On Mon, Jun 10, 2002 at 10:51:07AM -0800, Pete Hanson wrote: | At 06/10/2002 10:43, Derrick 'dman' Hudson wrote:
| >| However, wouldn't it make some sense to try passing at least
| >| the first max_size bytes of the message to spamd for processing?
| >
| >Well, the idea is that spammers aren't sending large messsages. If
| >the message is that large, you have already determined it isn't spam
| >(merely based on size).
|
| Not true. We're starting to see spam mail with huge attachments.
What sort of attachments? What are the main identifying marks on the
messages?
| >| This could also be of some benefit to performance - set a small
| >| message size limit (say 50k) to limit memory use and processing
| >| time, but still get the benefits of spam scanning those largish
| >| messages.
| >
| >That does sound like a good idea, though. You can use your MTA to
| >limit the processing of over-large messages and spamc can limit
| >spamd's processing to just the first nK of not-quite-as-large
| >messages. In addition, spamc could simply output the modified headers
| >(Subject:, X-Spam-*, maybe Content-Type:) and reduce the output on the
| >pipe. (Marc's local_scan() only reads the headers from that side of
| >the pipe and only pays attention to some of them anyways)
|
| Actually, I think this answers my question - spamc would have to do
| some internal message parsing to separate headers and body for
| something like this scheme to work.
Perhaps ... but finding the first blank line is rather easy to do.
That's all that's needed to figure out what is a header and what is
the body.
-D
--
Misfortune pursues the sinner,
but prosperity is the reward for the righteous.
Proverbs 13:21
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
msg06163/pgp00000.pgp
Description: PGP signature
