Description of problem: Noticed via monitoring (nagios) that postfix sometimes was hanging on a port25 health check, which I was able to correlate to seeing OpenDKIM Filter: accept() returned invalid socket in the logs Mar 30 04:05:53 aggelos-front3.vc.bravenet.com opendkim1276100: OpenDKIM Filter: accept() returned invalid socket (Numerical result out of range), try again * This is intermittant at the times I find the postfix issue, but suspect that's due to it making use of the remaining file handles. Suspecting this may be due to too many open file handles, but need to catch this in the act one more time to confirm. ss -anp is showing a ton of open connections via udp port 53 to our bind dns server (EL8) root@aggelos-front3 [/root]# ss -anp | grep 683086 | sed 's/ *$//' u_dgr UNCONN 0 0 * 206888104 * 13641 users:(("opendkim",pid=683086,fd=6)) udp ESTAB 0 0 172.16.30.192:60461 172.16.0.4:53 users:(("opendkim",pid=683086,fd=167)) udp ESTAB 0 0 172.16.30.192:60473 172.16.0.201:53 users:(("opendkim",pid=683086,fd=130)) udp ESTAB 0 0 172.16.30.192:40004 172.16.0.4:53 users:(("opendkim",pid=683086,fd=105)) udp ESTAB 0 0 172.16.30.192:52310 172.16.0.4:53 users:(("opendkim",pid=683086,fd=37)) udp ESTAB 0 0 172.16.30.192:60505 172.16.0.5:53 users:(("opendkim",pid=683086,fd=220)) udp ESTAB 0 0 172.16.30.192:56424 172.16.0.4:53 users:(("opendkim",pid=683086,fd=53)) udp ESTAB 0 0 172.16.30.192:44227 172.16.0.5:53 users:(("opendkim",pid=683086,fd=61)) udp ESTAB 0 0 172.16.30.192:40135 172.16.0.201:53 users:(("opendkim",pid=683086,fd=125)) udp ESTAB 0 0 172.16.30.192:60616 172.16.0.4:53 users:(("opendkim",pid=683086,fd=186)) udp ESTAB 0 0 172.16.30.192:60633 172.16.0.201:53 users:(("opendkim",pid=683086,fd=25)) udp ESTAB 0 0 172.16.30.192:40154 172.16.0.201:53 users:(("opendkim",pid=683086,fd=71)) udp ESTAB 0 0 172.16.30.192:36067 172.16.0.4:53 users:(("opendkim",pid=683086,fd=42)) udp ESTAB 0 0 172.16.30.192:52527 172.16.0.4:53 users:(("opendkim",pid=683086,fd=218)) udp ESTAB 0 0 172.16.30.192:52605 172.16.0.4:53 users:(("opendkim",pid=683086,fd=97)) udp ESTAB 0 0 172.16.30.192:60818 172.16.0.4:53 users:(("opendkim",pid=683086,fd=27)) udp ESTAB 0 0 172.16.30.192:60824 172.16.0.4:53 users:(("opendkim",pid=683086,fd=95)) udp ESTAB 0 0 172.16.30.192:52643 172.16.0.201:53 users:(("opendkim",pid=683086,fd=157)) udp ESTAB 0 0 172.16.30.192:60892 172.16.0.4:53 users:(("opendkim",pid=683086,fd=83)) udp ESTAB 0 0 172.16.30.192:36361 172.16.0.4:53 users:(("opendkim",pid=683086,fd=101)) udp ESTAB 0 0 172.16.30.192:56866 172.16.0.4:53 users:(("opendkim",pid=683086,fd=152)) udp ESTAB 0 0 172.16.30.192:48692 172.16.0.201:53 users:(("opendkim",pid=683086,fd=235)) udp ESTAB 0 0 172.16.30.192:48713 172.16.0.5:53 users:(("opendkim",pid=683086,fd=82)) udp ESTAB 0 0 172.16.30.192:36500 172.16.0.4:53 users:(("opendkim",pid=683086,fd=93)) udp ESTAB 0 0 172.16.30.192:48800 172.16.0.4:53 users:(("opendkim",pid=683086,fd=198)) root@aggelos-front3 [/root]# ss -anp | grep 683086 | sed 's/ *$//' | grep 'udp.*53' | wc -l 138 (After about a couple days after restarting opendkim) How reproducible: intermittant, suspect more likely to happen over time
root@aggelos-front3 [/root]# ss -anp | grep 683086 | sed 's/ *$//' | grep 'udp.*53' | wc -l 215 And a few hours later, now 215 udp ports open to port 53
Nathan, I would encourage you to file a ticket with the upstream application developers at https://github.com/trusteddomainproject/OpenDKIM and link that ticket here. I'll warn you that upstream development is pretty minimal at the moment.
Thank you Matt, Done and filed at https://github.com/trusteddomainproject/OpenDKIM/issues/149. (Most likely in our case, I'll just restart opendkim daily if more then 100 UDP connections to port 53)
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.