Justin Mason wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Recently we've been seeing a *lot* of Exim users asking questions
(here and on IRC) about spamd chewing up massive quantities of
RAM.
It appears that Exiscan has now become part of Exim by default,
and it also appears that (at least in the default exiscan patch)
it doesn't modify the config files directly to add itself to
the MTA's flow.
Is there a possibility that in default Exim setups, or default
OS-specific Exim packages, the exiscan config lines are being
inserted *without* the required message size limits, thereby
allowing massive emails to be scanned by SpamAssassin? that
would inflate scanner sizes nonlinearly (and is always a no-no
with SpamAssassin).
Here's what I mean. here's a good configuration stanza:
deny message = Classified as spam (score $spam_score)
condition = ${if <{$message_size}{300k}{1}{0}}
spam = nobody
and here's a bad one:
deny message = Classified as spam (score $spam_score)
spam = nobody
(note the lack of the "{$message_size}" condition line.)
I'd appreciate if a few Exim wizzes -- and users of Exim/exiscan
on various platforms -- take a quick grep for "spam =" in
their config files and see if they're missing the key line
anywhere.
I use the condition. My question is that if you use the condition in the
first scan, do you need it in subsequent scans:
# Spamassassin
warn message = X-Cheetah-Spam: True
condition = ${if ! def:h_X-Cheetah-Spam:}
condition = ${if <{$message_size}{200k}{1}{0}}
spam = mail/defer_ok
warn message = X-Cheetah-Score: $spam_score ($spam_bar)
condition = ${if ! def:h_X-Cheetah-Spam:}
condition = ${if <{$message_size}{200k}{1}{0}}
spam = mail:true/defer_ok
warn message = X-Cheetah-Report: $spam_report
condition = ${if ! def:h_X-Cheetah-Spam:}
condition = ${if <{$message_size}{200k}{1}{0}}
spam = mail:true/defer_ok
Thanks
Craig Jackson
