dk-milter 1.0.2 and yahoogroups.com?

General
kenwood2
2009-05-18
2013-04-23
  • kenwood2
    kenwood2
    2009-05-18

    I have installed dk-milter 1.0.2 with sendmail on Slackware.   It signs mail correctly but I am having trouble with it verifying incoming mail from the domain yahoogroups.com. 

    At first ALL incoming email that was signed with a domain key resulted in a “domainkeys=fail” in the header. 

    After much gnashing of the teeth, head scratching, and poking around the web I determined that it was the result of my resolv.conf pointing to the Open DNS server 208.67.220.220 which I had used for years.   From what I read in an Open DNS forum, Open DNS servers do not work because they do not return the “AUTHORITY SECTION:” and “ADDITIONAL SECTION:” for a  _domainkey inquiry.   As a result I dropped the 208.67.220.220 reference and added 64.102.255.44 (ns2.cisco.com) in its place.  That solved the problem for almost all inbound mail including mail from gmail.com.  

    The one email source of mail that I still cannot verify is yahoogroups.com.

    If I do a “dig” of the current _domainkey  entry for yahoogroups.com I receive the following.

    lima._domainkey.yahoogroups.com. 7200 IN TXT    "k=rsa\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL10WHRWMSb9Tnl+k4Kzpc18rDCTpDT1pbK0xwkdZIZkaP8NB75qa/S57xccZlIwbI22Ooy/IY+8WxQtvE2z4W" "LLNOf9hkMeicUH48TGkEoCAcaSjJz/b3NMrOy9l1U7gQIDAP//"

    In looking at this I see that the key is split into two parts as indicated by the two sets of quotes.  I assume that is because it takes two TXT entries to list the entire key on the yahoo.com DNS servers, but I do not know that for sure.

    I also assume since all the “dig” responses from domains that I can verify mail from do not have the key spit in two parts, that this is the source of the problem.

    Can anyone verify that and offer a solution? Is it inherent in 1.02 or have I configured something wrong?  Is the problem something else entirely.

     
    • kenwood2
      kenwood2
      2009-05-18

      I didn't see the post "This forum is unmonitored" until after I posted.  I will repost to the "dk-milter-discuss" listserv as suggested so you might want to check there if you find this with no followup and are looking for a solution to a similar problem.