On Tue, 13 Apr 2021 20:36:45 +1200 Peter <pe...@pajamian.dhs.org> wrote:
> > Yes, but why 1 minute ok, 1 minute errors, 1 minute ok, etc etc? > > What's the TTL on the dkim TXT DNS record? Got it: the signing server consists of two servers and the keypair for one of the domains was not in sync. I think I created the keypair using clusterssh instead of creating the keypair on the master server and run an rsync. The round robin TTL of these two servers is 60 seconds which explains everything. And I was mislead by the logs complaining about "invalid padding" instead of "bad signature". Sorry for the noise... R. -- richard lucassen http://contact.xaq.nl/
