Author: lists Date: To: exim-users Subject: [Exim] Runaway spamassassin
I have a dual proc rh9 box running exim 4.34 sa-exim clamd and
spamassassin-2.63 this box is still in the learning stage for spamd.
I just caught spamd running away eating memory like mad twice so I killed
all spamd and restated it. I am sure not if sa-exim messed up in feeding it
the msg or if spamd just went nuts and decided to eat 600meg of ram and a
whole proc for a message. I got a error in the logs while it was eating
memory
2004-06-28 12:13:43 1BezgS-0008ER-Rp SA: Action: scanned but message isn't
spam: hits=0.0 required=5.0 (scanned in 12/1
2 secs | Message-Id:
3155004F58953148B841E5F0A19D2D3C03123E24@???). From
<AnMoore@???> (host=
NULL [205.242.208.4]) for lynnt@???
2004-06-28 12:13:43 1BezgS-0008ER-Rp <= AnMoore@???
H=(ex-servi-01.NewCentury.COM) [205.242.208.4] P=esmtp S=3209
id=3155004F58953148B841E5F0A19D2D3C03123E24@???
2004-06-28 12:13:43 1BezgS-0008ER-Rp => lynnt@??? R=smart_route
T=remote_smtp H=imap.efastfunding.com [10.
1.7.254]
2004-06-28 12:13:43 1BezgS-0008ER-Rp Completed
2004-06-28 12:13:50 1Bezet-0008E0-Tf spam acl condition: cannot parse spamd
output -=*(this ate a ton of memory)*=-
2004-06-28 12:13:50 1Bezet-0008E0-Tf
H=ip66-106-80-30.z80-106-66.customer.algx.net (enjet.com) [66.106.80.30]
F=<criche
y@???> temporarily rejected after DATA
2004-06-28 12:13:51 1BezhA-0008Ee-1w SA: Action: scanned but message isn't
spam: hits=0.0 required=5.0 (scanned in 10/1
0 secs | Message-Id: CWOIVFDLBFJIPVZEZHWTBIW@???). From
<Louella_Hubbard@???> (host=210-85-128-
149.cm.dynamic.apol.com.tw [210.85.128.149]) for davidt@???
2004-06-28 12:13:51 1BezhA-0008Ee-1w <= Louella_Hubbard@???
H=210-85-128-149.cm.dynamic.apol.com.tw [210.85.128
.149] P=smtp S=1453 id=CWOIVFDLBFJIPVZEZHWTBIW@???
2004-06-28 12:13:51 1BezhA-0008Ee-1w => davidt@???
R=smart_route T=remote_smtp H=imap.efastfunding.com [10
.1.7.254]
I normally don't badysit the box but I just happened to be watching for my
noon time name attack to see if my firewall rules were going to catch the
guy who tries to pump 1k of spam thru my server even thought I deny all due
to unknown user and relay deny.