[knot-dns-users] *****SPAM***** Re: knot-1.4.4-49.1.i586 on opensuse 12.2 and automatic resign zone not approved ?

Spam detection software, running on the system "mail.nic.cz", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Good morning, thanks for the answer, I'll upgrade Knot as soon as possible, Best regards J.Karliak Cituji Daniel Salzman <daniel.salzman(a)nic.cz>cz>: fixed > in newer versions. So the quickest > recommendation for you is upgrade to a newer version of Knot (if it > is possible). > > Dan > > On 09/26/2014 01:38 PM, Josef Karliak wrote: >> Good afternoon, >> I made a change in our zone, changed serial of the zone and reload >> the zone. When I check the syslog, I saw some complains, that the >> signatures was out of date. For example: >> Sep 26 11:31:17 slimak knot[22992]: [warning] Semantic warning in >> node: slimak.fnhk.cz.: RRSIG: Expired signature! Record type: A. >> Sep 26 11:31:17 slimak knot[22992]: [warning] Semantic warning in >> node: slimak.fnhk.cz.: RRSIG: Expired signature! Record type: AAAA. >> Sep 26 11:31:17 slimak knot[22992]: [warning] Semantic warning in >> node: slimak.fnhk.cz.: RRSIG: Expired signature! Record type: NSEC. >> >> This happens for all records in the zone. >> >> Last change was 11.8.2014, knot signed it and planned resign to 7.9.2014: >> Aug 11 13:39:10 slimak knot[22992]: Semantic checks completed for >> zone=fnhk.cz. >> Aug 11 13:39:10 slimak knot[22992]: Zone 'fnhk.cz.' reloaded >> (serial 2014081101) >> Aug 11 13:39:10 slimak knot[22992]: DNSSEC: Zone fnhk.cz. - Signing >> started... >> Aug 11 13:39:10 slimak knot[22992]: DNSSEC: Zone fnhk.cz. - - Key >> is valid, tag 64431, file Kfnhk.cz.+005+64431.private, ZSK, active, >> public >> Aug 11 13:39:10 slimak knot[22992]: DNSSEC: Zone fnhk.cz. - - Key >> is valid, tag 26812, file Kfnhk.cz.+005+26812.private, KSK, active, >> public >> Aug 11 13:39:10 slimak knot[22992]: DNSSEC: Zone fnhk.cz. - >> Successfully signed. >> Aug 11 13:39:10 slimak knot[22992]: DNSSEC: Zone fnhk.cz.: Next >> signing planned on 2014-09-07T11:39:10. >> Aug 11 13:39:10 slimak knot[22992]: Loaded 5 out of 5 zones. >> Aug 11 13:39:10 slimak knot[22992]: Applied differences of >> 'fnhk.cz.' to zonefile. >> Aug 11 13:39:10 slimak knot[22992]: Configuration reloaded. >> Aug 11 13:39:10 slimak knot[22992]: NOTIFY of 'fnhk.cz.' to >> [...] Content analysis details: (5.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.8 DKIM_ADSP_ALL No valid author signature, domain signs all mail -0.0 SPF_PASS SPF: sender matches SPF record 1.0 MISSING_HEADERS Missing To: header -0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5% [score: 0.0181] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 3.5 RDNS_NONE Delivered to internal network by a host with no rDNS 0.8 KAM_ASCII_DIVIDERS Spam that uses ascii formatting tricks 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.