Yeah thats failing safe, the default test time is 30 seconds, and if that is exceeded spamc will fail "open". Youve got 2 problems here, the first is that you're exceeding the timeout, you can adjust that in /var/qmail/bin/qmail-scanner-queue.pl
my $spamc_binary='/usr/bin/spamc -t 30";
the 2nd problem is that you're exceeding the timeout.
It shouldnt take 30 seconds to scan a message on your box unless
1) you have network issues
2) you arent using a local DNS server (nameserver 127.0.0.1 on /etc/resolv.conf)
3) you've been shunned by one of the P2P signature services (dcc, razor, pyzor)
4) your system is being overwhelmed. A month or so ago I added in rate limiting to ucspi-tcp for this situation. You can rate limit based on IP and/or load on the system.
Typically on my systems it takes 5-10 seconds to process a message, so thats what you want to shoot for. Mine were exceeding that level because of the volume of traffic to the box (my spamtrap is really really popular). So the rate limiting in ucspi-tcp cleaned this up immediately. I use the following in /etc/tcpserver/smtp.rules
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl",MAXLOAD="350",MAXCONNIP="2",MAXCONNC="5",DIEMSG="421 Service temporarily not avalable"
Which means I throttle when the load gets to 3.5, limit 2 connections per IP, or 5 connections per Class C network. Exceeding these thresholds and you get that 421 message.
When you're done, you need to run /usr/bin/maketcprules, and restart smtpd (svc-restart smtpd)