Hello,
seems some big mails were too long to scan, and SA even got killed.
[2146809.213586] Out of memory: Kill process 3660 (spamassassin) score 365 or
sacrifice child
[2146809.213613] Killed process 3660 (spamassassin) total-vm:2960664kB,
anon-rss:2921892kB, file-rss:0kB, shmem-rss:0kB
[2146809.270342] oom_reaper: reaped process 3660 (spamassassin), now
anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
I see the mail body contains nearly 20MB uuencoded text (don't ask).
I found some body rules that contain ".*" instead of a sane quantifier:
72_active.cf:rawbody __HAS_HREF /^[^>].*?<a href=/im
72_active.cf:rawbody __HAS_HREF_ONECASE /^[^>].*?<(a href|A
HREF)=/m
72_active.cf:rawbody __HAS_IMG_SRC /^[^>].*?<img src=/im
72_active.cf:rawbody __HAS_IMG_SRC_DATA /^[^>].*?<img src=['"]data/im
72_active.cf:rawbody __HAS_IMG_SRC_ONECASE /^[^>].*?<(img src|IMG
SRC)=/m
There are different checks that have the "*" quantifier tho.
Is it reasonable to replace them with {0,1000} globally?
--
Matus
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
