Skip to content

[BUG] mail from client to server slow, perhaps opendkim causing delays  #3109

Closed
#3129
Closed
[BUG] mail from client to server slow, perhaps opendkim causing delays #3109
#3129
Assignees
georglauterbach
Labels
area/scriptsissue/likely user-related misconfigurationThis issue is likely the result of a misconfiguration on the user's endkind/updateUpdate an existing feature, configuration file or the documentation
Milestone
v12.0.0
@hanscees

Description

@hanscees
hanscees
opened on Feb 22, 2023

Miscellaneous first checks

  • I checked that all ports are open and not blocked by my ISP / hosting provider.
  • I know that SSL errors are likely the result of a wrong setup on the user side and not caused by DMS itself. I'm confident my setup is correct.

Affected Component(s)

it sometimes takes too long to send an email form thunderbird

What happened and when does this occur?

When sending email from thunderbird sometimes email sending takes 10 seconds.
When analysing logs opendkim logs 4x for every outgoing email. Sometimes this is within 2 seconds, but sometimes this also takes 12 seconds.

So question is why does opendkim log 4x times it is signing something? And can this be the cause for the delays?

Could it be that because I have four active domains this is a bug? (wild quess of course)

root@mail [ ~ ]# egrep "E00D761FF6"  /var/lib/docker/volumes/mailserver_log/_data/mail/mail.log 
Feb 21 10:50:22 mail postfix/smtps/smtpd[599924]: E00D761FF6: client=unknown[192.168.0.185], sasl_method=PLAIN, [email protected]
Feb 21 10:50:22 mail postfix/sender-cleanup/cleanup[599935]: E00D761FF6: message-id=<[email protected]>
Feb 21 10:50:22 mail postfix/sender-cleanup/cleanup[599935]: E00D761FF6: replace: header MIME-Version: 1.0 from unknown[192.168.0.185]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.0.185]>: MIME-Version: 1.0
Feb 21 10:50:27 mail opendkim[651]: E00D761FF6: DKIM-Signature field added (s=mail, d=pvandenboom.com)
Feb 21 10:50:31 mail opendkim[651]: E00D761FF6: DKIM-Signature field added (s=mail, d=pvandenboom.com)
Feb 21 10:50:35 mail opendkim[651]: E00D761FF6: DKIM-Signature field added (s=mail, d=pvandenboom.com)
Feb 21 10:50:39 mail opendkim[651]: E00D761FF6: DKIM-Signature field added (s=mail, d=pvandenboom.com)
Feb 21 10:50:39 mail postfix/qmgr[228056]: E00D761FF6: from=<[email protected]>, size=960, nrcpt=1 (queue active)
Feb 21 10:50:40 mail postfix/smtp[599997]: E00D761FF6: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[142.250.27.26]:25, delay=17, delays=17/0.01/0.16/0.62, dsn=2.0.0, status=sent (250 2.0.0 OK  1676972353 eu17-20020a170907299100b008b17fe8a06bsi12931520ejc.70 - gsmtp)
Feb 21 10:50:40 mail postfix/qmgr[228056]: E00D761FF6: removed

by the way, it looks like opendkim does not actually sign an email 4x, if I look at the email arriving at gmail.

Delivered-To: [email protected]
Received: by 2002:a05:6638:3475:0:0:0:0 with SMTP id q53csp248368jav;
        Wed, 22 Feb 2023 13:10:31 -0800 (PST)
X-Google-Smtp-Source: AK7set9xRMzUytoinyieatCgy33Kp0wpb5NLtAI+C/Bx/sS7MhYOGnHhP6Du69X/vJNEalQxqRQA
X-Received: by 2002:a17:906:10da:b0:8b1:94cc:10b1 with SMTP id v26-20020a17090610da00b008b194cc10b1mr17180085ejv.7.1677100231346;
        Wed, 22 Feb 2023 13:10:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1677100231; cv=none;
        d=google.com; s=arc-20160816;
        b=R3TXZBdkskKsurXSlLg7xXjJIltwSV6vRUE3BUCmAAoN9fbXm5RIayBQLGptuxz/F+
         JUmhqcJhp12AE8U/qVttKSjQyfgQx8S4KPXzmt/0Ut53cGBEZfSvoVMEcUM+pGZCm65z
         SHEGXZUoCsc/DXy6BxpRZ1gmSSHykanqdcnL2X3Ub0H+na6BM4u7sszUJJhy+NkZRw25
         EWDUu8yDRb0Fj0fiKHzM35tZfPA4ZUg5LrWj2XN/0+nvr0NlHpNcT5ln9NrWscM5U5Zm
         FUzca9ZTbxVWD6olJrmWq8eEkol5FTtpNTkSA4WkXAJy+tvJbsnTISiSIx0aH1EWDBlD
         8Xeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:subject:from:to:content-language
         :mime-version:date:dkim-signature:message-id;
        bh=C7aE0Y03L7U8Dn/rejS9nwNm3CWZUJigYYLvfep9ml4=;
        b=dsLG4m0GvIxSwTcO0/esCG2Bjz7Zsm28Qk9djcOgY8+UwWpq6kkYYlwRhfVbZRi6CF
         +kygImI3gU4B2CoCV4WKFoJAxEnW+/Drj6cSz+2cL6PrxIFitlwKxbRaXz70ZXbPmIpQ
         xYJN8+pCjRYQyVa446b02XdoXcXQCsU/Nz9nKeZThMTZ+mJM9QjGDQHsxKzBQzNJ6H3B
         BjwEQkzJX0MA14dXS0KTRgOoj3hYDy9nbWbME8ciM5IBctPedyq4yt5tpKaCkslyTghb
         TvVJykrap18PqZUQHByPgn3KJO6zjxdZSZuVn2KVTD0y8Xxsw/rOSNzFSXRmmjTraHdA
         lN/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=mail header.b=mgmNQ0QQ;
       spf=pass (google.com: domain of [email protected] designates 213.233.217.138 as permitted sender) [email protected]
Return-Path: <[email protected]>
Received: from mail.hanscees.net (mail.hanscees.net. [213.233.217.138])
        by mx.google.com with ESMTPS id vs22-20020a170907139600b008df5a5088cesi5632683ejb.163.2023.02.22.13.10.30
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 Feb 2023 13:10:31 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 213.233.217.138 as permitted sender) client-ip=213.233.217.138;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=mail header.b=mgmNQ0QQ;
       spf=pass (google.com: domain of [email protected] designates 213.233.217.138 as permitted sender) [email protected]
Message-ID: <[email protected]>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hanscees.com; s=mail;
	t=1677100920; bh=C7aE0Y03L7U8Dn/rejS9nwNm3CWZUJigYYLvfep9ml4=;
	h=To:From:Subject;
	b=mgmNQ0QQ9kS5ZcA/cBMGRbL1hYw/5YnwYsBr7+TAd9Ac942y9u3NuNibZRRdYGwc/
	 Zixh2Bof7uGyMvoAoYCx+Ti8mgoC4HWr3ZAt5M6a/B5e3En1uThxsJGtC6xICkacRM
	 YPumusJu/NxcKwPCraImT5GXt4KW/4atQwgxOIzjw3e/FCia3mnMx9X87+ODsJ4poJ
	 Rxx9ZwclnJ4PgSX25Iw8ILM41dHMCar3H+M+fLJfolCVLIT5LjSqmhLffbsVFTrKy0
	 Hmovs7rpLwUHdaAZJ1rnQrVmwmU9/rneT0K71EloA1KiTzIc3yrTFpAZqjG4WOz/Ja
	 jGRWxnhdWESsg==
Date: Wed, 22 Feb 2023 22:10:30 +0100
MIME-Version: 1.0
Content-Language: en-US
To: Hanscees <[email protected]>
From: HCImap <[email protected]>
Subject: test for opendkim
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit



test for opendkim

What did you expect to happen?

I expect sending mail not to take 12 seconds.
I expect opendkim only signs 1x in the logging

How do we replicate the issue?

I dont know.

You can try to add 4 domains and see if this perhaps causes the multiple signing.

DMS version

1301

What operating system is DMS running on?

Linux

Which operating system version?

vmware photon 4

What instruction set architecture is DMS running on?

AMD64 / x86_64

What container orchestration tool are you using?

Docker

docker-compose.yml

services:
  mailserver:
    image: docker.io/mailserver/docker-mailserver:edge
    #image: docker.io/mailserver/docker-mailserver:latest
    container_name: mailserver
    # If the FQDN for your mail-server is only two labels (eg: example.com),
    # you can assign this entirely to `hostname` and remove `domainname`.
    hostname: mail
    domainname: fanscees.net
    env_file: mailserver.env
    # More information about the mail-server ports:
    # https://docker-mailserver.github.io/docker-mailserver/edge/config/security/understanding-the-ports/
    # To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
    ports:
      - "25:25"    # SMTP  (explicit TLS => STARTTLS)
      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
      - "465:465"  # ESMTP (implicit TLS)
      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
      - "993:993"  # IMAP4 (implicit TLS)
      - "995:995"  # pop3 (implicit TLS)
      - "110:110"  # pop3 (implicit TLS)
    volumes:
      #- etc:/etc
      - maildata:/var/mail/
      - mailstate:/var/mail-state/
      - log:/var/log/
      - Tconfig:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro
      - ssl:/tmp/ssl
    restart: always
    stop_grace_period: 1m
    environment:
     # If you need SSL connection, you can provide your own certificates
     - SSL_TYPE=manual
     - SSL_CERT_PATH=/tmp/ssl/fullchain.pem
     - SSL_KEY_PATH=/tmp/ssl/privkey.pem
    cap_add:
      - NET_ADMIN
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

volumes:
  maildata:
  mailstate:
  Tconfig:
  log:
  ssl:

Relevant log output

see above

Other relevant information

several domains with aliases are present

root@mail [ ~/containers/mailserver ]# ./setup.sh email list
* [email protected]
    [ aliases -> [email protected], [email protected], [email protected] ]

* [email protected]
    [ aliases -> [email protected] ]

* [email protected]
    [ aliases -> [email protected] ]

What level of experience do you have with Docker and mail servers?

  • I am inexperienced with docker
  • I am rather experienced with docker
  • I am inexperienced with mail servers
  • I am rather experienced with mail servers
  • I am uncomfortable with the CLI
  • I am rather comfortable with the CLI

Code of conduct

Improvements to this form?

No response

Metadata

Metadata

Assignees

Labels

area/scriptsissue/likely user-related misconfigurationThis issue is likely the result of a misconfiguration on the user's endkind/updateUpdate an existing feature, configuration file or the documentation

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions