Note: Running Postfix on Mac OS 10.4 using my own launchctl XML files so that the DKIM input check and output signing proxies are running.

A couple of weeks ago I finally got around to implementing DKIM signing and checking per the instructions on jason.long.name/dkimproxy/ and, until today, it seemed to be working well. All the DKIM tests that I have run it against passed and on the input side mail from domains that signed with DKIM all got a “pass” in the header.

Today I received the following email from the mail server:

==============
Transcript of session follows.

Out: 220 cds1.mydomain.com ESMTP Postfix
In: EHLO mail.a-clients-domain.com
Out: 250-cds1.mydomain.com
Out: 250-PIPELINING
Out: 250-SIZE
Out: 250-ETRN
Out: 250-AUTH LOGIN PLAIN
Out: 250-AUTH=LOGIN PLAIN
Out: 250 8BITMIME
In: MAIL FROM:[email protected]
Out: 250 Ok
In: RCPT To:[email protected]
Out: 250 Ok
In: DATA
Out: 354 End data with .
Out: 451 Error: queue file write error
In: QUIT
Out: 221 Bye

=================

I used VPN to access the network the server is on and checked the mail.log and found the following:

Sep 4 13:00:52 mini postfix/smtpd[15043]: connect from unknown[65.66.67.68]
Sep 4 13:06:15 10.7.52.5 dkimproxy.in[28169]: DKIM verify - none; message-id=[email protected], from=[email protected]
Sep 4 13:06:15 mini postfix/smtpd[15043]: warning: lost connection with proxy 127.0.0.1:10025
Sep 4 13:06:15 mini postfix/cleanup[15056]: 99B446B471: message-id=[email protected]
Sep 4 13:06:15 mini postfix/smtpd[15043]: disconnect from unknown[65.66.67.68]

(The domain names and IP addresses have been munged for privacy reasons)

It appears that Postfix and the DKIM proxy had an issue on this one email (repeated each time the sender attempted to resend). I edited /etc/postfix/master.cf to turn off DKIM checks and the mail was able to be delivered. I have not seen it yet in person as it was not directed to me but the log shows it was nearly 4 meg in size.

I do have a slow link for the email and we do need to receive large files (this is for a free lance graphic design business). Since everything else is working (including DKIM signature checking on smaller test emails) I am wondering if there is a size limit or timeout value that needs to be tweaked for my configuration. If it appears that this issue is not related to message size or time out values, where else should I look?

Thanks!

Investigating further, the “451 Error: queue file write error” message is apparently generated by the pre-filter smtpd daemon if it times out communicating with the filter daemon. The default time out is 100 seconds.

Sending several large (slow) emails into Postfix with the DKIM input filter enabled and with it disabled, it appears that my version of Postfix (a v2.1 variant) starts its timer when it starts passing data to the filter and does not reset it each time data is passed to the filter. Thus a slow input to the pre-filter smtpd daemon will cause the daemon to erroneously declare that the filter is taking too long.

I saw no significant difference in transfer times when using the DKIM filter on an unsigned message and not using the filter. So the time out issue was not, in my case, a performance issue with the DKIM input filter program.

Anyway, adding a smtpd_proxy_timeout value to my master.cf file now allows me to receive emails of up to about 17MB (largest tested) and should, based on the speed of my interface allow files up to about 20MB. The revised lines in master.cf are now:

smtp inet n - n - 20 smtpd
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10
-o smtpd_proxy_timeout=600s