Wednesday, March 23, 2011

SEM Rules Mistakenly Enabled, How to Disable

UPDATED 3/24/2011:
sa-update rules were reverted to an earlier state to avoid this and other possible surprises.  Bug #6560 has a patch under review to avoid this problem in the future.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6220
Some kind of bug in the auto-promotion backend has mistakenly made active several of the SpamEatingMonkey (SEM) network rules including the SEM DNSBL and URIBL's.  It is a matter of policy that Spamassassin NEVER adds new network rules in stable updates because it can cause significant unexpected problems to server administrators.  Furthermore, SpamTips.org strongly recommends against the use of  SEM's DNSBL due to its extremely high overlap with the high scoring PBL.  The Bug #6220 indicates one kind of serious issue that can happen when network rules are mistakenly added to sa-update where they very quickly hit usage limits and the provider causes all queries to become false positive hits.  Read more to learn how to workaround this issue.

Sunday, March 20, 2011

DANGER: __PILL_PRICE 100% CPU loop

UPDATE 3/21/2011: sa-update has disabled these problematic rules.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6558
It seems some mail is triggering a rare bug in re2c (perl) that can cause spamassassin to get stuck in a 100% loop and cause significant problems for a server.  While this is a very serious problem, it affects only non-default configurations that use sa-compile.  Upstream is working on an emergency sa-update rule push to force disable.  Until then you can workaround this problem in two possible ways below.