Note: Running Postfix on Mac OS 10.4 using my own launchctl XML files so that the DKIM input check and output signing proxies are running.
A couple of weeks ago I finally got around to implementing DKIM signing and checking per the instructions on jason.long.name/dkimproxy/ and, until today, it seemed to be working well. All the DKIM tests that I have run it against passed and on the input side mail from domains that signed with DKIM all got a “pass” in the header.
Today I received the following email from the mail server:
Transcript of session follows.
Out: 220 cds1.mydomain.com ESMTP Postfix
In: EHLO mail.a-clients-domain.com
Out: 250-AUTH LOGIN PLAIN
Out: 250-AUTH=LOGIN PLAIN
Out: 250 8BITMIME
In: MAIL FROM:[email protected]
Out: 250 Ok
In: RCPT To:[email protected]
Out: 250 Ok
Out: 354 End data with .
Out: 451 Error: queue file write error
Out: 221 Bye
I used VPN to access the network the server is on and checked the mail.log and found the following:
Sep 4 13:00:52 mini postfix/smtpd: connect from unknown[22.214.171.124]
Sep 4 13:06:15 10.7.52.5 dkimproxy.in: DKIM verify - none; message-id=[email protected], from=[email protected]
Sep 4 13:06:15 mini postfix/smtpd: warning: lost connection with proxy 127.0.0.1:10025
Sep 4 13:06:15 mini postfix/cleanup: 99B446B471: message-id=[email protected]
Sep 4 13:06:15 mini postfix/smtpd: disconnect from unknown[126.96.36.199]
(The domain names and IP addresses have been munged for privacy reasons)
It appears that Postfix and the DKIM proxy had an issue on this one email (repeated each time the sender attempted to resend). I edited /etc/postfix/master.cf to turn off DKIM checks and the mail was able to be delivered. I have not seen it yet in person as it was not directed to me but the log shows it was nearly 4 meg in size.
I do have a slow link for the email and we do need to receive large files (this is for a free lance graphic design business). Since everything else is working (including DKIM signature checking on smaller test emails) I am wondering if there is a size limit or timeout value that needs to be tweaked for my configuration. If it appears that this issue is not related to message size or time out values, where else should I look?