Hi,
In http://opendkim.org/opendkim.conf.5.html there are several error
conditions defined, with the default actions for them, for instance
"On-SignatureError", "On-KeyNotFound". Ar least some conditions default
to tempfail. Configure the milter correctly and you should be fine.
Kind regards,
Tom
On 19-11-19 20:45, Viktor Dukhovni wrote:
On Tue, Nov 19, 2019 at 11:39:03AM -0800, Jeremiah Rothschild wrote:
It seems the tempfail is from the milter, not from Postfix. Postfix
is not in a position to know that the milter is not working as it
should, the milter is responding "normally".
That's too bad. I'm surely oversimplifying things but I figured the milter
would do something like pass a non-zero exit along, which postfix could then
use to make a decision on the status.
Postfix isn't executing the milter as a subprocess, they communicate over a
socket. If the milter returns a 4XX verdict, that's normal milter behaviour.
If the milter drops the connection, times out, ... that's a milter failure,
and *then* the Postfix milter_default_action kicks in.
Your best bet is to invest effort in keeping your milter working properly,
optimizing what happens when it is not working is likely the lesser option.
