Justin Mason wrote:
It appears that Exiscan has now become part of Exim by default,
and it also appears that (at least in the default exiscan patch)
it doesn't modify the config files directly to add itself to
the MTA's flow.
This is correct. The shipped configuration file doesn't include any
exiscan features. In fact, as shipped Exim won't build with the content
scanning features unless you add a statement to the local Makefile.
Is there a possibility that in default Exim setups, or default
OS-specific Exim packages, the exiscan config lines are being
inserted *without* the required message size limits, thereby
allowing massive emails to be scanned by SpamAssassin? that
would inflate scanner sizes nonlinearly (and is always a no-no
with SpamAssassin).
As mentioned above, the shipped config files don't include any content
scanning features. The 4.5 Debian packages include commented out
options for specifying spamd's IP/socket, but don't include any ACL
statements.
Here's what I mean. here's a good configuration stanza:
deny message = Classified as spam (score $spam_score)
condition = ${if <{$message_size}{300k}{1}{0}}
spam = nobody
and here's a bad one:
deny message = Classified as spam (score $spam_score)
spam = nobody
It's entirelly possible someone configured their system this way. In
fact, the examples shown in the 4.5 spec (documentation) don't include
any size checks. However, the examples from the exiscan website do.
I'll make mention of this to Phillip on the Exim list and see if he'll
update the spec examples.
- S
