Max SpamAssassin Size problems

Kash, Howard (Civ, ARL/CISD) hmkash at arl.army.mil
Mon Aug 28 19:20:03 IST 2006


 
> I still do not believe this is a problem that MailScanner needs to
fix.
> The plugin is 'assuming' it will always be handed a complete message 
> from all past and future programs using SA, and that the message will 
> never be truncated/mangled/poorly constructed for any reason. Whether 
> that reason is a software failure, hardware failure, or system 
> configuration.


And MailScanner is 'assuming' that it is OK to send partial messages to
SA.  Since there is no defined protocol here, neither one is necessarily
wrong.  But there are existing SA checks and plugins that assume entire
messages are being passed.  Maybe SA needs to implement DoS protection
itself so that MailScanner (or any other program) can safely send entire
messages without risk of resource exhaustion.  SA sort-of does this
already with the -s switch to spamc as pointed out by Alex.  But it's an
all or nothing limit, not truncate in the middle.  Maybe MailScanner's
"Max SpamAssassin Size" should be an all or nothing limit as suggested
by Alex (messages < Max SpamAssassin Size get sent to SA in their
entirety, messages > Max SpamAssassin Size don't get sent to SA at all).
This would probably be a one-liner mod to MS.

Based on SPAM blocked by my server last Thursday, only slightly over
1.7% of them (565/33002) are over 30k.  Using 60k as the limit, the
percentage drops to 1.1% (350/33002).  90k = 0.3% (85/33002).  And most
of those larger ones are not your typical SPAM, but things like chain
letters, jokes with videos, etc. which some may consider HAM anyway.


Howard



More information about the MailScanner mailing list