Apache SpamAssassin fills up /tmp with a bunch of files...

[darren.nolan]

Hey guys,

Been searching for a little while, but haven't found anything in relation to this yet.

I've got files... many files in the format of .spamassassin**********tmp building up in /tmp.

Wasn't all that worried about it when I first noticed it - but it just seems to be getting bigger every day. First oocurances was the change from normal cPanel to the VPS optimised version.

Are these suppose to be here? Do they clean themselves up at all?

I read somewhere that these files were about Bayes temp information on a per user basis (which explains the file permissions) but still... there's over 500 of these little buggers.

Any ideas? Cheers,

 

[sehh]

yeah, its a known bug which came up a few months ago, there is currently no solution as you can see here:

http://forums.cpanel.net/showthread.php?t=82341&goto=newpost

 

[cPanelDavidG]

Did someone create a bugzilla entry regarding this that I could make QA aware of?

 

[sehh]

Its here:

http://bugzilla.cpanel.net/show_bug.cgi?id=7297

 

[cPanelDavidG]

Its here:

http://bugzilla.cpanel.net/show_bug.cgi?id=7297

Our QA team reviews all submitted bugzilla entries so thanks for submitting that!

 

[darren.nolan]

So long as I'm not going mad, and I haven't mucked up - hurray.

So safe to delete those files every once in a while?

 

[sehh]

yes its safe, but that won't fix the real problem.

 

[freedman]

on my servers I resolved this issue by commenting out the 2 last lines in :
/etc/mail/spamassassin/local.cf

#loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
#resource_limit_mem 134217728

it seems there is no plugin "ResourceLimits"
this seems to cause spamassassin to produce incorrect output.
commented out those lines and it's scoring spam again


ideally, cpanel would first check for the presence of this plugin and only add the lines if it's available.

 

[cPanelKenneth]

on my servers I resolved this issue by commenting out the 2 last lines in :
/etc/mail/spamassassin/local.cf

#loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
#resource_limit_mem 134217728

it seems there is no plugin "ResourceLimits"
this seems to cause spamassassin to produce incorrect output.
commented out those lines and it's scoring spam again


ideally, cpanel would first check for the presence of this plugin and only add the lines if it's available.

That's odd. Just checked three of our test servers and that module is installed on all of them. /scripts/update_sa_rules is what adds that module. According to what I'm reading in the source, it will only add that to your configuration if the module actually exists.

 

[sehh]

I've disabled it but i we still get the errors in /var/log/exim_panic.

So far, no /tmp files from SA...

 

[freedman]

That's odd. Just checked three of our test servers and that module is installed on all of them. /scripts/update_sa_rules is what adds that module. According to what I'm reading in the source, it will only add that to your configuration if the module actually exists.

I was trying to check for the module via cpan, I didn't think it was just something cpanel shoved in there.

You're right. it is there. however, removing the config lines did solve the problem, so it must be related somehow.

??

 

[darren.nolan]

Thanks for the posts guys.

I'm taking a while stab here that even though I change my config file, on the next appropriate cpanel update - it's just going to get rid of my changes anyway - which is good in this case as they'll be addressing this issue anyway.

Thanks again

 

[darren.nolan]

Files were quite large also - about 300mb all up.

We'll see how things go for the next few weeks until I update again.

 

[cPanelKenneth]

Files were quite large also - about 300mb all up.

We'll see how things go for the next few weeks until I update again.

Do you recall approximately how large they were individually?

 

[sehh]

here they range from zero bytes to 300kb

they all look like they are file attachments (or parts of them) in base64 encoding.

its interesting that their sizes are too "round" for my tastes, for example they are:

4096, 40960, 8192, 81920, 45056, 49152...

notice some kind of pattern here? they could be memory dumps from static length arrays/lists or whatever..

i also noticed that two different emails, with two completely different file attachments will create identical temporary file sizes (but not content).

memory corruption, out of boundary core dump?.... who knows...

 

[cPanelKenneth]

here they range from zero bytes to 300kb

they all look like they are file attachments (or parts of them) in base64 encoding.

its interesting that their sizes are too "round" for my tastes, for example they are:

4096, 40960, 8192, 81920, 45056, 49152...

notice some kind of pattern here? they could be memory dumps from static length arrays/lists or whatever..

i also noticed that two different emails, with two completely different file attachments will create identical temporary file sizes (but not content).

memory corruption, out of boundary core dump?.... who knows...

Thanks for that info. It does sound suspicious. Have you noticed any other patterns?

 

[sehh]

Nothing else so far, but i think its a bug in spamassassin and not something related to Exim. So far i haven't had the time to properly do tests, but i would start from SA's debug output first.

I do know that these problems did not exist in Stable 24739 or 24255, i think they started after we upgraded, somewhere around Stable 25959.

 

[freedman]

Nothing else so far, but i think its a bug in spamassassin and not something related to Exim. So far i haven't had the time to properly do tests, but i would start from SA's debug output first.

I do know that these problems did not exist in Stable 24739 or 24255, i think they started after we upgraded, somewhere around Stable 25959.

my thoughts are:
the ResourceLimits plugin is causing spamassassin to crash somehow. This crash is possibly truncating the tmp files at fixed block sizes.
it's also not returning values that exim understands (if it's returning anything to exim at all).

I'm not sure what the resourcelimits plugin is or how it's useful, but it might be that until it can be guaranteed to work in all circumstances, we're better off without it.??

on all my servers, disabling the plugin alone solved my problems.

 

[darren.nolan]

The fix above doesn't work for me. Anytime Exim is restarted or cPanel does an update - SA breaks and I'm forced to reinstall, following the example of a previous CP tech when he was in my system fixing that original problem.

So I have those files slowly building up again in my /tmp - if you're interested in firstly checking out those files - and secondly - fixing my SA problem once and for all so someone breaking wind near my server doesn't cause SA to die horribly?

Would be very happy

Cheers,

 

[sehh]

The fix doesn't work for me either, i've disabled the ResourceLimits plugin and it had no effect whatsoever.