Fixed sinceThis problem has been completely fixed by Parallels Plesk Panel 10.3.1 MU#4
SymptomsMail delivered to Parallels Plesk Panel server with Postfix MTA fails on Domain Keys status check even though it is signed with valid domain keys. The similar headers are added to message:
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;s=default; d=dk-postfix.test;b=iilMPEyWGV8bZ6jbyv+wGrEoUkJQZASNkI2eR5AvfUC39ZGo7d/Yxrc1d1p4AaT4b7rAKN2UBDRVihIj1YtJds1/ln2S/VG0NijNjYPmFt4gyXTUpTE+3+YpDYt6pGOy;h=Received:Received:Message-ID:Date:From:To:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent;
This happens only to messages sent in HTML format which contain CSS rules, plain text mail is successfully validated.
CauseThe issue is caused by incorrect parsing of leading '.' (dot) sign inside message body, which is usually present in HTML-formatted mail sent from Microsoft Outlook and other mail clients.
Only Postfix MTA is affected, QMail does not have this issue.
ResolutionEither switch MTA to Qmail or install the hotfix attached to this article:
1. Download attached archive to the server with Parallels Panel 10.2 and Postfix MTA
2. Find the binary for corresponding OS
3. Backup original /usr/local/psa/handlers/hooks/dk_sign
4. Replace it with patched binary
5. Restart postfix service
Please read article #8083 about a hot-fix installation procedure.