Re: after virus check does not do spam check

Thread: Re: after virus check does not do spam check

Search this list only Search all lists
Re: after virus check does not do spam check
	2007-01-24 02:50:10
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yoseff Francus wrote: > That test with spamassassin did it. Getting an Out of memory error. > Machine has 1GB memory. Other than cutting down what is ignored by > spamassassin anything I can tweak? I really think you should be reducing the $sa_mail_body_size_limit setting to something that your hardware can handle. There is no reason to be spam-checking huge mail items (2 MB is grossly excessive). The only reason a spammer would send a multi-megabyte mail item would be to try to choke your mail server as part of a denial-of-service attack, and by feeding that mail to a process as resource-intensive as SpamAssassin you make his fondest wish come true. Consider that even image spam these days only contains relatively small images (~15-20 KB). It's really not in the spammer's interest to send large items--they clog the pipes, they're harder to deliver without running into size limits, and they reduce the total throughput of their spam broadcast operations. Why send a 1 MB spam to one address when he can send a 4 KB spam to 256 mailboxes in the same amount of time? The other factor you're probably overlooking is that in terms of content that SpamAssassin can actually examine and test, most attachment types are completely opaque. The example you cited in that log excerpt for instance was a large PDF attachment, which to SpamAssassin is just a big mass of binary gibberish. Without a special plugin (which does not yet exist) to teach SpamAssassin how to read the contents of PDF file, there's no way that SpamAssassin is going to be able to do any checking whatsoever of that file. All it will be able to test are the mail headers and the (presumably small) text body of the message. The price for doing so, unfortunately, is that SpamAssassin must load the /entire/ message (attachments and all) into memory for scanning, which is why scanning huge mail items becomes such a resource drain. There's a "sweet spot" in terms of mail size, though--a point at which it no longer becomes productive to spam-check the mail--and you should try to find that magic size and set $sa_mail_body_size_limit accordingly. For most sites that's between about 128 KB and 256 KB. Items smaller than that are mostly text or HTML that SpamAssassin can examine; items larger than that are mostly opaque binary attachments that just consume resources without any benefit to show for it. - -- Robert LeBlanc renaissoft.com> Renaissoft, Inc. Maia Mailguard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFtx3CGmqOER2NHewRAlS6AJ46222aAiQa9MaK8D7bJYARWkW2NQCggTDZ lxncRWN1oy455EmrIFzoquE= =hpiq -----END PGP SIGNATURE----- _______________________________________________ Maia-users mailing list Maia-usersrenaissoft.com http://www.renaissoft.com/mailman/listinfo/maia-users