PKS network mailsync peers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

PKS network mailsync peers

Jonathan Oxer-4
I've been running an SKS keyserver now for a little while with no
mailsync entry to send updates to the PKS network. Looking through the
various keyservers listed at http://sks-keyservers.net/status/ many of
them seem to have either no mailsync entry at all, or an obviously bogus
entry (such as keyserver.ubuntu.com, which lists "devnull@localhost" as
the mailsync peer), or list "[hidden email]" as
their peer.

I just did some testing with the KJSL address as my mailsync peer and
any update messages I send it are rejected with a message that the
address is invalid:

Dec  6 13:46:56 keys postfix/qmgr[3199]: 4DC1543C190:
from=<[hidden email]>, size=15251, nrcpt=1 (queue active)
Dec  6 13:46:59 keys postfix/smtp[21570]: 4DC1543C190:
to=<[hidden email]>,
relay=spamfilter.layer42.net[69.36.224.13], delay=3, status=bounced
(host spamfilter.layer42.net[69.36.224.13] said: 550 cuda_nsu 5.1.1
<[hidden email]>: Recipient address rejected: User
unknown in virtual alias table (in reply to RCPT TO command))
Dec  6 13:46:59 keys postfix/cleanup[21568]: C81EF43C191:
message-id=<[hidden email]>
Dec  6 13:46:59 keys postfix/qmgr[3199]: 4DC1543C190: removed

So, two questions.

1. Does it matter about not having a mailsync setting?

2. If it does matter, is there a particular PKS mailserver that I should
peer with?

Cheers    :-)
--
Jonathan Oxer
Ph +61 3 9723 9399

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PKS network mailsync peers

Jason Harris
On Thu, Dec 06, 2007 at 02:16:58PM +1100, Jonathan Oxer wrote:

> I just did some testing with the KJSL address as my mailsync peer and
> any update messages I send it are rejected with a message that the
> address is invalid:
>
> Dec  6 13:46:56 keys postfix/qmgr[3199]: 4DC1543C190:

Sorry about this outage.  Fortunately, it was fixed a few days ago
by the owner of the hardware.  All SKS admins should (once again)
feel free to add [hidden email] as a mailsync
peer.  This helps keep the SKS and pks/onak/OpenPKSD/OPKS (i.e.,
non-SKS) keyserver networks in sync.

Thanks.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PKS network mailsync peers

Jonathan Oxer-4
On Wed, 2008-01-02 at 07:59 -0500, Jason Harris wrote:

> Sorry about this outage.  Fortunately, it was fixed a few days ago
> by the owner of the hardware.  All SKS admins should (once again)
> feel free to add [hidden email] as a mailsync
> peer.  This helps keep the SKS and pks/onak/OpenPKSD/OPKS (i.e.,
> non-SKS) keyserver networks in sync.

Aha, thanks, that explains it! I thought perhaps the problem was that I
had misconfigured SKS, but it seems I was just a victim of bad timing.
My mail log is showing messages being successfully sent through now.

As a matter of interest, how does an outage like that impact the
consistency of key distribution across the various networks? Keys added
to my server during that period would have propagated correctly to other
SKS servers, but not been sent to non-SKS servers. Is there any
mechanism to ensure those changes are propagated, or do the networks
just naturally diverge in content as they accumulate network-local
changes?

Sorry if this is a stupid question. I'm just trying to better understand
how the various server networks interact.

Cheers   :-)
--
Jonathan Oxer
Ph +61 3 9723 9399
"Ubuntu Hacks": <www.ubuntuhacks.com>
"How To Build A Website And Stay Sane": <www.stay-sane.com>

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PKS network mailsync peers

Jason Harris
On Thu, Jan 03, 2008 at 08:35:25AM +1100, Jonathan Oxer wrote:
> On Wed, 2008-01-02 at 07:59 -0500, Jason Harris wrote:
>
> > Sorry about this outage.  Fortunately, it was fixed a few days ago
> > by the owner of the hardware.  All SKS admins should (once again)
> > feel free to add [hidden email] as a mailsync
> > peer.  This helps keep the SKS and pks/onak/OpenPKSD/OPKS (i.e.,
> > non-SKS) keyserver networks in sync.

> As a matter of interest, how does an outage like that impact the
> consistency of key distribution across the various networks? Keys added

The pks admins need to trade keydumps to fix such inconsistencies.

--
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
[hidden email] _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (322 bytes) Download Attachment