Здравствуйте, Eric.
Вы писали 26 ноября 2006 г., 17:37:27:
> While you're in there, could you *please* look into the SPF processing too,
> and if nothing else, add a log message for cases when the message is
> rejected by SPF? This would be very helpful too.
No problems, I'll take a look onto it. The trouble is that SPF
checking code is in qmail-smtpd. Maybe it'd be useful to migrate
it into a separate qmail-spf.h/qmail-spd.c files.
> FWIW, I've simply removed all DK variables except DKSIGN from my tcp.smtp,
> and regenerated cdb. That seems to have fix the problem I was having, but
> from what you've said perhaps not.
Surely not. There are some cases when mail will be silently rejected
without giving any detailed SMTP reject message, and without any
log records. The only way to bypass this bug is to get rid of qmail-dk
completely until it'll be fixed. The code analysis I've done shows
that it is not only buggy, but also a very unoptimised. For example,
the message gets feed to libdomainkeys in a following loop:
for(i=0; i < n; i++) {
if (x[i] == '\n') st = dk_message(dk, "\r\n", 2);
else st = dk_message(dk, x+i, 1);
maybe_die_dk(st);
}
It means that for EVERY byte of a message there would be at least two
proc calls and two comparisons. Going to rewrite it almost from
scratch. Another thing is that latest DomainKeys Draft contains several
changes, that are being not taken into account in current qmail-dk
realization. For example, accordingly to
http://sourceforge.net/docman/display_doc.php?docid=29007&group_id=107680
(DomainKeys Internet Draft 02):
> 1.5 Conveying verification results to UAs
>
> It follows that testing the authenticity of an email results in some
> action based on the results of the test. Oftentimes the action is to
> notify the UA in some way - typically via a header line.
>
> As alluded to in previous versions of this draft, a standard header to
> communicate authentication results has been defined in
> [AUTH-HEADER]. Henceforth, all implementations of DomainKeys should
> use the "Authentication-Results:" header instead of the previously
> defined "Domainkey-Status:" header.
Currently, only "Domainkey-Status:" header gets inserted into oncoming
messages.
--
С уважением,
Alexey mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
