We recently implemented spamassassin on our server to mitigate spam volumes, and it does it quite well... except for one thing. For reasons I can't determine, it will suddenly start chewing through RAM and cpu usage until either spamd dies or the server becomes unresponsive.
There are a lot of entries like these in the exim panic logs: spam acl condition: all spamd servers failed warning - spamd connection to 127.0.0.1, port 783 failed: Connection refused kern.log shows: 14:42:10 blackforest VM: killing process spamd 14:42:49 blackforest __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) 14:42:49 blackforest VM: killing process spamd 14:43:05 blackforest __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) 14:43:05 blackforest __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) 14:43:05 blackforest VM: killing process exim 14:43:05 blackforest __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) 14:43:05 blackforest __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) 14:43:05 blackforest VM: killing process exim 14:43:06 blackforest __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) 14:43:06 blackforest VM: killing process ps aux |grep spamd nobody 16027 97.9 88.0 2483164 2283476 ? R 18:27 23:44 /usr/bin/spamd -d -r /var/run/spamd.pid -a -c -u nobody As you can see, the process is taking up a phenomenal amount of processing power and ram at the moment. We handle a load of roughly 50,000 messages inbound a day, the server has 2.5 GB of ram - 2.6.8-gentoo-r7 #1 SMP Sat Oct 16 18:33:20 MDT 2004 i686 Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux The problem was occurring with kernel 2.4.27 as well, and an upgrade to 2.6.8-r7 has not corrected the problem. I've also eliminated virtually all custom rules that may have been causing it to use more ram than necessary to no avail. Any thoughts on how to correct this? I'm having to monitor the server very closely to ensure the spamd process doesn't run amok and prevent mail delivery. -- Tremaine Systems Analyst Security Consultant
