On 02/09/2011 09:39 PM, Todd Lyons wrote:
On Wed, Feb 9, 2011 at 6:34 AM, J4K <junk4@klunky.co.uk> wrote:
       The DKIM-Filter I run occasionally returns these key retrieval failure
I just wanted to point out that this project was forked in Jul 2009
(now called opendkim) and continuing development has been going on
there.  It is also on sourceforge.

messages, and then rejects the email.  The milter time out for postfix
is 30 seconds which exceeds the dkim-filter default time out.
Additionally, The time stamps in the message below are the same.
There are also some dns resolver issues in that older version IIRC.
Are you using your system resolver or libar?  I can't remember that
far back, is unbound also supported in dkim-filter?

I am trying to work out whether this is,
       a misconfiguration problem with the sender's DKIM entry in DNS,
       a time-out from my server to the DNS
       a misconfiguration on my server.
Likely the sender's DNS, however your dkim software should, IMHO,
handle it a little more gracefully and not cause undue duress on your

Some messages from the postfix log follows:-

Feb  9 14:08:05 srv1 dkim-filter[6967]: 0F40884146: key retrieval failed
Feb  9 14:08:05 srv1 postfix/cleanup[19030]: 0F40884146: milter-reject:
END-OF-MESSAGE from smtp143.junkemailfilter.com[]: 4.7.1
Service unavailable - try again later; from=<bounce@couchsurfing.org>
to=<niceuser@klunky.co.uk> proto=ESMTP helo=<junkemailfilter.com>
Is there anything that says what key it was trying to retreive?  Can
you get ahold of the message that was queued as 0F40884146 ?

I am not sure how to get the message as it was cleaned up:
Feb  9 14:07:57 logout postfix/cleanup[19030]: 0F40884146: message-id=<20110206161728.76B0714C181@messaging.couchsurfing.com>

I just installed opendkim via aptitude on Debian Squeeze, started it, and all inbound delivery stopped! 
I had not even configured it as a milter in Postfix.
I removed it (aptitude remove opendkim), and deliver started.
This does not make any sense.