At 15:43 24-12-2009, Dan Mahoney, System Admin wrote: >Note: it's christmas eve. I would figure Best Buy would care about this, >but with propagation delays and the like I don't think it's fixable or >advisable for a major DNS change this soon before Christmas.
This message is copied to Best Buy in case they wish to fix the problem. >Anyway, rather than talking finance, let's post the details: [snip] >Dec 24 17:29:48 <mail.info> prime sm-mta[33377]: nBOMTkxC033377: Milter >insert (1): header: Authentication-Results: prime.gushi.org; >dkim=neutral\n\[email protected]; dkim-adsp=none >Dec 24 17:29:48 <mail.info> prime sm-mta[33377]: nBOMTkxC033377: Milter >insert (1): header: X-DKIM: Sendmail DKIM Filter v2.8.2 prime.gushi.org >nBOMTkxC033377 >Dec 24 17:29:48 <mail.info> prime sm-mta[33377]: nBOMTkxC033377: Milter: >data, reject=451 4.3.2 Please try again later [snip] >So, I believe milter-dkim registers the NXDOMAIN as a tempfail. Here are >the questions. > >1) Why? I can understand a servfail or a DNS timeout being cause for >this, or a FORMERR, but not an nxdomain. NXDOMAIN is not an error. > >In my mind, a nonexistent key should mean a dkim fail, to be treated as >such, just as though I had made up a key with a bogus selector, and used >it to send forged mail. I'll defer delivery so that you can fix the problem instead of treating the message as "forged mail". >1.5) For the purposes of -C actions, does this count as a "dnserror", same >as the above conditions (servfail, etc)? Use On-InternalError to override the behavior. >2) What's worse is I don't see a way to tune this, either per-domain or >per-dns-errortype, in either /etc/mail/access or in dkim.conf. How would >I whitelist this, and say, "yes, *.bestbuy.com is having a problem, I'm >working around it"? (Note that I see a way to do it by IP in the >archives, but not by domain). It cannot be done per domain. Regards, -sm ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
