Re: key retrieval failed

From: john espiro <john_espiro_at_yahoo.com>
Date: Fri, 24 Jan 2014 20:24:31 -0800 (PST)

Thanks guys... 1) It's just getting loged and OSSEC is sending out an alert everytime this happens, which is a few times an hour.  These are all spam messages from what I can tell so my antispam thing is taking care of them. 2) I don't seem to have On-KeyNotFound.  I have the following: On-Default              accept On-BadSignature         accept On-DNSError             tempfail On-InternalError        accept On-NoSignature          accept On-Security             tempfail Should I add it?  Should I modify the on-DNSError one? On Saturday, January 25, 2014 12:27 AM, Murray S. Kucherawy <msk_at_blackops.org> wrote: On Fri, 24 Jan 2014, john espiro wrote: > I keep seeing errors in my logs that say things like this: > opendkim[23395]: s0OGvk7d005863: key retrieval failed (s=key1, d=pLNoauBPhu.if > feent.net) > Google searches only seem to indicate that I can solve this by adding: "On-DNS > Error accept" > Can anyone tell me why this error occurs, if I should add that option, and wha > t the ramifications of doing so are? There isn't a key in the DNS by that name.  OpenDKIM should just deliver that message since the default for On-KeyNotFound defaults to the "accept" action. Is the issue that you're seeing this logged, or that messages are being temp-failed or rejected? -MSK
Received on Sat Jan 25 2014 - 04:24:45 PST