Thanks for your reply Eric,
I'm not so worried about DK checking as I am of the DK signing. I
had continual failures with the forward slash as part of the key, but using
an octal code to replace it seemed to fix it. But I'm still failing about 2
out of every 5 tests with a "DomainKey-Status: bad: Signature failed
verification" and the same results sending email to yahoo, some keys pass
and the message does not get deferred and then some keys fail with
"Authentication-Results: mta139.mail.re1.yahoo.com from=katzrealtyinc.com;
domainkeys=fail (bad sig)" and the email gets deferred for up to 12 hours.
Both the test results and yahoo headers show DomainKey information, so it is
getting info from my DNS server but evidently not the correct info. Any help
would be greatly appreciated.
Kevin
-----Original Message-----
From: Eric Shubert [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 17, 2008 3:28 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Well, It was good for a day..
Kevin Katz wrote:
> Sorry Folks,
> I thought I had it, now it's not working again. I can tell you that
> this IS an issue with Yahoo defering mail, once I had a valid DomainKey,
> they accepted my mail right off;
>
> Eric, can you point me in the right direction on getting this fixed, I
will
> be glad to help if I can. As far as I can tell, this is something that we
do
> need working.
>
> Kevin
>
I'll try. FWIW, this is TTBOMK, and is not necessarily 100% conclusive. It's
what I recall from working with it some time ago.
DK signing (outbound) in the toaster works properly AFAIK.
The bit you discovered about special characters is interesting. It *might*
only apply to djbdns though. My public domain key has a slash (/) in it, and
I have no problems with yahoo. However, I route mail to yahoo through
dyndns's mailhop outbound service, so that might have some effect.
DK checking (incoming) in the toaster is hit and miss. Sometimes it appears
to work ok, but other times it reports bad keys inappropriately (when the
key is valid). I've seen this behavior with some messages from the QMT list.
It also does not honor the testing (t=y) parameter at all.
FWIW, I do use DK signatures, but that is all. I do not use DK verification,
since it isn't reliable.
In addition to all that, I'm not aware of any problem with SpamAssassin's DK
(or DKIM for that matter) rules. You simply need to have the modules
installed for the related scoring to take place.
HTH
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
