On Mon, Jun 10, 2002 at 10:18:51AM -0800, Pete Hanson wrote: | Looking at the source for spamc, it looks to me like a message that | exceeds the maximum message size is simply skipped entirely, which | actually requires reading in most of the message first - fair | enough, as it's hard to determine the size when it's coming from a | pipe.
If your mail system allows it, you could even bypass spamc entirely for large messages. That saves the overhead of a fork(), exec() and all the read()s and write()s and counting on the pipes. Some systems (eg exim, maildrop) already know the size of a message, which makes that easy. | However, wouldn't it make some sense to try passing at least | the first max_size bytes of the message to spamd for processing? Well, the idea is that spammers aren't sending large messsages. If the message is that large, you have already determined it isn't spam (merely based on size). The intent is to reduce the load on the system. | Generally, most spam can be identified after the first 10-20k of a | message, and anything else in that message is unlikely to change the | outcome of the scoring, so trying to process the beginning of a huge | mail is likely to be a pretty decent indicator of whether the mail | is spam. | | This could also be of some benefit to performance - set a small | message size limit (say 50k) to limit memory use and processing | time, but still get the benefits of spam scanning those largish | messages. That does sound like a good idea, though. You can use your MTA to limit the processing of over-large messages and spamc can limit spamd's processing to just the first nK of not-quite-as-large messages. In addition, spamc could simply output the modified headers (Subject:, X-Spam-*, maybe Content-Type:) and reduce the output on the pipe. (Marc's local_scan() only reads the headers from that side of the pipe and only pays attention to some of them anyways) -D -- If Microsoft would build a car... ... Occasionally your car would die on the freeway for no reason. You would have to pull over to the side of the road, close all of the car windows, shut it off, restart it, and reopen the windows before you could continue. For some reason you would simply accept this. GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
msg06145/pgp00000.pgp
Description: PGP signature
