Over the past week my mail server has crashed several times because
spamd uses all of the memory and the kernel starts killing processes. I
am running exim 4.34-4 w/ exiscan-acl, SA 3.0.1, Debian stable on a Dual
Xeon 2.4Ghz with 1.5GB of RAM and 750MB of swap space.
I have tracked it down to this DSN email and all of its retry attempts:
http://www.astro.psu.edu/~soccio/bademail.txt
This file is nearly 7MB, so I don't understand why it is even going
through the spam filter since my acls for spam should exclude anything
over 90k:
deny message = This message was detected as Spam.
spam = spamassassin:true
condition = ${if <{$message_size}{90k}{1}{0}}
condition = ${if >{$spam_score_int}{150}{1}{0}}
log_message = Message dropped with $spam_score_int Spam Score.
warn message = X-PSUAA-Spam-Score: $spam_score\nX-PSUAA-Spam-Level:
$spam_bar
spam = spamassassin:true
condition = ${if <{$message_size}{90k}{1}{0}}
warn message = X-PSUAA-Spam-Status: YES
spam = spamassassin:true
condition = ${if <{$message_size}{90k}{1}{0}}
condition = ${if >{$spam_score_int}{50}{1}{0}}
Spamassassin 3.0.1 doesn't like all of those "@" in the email and the
uri checker soaks up all of my available memory, but I don't understand
why that KP7778_NB.fits file is showing up in-line and unencapsulated.
I have to assume that it was originally sent as an attachment and should
be housed in some sort of mime formatting, or preferably, dropped from
the bounce message. Fits files are image files used by astronomers, so
this is a valid message and attachment to see bouncing around.
Even if the DSN message is broken, I don't want it crashing my server
like this and would like to find a way to prevent it from happening again.
Can anyone shed any light on this situation? Is there something I can
do with may spam acls to keep this from recurring? Is there something
broken with that email that I could catch prior to the spam acls?
Thanks
Matt
