From: Dan M. S. A. <da...@pr...> - 2009-12-25 08:42:28
|
On Thu, 24 Dec 2009, SM wrote: > At 15:43 24-12-2009, Dan Mahoney, System Admin wrote: >> Note: it's christmas eve. I would figure Best Buy would care about this, >> but with propagation delays and the like I don't think it's fixable or >> advisable for a major DNS change this soon before Christmas. > > This message is copied to Best Buy in case they wish to fix the problem. I had also copied it to the reporting address indicated by their domainkey record. I should bounce it along to postmaster@, webmaster@, and track down the service they're using to manage email as well. > I'll defer delivery so that you can fix the problem instead of > treating the message as "forged mail". I don't think DKIM normally bounces mail for me, I let spamassassin weigh this and most other factors. I run it at the MTA level because I need to do this anyway for outbound mail. >> 1.5) For the purposes of -C actions, does this count as a "dnserror", same >> as the above conditions (servfail, etc)? > > Use On-InternalError to override the behavior. So the answer there is "yes". Doing that for now, which also means I accept mail on a servfail, which is an actual error. I've heard a report that opendkim does not treat NXDOMAIN as an error, so that seems to be the longer term fix. >> 2) What's worse is I don't see a way to tune this, either per-domain or >> per-dns-errortype, in either /etc/mail/access or in dkim.conf. How would >> I whitelist this, and say, "yes, *.bestbuy.com is having a problem, I'm >> working around it"? (Note that I see a way to do it by IP in the >> archives, but not by domain). > > It cannot be done per domain. Shucky-darns. AccessDB seems to be supported by many other milters, just none that do this. -- "It would be bad." -Egon Spengler, "Ghostbusters" --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- |