Bug 5120 - run-away/never-ending message check
Summary: run-away/never-ending message check
Status: RESOLVED WORKSFORME
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd (show other bugs)
Version: 3.1.6
Hardware: Other FreeBSD
: P5 critical
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL: http://www.hicom.net
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-07 11:06 UTC by Juergen Heberling
Modified: 2006-12-30 19:16 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Juergen Heberling 2006-10-07 11:06:01 UTC 
This is a possible DOS attack (at least as far as I am affected).

I upgraded to v3.1.6 since I was getting this problem on v3.0.2 
both running Perl 5.8.3 on FreeBSD 4.9, dual P3Xeon-500 intel. 

Spamassassin is being invoked from user-specific .procmailrc using spamc/spamd
an user-specific config/options coming from mysql.

I'm getting never-ending spamd child processes.  The messages being analyzed are
all types.  I have not seen a pattern yet. 

Since the never-ending processes eventually use up all available spamd child
processes, eventually no checking is done. I had let 3.1.6 manage the child
processes but it ran out of processes.  Both default and explicitly specified
timeout-child did NOT trigger killing of the child pid. 

I set the max-message per child to 1 and timeout-child also did not trigger. 

I am now running a periodic checker to kill any child pids that exceed 5 mins of
CPU time.
Comment 1 Theo Van Dinter 2006-11-30 19:59:23 UTC 
Please attach a sample message that causes the problem.  You'll also want to
debug what is going on.  running with -D or using strace would be useful.

my first reaction is that you're having a bayes expiry done, which may take a
long time, especially on older/slower hardware.
Comment 2 Tom Schulz 2006-12-01 07:43:19 UTC 
See bug 4650 comment 2 and bug 3532 comment 7.  It really would be good if
the bayes housekeeping were not done by the noramal spamd children.
Comment 3 Theo Van Dinter 2006-12-30 19:16:30 UTC 
Hearing nothing, I'm closing this ticket.