Hi Russ,
> Nothing shows up in the log when mail is dropped. All other patches
> write info into the log when mail is rejected. This makes
> troubleshooting your broken code incredibly hard.
The code may have bugs. Logging may be useful. Don't confuse those
two issues.
Good point.
> > > 2) Doesn't honor disabling. If you disable it, qmail-dk can still drop
mail.
> >
> > What do you mean by "disabling"? If qmail-dk is disabled, then you're
> > no longer running it, so how can software which isn't running drop mail?
>
> Disable was the wrong word. If you set qmail-dk to not permanently
> reject mail (IE soft errors), qmail-dk can still hard reject mail.
If so, that's a bug. Do you have a test case that reproduces it?
No, it's not reproducible 100% of the time.
> > > 3) Doesn't honor testing flag in DNS
> >
> > Errr, it's supposed to. Do you have a test case for which it fails?
>
> Probably not a big deal
If you're going to malign my code, let's see the proof! Otherwise,
I'll just dismiss you as a wanker.
A bad sig e-mail w/ hard reject set in DKVERIFY will result in hard
rejection regardless of whether the test flag is set or not. My
example for correct behavior would be spf, which will not cause a hard
rejection if ?all is set in the spf record.
> > > 4) Doesn't set "h=" flag which states what is covered by the sig
> > > (causes forwards and backup mx mail to fail)
> >
> > Nope. If you have software which is munging the message ... fix it.
> > But forwards and backup mx mail don't cause it to fail.
>
> Adding Received headers is not message munging. The fact that qmail-dk
> doesn't set the h= flag means outgoing mail can be hard rejected by
> mail servers doing the right thing.
Again, I see no proof that this isn't just the product of your fevered
imagination. My email path prepends several Received headers and the
signatures still verify.
I'm not the only one that brought this up. Test it for yourself.
> The fact that qmail-dk doesn't honor the h= flag for incoming mail
> means that qmail-dk will set DomainKey status as bad when the mail is
> good (verifies via dktest).
Bullshit on a stick without test cases, sorry. h= is actuallly
completely useless, and anyway, if there's a problem, it's in
libdomainkeys, for which I no longer bear responsibility.
I can provide you full e-mails off list if you are interested:
[root@electron cur]# grep DomainKey-Status * | grep bad | tail -1
1174362242.M957119P23876V0000000000000013I000B0090.electron.kabewm.com,S=5940:2,S:DomainKey-Status:
bad
[root@electron cur]# dktest -v <
1174362242.M957119P23876V0000000000000013I000B0090.electron.kabewm.com\,S\=5940\:2\,S
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Status: good
> Look Russ, I'm not here to flame you or your contributions. All I'm
> saying is that this doesn't work properly for most people.
But you don't bother to provide a usable bug report.
Didn't know there was a place to provide a bug report
As for people having trouble with it, I explicitly said in the release
email that the UI sucks, and I asked for suggestions. Still haven't
gotten any.
Possibly because there is no contact info anywhere.
Erik
|