Home / Browse / domainkeys-milter / Mail / Archive

domainkeys-milter

Email Archive: dk-milter-discuss (read-only)

2004:	_Jan	_Feb	_Mar	_Apr	_May	_Jun (18)	_Jul (144)	_Aug (11)	_Sep (17)	_Oct (72)	_Nov (87)	_Dec (31)
2005:	_Jan (4)	_Feb (12)	_Mar (20)	_Apr (50)	_May (4)	_Jun (6)	_Jul (3)	_Aug (56)	_Sep	_Oct (87)	_Nov (3)	_Dec (4)
2006:	_Jan (4)	_Feb (34)	_Mar (14)	_Apr (8)	_May (48)	_Jun (49)	_Jul (38)	_Aug (2)	_Sep (15)	_Oct (11)	_Nov (28)	_Dec (20)
2007:	_Jan (2)	_Feb (15)	_Mar (33)	_Apr (1)	_May (31)	_Jun (9)	_Jul	_Aug	_Sep (6)	_Oct (6)	_Nov (12)	_Dec
2008:	_Jan (4)	_Feb (21)	_Mar (21)	_Apr (8)	_May (20)	_Jun (10)	_Jul (10)	_Aug (7)	_Sep	_Oct	_Nov (6)	_Dec (11)
2009:	_Jan (47)	_Feb (3)	_Mar (23)	_Apr	_May (10)	_Jun (11)	_Jul	_Aug (5)	_Sep	_Oct	_Nov	_Dec
2010:	_Jan	_Feb	_Mar	_Apr	_May	_Jun (1)	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec
2011:	_Jan	_Feb	_Mar	_Apr (1)	_May (1)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec

dk_eom(): internal error from libdk: DNS reply for`s1024._domainkey.sbcglobal.net' truncated

From: Jim Hermann - UUN Hostmaster <hostmaster@uu...> - 2008-12-05 05:00

I'm having another internal error from libdk.

This is the DNS Record:

s1024._domainkey.sbcglobal.net. 1193 IN TXT     "k=rsa\; t=y\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8Ljn
TD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
"JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4u
dUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"

Jim

-----
Jim Hermann <hostmaster@...>
UUism Networks <http://www.UUism.net>
Ministering to the Needs of Online UUs
Web Hosting, Email Services, Mailing Lists
-----

Re: dk_eom(): internal error from libdk: DNS reply for`s1024._domainkey.sbcglobal.net' truncated

From: SM <sm@re...> - 2008-12-05 05:16

At 21:00 04-12-2008, Jim Hermann - UUN Hostmaster wrote:
>I'm having another internal error from libdk.
>
>This is the DNS Record:
>
>s1024._domainkey.sbcglobal.net. 1193 IN TXT     "k=rsa\; t=y\;
>p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8Ljn
>TD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
>"JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4u
>dUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"

Are you using libar?

Regards,
-sm

Re: dk_eom(): internal error from libdk: DNS reply for`s1024._domainkey.sbcglobal.net' truncated

From: Murray S. Kucherawy <msk@se...> - 2008-12-05 06:07

Jim Hermann - UUN Hostmaster wrote:
> I'm having another internal error from libdk.
>
> This is the DNS Record:
>
> s1024._domainkey.sbcglobal.net. 1193 IN TXT     "k=rsa\; t=y\;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8Ljn
> TD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
> "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4u
> dUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"
>   
I concocted a message signed such that it would retrieve and process 
that key and got no errors.  Can you send me a sample message which 
causes this problem?

This is still the d2i_PUBKEY_bio() error you were referring to earlier?

RE: dk_eom(): internal error from libdk: DNSreply for`s1024._domainkey.sbcglobal.net' truncated

From: Jim Hermann - UUN Hostmaster <hostmaster@uu...> - 2009-03-05 02:36

Murray,

This problem continues to this day:

s1024._domainkey.sbcglobal.net. 1182 IN TXT     "k=rsa\; t=y\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8Ljn
TD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
"JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4u
dUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"

Mar  4 15:17:14 host dk-filter[19866]: n24LHDRR017696: dk_eom(): internal
error from libdk: DNS reply for `s1024._domainkey.sbcglobal.net' truncated

I am running dk-milter-1.0.1 compiled with libar on Fedora Core 4.

Jim 

> -----Original Message-----
> From: Murray S. Kucherawy [mailto:msk@...] 
> Sent: Friday, December 05, 2008 12:09 AM
> To: General discussion and usage issues
> Subject: Re: dk_eom(): internal error from libdk: DNSreply 
> for`s1024._domainkey.sbcglobal.net' truncated
> 
> Jim Hermann - UUN Hostmaster wrote:
> > I'm having another internal error from libdk.
> >
> > This is the DNS Record:
> >
> > s1024._domainkey.sbcglobal.net. 1193 IN TXT     "k=rsa\; t=y\;
> > 
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E
> 9UGSXau/2P8Ljn
> > TD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
> > 
> "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4Rk
> dV7fVxTn56Lb4u
> > dUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"
> >   
> I concocted a message signed such that it would retrieve and process 
> that key and got no errors.  Can you send me a sample message which 
> causes this problem?
> 
> This is still the d2i_PUBKEY_bio() error you were referring 
> to earlier?
> 
> --------------------------------------------------------------
> ----------------
> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las 
> Vegas, Nevada.
> The future of the web can't happen without you.  Join us at 
> MIX09 to help
> pave the way to the Next Web now. Learn more and register at
> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009
> .visitmix.com/
> _______________________________________________
> dk-milter-discuss mailing list
> dk-milter-discuss@...
> https://lists.sourceforge.net/lists/listinfo/dk-milter-discuss
>

Re: dk_eom(): internal error from libdk: DNSreply for`s1024._domainkey.sbcglobal.net' truncated

From: Jim Fenton <jf-dk@bl...> - 2009-03-05 05:10

Jim,

That is the same key record that is used by Yahoo (since they send for 
sbcglobal.net). Are you having similar problems on yahoo.com messages? 
Otherwise it might be work checking to see what's different between 
yahoo.com and sbcglobal.net.

Thinking more broadly (including dkim-milter as well), I'm wondering if 
the defaults for -C should be adjusted to accept the message in nearly 
all cases. The only really legitimate tempfail case is if the milter 
gets a temporary error (i.e., not NXDOMAIN or "nodata" response) when 
retrieving the key. In other cases, it's very unlikely that tempfailing 
the message is going to do any good. It just delays the inevitable for a 
few days unless some unusually-vigilant sysadmin notices messages in the 
queue and investigates.

-Jim (F)

Jim Hermann - UUN Hostmaster wrote:
> Murray,
>
> This problem continues to this day:
>
> s1024._domainkey.sbcglobal.net. 1182 IN TXT     "k=rsa\; t=y\;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8Ljn
> TD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
> "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4u
> dUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"
>
> Mar  4 15:17:14 host dk-filter[19866]: n24LHDRR017696: dk_eom(): internal
> error from libdk: DNS reply for `s1024._domainkey.sbcglobal.net' truncated
>
> I am running dk-milter-1.0.1 compiled with libar on Fedora Core 4.
>
> Jim 
>
>   
>> -----Original Message-----
>> From: Murray S. Kucherawy [mailto:msk@...] 
>> Sent: Friday, December 05, 2008 12:09 AM
>> To: General discussion and usage issues
>> Subject: Re: dk_eom(): internal error from libdk: DNSreply 
>> for`s1024._domainkey.sbcglobal.net' truncated
>>
>> Jim Hermann - UUN Hostmaster wrote:
>>     
>>> I'm having another internal error from libdk.
>>>
>>> This is the DNS Record:
>>>
>>> s1024._domainkey.sbcglobal.net. 1193 IN TXT     "k=rsa\; t=y\;
>>>
>>>       
>> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E
>> 9UGSXau/2P8Ljn
>>     
>>> TD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
>>>
>>>       
>> "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4Rk
>> dV7fVxTn56Lb4u
>>     
>>> dUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"
>>>   
>>>       
>> I concocted a message signed such that it would retrieve and process 
>> that key and got no errors.  Can you send me a sample message which 
>> causes this problem?
>>
>> This is still the d2i_PUBKEY_bio() error you were referring 
>> to earlier?
>>
>>

Re: dk_eom(): internal error from libdk: DNSreply for`s1024._domainkey.sbcglobal.net' truncated

From: SM <sm@re...> - 2009-03-05 06:13

At 21:10 04-03-2009, Jim Fenton wrote:
>That is the same key record that is used by Yahoo (since they send for
>sbcglobal.net). Are you having similar problems on yahoo.com messages?
>Otherwise it might be work checking to see what's different between
>yahoo.com and sbcglobal.net.

DomainKeys signed messages from sbcglobal.net generally pass 
verification over here.  I see a few "bad signature" verification 
failures.  I'm not getting any "DNS reply for 
s1024._domainkey.sbcglobal.net truncated".  Does that happen for all 
messages signed by sbcglobal.net?

>Thinking more broadly (including dkim-milter as well), I'm wondering if
>the defaults for -C should be adjusted to accept the message in nearly
>all cases. The only really legitimate tempfail case is if the milter
>gets a temporary error (i.e., not NXDOMAIN or "nodata" response) when
>retrieving the key. In other cases, it's very unlikely that tempfailing
>the message is going to do any good. It just delays the inevitable for a
>few days unless some unusually-vigilant sysadmin notices messages in the
>queue and investigates.

The defaults in dk-milter will cause a temporary failure on internal 
error.  You can use  "-C internal=accept" to avoid that 
(On-InternalError in dkim-milter).  See the NOTES about DNS timeouts 
in the manual too.  One reason for temp-failing the message is that 
problem might be fixed on the next delivery attempt.  It also helps 
to identify bugs and get them fixed.

Without feedback from the users, it is not possible to find the bugs 
or improve dk-milter.

Regards,
-sm