Message larger than max testing size

[John Rudd]

On Wednesday, Jul 23, 2003, at 07:16 US/Pacific, Antony Stone wrote:

>
> On Wednesday 23 July 2003 3:01 pm, Matt Kettler wrote:
>
>> At 12:16 PM 7/23/2003 +0100, Antony Stone wrote:
>>> MailScanner has a setting Max SpamAssassin Size, which avoids doing
>>> SA
>>> checks on very large messages.
>>>
>>> However, the size appears to apply to the entire incoming email, not
>>> just
>>> to the text part of it which would be checked by SA.
>>
>> SA doesn't just check the "text part".. SA gets the whole message,
>> completely un-decoded.
>
> Hmm.   Sounds like a slightly strange way to do it.   What's the point
> of
> SpamAssassin-scanning a GIF image?
>

If you send it just the mime segments, it wont catch any tell-tale
signs in the headers.  Or even some signs that are in the mime-encoding
headers/separators.  Therefore, you send it the entire message, still
encoded, and it looks at every little piece of the message.  I don't
think any of SA's rules cover the encoded content of a GIF image, but
if you don't send it EVERYTHING, it'll miss important things that it
wouldn't get if you just sent it the content of certain segments.


Though, it might be an interesting exercise to see if you can re-do
some of the SA structure so that you run multiple checks: do a headers
only check, a mime separators check, a check for each non-binary
segment's content, and then work in the whitelist/blacklist info based
upon the sender and receiver.  That would make it easier to avoid
spending time on binary segments, but I bet it would make a bunch of
things more complex and tricky than they need to be.  Might be
interesting to see if it actually improves anything though.

You should propose it on the SA-talk list and see what they say.  :-)