Am 21.01.2026 um 16:56 schrieb Bill Cole
<[email protected]>:
You can go looking for any instances of '.*' in your rules as a start,
but I don't think your problem here is regex backtracking but rather DNS.
All of those addresses will generate multiple DNS queries, and if they
are not all identical (I assume that you have replaced the real
addresses) they will each go out to the net for resolution.
It is all the same address, I only replaced the local part of the original
address.
This can be particularly problematic if you do not have a fully recursive
nameserver running on the same machine (or at worst, same LAN segment) to
do all DNS resolution for your MTA. That means something OTHER THAN
dnsmasq, which is only fit for low-volume end user name resolution.
On 21.01.26 17:10, Lichtinger, Bernhard wrote:
DNS is not the problem, we use unbound. And I also did some tests with
spamassassin -L with the same results.
Caching does not fix an issue if the issue is in sending multiple different
requests, just FYI.
But your hint to look for '.*' pushed me into the right direction.
I figured out to run spamassassin with perl -d:Trace then I saw the output
stalled always after logging the same custom rule of my ruleset and this
one was the culprit:
/(password|credential|access to|account|\S+\@\S+|e-?mail).{1,70}(is
expiring|expires?|(has )?expired|set to expire)/i
after changing it to
/(password|credential|access
to|account|[a-z0-9_.-]+\@[a-z0-9_.-]+|e-?mail).{1,70}(is expiring|expires?|(has
)?expired|set to expire)/i
I guess that the issue wasn't not just in the "\S" vs "[a-z0-9_.-]", but
also in the "\+" vs "{1,...}"
e-mail address in form:
[a-z0-9_.-]{1-64}\@[a-z0-9_.-]{1-255}
should be safer
...according to rfc5321, localpart is 64 chars max, domain 255 max)
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
