On 9/16/2016 12:59 PM, li...@rhsoft.net wrote:
...
in case you have postscreen or something else which does proper
rbl-scoring in front of the content-scanners it's no problem because
only a small part of spam attempts are mahing it to SA
may depend on the amount of ham which can be also mitigated by
shortcurcuit trustable senders with large amount of mail
i have seen in the past a lot of junk with some 5-10 MB crap attached,
completly unrelated images because spammers know that they can bypass
many spamfilters that way (in case of a large binary it's also no
problem for cpu ressources, only when they have a wrong text mimetype)
Another strategy sometimes is to truncate the message to that max size
before scanning, though making sure you get the most meaningful content
of a message without breaking the MIME format is in general not an easy
problem.
