[Mimedefang] accept, then scan?

Jan-Pieter Cornet johnpc at xs4all.nl
Fri Sep 21 17:43:18 EDT 2007

On Fri, Sep 21, 2007 at 09:53:56AM -0700, Andy Lyttle wrote:
> >1. Limit a message size for spamassassin.
> Already done, but one of the problem messages is only 27k, and  
> limiting SA to less than that probably won't be useful.

Are you using exotic or custom rulesets, or an older version of
spamassassin, or an old version of perl? (older than 5.8.8)

There are known bugs in older spamassassin rulesets (and some
SARE rules) that cause the perl regex engine (or some versions
of the regex engine) to use excessive backtracking in case certain
long input strings are used. Does the mail that is causing a tempfail
contain very long lines? If so, there's your problem.

You might be able to catch the misbehaving rule by manually running
spamassassin on the mail, with debugging enabled. Note: this will
most likely be a rule that DOES NOT match. Regexes tend to be good
at finding matches, but bad, worse or extremely bad at not finding
a match. In fact, most of the perl regex optimizations are aimed at
failing quickly (and I can seriously recommend perl 5.9.5 or 5.10.0
if you think you can handle the bleeding edge, because the regex
engine has had a pretty massive overhaul).

Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!

More information about the MIMEDefang mailing list