Drew Burchett writes: > I've noticed a new trend in spam on my mail server that is getting by > SpamAssassin. The spammer is creating his message and then attach a > couple of garbage PDFs to the email. These PDFs make it too large for > SpamAssassin to scan the message, so it gets by the system. I have > tried turning up the size so SpamAssassin will scan it, but it takes WAY > too long to scan a message. Does anyone have any suggestions on how I > could catch/scan these messages without putting too much of a load on > SpamAssassin?
Interesting! Our size limit is based on the concept that a spammer can send a certain number of spams of 5k in size in a certain amount of time, but if they were to raise that to 500k in order to evade our limit, they'd have to reduce their output by 99%. This is obviously unattractive to spammers. So far it's worked, but maybe one spammer is now judging this to be an acceptable tradeoff. Could you open a bug at http://bugzilla.spamassassin.org/ and attach some sample spam messages to it? I haven't seen any of these (yet). --j.
