On 22/Oct/11 17:27, Murray S. Kucherawy wrote:
>
>>> Is it fair to say we have consensus on the one report per failure?
>>
>> There are different cases, e.g:
>> [...]
>
> I'm not really sure what you're going after here. Do you have
> specific text changes you want to propose?
I don't. We only discussed reporting multiple broken signatures, and
apparently concluded that it is too much of a complication for a case
that ordinarily does not happen. (Some domains sometimes sign twice;
you may want to run something like this to find out:
SELECT d.name, s1.domain, count(*)
FROM signatures AS s1, signatures AS s2, domains AS d
WHERE s1.message = s2.message
AND s1.domain = s2.domain
AND s1.id != s2.id
AND d.id = s1.domain
GROUP BY s1.domain;
)
However, having two separate reports for a DKIM failure and the
consequent ADSP failure, provided the r='s match, looks overly
verbose. What do we want to do in such cases?
In addition, forwarding from a central host may be a technique worth
being mentioned, although it's quite expensive compared to syslog. It
may be used for vetting and internal auditing, besides updating
delivery-results, reckoning ri=, and the like. Worth?
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
