spamassassin timeouts question
mailscanner at ecs.soton.ac.uk
Tue Jan 6 23:05:26 GMT 2004
At 19:21 06/01/2004, you wrote:
> >>I am not seeing failure 2 of 10 and so on..
> >It is succeeding some times and failing other times. It needs to hit 10
> >consecutive timeouts before SpamAssassin network checks are disabled.
> >consecutive timeouts (including the above 10) will cause SpamAssassin
> >disabled altogether. Even if it keeps failing, it's usually due to
> >checks which is why the behaviour is slightly cleverer than the simple
> >configuration option suggests.
>So is it safe to say that while SpamAssassin is timing out 1 of 10 the
>message is automatically accepted and allowed through? I suppose one
>might expect that if it failed, it should fail closed instead of open.
>I'm puzzled by this problem...because NO SPAM gets through my
>MailScanner instance EXCEPT for SpamAssassin timeouts. Would it be
>possible to make this queue and rescan later? Or at least to make this
>configurable? I know there will be a venerable uprising about holding
>mail that is not able to be processed...but I want to stop these from
>It seems we have created an environment, where if the network checks
>timing out can allow false positives to be processed and allowed
>through, that fooling SpamAssassin and MailScanner would be as easy as
>making network checks unavailable. Then all messages would time-out and
>be accepted by the instance, thus forwarded on to the end MUA.
And you want all mail blocked because one blacklist RBL is not available?
Sounds like a very straightforward DoS attack to me.
I think it should fail open and not closed. False negatives are a lot less
of a problem then false positives.
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner