You're right; there should be some recursion detection built into SA that gives up before resources are exhausted.
I tried scanning the email on a Pentium3-800 with 256 MB running SA 2.64. It took 14.9 seconds to scan, but didn't crash anything. Free memory dropped by about 20 MB during the run. For what it's worth. Pierre Thomson BIC -----Original Message----- From: Martin Karol Zuziak [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 25, 2005 3:18 PM To: users@spamassassin.apache.org Subject: Re: Deep recursion error On Tue, Jan 25, 2005 at 03:02:52PM -0500, Pierre Thomson wrote: > Martin, > > The message itself looks like the recursion problem... a spammer sent a drug > spam, and the rejection message (to a local address) looped some 122 times at > 5-second intervals until SA bombed. It's hard to imagine ANY program that > can disentangle 122 MIME-encapsulated emails inside each other without > running out of resources. > > So I would say the problem is not SA; it's an MTA setup that doesn't detect a > mail loop after eight or ten times around. The spammer appears to have used > a spoofed local envelope sender, which contributed to the problem. Right. The problem is with the sending MTA which keeps forwarding the message. But the sending MTA is not under my control so I can't solve the problem that way. Even though the mail is extremely ugly spamassassin should not take up so many resources. If it can't handle 122 nested MIME messages then it shouldn't try. This can be used as a DoS attack. I scan all mail received on my server (approx 8000 msg/day). It only takes a couple of mails like this to take out my mail server forcing me to stop accepting mail or stop scanning for spam. So, even if the problem is caused my a MTA, spamassassin should handle this situation better. Martin Zuziak <[EMAIL PROTECTED]>
