni+FFheJlYzCG9Em4zopdDSK7qYymXZWtBPIBYGKbogBjAYu
Uo3gA8ryXZN1ICDWvFa/VQJNi/Ydgbi9SE3BBHLIp9M=

X-DKIM: signer=‘scoutbook.scouting.org’ status=‘invalid’ reason=‘pubkey_unavailable’
DKIMCheck: Invalid DKIM, 100 Spam score. May be a temporary problem.

It looks like someone forgot to make a DKIM record for scoutbook.scouting.org - strictly speaking scoutbook.scouting.org isn’t being sent from (the e-mail itself originates from scouting.org), but the presence of an unused/invalid signature is causing Spamassassin to flag it as wrong.

Spamassassin itself is following the standard for how bad DKIM signatures may be handled - I suspect more people than just you are impacted.

1 Like

Please send the below information from our IT lead on this to the Server administrators of the email systems @ BSA IT.


Addressing several points on that forum post directly -

Addressing the post you sent (Not getting reminders for Scoutbook created events now in IA - #21 by Stephen_Hornak) -

  • The issue is with messages sent by scouting.org to pack134.com. Whether or not the pack134.com servers are blacklisted is irrelevant.
  • Even if a blacklist discussion was relevant, outbound mail isn’t sent from 162.244.93.4 - the server used for inbound requests is not the same server used for outbound email.
  • The listed issues with the parent nameservers do not impact e-mail deliverability to pack134.com. While some (ex. DMARC) might impact deliverability from pack134.com, that hasn’t been an issue (as far as I am aware - if I’m wrong, we can look into it, but that’s a separate matter).

Addressing Stephen_Hornak’s latest post (Not getting reminders for Scoutbook created events now in IA - #23 by Stephen_Hornak) -

That screenshot is from scouting.org. The DKIM signature is from scoutbook.scouting.org. Even so, that tool isn’t going to be able to catch that issue, because multiple DKIM signatures for a given domain can exist; standard mail check tools can’t identify which one to use with the domain alone. You need to look at the headers from the e-mail that was sent. Doing that, we see the following signatures:


DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;

d=scoutbook.scouting.org; s=scoutbook;

h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;

bh=;

b=

AND

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=scouting.org; s=mail;

t=1713912025; bh=;

h=From:To:Reply-To:Subject:Date;

b=


The second signature claims to be from mail._domainkey.scouting.org (value of s, followed by ._domainkey, followed by value of d). If I look up that record (using the selector value of “mail” and the domain value of “scouting.org”) using MXToolbox, I see a valid record.

If I look at the first signature, no DKIM record is found. When a signature is provided without a valid DNS record alongside it, the mail server will reject the message, in accordance with RFC6376 6.3. Either the DKIM record needs to be added to scoutbook._domainkey.scoutbook.scouting.org or Scoutbook needs to stop signing with an invalid signature.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

@JasonKracht

The DKIM certificate has been updated. Can you please try again and let us know if this fixes your issue?

I can only get messages if i turn the Spam filter off at the server. Still have some errors in the header.

X-DKIM: signer=‘scouting.org’ status=‘pass’ reason=‘’
DKIMCheck: Server passes DKIM test, -20 Spam score
X-DKIM: signer=‘scoutbook.scouting.org’ status=‘invalid’ reason=‘pubkey_unavailable’
DKIMCheck: Invalid DKIM, 100 Spam score. May be a temporary problem.
SpamTally: Final spam score: unset because ESF not run (SpamAssassin unset, whitelist, or skipped)
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

@JasonKracht

Please try again. Apparently the update was not complete when I asked you to test. The update is now complete.

1 Like

@JasonKracht

Another DKIM fix was released today. Please try again.