[opendkim-dev] Re: On-KeyNotFound option

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Wed, 26 Aug 2009 15:24:28 -0700

> -----Original Message-----
> From: opendkim-dev-bounce_at_lists.opendkim.org [mailto:opendkim-dev-
> bounce_at_lists.opendkim.org] On Behalf Of SM
> Sent: Wednesday, August 26, 2009 2:44 PM
> To: opendkim-dev_at_lists.opendkim.org
> Subject: [opendkim-dev] Re: On-KeyNotFound option
>
> At 13:24 26-08-2009, Murray S. Kucherawy wrote:
> >I've so far opted to respond to those by temp-failing (by default)
> >in case a signed message gets to a verifier before the DNS update
> >happens. Negative caching eventually expires, allowing the message
> >to verify later once correct propagation has occurred.
>
> That's fine with me. The error message returned by the filter is:
>
> 451 4.3.2 Please try again later
>
> The Enhanced code is incorrect in my opinion. 4.7.0 may be a better
> fit. The "Please try again later" isn't that informative. Maybe we
> should add "DKIM public key not found in DNS" or "cannot retrieve
> selector._domainkey.example" to inform the sending end of the problem.

Actually this may be a bug. It should be setting that when temp-failing occurs, as per the code in dkimf_libstatus(), towards the bottom. Are you able to reproduce the above behavior?
Received on Wed Aug 26 2009 - 22:24:37 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:29 PST