Doc: Add hint about spamd and half-closed connections

author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2016-11-29 15:57:11 +0100
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2016-11-29 16:36:40 +0100
commit: 58321cff06f8536b0656ac0ddfb42f427f1932cc (patch)
tree: 3223993eb7f5fb78345bb5939fa4c543f960c5fa /doc/doc-docbook
parent: 446415f5cd613d69abc8cd3324c06cb4695785f6 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 9cb1e4972..c3fc1fb21 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -31668,6 +31668,15 @@ configuration as follows (example):
 .code
 spamd_address = 192.168.99.45 387
 .endd
+The SpamAssassin protocol relies on a TCP half-close from the client.
+If your SpamAssassin client side is running a Linux system with an
+iptables firewall, consider setting
+&%net.netfilter.nf_conntrack_tcp_timeout_close_wait%& to at least the
+timeout, Exim uses when waiting for a response from the SpamAssassin
+server (currently defaulting to 120s).  With a lower value the Linux
+connection tracking may consider your half-closed connection as dead too
+soon.
+
 
 To use Rspamd (which by default listens on all local addresses
 on TCP port 11333)
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2016-11-29 15:57:11 +0100
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2016-11-29 16:36:40 +0100
commit	58321cff06f8536b0656ac0ddfb42f427f1932cc (patch)
tree	3223993eb7f5fb78345bb5939fa4c543f960c5fa /doc/doc-docbook
parent	446415f5cd613d69abc8cd3324c06cb4695785f6 (diff)