spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Question about Max msg size

Re: Question about Max msg size

From: jdow <jdow_at_nospam>
Date: Thu Oct 07 2010 - 00:38:15 GMT
To: <users@spamassassin.apache.org>

From: "Karsten Bräckelmann" <guenther@rudersport.de>
Sent: Wednesday, 2010/October/06 16:20

> On Wed, 2010-10-06 at 14:38 -0700, durwood wrote:
>> > Because it *is* filed already. Please first search bugzilla, then open
>> > a bug report.
>>
>> Pinging this thread to see if there's been any progress or decision on
>> this
>> bug.
>
> Wow, that thread's more than a year old. :) A lot of folks are likely
> to miss this follow-up, somewhere deep in the mail folder.
>
>> I too am starting to see quite a bit of spam that's *just* over the 500k
>> threshold due to ~4K-sized image attached to the spam. It almost makes me
>> wonder if they are doing this just to get it over the standard
>> SpamAssassin
>> threshold.
>
> If it's just over the threshold, why not just raise it? It's a default,
> but configurable for a reason.
>
> To reiterate some related statements from that thread and others since:
> With a higher threshold, overall memory consumption by SA will raise as
> well. However, with attachments like that, only a very few rules will be
> affected at all, namely rawbody rules. Anything else will never even get
> to see that data blob.
>
> IMHO, it should be perfectly safe in most cases to raise the threshold,
> if you're seeing spam just over it. Like, say, 600k? 750k?
>
> It's a trade-off, and you have to decide. However, think about it. How
> many messages (both spam and ham) do you receive over 500k a day? Over
> 1M? Would the overhead be worth it, to catch that spam, or would taking
> care of them manually be ok?
>
> What *is* that overhead anyway? Even if you are wasting cycles on one
> larger ham per user per day (those between old and new threshold) after
> raising the threshold, would you even notice the additional load? Would
> you notice 10 of them? Is your system that maxed out?
>
>
>> It seems like the size limit should be applied to the searchable parts of
>> the email, not any attached images.
>
> This is rather unlikely to happen. There is *no* size limit in SA. There
> is, however, one in the lightweight spamc client. Not taking binary
> attachments into account would require spamc to understand and parse the
> MIME structure.
>
> Granted, there are good libs for that out there -- but the overhead,
> code wise and as a build dependency, is non-trivial.

Karsten, haven't you figured out that you CAN code "good if frustrating
and cryptic" tools that drive SpamAssassin to send the rare very large
messages off to spamassassin itself rather than spamc?

{^_-}