On Thu, Jun 09, 2016 at 12:16:11AM -0400, Mark London wrote: > On 6/8/2016 1:20 PM, John Hardin wrote: > >On Wed, 8 Jun 2016, Mark London wrote: > >>Hi - We received an email with several large postscript > >>attachments, and the content type was "text/plain". This > >>caused our spamassassin server to use up 100% CPU, parsing the > >>attachments as text. I temporarily disabled spam scanning to > >>allow the message to go through. How can I prevent this in the > >>future? I know about the time limit feature, but this doesn't > >>prevent the server from running 100% of the time, before the > >>time limit is reached. Any suggestions? Thanks. - Mark > >> > >>Content-Transfer-Encoding: base64 > >>Content-Type: text/plain; > >>name=OTBW_3D_256_ngtot100_de03_coll_dissip_1248.ps > >>Content-Disposition: attachment; > >> filename=OTBW_3D_256_ngtot100_de03_coll_dissip_1248.ps > >Do you have something that could catch text/plain + *.ps before SA > >get handed the message (e.g. a regex milter or other test)? > > I'm using MIMEDefang. I haven't looked to see what I could do with > that. I've been running spamassassin for more years than I > remember, and this is the first time I've encountered this > situation. > > Someone else asked about my file size limit. I know that for a 512K > postscript file as text/plain, that it takes up 100% of the CPU of > one process, for about 1 minute. But I have a much larger file size > limit, which I've increased over the years, in response to spam that > we've received here. > > I believe the problem has always been there, but it's rarely been > abused like this. I can't think of a proper solution. I guess > maybe I'll just hope it never happens again. :) - Mark
Garbage text/plain is known problem.. 3.4.2 should have a workaround if someone manages to release it.. :-) https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6582
