I have installed dk-milter 1.0.2 with sendmail on Slackware. It signs mail correctly but I am having trouble with it verifying incoming mail from the domain yahoogroups.com.
At first ALL incoming email that was signed with a domain key resulted in a “domainkeys=fail” in the header.
After much gnashing of the teeth, head scratching, and poking around the web I determined that it was the result of my resolv.conf pointing to the Open DNS server 22.214.171.124 which I had used for years. From what I read in an Open DNS forum, Open DNS servers do not work because they do not return the “AUTHORITY SECTION:” and “ADDITIONAL SECTION:” for a _domainkey inquiry. As a result I dropped the 126.96.36.199 reference and added 188.8.131.52 (ns2.cisco.com) in its place. That solved the problem for almost all inbound mail including mail from gmail.com.
The one email source of mail that I still cannot verify is yahoogroups.com.
If I do a “dig” of the current _domainkey entry for yahoogroups.com I receive the following.
lima._domainkey.yahoogroups.com. 7200 IN TXT "k=rsa\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL10WHRWMSb9Tnl+k4Kzpc18rDCTpDT1pbK0xwkdZIZkaP8NB75qa/S57xccZlIwbI22Ooy/IY+8WxQtvE2z4W" "LLNOf9hkMeicUH48TGkEoCAcaSjJz/b3NMrOy9l1U7gQIDAP//"
In looking at this I see that the key is split into two parts as indicated by the two sets of quotes. I assume that is because it takes two TXT entries to list the entire key on the yahoo.com DNS servers, but I do not know that for sure.
I also assume since all the “dig” responses from domains that I can verify mail from do not have the key spit in two parts, that this is the source of the problem.
Can anyone verify that and offer a solution? Is it inherent in 1.02 or have I configured something wrong? Is the problem something else entirely.
I didn't see the post "This forum is unmonitored" until after I posted. I will repost to the "dk-milter-discuss" listserv as suggested so you might want to check there if you find this with no followup and are looking for a solution to a similar problem.