From f21e4ff55bee8049ddbfc36e8479ea001ced843d Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Wed, 15 Oct 2025 14:14:06 +0200
Subject: [PATCH] opendkim: increase DNSTimeout from 5 (default) to 60

fix #667
---
 CHANGELOG.md                                 | 3 +++
 cmdeploy/src/cmdeploy/opendkim/opendkim.conf | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 35054859..e8f3a1c0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,9 @@
 - Ignore all RCPT TO: parameters
   ([#651](https://github.com/chatmail/relay/pull/651))
 
+- Increase opendkim DNS Timeout from 5 to 60 seconds
+  ([#672](https://github.com/chatmail/relay/pull/672))
+
 - Add config parameter for Let's Encrypt ACME email
   ([#663](https://github.com/chatmail/relay/pull/663))
 
diff --git a/cmdeploy/src/cmdeploy/opendkim/opendkim.conf b/cmdeploy/src/cmdeploy/opendkim/opendkim.conf
index 2cc930e9..188d69da 100644
--- a/cmdeploy/src/cmdeploy/opendkim/opendkim.conf
+++ b/cmdeploy/src/cmdeploy/opendkim/opendkim.conf
@@ -13,6 +13,7 @@ OversignHeaders		From
 On-BadSignature         reject
 On-KeyNotFound          reject
 On-NoSignature          reject
+DNSTimeout          60
 
 # Signing domain, selector, and key (required). For example, perform signing
 # for domain "example.com" with selector "2020" (2020._domainkey.example.com),