> Am 21.01.2026 um 16:56 schrieb Bill Cole > <[email protected]>: > > You can go looking for any instances of '.*' in your rules as a start, but I > don't think your problem here is regex backtracking but rather DNS. All of > those addresses will generate multiple DNS queries, and if they are not all > identical (I assume that you have replaced the real addresses) they will each > go out to the net for resolution.
It is all the same address, I only replaced the local part of the original
address.
> This can be particularly problematic if you do not have a fully recursive
> nameserver running on the same machine (or at worst, same LAN segment) to do
> all DNS resolution for your MTA. That means something OTHER THAN dnsmasq,
> which is only fit for low-volume end user name resolution.
DNS is not the problem, we use unbound. And I also did some tests with
spamassassin -L with the same results.
But your hint to look for '.*' pushed me into the right direction.
I figured out to run spamassassin with perl -d:Trace then I saw the output
stalled always after logging the same custom rule of my ruleset and this one
was the culprit:
/(password|credential|access to|account|\S+\@\S+|e-?mail).{1,70}(is
expiring|expires?|(has )?expired|set to expire)/i
after changing it to
/(password|credential|access
to|account|[a-z0-9_.-]+\@[a-z0-9_.-]+|e-?mail).{1,70}(is expiring|expires?|(has
)?expired|set to expire)/i
everything is OK again.
Best regards,
Bernhard
smime.p7s
Description: S/MIME cryptographic signature
