Sunday, March 20, 2011

DANGER: __PILL_PRICE 100% CPU loop

UPDATE 3/21/2011: sa-update has disabled these problematic rules.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6558
It seems some mail is triggering a rare bug in re2c (perl) that can cause spamassassin to get stuck in a 100% loop and cause significant problems for a server.  While this is a very serious problem, it affects only non-default configurations that use sa-compile.  Upstream is working on an emergency sa-update rule push to force disable.  Until then you can workaround this problem in two possible ways below.



Stop Using sa-compile
  1. Turn off whatever runs sa-compile.
  2. Delete /var/lib/spamassassin/<VERSION>
  3. sa-update
  4. Restart your spamd.
Continue using sa-compile, but Manually Disable some Rules
  1. Add these three lines to your local.cf.
  2. sa-compile how you normally would do.
  3. Restart your spamd.
(I personally don't use sa-compile because this is not the first time it caused weird bugs, and its time savings seems to be insignificant compared to the delay of waiting for network queries.)
Posted by at
Labels:

2 comments:

  1. Warren, what are the performance benefits of sa-compile? What is the memory/CPU overhead? I don't use it as well. Performance measurements would make for a good post.

    ReplyDelete

  2. Julian, that is a good suggestion. I will consider investigating this sometime later for an article.

    http://wiki.apache.org/spamassassin/FasterPerformance
    Meanwhile check out this page. In most cases I think sa-compile simply isn't worthwhile because you are optimizing for the wrong problem. Your bottleneck is far more likely to be network or I/O. Given the stability risks of sa-compile I suspect you're better off not using it.

    ReplyDelete

Subscribe to: Post Comments (Atom)