Article ID: 111708, created on Jul 24, 2011, last review on Aug 12, 2014

  • Applies to:
  • Plesk 10.2 for Linux/Unix

Fixed since

This problem has been completely fixed by Parallels Plesk Panel 10.3.1 MU#4


Mail delivered to Parallels Plesk Panel server with Postfix MTA fails on Domain Keys status check even though it is signed with valid domain keys. The similar headers are added to message:
DomainKey-Status: bad
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;s=default; d=dk-postfix.test;b=iilMPEyWGV8bZ6jbyv+wGrEoUkJQZASNkI2eR5AvfUC39ZGo7d/Yxrc1d1p4AaT4b7rAKN2UBDRVihIj1YtJds1/ln2S/VG0NijNjYPmFt4gyXTUpTE+3+YpDYt6pGOy;h=Received:Received:Message-ID:Date:From:To:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent;

This happens only to messages sent in HTML format which contain CSS rules, plain text mail is successfully validated.


The issue is caused by incorrect parsing of leading '.' (dot) sign inside message body, which is usually present in HTML-formatted mail sent from Microsoft Outlook and other mail clients.
Only Postfix MTA is affected, QMail does not have this issue.


Either switch MTA to Qmail or install the hotfix attached to this article:
1. Download attached archive to the server with Parallels Panel 10.2 and Postfix MTA

2. Find the binary for corresponding OS

3. Backup original /usr/local/psa/handlers/hooks/dk_sign

4. Replace it with patched binary

5. Restart postfix service

 Please read article #8083 about a hot-fix installation procedure.


d3c493291d6d9f66837ac7495dfea9ca a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 dd0611b6086474193d9bf78e2b293040 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF