Bug 2070441

Summary: OpenDKIM Filter: accept() returned invalid socket
Product: [Fedora] Fedora EPEL Reporter: Nathan Coulson <nathan>
Component: opendkimAssignee: Jonathan Wright <jonathan>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel8CC: anon.amish, matt
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nathan Coulson 2022-03-31 08:10:44 UTC 
Description of problem:
Noticed via monitoring (nagios) that postfix sometimes was hanging on a port25 health check, which I was able to correlate to seeing OpenDKIM Filter: accept() returned invalid socket in the logs

Mar 30 04:05:53 aggelos-front3.vc.bravenet.com opendkim1276100: OpenDKIM Filter: accept() returned invalid socket (Numerical result out of range), try again
* This is intermittant at the times I find the postfix issue, but suspect that's due to it making use of the remaining file handles.

Suspecting this may be due to too many open file handles, but need to catch this in the act one more time to confirm.

ss -anp is showing a ton of open connections via udp port 53 to our bind dns server (EL8)

root@aggelos-front3 [/root]# ss -anp | grep 683086 | sed 's/ *$//'
u_dgr UNCONN     0      0                                              * 206888104                 * 13641     users:(("opendkim",pid=683086,fd=6))
udp   ESTAB      0      0                                  172.16.30.192:60461            172.16.0.4:53        users:(("opendkim",pid=683086,fd=167))
udp   ESTAB      0      0                                  172.16.30.192:60473          172.16.0.201:53        users:(("opendkim",pid=683086,fd=130))
udp   ESTAB      0      0                                  172.16.30.192:40004            172.16.0.4:53        users:(("opendkim",pid=683086,fd=105))
udp   ESTAB      0      0                                  172.16.30.192:52310            172.16.0.4:53        users:(("opendkim",pid=683086,fd=37))
udp   ESTAB      0      0                                  172.16.30.192:60505            172.16.0.5:53        users:(("opendkim",pid=683086,fd=220))
udp   ESTAB      0      0                                  172.16.30.192:56424            172.16.0.4:53        users:(("opendkim",pid=683086,fd=53))
udp   ESTAB      0      0                                  172.16.30.192:44227            172.16.0.5:53        users:(("opendkim",pid=683086,fd=61))
udp   ESTAB      0      0                                  172.16.30.192:40135          172.16.0.201:53        users:(("opendkim",pid=683086,fd=125))
udp   ESTAB      0      0                                  172.16.30.192:60616            172.16.0.4:53        users:(("opendkim",pid=683086,fd=186))
udp   ESTAB      0      0                                  172.16.30.192:60633          172.16.0.201:53        users:(("opendkim",pid=683086,fd=25))
udp   ESTAB      0      0                                  172.16.30.192:40154          172.16.0.201:53        users:(("opendkim",pid=683086,fd=71))
udp   ESTAB      0      0                                  172.16.30.192:36067            172.16.0.4:53        users:(("opendkim",pid=683086,fd=42))
udp   ESTAB      0      0                                  172.16.30.192:52527            172.16.0.4:53        users:(("opendkim",pid=683086,fd=218))
udp   ESTAB      0      0                                  172.16.30.192:52605            172.16.0.4:53        users:(("opendkim",pid=683086,fd=97))
udp   ESTAB      0      0                                  172.16.30.192:60818            172.16.0.4:53        users:(("opendkim",pid=683086,fd=27))
udp   ESTAB      0      0                                  172.16.30.192:60824            172.16.0.4:53        users:(("opendkim",pid=683086,fd=95))
udp   ESTAB      0      0                                  172.16.30.192:52643          172.16.0.201:53        users:(("opendkim",pid=683086,fd=157))
udp   ESTAB      0      0                                  172.16.30.192:60892            172.16.0.4:53        users:(("opendkim",pid=683086,fd=83))
udp   ESTAB      0      0                                  172.16.30.192:36361            172.16.0.4:53        users:(("opendkim",pid=683086,fd=101))
udp   ESTAB      0      0                                  172.16.30.192:56866            172.16.0.4:53        users:(("opendkim",pid=683086,fd=152))
udp   ESTAB      0      0                                  172.16.30.192:48692          172.16.0.201:53        users:(("opendkim",pid=683086,fd=235))
udp   ESTAB      0      0                                  172.16.30.192:48713            172.16.0.5:53        users:(("opendkim",pid=683086,fd=82))
udp   ESTAB      0      0                                  172.16.30.192:36500            172.16.0.4:53        users:(("opendkim",pid=683086,fd=93))
udp   ESTAB      0      0                                  172.16.30.192:48800            172.16.0.4:53        users:(("opendkim",pid=683086,fd=198))


root@aggelos-front3 [/root]# ss -anp | grep 683086 | sed 's/ *$//' | grep 'udp.*53' | wc -l
138
(After about a couple days after restarting opendkim)

How reproducible:
intermittant, suspect more likely to happen over time
Comment 1 Nathan Coulson 2022-03-31 16:15:43 UTC 
root@aggelos-front3 [/root]# ss -anp | grep 683086 | sed 's/ *$//' | grep 'udp.*53' | wc -l
215

And a few hours later, now 215 udp ports open to port 53
Comment 2 Matt Domsch 2022-03-31 16:54:49 UTC 
Nathan, I would encourage you to file a ticket with the upstream application developers at https://github.com/trusteddomainproject/OpenDKIM and link that ticket here. I'll warn you that upstream development is pretty minimal at the moment.
Comment 3 Nathan Coulson 2022-03-31 19:22:07 UTC 
Thank you Matt,  Done and filed at https://github.com/trusteddomainproject/OpenDKIM/issues/149.  (Most likely in our case, I'll just restart opendkim daily if more then 100 UDP connections to port 53)
Comment 4 Fedora Admin user for bugzilla script actions 2024-10-26 14:06:29 UTC 
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Comment 5 Fedora Admin user for bugzilla script actions 2024-10-28 00:31:00 UTC 
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.