Anthony Peacock writes: > Rick Cooper wrote: > >> From: decoder [mailto:[EMAIL PROTECTED] > >> Sent: Friday, August 25, 2006 4:23 PM > >> To: Rick Cooper > >> Cc: users@spamassassin.apache.org > >> Subject: Re: Discourage broken content > >> > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Rick Cooper wrote: > >>>> -----Original Message----- From: decoder > >>>> [mailto:[EMAIL PROTECTED] Sent: Friday, August 25, 2006 2:24 > >>>> PM To: users@spamassassin.apache.org Subject: Re: Discourage > >>>> broken content > >>>> > >>>> > >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > [...] > >>>> I've heard that it truncates the mail at 30kb, no matter if that > >>>> is within a MIME block or not... So my plugin gets a broken > >>>> image.. though it was not broken originally... > >>>> > >>> That is patently false. I have a graphics design/advertising > >>> department at one of my locations and these fellas send huge > >>> graphics files back and forth when they have emergency > >>> proofs/changes and MailScanner has *never* damaged anything, ever, > >>> anywhere. Now, there is a setting for scanning (much like exiscan > >>> IIRCC) that allows you to truncate the message and only scan xxx > >>> amount, it's optional and doesn't modify the actual message in > >>> anyway. > >>> > >>> Rick > >> I did not say it damages the mail. I said it feds only a given amount > >> of the message to SpamAssassin and THAT breaks plugins requiring the > >> whole message, especially when MailScanner breaks messages in the > >> middle of attachments. > >> > >> And as far as I know, it is the default setting of mailscanner to feed > >> only a given amount of kb to SpamAssassin. That does not mean it > >> truncates the message before delivering it. > >> > > > > My apologies, the way I interpreted the original I thought you were saying > > it truncates the email and breaks they message. I will bring this up on the > > Mailscanner list that the default, given the recent image spams, should be > > disabled so the entire message is sent to spam assassin. Before the current > > spat of image spam you could generally tell within 20k or so if a message > > was spam or not, this is not the case in today's world and the entire > > message really should be fed to SA. I have never used the default setting > > myself. > > This issue is currently being discussed on the MailScanner users list, > under the Subject "Max SpamAssassin Size problems". > > The size limit is configurable > (http://www.mailscanner.info/MailScanner.conf.5.html#SpamAssassin "Max > SpamAssassin Size), so people can raise the size limit or disable it to > get around this issue at the moment. > > There is some concern about removing the limit completely, so the > current discussion is about a scheme that checks ahead for a Mime > boundary within a fixed window after the max size value is reached.
I'm sure they know this -- but there are dangers there too. It's pretty trivial in HTML to craft a MIME part that contains 100 KB of innocent-looking HTML, followed by 4 KB of spam payload, where the payload is the only part that's visible. Length truncation for non-text/plain data is very tricky -- that's why we don't use it in SpamAssassin itself ;) --j.
