On Tuesday December 21 2010 08:45:03 Per Jessen wrote: > I think I must have asked this before, so I must have forgotten the > answer - is there any way of distinguising between "DKIM verification > negative" and "DKIM could not verify"?
No, there currently is no way to distinguish a temporary failure (e.g. a timeout due to network problems) from other DNS failures in SpamAssassin's DKIM plugin. Even though a man page for Mail::DKIM::Verifier defines a result value 'temperror', the actual code never provides this value as far as I can tell. A timeout produces 'invalid' result: invalid (public key: DNS query timeout for ...) and in case of a DNS local server which has no connectivity to the requested domain the result is also an 'invalid': invalid (public key: DNS error: SERVFAIL) This would need to be coordinated with the author of the module Mail::DKIM, complemented by adding a new status/rule for such condition. I'm not sure if a genuine SERVFAIL rcode qualifies as a temporary failure, but a timeout definitely does. Mark
