Bug 3472 - This email gets stuck in spamd and puts large load on CPU
Summary: This email gets stuck in spamd and puts large load on CPU
Status: RESOLVED INVALID
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd (show other bugs)
Version: 2.63
Hardware: PC FreeBSD
: P2 critical
Target Milestone: 3.1.0
Assignee: SpamAssassin Developer Mailing List
URL: http://www.wcape.school.za/wcsn/1BWIy...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-04 11:15 UTC by David Peall
Modified: 2004-06-04 06:41 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Peall 2004-06-04 11:15:55 UTC 
Hi

I'm submitting a email that will not parse through spamd it keeps retrying its 
putting a very heavy load on my server.  I have tared the mail as it was in 
the ./scan/ dir. see URL

I think I will need to take Spamd down to let it through as my server becomes 
unresponsive at time because of this one email.

Please let me know if there is anything else you need to find out what the 
problem is.
Comment 1 Theo Van Dinter 2004-06-04 11:27:47 UTC 
Subject: Re:  New: This email gets stuck in spamd and puts large load on CPU

On Fri, Jun 04, 2004 at 11:15:57AM -0700, bugzilla-daemon@bugzilla.spamassassin.org wrote:
>                URL: http://www.wcape.school.za/wcsn/1BWIyg-000BMx-DI.tar.gz
> 
> I'm submitting a email that will not parse through spamd it keeps retrying its 
> putting a very heavy load on my server.  I have tared the mail as it was in 
> the ./scan/ dir. see URL

I'm sure it does.  Compressed, the file is almost 4MB in size.  The .eml
file inside is ~1.8MB (the tgz has the email and attachments broken out
into separate files).

By default, spamc will not pass anything to spamd that is >250k
in size because resource requirements go up dramatically
as the message size increases.  This is documented at
http://wiki.apache.org/spamassassin/SpamdKillingServer

How are you calling spamd?  If through spamc, it should't send the message
through to spamd unless you've increased the max message size via -s.
If it's through another method, you should configure it to not send
large messages through to spamd.
Comment 2 Malte S. Stretz 2004-06-04 11:38:29 UTC 
I think we should actually add a (configurable) size limit to the libs itself. 
That way stuff DoS attacks against spamd wouldn't be possible in the first 
place.
Comment 3 Justin Mason 2004-06-04 12:00:18 UTC 
Subject: Re:  This email gets stuck in spamd and puts large load on CPU 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


bugzilla-daemon@bugzilla.spamassassin.org writes:
>I think we should actually add a (configurable) size limit to the libs itself. 
>That way stuff DoS attacks against spamd wouldn't be possible in the first 
>place. 

yeah, I agree.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAwMaWQTcbUG5Y7woRArecAKDLN/LKWTTl+tgoJvUi+gu3Ww/fLQCgvorH
X5RS26DI3Eb9DagCx7k/GZw=
=OTw5
-----END PGP SIGNATURE-----
Comment 4 Theo Van Dinter 2004-06-04 12:11:36 UTC 
Subject: Re:  This email gets stuck in spamd and puts large load on CPU

On Fri, Jun 04, 2004 at 11:38:30AM -0700, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> I think we should actually add a (configurable) size limit to the libs itself. 
> That way stuff DoS attacks against spamd wouldn't be possible in the first 
> place. 

Well, I'm -1 on that.  The modules/libspamc shouldn't be trying to make
decisions about what work to do.  They're functions, they'll do what
they're supposed to do.  You want the decision logic in front of the
modules to decide what to process and what to skip.

We do this right now in spamc so that there are no resources used in
spamd for large messages.  Arguably, we could put the same logic in
spamd so that in the event the message gets to spamd, it'll take the
memory hit but can return the message unprocessed to avoid the DoS issue.

Frankly, this discussion is better suited to -dev and/or another bugzilla
ticket though.
Comment 5 David Peall 2004-06-04 14:34:16 UTC 
Hi I'm calling it from exim using exiscan I will try get it to exclude messages 
the are that big.

Thanks for the help
Comment 6 David Peall 2004-06-04 14:41:47 UTC 
Thanks its working 100% now.