On Fri, 19 Jun 2009, Jason Haar wrote:
Hi there, just a FYI I just received this: http://pastebin.com/m54006b68 420K in size...
Hmmmm. Big question for developers: Does the performance 'burden' of a large e-mail come from the 'reading' of that mail into spamassassin and initial processing? Or is the 'cost' of a large message only 'paid' when SA attempts to run 'rawbody' or 'full' rules against the entire message?
I am *hoping* it is the latter, and that a parameter value can be coded within the spamassassin config (or as a command line option) that will amount to 'ignore attachements larger than...', while still allowing the headers and any text body parts to be scanned. In particular, given the success of RBL's, it seems reasonable to have a way to process the headers from *all* messages, as long as loading the oversize message does not (for example) tie up memory merely by loading the message into spamassassin....
Yes, I already use RBL's at the MTA level for the ones I trust to be a poison pill. But I often still see spam hit multiple 'lower trust' RBL's in spamassassin, adding up to a rejection score. So it's worth figuring a way to check larger mails if that is what spammers are going to do.
If the cost has more to do with SA reading the mail at the beginning, then perhaps we could figure a 'subfunction' of spamassassin that would accept a command line option to only read the headers (all lines up to the first blank line) and then return a score as a result code? Obviously it could not modify the message in that case, but if the spammers are going to just make their spew over-sized, then its something that may be needed.... and it would at least help with the rejection of mails that
surpass the 'auto reject' threshold. Thoughts? - Charles
