Hi Pawel,
At 01:36 16-08-2007, =?iso-8859-2?Q?Pawe=B3_T=EAcza?= wrote:
We manage a not little mail system for our university (~100k messages
per day). In includes:
- a few front-ends (Courier SMTP/IMAP/POP3/webmail/maildrop) which
connect to random Spamassassin host via spamc utility,
- a cluster of a few servers with Spamassassin (3.2.1-1ubuntu1),
- another one server with MySQL (5.0.38-0ubuntu1) to store Bayes
and FuzzyOcr database, etc.
All our servers work under control Ubuntu 7.04 as OpenVZ virtual
environments.
Recently we've been bombed by spam like below:
Date: Mon, 13 Aug 2007 18:43:18 -0300
From: dinca Klarenbeek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: That programmer knows exactly what he or she is doing,
and his or her intentions are malefic (or at least, not altruistic).
H*u_g e N_e'w,s To Im-pact C*Y-T,V
[snip]
Is it not a new kind of spam and Spamassassin should be improved
to fight it? I'm not sure...
No, it is not new. I posted the following reply a few days back
regarding this type of message referred to as "punctuation spam".
The message hits hit BAYES_99 and FRT_PRICE. As you did not include
the headers, it's not possible to tell whether it would hit some of
the "DYNAMIC" rules as well.
Bill Landry suggested using chickenpox.cf and mangled.cf rules from SARE.
The results is that spam was killing our MySQL database, because we
had ~50k queries per minute with INSERTs and UPDATEs of a many tokens.
The only one solution was to disable Bayes.
MySQL can be optimized to handle such a load. If you aren't using
InnoDB for Bayesian storage, switch to it.
Regards,
-sm
