spamassassin timeouts question

Julian Field mailscanner at ecs.soton.ac.uk
Tue Jan 6 23:05:26 GMT 2004


At 19:21 06/01/2004, you wrote:
> >>I am not seeing failure 2 of 10 and so on..
>
> >It is succeeding some times and failing other times. It needs to hit 10
>
> >consecutive timeouts before SpamAssassin network checks are disabled.
>20
> >consecutive timeouts (including the above 10) will cause SpamAssassin
>to be
> >disabled altogether. Even if it keeps failing, it's usually due to
>network
> >checks which is why the behaviour is slightly cleverer than the simple
> >configuration option suggests.
>
>So is it safe to say that while SpamAssassin is timing out 1 of 10 the
>message is automatically accepted and allowed through?  I suppose one
>might expect that if it failed, it should fail closed instead of open.
>
>I'm puzzled by this problem...because NO SPAM gets through my
>MailScanner instance EXCEPT for SpamAssassin timeouts.  Would it be
>possible to make this queue and rescan later?  Or at least to make this
>configurable?  I know there will be a venerable uprising about holding
>mail that is not able to be processed...but I want to stop these from
>getting through...
>
>It seems we have created an environment, where if the network checks
>timing out can allow false positives to be processed and allowed
>through, that fooling SpamAssassin and MailScanner would be as easy as
>making network checks unavailable.  Then all messages would time-out and
>be accepted by the instance, thus forwarded on to the end MUA.

And you want all mail blocked because one blacklist RBL is not available?
Sounds like a very straightforward DoS attack to me.
I think it should fail open and not closed. False negatives are a lot less
of a problem then false positives.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list