The DomainKeys policy "Verify incoming mail" is enabled in Parallels Plesk at Tools & Settings > Mail Server Settings > DomainKeys spam protection > Verify incoming mail. An email message sent to a domain hosted on the Parallels Plesk server is not delivered to the recipient and a "bounce" message is sent to the sender. The following error is logged in
Apr 17 07:15:42 <plesk server> qmail-local-handlers: call_handlers: stop call handlers because handler 'dd52-domainkeys' not PASS (31) Apr 17 07:15:42 <plesk server> qmail-local-handlers: call_handlers: stop call handlers from dir '/var/qmail/handlers/before-local/global'
The incoming message is signed with DomainKey, and its header contains the corresponding signature:
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=example.net; b=IoRzhocoTbfvlju+CxylElcsxApapLFyKGfXbOk8Wfcyv6EGpjCdDG0I/4ACrzxdB1dTwcWQgBdigzvNhftkTErpXoRUGNbjchiGRzXV8t7nLKpZzxWG1pRuDOge7OOy;
However, the public key of the domain does not exist in its DNS zone or does not correspond to the signature listed in the message header.
Use the DomainKeys and DKIM step-by-step verification article to verify the correctness of the DomainKey-Signature, contact the sender, and suggest to fix the DomainKey configuration for the domain if it is not correct.
As an alternative, turn off DomainKeys verification by Parallels Plesk while accepting incoming messages.