On Tue, Jan 25, 2005 at 03:02:52PM -0500, Pierre Thomson wrote: > Martin, > > The message itself looks like the recursion problem... a spammer sent a drug > spam, and the rejection message (to a local address) looped some 122 times at > 5-second intervals until SA bombed. It's hard to imagine ANY program that > can disentangle 122 MIME-encapsulated emails inside each other without > running out of resources. > > So I would say the problem is not SA; it's an MTA setup that doesn't detect a > mail loop after eight or ten times around. The spammer appears to have used > a spoofed local envelope sender, which contributed to the problem.
Right. The problem is with the sending MTA which keeps forwarding the message. But the sending MTA is not under my control so I can't solve the problem that way. Even though the mail is extremely ugly spamassassin should not take up so many resources. If it can't handle 122 nested MIME messages then it shouldn't try. This can be used as a DoS attack. I scan all mail received on my server (approx 8000 msg/day). It only takes a couple of mails like this to take out my mail server forcing me to stop accepting mail or stop scanning for spam. So, even if the problem is caused my a MTA, spamassassin should handle this situation better. Martin Zuziak <[EMAIL PROTECTED]>
