[Exim] Runaway spamassassin

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Mcjackson at ->
Delete this message
Reply to this message
Author: lists
Date:  
To: exim-users
Subject: [Exim] Runaway spamassassin
I have a dual proc rh9 box running exim 4.34 sa-exim clamd and
spamassassin-2.63 this box is still in the learning stage for spamd.
I just caught spamd running away eating memory like mad twice so I killed
all spamd and restated it. I am sure not if sa-exim messed up in feeding it
the msg or if spamd just went nuts and decided to eat 600meg of ram and a
whole proc for a message. I got a error in the logs while it was eating
memory

2004-06-28 12:13:43 1BezgS-0008ER-Rp SA: Action: scanned but message isn't
spam: hits=0.0 required=5.0 (scanned in 12/1
2 secs | Message-Id:
3155004F58953148B841E5F0A19D2D3C03123E24@???). From
<AnMoore@???> (host=
NULL [205.242.208.4]) for lynnt@???
2004-06-28 12:13:43 1BezgS-0008ER-Rp <= AnMoore@???
H=(ex-servi-01.NewCentury.COM) [205.242.208.4] P=esmtp S=3209
id=3155004F58953148B841E5F0A19D2D3C03123E24@???
2004-06-28 12:13:43 1BezgS-0008ER-Rp => lynnt@??? R=smart_route
T=remote_smtp H=imap.efastfunding.com [10.
1.7.254]
2004-06-28 12:13:43 1BezgS-0008ER-Rp Completed
2004-06-28 12:13:50 1Bezet-0008E0-Tf spam acl condition: cannot parse spamd
output -=*(this ate a ton of memory)*=-
2004-06-28 12:13:50 1Bezet-0008E0-Tf
H=ip66-106-80-30.z80-106-66.customer.algx.net (enjet.com) [66.106.80.30]
F=<criche
y@???> temporarily rejected after DATA
2004-06-28 12:13:51 1BezhA-0008Ee-1w SA: Action: scanned but message isn't
spam: hits=0.0 required=5.0 (scanned in 10/1
0 secs | Message-Id: CWOIVFDLBFJIPVZEZHWTBIW@???). From
<Louella_Hubbard@???> (host=210-85-128-
149.cm.dynamic.apol.com.tw [210.85.128.149]) for davidt@???
2004-06-28 12:13:51 1BezhA-0008Ee-1w <= Louella_Hubbard@???
H=210-85-128-149.cm.dynamic.apol.com.tw [210.85.128
.149] P=smtp S=1453 id=CWOIVFDLBFJIPVZEZHWTBIW@???
2004-06-28 12:13:51 1BezhA-0008Ee-1w => davidt@???
R=smart_route T=remote_smtp H=imap.efastfunding.com [10
.1.7.254]


SAspamcHost: 127.0.0.1
SAEximRunCond: 1
SAEximRejCond: ${if !eq {$h_X-SA-Do-Not-Rej:}{Yes} {1}{0}}
SAmaxbody: 768000
SATruncBodyCond: 0
SARewriteBody: 1
SAPrependArchiveWithFrom: 1
SAmaxarchivebody: 20971520
SAerrmaxarchivebody: 1073741824
SAmaxrcptlistlength: 0
SAaddSAEheaderBeforeSA: 1
..
..
SAtemprejectonerror: 0
...


I am running a 5 11.0 12.0 for scoring rules


I normally don't badysit the box but I just happened to be watching for my
noon time name attack to see if my firewall rules were going to catch the
guy who tries to pump 1k of spam thru my server even thought I deny all due
to unknown user and relay deny.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Forwarding to exposed mail server for outbound email[Exim] Re: Runaway spamassassin->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)