You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Thomas Kaehn <tk...@westend.com> on 2004/10/18 16:50:16 UTC
"DoS" against amavisd-new and SA 3.0
Hi,
I am using amavisd-new along with SpamAssassin 3.0. Recently I've
noticed, that a mail couldn't be delivered, because SA timed out as it
had to do many DNS lookups.
The mail had lots of URLs in its body. It is not really SpamAssassin's
or amavisd-new's fault. But is there a solution to this problem? For
example a separate timeout for SURBL or a limit in number of DNS
lookups?
Thanks in advance!
Ciao,
Thomas
--
Thomas Kähn WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
tk@westend.com D-52064 Aachen Fax 0241/911879
Re: "DoS" against amavisd-new and SA 3.0
Posted by Thomas Kaehn <tk...@westend.com>.
Hello Matt,
On Mon, Oct 18, 2004 at 11:23:06AM -0400, Matt Kettler wrote:
> man Mail::SpamAssassin::Plugin::URIDNSBL
>
> uridnsbl_timeout N (default: 2)
> Specify the maximum number of seconds to wait for a result before
> giving up on the lookup. Note that this is in addition to the normal
> DNS timeout applied for DNSBL lookups on IPs found in the Received
> headers.
>
> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_URIDNSBL.txt
>
> So, you can safely reduce that to 0, which will make the URIDNSBL behave
> just like normal DNSBLs and be subject to the same dynamic timeout
> algorithm with no extra time.
thanks for your reply. This was the information, I was looking for.
Ciao,
Thomas
--
Thomas Kähn WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
tk@westend.com D-52064 Aachen Fax 0241/911879
Re: "DoS" against amavisd-new and SA 3.0
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:50 AM 10/18/2004, Thomas Kaehn wrote:
>Hi,
>
>I am using amavisd-new along with SpamAssassin 3.0. Recently I've
>noticed, that a mail couldn't be delivered, because SA timed out as it
>had to do many DNS lookups.
>
>The mail had lots of URLs in its body. It is not really SpamAssassin's
>or amavisd-new's fault. But is there a solution to this problem? For
>example a separate timeout for SURBL or a limit in number of DNS
>lookups?
>
>Thanks in advance!
man Mail::SpamAssassin::Plugin::URIDNSBL
uridnsbl_timeout N (default: 2)
Specify the maximum number of seconds to wait for a result before
giving up on the lookup. Note that this is in addition to the normal
DNS timeout applied for DNSBL lookups on IPs found in the Received
headers.
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_URIDNSBL.txt
So, you can safely reduce that to 0, which will make the URIDNSBL behave
just like normal DNSBLs and be subject to the same dynamic timeout
algorithm with no extra time.
That said, you really shouldn't be having timeout problems due to this,
unless the URIDNSBL plugin isn't working as-designed. The default should be
17 seconds max.