Net::SMTP timeout for opendmarc-reports

Open source DMARC implementation

Status: Inactive

Brought to you by: cm-msk, gushi

This project can now be found here.

#214 Net::SMTP timeout for opendmarc-reports

Milestone: 1.3.1

Status: open

Owner: nobody

Labels: opendmarc-reports Net::SMTP (2)

Updated: 2017-09-25

Created: 2017-05-10

Creator: Marco Favero

Private: No

Many times opendmarc-report stops to send mail because SMTP session timeouts.
I made a brutal patch which checks
($smtp->code() == 599)
and it reopens a timed out SMTP session.

I provide my opendmarc-reports (based on 1.3.1 already patched version).

1 Attachments

opendmarc-reports

Discussion

Juri Haberland - 2017-05-10

IMHO opendmarc-reports should always be configured to deliver the mails to a local MTA and never to a remote site - except it's a relay host on the same LAN. Again IMO we should not force opendmarc-reports to be a bullet-proof MTA.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Marco Favero - 2017-05-12

Uhm, no, it is just a relay host on the same LAN (no firewall/network issue).
I use Postfix. I think the problem is within the default value
smtp_rset_timeout = 20s

In log I found these rows:
postfix/smtpd[4771]: timeout after RSET from mx.example.com[xx.xx.xx.xx] postfix/smtpd[4771]: disconnect from mx.example.com[xx.xx.xx.xx] ehlo=1 mail=245 rcpt=243/245 data=243 rset=245 commands=977/979

Probably it's the position of
$smtp->reset();
when next mail exceeds 20s of composition time.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Juri Haberland - 2017-05-12
  
  Hmm, the smtp_rset_timeout is for Postfix clients (smtp) connecting to a remote site - for connections to the smtpd there is a generic 300s timeout:
  smtpd_timeout = ${stress?{10}:{300}}s
  
  I just tested it locally here with something like
  date; telnet localhost 25; date
  
  That would mean it takes more than five minutes to compose a new mail - there must be something wrong - either on the database side or the network site...
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Marco Favero - 2017-05-12

You are right, I confused, sorry.
My smtpd_timeout is 120s. So I have some delay during this time, maybe through db connection.

Last edit: Marco Favero 2017-05-12

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Marco Favero - 2017-09-25

It seems that these timeouts happen after errors like these (email report to another domain, and that domain doesn't have the appropriate DMARC report), which keep SMTP connection opened without real traffic:

2017-09-25T10:01:31.927347+02:00 mx opendmarc-send-reports.sh[22825]: opendmarc-reports: sent report for devis-malins.com to dmarc@mailinblue.com (2.0.0 Ok: queued as 3y0xP75k5qzBrMX)
2017-09-25T10:01:33.511034+02:00 mx opendmarc-send-reports.sh[22825]: opendmarc-reports: info.webprivileges.fr is NOT authorized to send reports to dmarc-722-08-92xze@emvdmarc.com, dropping address! (NXDOMAIN)
2017-09-25T10:03:02.298375+02:00 mx opendmarc-send-reports.sh[22825]: opendmarc-reports: lenovitasulweb.it is NOT authorized to send reports to dmarc@slip-software.com, dropping address! (NXDOMAIN)
2017-09-25T10:04:30.637787+02:00 mx opendmarc-send-reports.sh[22825]: opendmarc-reports: clickraffinati.it is NOT authorized to send reports to dmarc@slip-software.com, dropping address! (NXDOMAIN)
2017-09-25T10:05:53.046367+02:00 mx opendmarc-send-reports.sh[22825]: opendmarc-reports: failed to send report for ds.newslettersupercampione.it to reports@ds.newslettersupercampione.it (4.4.2 msa.example.com Error: timeout exceeded)

If consecutive failing checks like these happen, timeouts SMTP errors are likely.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.