I have a mail server runs CentOS 7 with Exim + Dovecot + Spamassassin v3.4.0, and VestaCP. Everything works fine except too long spamassassin check. It takes 10-11 seconds.
At the spamassassin debug log I see that the problem with DNS query for DKIM record (1st log line) and it terminates with 10 seconds timeout (3rd log line). And it fails DKIM test.
Sun Jul 14 14:47:12 2019 [94687] dbg: dkim: performing public key lookup and signature verification
Sun Jul 14 14:47:22 2019 [94687] dbg: dkim: DKIM, i=@yandex.ru, d=yandex.ru, s=mail, a=rsa-sha256, c=relaxed/relaxed, invalid, matches author domain
Sun Jul 14 14:47:22 2019 [94687] dbg: dkim: signature verification result: INVALID (PUBLIC KEY: DNS QUERY TIMEOUT FOR MAIL._DOMAINKEY.YANDEX.RU)
Sun Jul 14 14:47:22 2019 [94687] dbg: dkim: adsp: performing lookup on _adsp._domainkey.yandex.ru
Sun Jul 14 14:47:22 2019 [94687] dbg: dkim: adsp result: U/unknown (dns: unknown), author domain 'yandex.ru'
Sun Jul 14 14:47:22 2019 [94687] dbg: spf: checking to see if the message has a Received-SPF header that we can use
Sun Jul 14 14:47:22 2019 [94687] dbg: spf: checking HELO (helo=forward400j.mail.yandex.net, ip=5.45.198.245)
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: bgsend, DNS servers: [8.8.8.8]:53, [8.8.4.4]:53
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: attempt 1/2, trying connect/sendto to [8.8.8.8]:53
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: providing a callback for id: 49973/IN/SPF/forward400j.mail.yandex.net
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: dns reply 690 is OK, 4 answer records
Sun Jul 14 14:47:22 2019 [94687] dbg: async: calling callback on key dns:A:yandex.ru
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: hit <dns:yandex.ru> 5.255.255.5
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: hit <dns:yandex.ru> 77.88.55.50
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: hit <dns:yandex.ru> 77.88.55.88
Sun Jul 14 14:47:22 2019 [94687] dbg: dns: hit <dns:yandex.ru> 5.255.255.88
If I run special check with spamassassin -t -D dkim
at the same email then eveything works fast and DKIM passing test.
# spamassassin -t -D dkim < /home/admin/mail/domain/user/cur/messageId
Jul 14 20:46:49.922 [24398] dbg: dkim: using Mail::DKIM version 0.39
Jul 14 20:46:49.923 [24398] dbg: dkim: performing public key lookup and signature verification
Jul 14 20:46:49.962 [24398] dbg: dkim: DKIM, i=@yandex.ru, d=yandex.ru, s=mail, a=rsa-sha256, c=relaxed/relaxed, pass, matches author domain
Jul 14 20:46:49.962 [24398] dbg: dkim: signature verification result: PASS
How can I solve this problem?
Solved it with install local DNS resolver instead of using Google DNS.