On 6/8/2016 1:20 PM, John Hardin wrote:
On Wed, 8 Jun 2016, Mark London wrote:
Hi - We received an email with several large postscript attachments,
and the content type was "text/plain". This caused our spamassassin
server to use up 100% CPU, parsing the attachments as text. I
temporarily disabled spam scanning to allow the message to go
through. How can I prevent this in the future? I know about the
time limit feature, but this doesn't prevent the server from running
100% of the time, before the time limit is reached. Any suggestions?
Thanks. - Mark
Content-Transfer-Encoding: base64
Content-Type: text/plain;
name=OTBW_3D_256_ngtot100_de03_coll_dissip_1248.ps
Content-Disposition: attachment;
filename=OTBW_3D_256_ngtot100_de03_coll_dissip_1248.ps
Ouch. Please file a bug for that.
Do you have something that could catch text/plain + *.ps before SA get
handed the message (e.g. a regex milter or other test)?
Before you file a bug, do you have a size limit set? How large is the
attachment?
