Occassionaly we’ve been seeing messages like:
spam acl condition: error reading from spamd socket: Connection reset by peer
in /var/log/exim4/paniclog
But lately the problem has become much more persistent. I found out, that there’s some arsehole spammer sending us 500K spams every ca. 70 minutes. From /var/log/mail.log:
Jul 17 08:52:32 mail spamd[477]: spamd: identified spam (7.9/5.0) for spamd:1004 in 288.5 seconds, 505669 bytes.
Now since spamassassin would take that long (nearly 5 minutes!!!) to find out whether that mail is a spam or not, exim would simply timeout it’s connection to spamassassin and the result was the message seen above.
What I did was to use sa-compile to compile the SA rules to “native code” and to enable “Rule2XSBody”, which on Debian lives in /etc/spamassassin/v320.pre.
This seems to make SA quite a lot faster and to use less CPU.
If this won’t help we could also restrict the maximum size of messages to scan.
Yours Tomáš Pospíšek