KB Article #156186

550 Message does not pass DomainKeys requirements for domain

Problem

 

Outbound emails, sent through MailGate, are being rejected with the following error: "550 Message does not pass DomainKeys requirements for domain <senderdomain.com> (in reply to end of DATA command)>" where <senderdomain.com> is the domain messages are being sent from.

 

DKIM functionality is neither enabled nor used in MailGate and the issue appears only when sending messages to specific remote domains.

 

Resolution

 

The error message in question is specific for the MDaemon mail relay product which is configured to perform a check for any incoming message.

 

According to the MDaemon official documentation, when an incoming message has been signed, MDaemon will retrieve the public key from the sending server's DNS record and determine its validity.

 

If the signature verification process returns a "Fail" result, then MDaemon will retrieve the sending domain's DomainKeys Policy so in case the policy does not indicate that DomainKeys is merely being tested, then the message can be rejected outright or accepted but have its spam score adjusted upward.

 

If a message is not signed, then MDaemon will still retrieve the sending domain's DomainKeys Policy to determine whether or not all of that domain's messages should be signed and whether it is test mode.

 

If the domain is not merely testing DomainKeys, and it indicates that all messages should be signed, then the message will receive a "Fail" result and treated accordingly.

 

When a message is not signed and the domain's DNS record does not contain a DomainKeys Policy, then the message will be processed normally as if the DomainKeys system wasn't being used. Messages that receive a "Pass" result will continue through normal processing and have their spam scores adjusted accordingly. However, any DNS TXT records or leftovers could mislead the MDaemon and make it reject the message.

In order to avoid problems with the MDaemon servers, check the DNS settings and remove TXT records if needed. Alternatively, contact the MDaemon administrators and ask them to excempt your IPs from being verified against DKIM.

 

For more information please refer to the following documents:

- http://www.redline-software.com/eng/support/docs/mdaemon/c9s6.php

- http://www.ebertlang-download.com/alt-n/mdaemon/whitepapers/MDaemon-DKIM.pdf

 

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.