BRIDGWATER SIMON wrote:
That is accurate. If spam comes in larger than 250k, it will not be passed to spamd ( unless you override that, of course ). At first, I thought this was a bit odd, but the more I thought about it, the more sense it made.Hi, I would like to verify a feature which was pointed out to me recently through a mailing list.
If qmail-queue-scanner.pl is configured to use spamassassin using the client spamc which connects with spamd, then the $spamc_options are by default "-c -f". If a spammer sends a spam mail with an attachment greater than 250k, doesn't this mean that the spam mail will not be flagged as spam because by default spamd only sends messages less than 250k to the spamd daemon.
From the man pages of spamc:
-s max_size Set the maximum message size which will be sent to spamd -- any bigger than this threshold and the message will be returned unprocessed. Note that the default size is 250k, so if spamc gets handed a message bigger than this, it wonÃt be passed to spamd. The size is specified in bytes, and if you send it a negative number, things are quite likely to break very hard. =
As a spammer, you want your messages short and sweet. Consider how many messages they send out. On the order of millions. Now image if you bumped that up 10x+ in size. Suddenly, your through put is dramatically lower, which is the entire point behind spam.
250 is a safe size to leave it at ( at the moment ).
Sean
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
