Hey everyone,

I have a few questions about something I'm encountering with spamd.

I've noticed cases where a bounce message to the server results in spamd
'exceeded time limit'. It reaches the limit of 300+ seconds. In this
particular case, the message size is 564kB and contains an attachment.
Normally, such a message size would not cause spamd to 'hang' for 5 minutes.

I've pulled the bounce message in question to troubleshoot, and noticed that
with spamc it does not recognize the attachment (no attachment rules hit).
When scanning the original message (non bounce), spamc does recognize the
attachment. I also noticed a significantly longer wait time using spamc with
the bounce message compared to the original message.

I also used the 'HitFreqsRuleTiming' plugin to see the performance of rule
scan time between the bounce message and original message. I noticed that
the bounce message had rules taking 4+ seconds (upstream rules such as
__FILL_THIS_FORM_SHORT2 and __FILL_THIS_FORM_LONG2) , while this was not the
case in the original message


I have two questions:

1) By default, does SpamAssassin *not* decode/scan the base64 of the
attachment?

2) Is the longer scan time of the 'bounce' message due to SpamAssassin
scanning the attachment text lines in a way that it normally would not if it
had recognized that it is an attachment?


Thanks in advance.






--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Reply via email to