Error mail delivery

Discussion in 'ISPConfig 3 Priority Support' started by xanela, Jan 23, 2015.

  1. xanela

    xanela Member HowtoForge Supporter

    Hello everyone.
    I have several mail domains to which my clients can not deliver mail.
    After I contact the administrators of those domains and make checks together, why the post of my clients are rejected is that the size of the header exceeds 998 bytes.

    This is the error that shows my server installed with ispconfig3
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    5B1812A815B3 1785 Mon Jan 19 23:30:37 [email protected]*****da.es
    (conversation with mail.x****a.es[85.**.**.136] timed out while sending end of data -- message may be sent more than once)
    [email protected]**ta.es


    This is the error that shows the firewall hosting where I try to entergar mail

    match header line length gt 998 - drop-connection

    It would be possible to adjust the size of the headers of emails for my clients emails can be delivered.

    My server currently debian OS 7 installed according to the perfect server with apache2, postfix, dovecot manual.

    I hope you can help me

    thank you very much
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    One of the headers must exceed that length, to find out which one, you can use postcat. the command for the above email is:

    postcat /var/spool/postfix/deferred/5/5B1812A815B3
     
  3. xanela

    xanela Member HowtoForge Supporter

    The message I get is the following
    *** ENVELOPE RECORDS /var/spool/postfix/deferred/5/5B1812A815B3 ***
    message_size: 1785 712 1 0 1785
    message_arrival_time: Mon Jan 19 23:30:37 2015
    create_time: Mon Jan 19 23:30:37 2015
    named_attribute: log_ident=5B1812A815B3
    named_attribute: rewrite_context=local
    sender: [email protected]
    named_attribute: encoding=7bit
    named_attribute: log_client_name=localhost.localdomain
    named_attribute: log_client_address=127.0.0.1
    named_attribute: log_client_port=42535
    named_attribute: log_message_origin=localhost.localdomain[127.0.0.1]
    named_attribute: log_helo_name=localhost
    named_attribute: log_protocol_name=ESMTP
    named_attribute: client_name=localhost.localdomain
    named_attribute: reverse_client_name=localhost.localdomain
    named_attribute: client_address=127.0.0.1
    named_attribute: client_port=42535
    named_attribute: helo_name=localhost
    named_attribute: protocol_name=ESMTP
    named_attribute: client_address_type=2
    named_attribute: dsn_orig_rcpt=rfc822;[email protected]*****ta.es
    original_recipient: [email protected]*****a.es
    recipient: [email protected]*****a.es
    *** MESSAGE CONTENTS /var/spool/postfix/deferred/5/5B1812A815B3 ***
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by lince.pexego.net (Postfix) with ESMTP id 5B1812A815B3
    for <[email protected]******.es>; Mon, 19 Jan 2015 23:30:37 +0100 (CET)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tra*****da.es; h=
    content-transfer-encoding:content-type:content-type:mime-version
    :user-agent:from:from:subject:subject:date:date:message-id; s=
    default; t=1421706637; x=1423521038; bh=p463C1lGDoP+fS1TcaBpD1QC
    70z2U3sWwkElxxCizME=; b=V6D5qj2O5PO7rxtxwMz4ZmNsju3WbIRqK07+tQTK
    72pVBt8N00dmV2WcST/v+ohY1Bm+A2bEiymah2kwttxVsr1lEmjAyur2bmtK7CLs
    F9hmAcN6neZKQ5zxg4xz+m3xQysvxQ1zhSnt3Q65lv4RTAWCUT/eHfZGeqOeXJa5
    peE=
    X-Virus-Scanned: Debian amavisd-new at li****go.net
    Received: from lince.pexego.net ([127.0.0.1])
    by localhost (linc*****go.net [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id xqZHr8sslB4o for <[email protected]*****a.es>;
    Mon, 19 Jan 2015 23:30:37 +0100 (CET)
    Received: from lin*****go.net (localhost.localdomain [127.0.0.1])
    by li******go.net (Postfix) with ESMTP id 02F652A80584
    for <[email protected]****ta.es>; Mon, 19 Jan 2015 23:30:37 +0100 (CET)
    Received: from 80.**.***.98
    (SquirrelMail authenticated user [email protected]*****a.es)
    by lin****go.net with HTTP;
    Mon, 19 Jan 2015 23:30:37 +0100
    Message-ID: <[email protected]****ego.net>
    Date: Mon, 19 Jan 2015 23:30:37 +0100
    Subject: Contacto
    From: [email protected]****da.es
    To: [email protected]***a.es
    User-Agent: SquirrelMail/1.4.23 [SVN]
    MIME-Version: 1.0
    Content-Type: text/plain;charset=iso-8859-1
    X-Priority: 3 (Normal)
    Importance: Normal
    Content-Transfer-Encoding: quoted-printable

    Hola bos d=EDas.

    Esto he unha proba de correo


    *** HEADER EXTRACTED /var/spool/postfix/deferred/5/5B1812A815B3 ***
    named_attribute: encoding=7bit
    *** MESSAGE FILE END /var/spool/postfix/deferred/5/5B1812A815B3 ***
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The only long header in that mail is the dkim header. So the recipient servers seem to lack support for dkim signed emails. You should send the mail headers that you posted to the postmaster of the server that you have problems with as a mailserver today should support dkim signatures.
     
  5. xanela

    xanela Member HowtoForge Supporter

    I will contact the administrators of these domains.

    There would be some form of filtering to not send the signature dkim to certain domains?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Which dkim key strength do you use?
     
  7. xanela

    xanela Member HowtoForge Supporter

  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to set the key strength to 1024 so that the resulting dkim header should be shorter.
     
  9. xanela

    xanela Member HowtoForge Supporter

    where in I enter the value 1024?

    if you try to introduce DKIM-Selector the result is invalid domain or selector.
     
  10. xanela

    xanela Member HowtoForge Supporter

    hello again.
    They could tell me how to change the length of the signature dkim?
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    I dont use that patch, so I cant tell you where exactly it can be changed. Either you can change it when you create the signature or there is a setting under System > server config in ISPConfig.
     
  12. xanela

    xanela Member HowtoForge Supporter

    Hello again.
    No change does not leave me the length of the dkim signature.

    dkim signature that sisteme do you recommend?
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    According to the author of this patch that you used, the dkim key length is configurable. He recommends to use 1024 or 2046.
     
  14. xanela

    xanela Member HowtoForge Supporter

    I'm trantado to find the place in which modify the length of the dkim signature.
    But so far I have not succeeded.

    in / sistem / serverconfig / server / mail only find reference to the path of the dkim signatures
     
  15. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    You should use the latest version. The option for a dkim-strength <> 1024 was add a few month ago. If you use a version < 1.1.6 you can not alter the key-strength and you always use 1024 bits. IF a receiver drops your mail because of a dkim-strength with 1024 bits, this is very anoying. You can not send mails to google with a key.strength < 1024 bits and i donĀ“t know why this should be a problem. Sounds like a cisco-setup or a wrong configured exchange-server
     
    till likes this.

Share This Page