Re: Logwatch message triggers spamd to consume 900+MB of RAM
Okay so it looks like if any of the $spam_ variables are not evaluated then the the messages are not run through spam assassin.. So my acl_check_content (acl_smtp_data) looks like this now: acl_check_content: # Spam markups ... only run if the messages are < 80k in size # Add the spam score header warn message = X-Spam-Score: $spam_score ($spam_bar) condition = ${if <{$message_size}{80k}{1}{0}} spam = mail:true # Add the spam report header warn message = X-Spam-Report: $spam_report condition = ${if <{$message_size}{80k}{1}{0}} spam = mail:true # If the spam score is 4 or more then markup the Subject line warn message = Subject: {Spam?} $h_subject condition = ${if <{$message_size}{80k}{1}{0}} condition = ${if >={$spam_score_int}{40}{1}{0}} spam = mail:true # If the spam score is 8 or more markup the subject line with a HighScoreSpam # notice warn message = Subject: {HighScoreSpam?} $h_subject condition = ${if <{$message_size}{80k}{1}{0}} condition = ${if >={$spam_score_int}{60}{1}{0}} spam = mail:true # Add X-Spam-Flag if spam is over system-wide threshold warn message = X-Spam-Flag: YES condition = ${if <{$message_size}{80k}{1}{0}} condition = ${if >={$spam_score_int}{40}{1}{0}} spam = mail:true # Reject spam messages with score >= 10 deny message = This message scored $spam_score points. Congratulations! condition = ${if <{$message_size}{80k}{1}{0}} condition = ${if >={$spam_score_int}{100}{1}{0}} spam = mail:true ... On Wednesday 13 July 2005 01:42 pm, Edward Muller wrote: > On Wednesday 13 July 2005 07:16 am, Michael Parker wrote: > > Edward Muller wrote: > > >P.S. This happens with spamassassin 3.0.4 fed via spamd fed via exim. > > > Tested with standard gentoo install and used a clean bayes/whitelist > > > database. > > > > You need to setup exim to limit the size of msgs it sends to spamd to > > 250k. I do not believe this is in place by default. Search the users > > list archives for a couple of months back when this was discussed > > several times. > > I can't find a way to do that with what I understand to be the standard way > to feed email to spamd from exim, which is to just give it the ip > address/port of the spamd server like so at the top of the exim > configuration file: > > spamd_address = 127.0.0.1 783 > > I guess I could have exim call spamc directly in my acl_smtp_data stanza > though and then use a an if conditional. -- Edward Muller - Interlix [EMAIL PROTECTED] 417-862-0573 PGP Key: http://interlix.com/Members/edwardam/pgpkeys pgpFKtHR9nUGA.pgp Description: PGP signature
Re: Logwatch message triggers spamd to consume 900+MB of RAM
On Wednesday 13 July 2005 05:06 am, Loren Wilton wrote: > How big was the mail? By default spamd will skip mails over 250K, unless > you have changed this value (or your install has). Where is this configured? > > Loren -- Edward Muller - Interlix [EMAIL PROTECTED] 417-862-0573 PGP Key: http://interlix.com/Members/edwardam/pgpkeys pgp2AHlf7kBdg.pgp Description: PGP signature
Re: Logwatch message triggers spamd to consume 900+MB of RAM
On Wednesday 13 July 2005 07:16 am, Michael Parker wrote: > Edward Muller wrote: > >P.S. This happens with spamassassin 3.0.4 fed via spamd fed via exim. > > Tested with standard gentoo install and used a clean bayes/whitelist > > database. > > You need to setup exim to limit the size of msgs it sends to spamd to > 250k. I do not believe this is in place by default. Search the users > list archives for a couple of months back when this was discussed > several times. I can't find a way to do that with what I understand to be the standard way to feed email to spamd from exim, which is to just give it the ip address/port of the spamd server like so at the top of the exim configuration file: spamd_address = 127.0.0.1 783 I guess I could have exim call spamc directly in my acl_smtp_data stanza though and then use a an if conditional. -- Edward Muller - Interlix [EMAIL PROTECTED] 417-862-0573 PGP Key: http://interlix.com/Members/edwardam/pgpkeys pgpe0Yp4f74gI.pgp Description: PGP signature
Logwatch message triggers spamd to consume 900+MB of RAM
Once of my servers can generate fairly large logwatch emails. These emails cause spamassassin to consume memory until it's killed. I removed any custom rules that I had (I had some sare rules) and the problem still occurred. I caught a bunch of data in a log file while spamd was running. Things look normal up until ... Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] There are several hundred of these messages each with a different email address... and then the log continues with ... Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: uri found: mailto:[EMAIL PROTECTED] Jul 13 02:41:44 ls2 spamd[4413]: debug: URIDNSBL: domains to query: learningpatterns.com e-unitas.co.kr linuxmedicalnews.com thesasclan.co.uk Jul 13 02:41:44 ls2 spamd[4413]: debug: is Net::DNS::Resolver available? yes Jul 13 02:41:44 ls2 spamd[4413]: debug: Net::DNS version: 0.48 Jul 13 02:41:44 ls2 spamd[4413]: debug: all '*From' addrs: [EMAIL PROTECTED] Jul 13 02:41:46 ls2 spamd[4413]: debug: Running tests for priority: 0 Jul 13 02:41:46 ls2 spamd[4413]: debug: running header regexp tests; score so far=0 Jul 13 02:41:46 ls2 spamd[4413]: debug: SPF: message was delivered entirely via trusted relays, not required Jul 13 02:41:46 ls2 spamd[4413]: debug: all '*To' addrs: [EMAIL PROTECTED] [EMAIL PROTECTED] Jul 13 02:41:46 ls2 spamd[4413]: debug: SPF: message was delivered entirely via trusted relays, not required Jul 13 02:41:46 ls2 spamd[4413]: debug: running body-text per-line regexp tests; score so far=-102.82 After that the spamd server needs to be killed and restarted. Any ideas? P.S. This happens with spamassassin 3.0.4 fed via spamd fed via exim. Tested with standard gentoo install and used a clean bayes/whitelist database. -- Edward Muller - Interlix [EMAIL PROTECTED] 417-862-0573 PGP Key: http://interlix.com/Members/edwardam/pgpkeys pgpsJ7GGhkuzW.pgp Description: PGP signature