Occassionaly we’ve been seeing messages like:

spam acl condition: error reading from spamd socket: Connection reset by peer

in /var/log/exim4/paniclog

But lately the problem has become much more persistent. I found out, that there’s some arsehole spammer sending us 500K spams every ca. 70 minutes. From /var/log/mail.log:

Jul 17 08:52:32 mail spamd[477]: spamd: identified spam (7.9/5.0) for spamd:1004 in 288.5 seconds, 505669 bytes.

Now since spamassassin would take that long (nearly 5 minutes!!!) to find out whether that mail is a spam or not, exim would simply timeout it’s connection to spamassassin and the result was the message seen above.

What I did was to use sa-compile to compile the SA rules to “native code” and to enable “Rule2XSBody”, which on Debian lives in /etc/spamassassin/v320.pre.

This seems to make SA quite a lot faster and to use less CPU.

If this won’t help we could also restrict the maximum size of messages to scan.

Yours Tomáš Pospíšek