From: Scott G. <sgr...@bo...> - 2004-11-27 02:33:38
|
On Friday 26 November 2004 05:43 pm, Robert Allerstorfer wrote: > Hi SM, >=20 > > Nice catch. This tags for the policy records are optional btw. If the > > policy records does not exist, the recipient system assume the default = values. >=20 > Thanks for pointing that out. If I understood it right, every domain > must have a Policy statement - [from Draft-01] "in particular, whether a > domain is participating in DomainKeys, whether they are testing and > whether it signs all outbound email". At the moment, the policy > statement is set as TXT record in the _domainkey.MYDOMAIN domain. >=20 > "If the policy TXT record does not exist, recipient systems MUST > assume the default values." >=20 > But, if the policy TXT record exists and contains tags not allowed > there, verifying systems may fail. Scott's policy record is still in > error. This shows both the result of the dig call mentioned in my > original post and this web based test utility: >=20 > http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=3Dborgnet.us >=20 > =3D> >=20 > "Testing borgnet.us > Policy TXT=3Dg=3D; k=3Drsa; t=3Dy; p=3DMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM= rl8e9mUYGKKv2TlNLQK5woYBWY6/0NtyM2N8IcA9xffpqqClg9w7X0F8XGXcVNZiKbS8iUeY5/D= Mzo/JnYIxsCAwEAAQ=3D=3D > This policy record is in error: Unexpected tag(s): p,k,g" >=20 > best, > rob. >=20 >=20 This makes no sense. If gentxt creates the dns entry then why is the tags p= ,k,g not right? I thought it was generating it right? Adding o=3D~; to my records made no difference. Maybe I should just disable the dk-filter until everything is working corre= ctly and better docs are written. All I can say is it was working until recently. Previous tests confirmed that. Scott |