Hello everyone. I have several mail domains to which my clients can not deliver mail. After I contact the administrators of those domains and make checks together, why the post of my clients are rejected is that the size of the header exceeds 998 bytes. This is the error that shows my server installed with ispconfig3 -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 5B1812A815B3 1785 Mon Jan 19 23:30:37 proba@tr*****da.es (conversation with mail.x****a.es[85.**.**.136] timed out while sending end of data -- message may be sent more than once) soporte-***-correo@x**ta.es This is the error that shows the firewall hosting where I try to entergar mail match header line length gt 998 - drop-connection It would be possible to adjust the size of the headers of emails for my clients emails can be delivered. My server currently debian OS 7 installed according to the perfect server with apache2, postfix, dovecot manual. I hope you can help me thank you very much
One of the headers must exceed that length, to find out which one, you can use postcat. the command for the above email is: postcat /var/spool/postfix/deferred/5/5B1812A815B3
The message I get is the following *** ENVELOPE RECORDS /var/spool/postfix/deferred/5/5B1812A815B3 *** message_size: 1785 712 1 0 1785 message_arrival_time: Mon Jan 19 23:30:37 2015 create_time: Mon Jan 19 23:30:37 2015 named_attribute: log_ident=5B1812A815B3 named_attribute: rewrite_context=local sender: [email protected] named_attribute: encoding=7bit named_attribute: log_client_name=localhost.localdomain named_attribute: log_client_address=127.0.0.1 named_attribute: log_client_port=42535 named_attribute: log_message_origin=localhost.localdomain[127.0.0.1] named_attribute: log_helo_name=localhost named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost.localdomain named_attribute: reverse_client_name=localhost.localdomain named_attribute: client_address=127.0.0.1 named_attribute: client_port=42535 named_attribute: helo_name=localhost named_attribute: protocol_name=ESMTP named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;sopor*******rreo@x*****ta.es original_recipient: soporte-*****orreo@x*****a.es recipient: soporte-******rreo@xu*****a.es *** MESSAGE CONTENTS /var/spool/postfix/deferred/5/5B1812A815B3 *** Received: from localhost (localhost.localdomain [127.0.0.1]) by lince.pexego.net (Postfix) with ESMTP id 5B1812A815B3 for <soport****rreo@xu******.es>; Mon, 19 Jan 2015 23:30:37 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tra*****da.es; h= content-transfer-encoding:content-type:content-type:mime-version :user-agent:from:from:subject:subject:date:date:message-id; s= default; t=1421706637; x=1423521038; bh=p463C1lGDoP+fS1TcaBpD1QC 70z2U3sWwkElxxCizME=; b=V6D5qj2O5PO7rxtxwMz4ZmNsju3WbIRqK07+tQTK 72pVBt8N00dmV2WcST/v+ohY1Bm+A2bEiymah2kwttxVsr1lEmjAyur2bmtK7CLs F9hmAcN6neZKQ5zxg4xz+m3xQysvxQ1zhSnt3Q65lv4RTAWCUT/eHfZGeqOeXJa5 peE= X-Virus-Scanned: Debian amavisd-new at li****go.net Received: from lince.pexego.net ([127.0.0.1]) by localhost (linc*****go.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xqZHr8sslB4o for <sopo*****rreo@xu*****a.es>; Mon, 19 Jan 2015 23:30:37 +0100 (CET) Received: from lin*****go.net (localhost.localdomain [127.0.0.1]) by li******go.net (Postfix) with ESMTP id 02F652A80584 for <sopor*******rreo@x****ta.es>; Mon, 19 Jan 2015 23:30:37 +0100 (CET) Received: from 80.**.***.98 (SquirrelMail authenticated user pr****a@tra*****a.es) by lin****go.net with HTTP; Mon, 19 Jan 2015 23:30:37 +0100 Message-ID: <0f8de16290e7afc22a9ea2402c07b659.squirrel@lin****ego.net> Date: Mon, 19 Jan 2015 23:30:37 +0100 Subject: Contacto From: pr***a@tra****da.es To: sopo****orreo@xu***a.es User-Agent: SquirrelMail/1.4.23 [SVN] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable Hola bos d=EDas. Esto he unha proba de correo *** HEADER EXTRACTED /var/spool/postfix/deferred/5/5B1812A815B3 *** named_attribute: encoding=7bit *** MESSAGE FILE END /var/spool/postfix/deferred/5/5B1812A815B3 ***
The only long header in that mail is the dkim header. So the recipient servers seem to lack support for dkim signed emails. You should send the mail headers that you posted to the postmaster of the server that you have problems with as a mailserver today should support dkim signatures.
I will contact the administrators of these domains. There would be some form of filtering to not send the signature dkim to certain domains?
hello again. I do dkim installation as recommended in the forum this site. http://blog.schaal-24.de/ispconfig/dkim-patch-1-0-2/?lang=en Then when I create a new mail domain in dkim signature in the field DKIM-Selector sets default
where in I enter the value 1024? if you try to introduce DKIM-Selector the result is invalid domain or selector.
I dont use that patch, so I cant tell you where exactly it can be changed. Either you can change it when you create the signature or there is a setting under System > server config in ISPConfig.
Hello again. No change does not leave me the length of the dkim signature. dkim signature that sisteme do you recommend?
According to the author of this patch that you used, the dkim key length is configurable. He recommends to use 1024 or 2046.
I'm trantado to find the place in which modify the length of the dkim signature. But so far I have not succeeded. in / sistem / serverconfig / server / mail only find reference to the path of the dkim signatures
You should use the latest version. The option for a dkim-strength <> 1024 was add a few month ago. If you use a version < 1.1.6 you can not alter the key-strength and you always use 1024 bits. IF a receiver drops your mail because of a dkim-strength with 1024 bits, this is very anoying. You can not send mails to google with a key.strength < 1024 bits and i don´t know why this should be a problem. Sounds like a cisco-setup or a wrong configured exchange-server
