Whilst tracking down some mysterious problems with dk-filter on a few machines,
I found they all
are directly related to your domain.
Mails from your domain via linux-kernel mailing list are causing temp failures
due to dk/dkim issues
Here is a sample from my syslog:
client 127.0.0.1#47193: view internal: query:
default._domainkey.virtuousgeek.org IN TXT +
dk-filter[16087]: m6GKTPgj028215: dk_eom(): resource unavailable:
d2i_PUBKEY_bio() failed
dk-filter[16087]: m6GKTPgj028215 SSL error:0D06B08E:asn1 encoding
routines:ASN1_D2I_READ_BIO:not enough data
sm-mta[28215]: m6GKTPgj028215: Milter: data, reject=451 4.3.2 Please try again
later
You do have a dk/dkim record:
;; ANSWER SECTION:
default._domainkey.virtuousgeek.org. 14400 IN TXT "k=rsa\;
p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALrTn
SbR9V76wJofhPNG8uuhRTqtf207odYcaR1G42KP2HPMQht9pqF5HoddczoMa
bQlEmfthPB1AFhxSVw66S46W8K4zmL8IhSt49M0zPIXuP8CEJB3RY4N9DUK4K2wIDAQAB\;"
but it might have been botched on the last zone update (2008070900) - the
imbedded blanks are somewhat
suspicious :)
It is clearly wrong for the milter to barf in this case - it should, if
anything (IMNSHO) be treated
like any other DNS transient error, worst case, like the key was not found.
On the flip-side, however, I'll wager that my boxes aren't the only ones
tempfailing mails from your domain...
I've sent this from an account that doesn't do DK filtering, and am willing to
help you test any changes you
decide to make... there are also two reflectors that might be of assistance:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
Richard A Nelson (Rick) cowboy@((linux.)?vnet|us).ibm.com
Phone: 1-408-463-5584 Fax: 1-408-463-3873
COBOL Development IBM Silicon Valley Laboratory
http://www.ibm.com/software/awdtools/cobol/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
