From: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date: Tue, 29 Nov 2016 14:57:11 +0000 (+0100)
Subject: Doc: Add hint about spamd and half-closed connections
X-Git-Tag: exim-4_88_RC6~12
X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=commitdiff_plain;h=58321cff06f8536b0656ac0ddfb42f427f1932cc

Doc: Add hint about spamd and half-closed connections
---

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 9cb1e4972..c3fc1fb21 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -31668,6 +31668,15 @@ configuration as follows (example):
 .code
 spamd_address = 192.168.99.45 387
 .endd
+The SpamAssassin protocol relies on a TCP half-close from the client.
+If your SpamAssassin client side is running a Linux system with an
+iptables firewall, consider setting
+&%net.netfilter.nf_conntrack_tcp_timeout_close_wait%& to at least the
+timeout, Exim uses when waiting for a response from the SpamAssassin
+server (currently defaulting to 120s).  With a lower value the Linux
+connection tracking may consider your half-closed connection as dead too
+soon.
+
 
 To use Rspamd (which by default listens on all local addresses
 on TCP port 11333)