<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: SA Max Message Size</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Do you think there would be value in making both options avaiable? </FONT>
</P>
<P><FONT SIZE=2>Max Spamassassin Size to Scan = 20000 (truncate to 20K and scan)</FONT>
<BR><FONT SIZE=2>Max Spamassassin Size to Skip = 100000 (bypass spamassassin and process using normal delivery rules)</FONT>
</P>
<P><FONT SIZE=2>Most corporate environments running MS probably have a 5-10MB attachment limit (or similar). Has anyone ever seen a 5MB spam message? Would most likely be far too expensive for a spammer to send out spam greater than 60K or so. </FONT></P>
<P><FONT SIZE=2>I know this feature would be of great benefit to me as 90% of my FPs happen to be messages with large attachments. Anyone else?</FONT></P>
<P><FONT SIZE=2>> -----Original Message-----</FONT>
<BR><FONT SIZE=2>> From: Julian Field [<A HREF="mailto:mailscanner@ECS.SOTON.AC.UK">mailto:mailscanner@ECS.SOTON.AC.UK</A>]</FONT>
<BR><FONT SIZE=2>> Sent: Monday, April 05, 2004 2:49 PM</FONT>
<BR><FONT SIZE=2>> To: MAILSCANNER@JISCMAIL.AC.UK</FONT>
<BR><FONT SIZE=2>> Subject: Re: SA Max Message Size</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> At 19:26 05/04/2004, you wrote:</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> ># SpamAssassin is not very fast when scanning huge messages, so</FONT>
<BR><FONT SIZE=2>> >messages # bigger than this value will be truncated to this </FONT>
<BR><FONT SIZE=2>> length for</FONT>
<BR><FONT SIZE=2>> >SpamAssassin # testing. The original message will not be affected by</FONT>
<BR><FONT SIZE=2>> >this. This value # is a good compromise as very few spam </FONT>
<BR><FONT SIZE=2>> messages are</FONT>
<BR><FONT SIZE=2>> >bigger than this. Max SpamAssassin Size = 90000</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> >(don't know how I missed this stnd option)</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> >If I am reading this correctly, SA will still scan a 100000 byte</FONT>
<BR><FONT SIZE=2>> >message but it will only scan the first 90000 bytes.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Correct. I set this limit to 10 or 20,000 myself. Doesn't</FONT>
<BR><FONT SIZE=2>> seem to radically affect the score and it's a whole lot faster.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> > By nature of the second sentence, wouldn't it be a good idea to</FONT>
<BR><FONT SIZE=2>> > (have the option to) pass these messages unscanned rather than scan </FONT>
<BR><FONT SIZE=2>> > 90K (or 30K which seems to be the new default) of a message that is </FONT>
<BR><FONT SIZE=2>> > most likely not spam anyway?</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> The average size of a spam message is growing. My</FONT>
<BR><FONT SIZE=2>> "truncation" approach means you don't have to tweak it as </FONT>
<BR><FONT SIZE=2>> spam gets bigger. I used to do it your way but my way </FONT>
<BR><FONT SIZE=2>> produced better results, so I changed it.</FONT>
<BR><FONT SIZE=2>> --</FONT>
<BR><FONT SIZE=2>> Julian Field</FONT>
<BR><FONT SIZE=2>> www.MailScanner.info</FONT>
<BR><FONT SIZE=2>> Professional Support Services at www.MailScanner.biz </FONT>
<BR><FONT SIZE=2>> MailScanner thanks transtec Computers for their support PGP </FONT>
<BR><FONT SIZE=2>> footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654</FONT>
<BR><FONT SIZE=2>> </FONT>
</P>
</BODY>
</HTML>