Was wondering... spammers send in very large emails, larger than sa_mail_body_size_limit, is there any headers that might be set ?
I don't want to quarantine them as 'large emails' (since large does not mean spam) but I would like to know, maybe how to have the mail client know that amavisd-new was bypassed due to large email. maybe a little more than just: X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=x tag=-999 tag2=5 kill=10 tests=[] maybe a flag in amavisd.conf: $mail_body_over_limit = (and put a value there). would need sql and ldap lookups on that also. default is undef (so it works like it does now) possible values include: $mail_body_over_limit = "tag2"; (so that it dynamically reads the tag2 value from policy) $mail_body_over_limit = $sa_tag2_level_deflt; (that would just be a substitution?) what about tests="OVER_SIZE_LIMIT " (and the value?) set X-Spam-Flag: YES, X-Spam-Score, and X-Spam-Level? maybe quarantine the large email to users email box? some special 'flag' in quarantine type? 'mail:inbox' which would look up target email and send it there? _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
