------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1442 Summary: DNS timeout in DKIM verification can cause email delivery issues Product: Exim Version: 4.72 Platform: x86-64 OS/Version: Linux Status: NEW Severity: bug Priority: medium Component: DKIM AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] I have encountered an issue with DKIM verification where a non-responding DNS causes exim to stall for more than 800 seconds waiting to be able to verify the DKIM signature for the email it is receiving via SMTP. The sender hosts then gets confused by the long stall in SMTP session and retries to send the email, while Exim has actually received the email. This leads to duplicate emails. While the whole issue depends also on a misbehaviour by the remote host (and I believe also a firewall in between) and by the DNS server too, there is something that I believe can be done in Exim itself to mitigate this issue. I have no DKIM ACL set, so in my setup Exim just checks for DKIM and logs data. When Exim checks for DKIM (after the end of SMTP DATA) it makes a DNS request. A misconfigured DNS caused the query (done via TCP because its answer was longer than 512 bytes) to hang forever. To be more precise, the TCP requests to port 53 where dropped, so no answer at all came back to our TCP SYN packet. This caused Exim to stall for more than 800 seconds waiting for the DNS TXT record for DKIM verification. After 600 seconds the smtp sender host closed the connection to our Exim. I have looked at the documentation and I have found no way to set a shorter timeout to DKIM verification process. A timeout parameter for DKIM lookup should exist in Exim, so that I can set a more reasonable timeout and avoid SMTP session stalling for so much time. A value of 30 seconds (or even less) should be a reasonable default. Fabio Muzzi -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
