Article ID: 6271, created on Apr 22, 2009, last review on Jun 17, 2016

  • Applies to:
  • Plesk for Linux/Unix
  • Plesk 12.0 for Windows


The DomainKeys policy "Verify incoming mail" is enabled in Parallels Plesk at Tools & Settings > Mail Server Settings > DomainKeys spam protection > Verify incoming mail. An email message sent to a domain hosted on the Parallels Plesk server is not delivered to the recipient and a "bounce" message is sent to the sender. The following error is logged in /usr/local/psa/var/log/maillog:

Apr 17 07:15:42 <plesk server> qmail-local-handlers[7869]: call_handlers:
stop call handlers because handler 'dd52-domainkeys' not PASS (31)
Apr 17 07:15:42 <plesk server> qmail-local-handlers[7869]: call_handlers:
stop call handlers from dir '/var/qmail/handlers/before-local/global'


The incoming message is signed with DomainKey, and its header contains the corresponding signature:

   a=rsa-sha1; q=dns; c=nofws;   

However, the public key of the domain does not exist in its DNS zone or does not correspond to the signature listed in the message header.


Use the DomainKeys and DKIM step-by-step verification article to verify the correctness of the DomainKey-Signature, contact the sender, and suggest to fix the DomainKey configuration for the domain if it is not correct.

As an alternative, turn off DomainKeys verification by Parallels Plesk while accepting incoming messages.

See also How to enable DomainKey spam protection of outgoing mail for a domain

Search Words


a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 56797cefb1efc9130f7c48a7d1db0f0c ed7be2b984f9c27de1d2dc349dc19c6d 85a92ca67f2200d36506862eaa6ed6b8 a766cea0c28e23e978fa78ef81918ab8

Email subscription for changes to this article
Save as PDF