Hi Jim, At 10:00 26-08-2009, Jim Fenton wrote: >I'm not entirely happy with all of the defaults for handling DNS >failures. The CONFIGURATION section of the dkim-filter manpage says "In >the interests of minimal initial impact, the defaults for badsignature >and nosignature are accept, and the default for the others is tempfail." >Which means that if it can't access the key record, it'll tempfail the >message, which I don't consider minimal initial impact.
That setting was helpful in identifying (DKIM) sender related issues. The impact has been minimal (excluding DKIM testing). You have better control on how the different DNS cases are handled in OpenDKIM v1.1.0 which is planned for release next Monday. The case of a (DNS) NXDOMAIN brings up the question of what is a "bad signature". Suggestions and/or patches about what should be done are welcome. Regards, -sm _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
