dk-filter (and other libmilter-linked programs) can sometimes take
several seconds to stop upon receiving a SIGKILL. It first has to take
a mutex, and then signal all threads that a stop has been received.
Those threads then need to reach a point where they can stop, and then
the parent process needs to do the same.
Some (most? LSB-compliant? not sure) versions of killproc will send
a SIGKILL if the SIGTERM hasn't stopped the process after 5 seconds. If
CentOS's killproc does so, then it's quite likely that this is happening
to dk-filter. SIGKILL, of course, can't be caught, so dk-filter can't
clean up its socket in that instance.
It'll be hard to validate this in your logs, as SIGKILL also doesn't
afford the opportunity to log anything, but some killproc
implementations allow you to change the timeout; that may be a good
place to start.
Mike Markley <mike@...>
If some day we are defeated, well, war has its fortunes, good and bad.
- Commander Kor, "Errand of Mercy", stardate 3201.7