Dňa 13. mája 2023 11:55:36 UTC používateľ Andrew C Aitchison via Exim-users <exim-users@lists.exim.org> napísal:
>I don't think we can do the kill from within exim. But is that needed? When timeout happens, socket is closed and process ends. >We may be able to get exim to fork a process that waits and then kills the >stuck process, but once it it stuck a process cannot kill itself. IMO when process stucks, that must be bug, the timeouts are generally supposed to prevent processes to remain running forever. Othervise we will have serious problem, as connections can be lost in normal conditions too, especially with nowadays as common mobile devices... >I would still like to know where the delay is actually happening; In my case, for "suspicious" connections i apply small delay on every command. In case of normal auth it is in connect ACL, HELO ACL and AUTH ACL (conditionaly based on connections count). Then delay happens on dovecot side, first is not explicit delay, but AuthPolicy processing, where eg. DNS queries can delay result, i have configured 6 sec timeout for response, but almost all are finished under 4 secs, with 95 percentil in hundreds milisecs. Then dovecot penalty happens if no nopenalty (or so) arg was passed (which seems to be exim's case, as i see 2 sec delay betveen lines in dovecot & exim log lines). These dovecot's delays are always here if auth fails... Of course, AuthPolicy deamon can return reply with explicit delay, but i don't use that. As most of discussed connections are recognized as "suspicious" and its count is not too high yet, the connection tooks at least 8 sec until it gets failed auth response... If connection is not suspicious and auth was success, that tooks only some hundreds msecs in most cases, including DNS queries and password hashing. regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
