B. Cook wrote:
> I have found that since I added the surbl perl script to my exim config
> that some messages take massive ammounts of CPU in exim.
Surely you are not surprised?
>
> I have removed the data acl scanning portion and have found that the
> mime portion is more effective and less prone to this massive cpu usage.
>
That may be true as far as it goes. So too, carrying a bicycle on your back
reduces the risk of flat tires.
But why do so?
> Below are the headers from a message that takes me 30+ minutes to scan
> on a 2.4G HT box w/ 1G ram on a FreeBSD 6.1-p2 box.
Rethink your goals.
Anything that you really believe regularly justifies such intensive scanning,
or
even might once in a great while need it, should be done post-smtp by some
other
process external to the MTA.
IF that is even a server-resident animal, best to 'nice' it down so that even
if
it took 30 *hours*, it never robbed more time-sensitive processes of resources.
Better yet to 'quarantine' it if you cannot reject it, and leave the rest to
the
addressee and *their* CPU.
Exim should be used with short, highly efficient, 'connect time' tests to
manage
the vast majority of traffic effectively.
More resource-intensive data-phase tests need to have realistic limits in
place,
by size, type of test, levels of recursion, restrictions on remote calls, etc.
Anything less precise, and you are inviting a DoS 'mailbomb' - accidental or
otherwise.
If you are going to support email as a substitute for ftp/http file transfer,
then you need to take care as to whom is permitted to do this, and limit
scanning (if any) to how, what, and where it can be supported.
HTH,
Bill
>
> Return-Path: <[EMAIL PROTECTED]>
> Delivered-To: [EMAIL PROTECTED]
> Received: (qmail 27585 invoked by uid 0); 13 Jul 2006 17:53:09 -0000
> Received: from unknown (HELO c.mx.poklib.org) (64.72.87.254)
> by vhnet.mx with SMTP; 13 Jul 2006 17:53:09 -0000
> Received: from mtiwmhc11.worldnet.att.net ([204.127.131.115])
> by c.mx.poklib.org with esmtp (Exim 4.62; FreeBSD)
> (envelope-from <[EMAIL PROTECTED]>) id 1G14tw-000FxS-Il
> for [EMAIL PROTECTED] ; Thu, 13 Jul 2006 13:53:09 -0400
> Received: from mwebmail15.att.net ([204.127.135.41])
> by worldnet.att.net (mtiwmhc11) with SMTP
> id <20060712201541111004ahvqe>; Wed, 12 Jul 2006 20:15:41 +0000
> Received: from [12.76.143.48] by mwebmail15.att.net;
> Wed, 12 Jul 2006 20:15:40 +0000
> X-Virus-Check: ClamAV 0.88.2/1598 on c.mx.poklib.org; Thu, 13 Jul 2006
> 13:53:09 -0400
> From: [EMAIL PROTECTED]
> Subject: Fwd: FW: The Sex Fairy
> Date: Wed, 12 Jul 2006 20:15:40 +0000
> Message-Id:
> <[EMAIL PROTECTED]>
> X-Mailer: AT&T Message Center Version 1 (Feb 28 2006)
> X-Authenticated-Sender: dGhlbG9nYW5zQGF0dC5uZXQ=
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="NextPart_Webmail_9m3u9jl4l_11304_1152735340_0"
> X-MIME-Count: 0
> X-MIME-Count: 1
> X-MIME-Count: 2
> X-MIME-Count: 3
> X-MIME-Count: 4
> X-MIME-Count: 5
> X-MIME-Character-set: US-ASCII
> X-MIME-Character-set: iso-8859-1
>
> #EOF
>
>
> Below is my acl_check_mime on the exim server:
>
> ###
> ### START ACL MIME
> ###
> acl_check_mime:
>
> # Decode MIME parts to disk. This will support virus scanners later.
> warn decode = default
>
> warn message = X-MIME-Character-set: $mime_charset
> condition = ${if eq{$mime_charset}{}{0}{1}}
>
> # not sure if this is working as intendted
> accept condition = ${if >={$mime_part_count}{15}{1}{0}}
>
> # SURBL Check
> deny set acl_m0 = ${perl{surblspamcheck}}
> message = $acl_m0
> condition = ${if eq{$acl_m0}{false}{no}{yes}}
> log_message = SURBL URL mime
>
> accept
>
> #EOF
>
> We are delivering to a qmail box (for what it's worth)
>
> 2006-07-13 13:23:00 SMTP connection from [204.127.131.115] (TCP/IP
> connection count = 39)
> 2006-07-13 13:53:09 1G14tw-000FxS-Il <= [EMAIL PROTECTED]
> H=mtiwmhc11.worldnet.att.net [204.127.131.115] P=esmtp S=127246
> [EMAIL PROTECTED]
> T="Fwd: FW: The Sex Fairy"
> 2006-07-13 13:53:09 1G14tw-000FxS-Il => [EMAIL PROTECTED] R=bsd_manual_route
> T=bsd_smtp H=64.72.68.14 [64.72.68.14] QT=30m9s DT=0s
> 2006-07-13 13:53:09 1G14tw-000FxS-Il Completed
>
> http://extraball.sunsite.dk/notepad.php?ID=19040&parse=c has a pasted
> output of what mutt shows the attachments are; something like 64 parts..
>
>
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
