ssimple email causing spamd 100% CPU
Posted: Fri Feb 27, 2015 7:34 am
Can someone suggest how I might be able to trace the cause of a problem I'm having please?
On two out of three systems, every now and then an email comes in that causes spamd to hit 100% CPU and stay there. Eventually there's a timeout, the message isn't delivered, and the sending system retries. Until the sender gives up, the load on the systems can get quite high because each time the message is delivered spamd gets to 100% and stays there for 5 minutes (I think that's its timeout).
Sending the same problem email to a third system causes no problems at all and it is delivered without issues.
What's REALLY odd on the problem systems is that if I restart clamd (not spamassassin), the spamd process immediately stops going nuts - i.e. exactly the same result as I get when restarting spamassassin itself! I really don't get this!
All three systems run Centos 6, have Plesk, qmail, qmail-scanner, clamav, spamassassin and spamdyke. They are pretty much identical, but not absolutely identical in terms of config. I can't say what might be different -- only that things might have changed over the years they have been in service, even though they started with the same configs.
The emails that I've seen causing this issue all seem to have CSV attachments. They are not big. The last one was 2Mb.
The interaction between clamd and spamd is really puzzling me. It is as though spamd is waiting for clamd even though I wasn't aware that the two interact in any way. And of course I'd really like to figure out why the heck these emails are causing a problem in the first place.
Suggestions on where to start would be appreciated!
On two out of three systems, every now and then an email comes in that causes spamd to hit 100% CPU and stay there. Eventually there's a timeout, the message isn't delivered, and the sending system retries. Until the sender gives up, the load on the systems can get quite high because each time the message is delivered spamd gets to 100% and stays there for 5 minutes (I think that's its timeout).
Sending the same problem email to a third system causes no problems at all and it is delivered without issues.
What's REALLY odd on the problem systems is that if I restart clamd (not spamassassin), the spamd process immediately stops going nuts - i.e. exactly the same result as I get when restarting spamassassin itself! I really don't get this!
All three systems run Centos 6, have Plesk, qmail, qmail-scanner, clamav, spamassassin and spamdyke. They are pretty much identical, but not absolutely identical in terms of config. I can't say what might be different -- only that things might have changed over the years they have been in service, even though they started with the same configs.
The emails that I've seen causing this issue all seem to have CSV attachments. They are not big. The last one was 2Mb.
The interaction between clamd and spamd is really puzzling me. It is as though spamd is waiting for clamd even though I wasn't aware that the two interact in any way. And of course I'd really like to figure out why the heck these emails are causing a problem in the first place.
Suggestions on where to start would be appreciated!