Re: [dkim-milter-discuss] Best Buy DKIM Issues/Whitelisting/DNS Errors

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Thu, 24 Dec 2009, SM wrote:

> At 15:43 24-12-2009, Dan Mahoney, System Admin wrote:
>> Note: it's christmas eve.  I would figure Best Buy would care about this,
>> but with propagation delays and the like I don't think it's fixable or
>> advisable for a major DNS change this soon before Christmas.
>
> This message is copied to Best Buy in case they wish to fix the problem.

I had also copied it to the reporting address indicated by their domainkey 
record.  I should bounce it along to postmaster@, webmaster@, and track 
down the service they're using to manage email as well.

> I'll defer delivery so that you can fix the problem instead of
> treating the message as "forged mail".

I don't think DKIM normally bounces mail for me, I let spamassassin weigh 
this and most other factors.  I run it at the MTA level because I need to 
do this anyway for outbound mail.

>> 1.5) For the purposes of -C actions, does this count as a "dnserror", same
>> as the above conditions (servfail, etc)?
>
> Use On-InternalError to override the behavior.

So the answer there is "yes".

Doing that for now, which also means I accept mail on a servfail, which is 
an actual error.  I've heard a report that opendkim does not treat 
NXDOMAIN as an error, so that seems to be the longer term fix.

>> 2) What's worse is I don't see a way to tune this, either per-domain or
>> per-dns-errortype, in either /etc/mail/access or in dkim.conf.  How would
>> I whitelist this, and say, "yes, *.bestbuy.com is having a problem, I'm
>> working around it"?  (Note that I see a way to do it by IP in the
>> archives, but not by domain).
>
> It cannot be done per domain.

Shucky-darns.  AccessDB seems to be supported by many other milters, just 
none that do this.

-- 

"It would be bad."

-Egon Spengler, "Ghostbusters"

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------