On Mon, May 16, 2011 at 10:52:48AM -0700, Murray S. Kucherawy wrote:
> On Mon, 16 May 2011, Gary Mills wrote:
> >The curious thing is that the DKIM filter timed out waiting to read the
> >message, but as soon as it reported that fact, the DCC milter was able
> >to read the message and modify it. How is this possible?
>
> What the error is actually reporting is a read error by the MTA waiting
> for a reply from the filter, not the other way around. So that timeout
> occurs, then it resumes its interaction with the next filter in line,
> which is not blocked and ready to respond.
Ah, I was reading the error message incorrectly. That certainly makes
more sense now. The DKIM filter must have been unable to respond to
the MTA within the timeout limit. I assume that opendkim was itself
waiting for a response from the DNS server, perhaps for several
responses.
The DCC filter also does DNS queries, using a group of dns-helper
processes. It may not do as many, but it doesn't appear to have DNS
timeout problems.
I wonder if opendkim could report what it was doing when the MTA
declared a timeout? Would that help at all?
Is letting the MTA timeout occur the best way for opendkim to
cooperate with the MTA, or is there a better way?
I could check on how frequently this timeout occurs; it it's
infrequent, it's not a problem.
--
-Gary Mills- -Unix Group- -Computer and Network Services-
Received on Mon May 16 2011 - 19:07:56 PST