On 05/20/2009 12:37 PM, Karsten Bräckelmann wrote: > > The ok_locales setting defaults to all, effectively disabling all > CHARSET_FARAWAY rules. It is intended to be set voluntarily to charsets > you cannot even decipher, let alone read. > >
Doh! I run a separate instance of SA for my own mailbox and that does have "ok_locale" set - stupid me. I got a bit confused as I am routinely getting these huge Chinese spams and SA of course misses them as it doesn't even try to open it. Then when I forced it to have a look, put 2 and 2 together and got 5 :-) > Then there is that SARE rule-set. Too lazy to check details tonight. > However, a lot of those went stale long ago. Moreover, they are > third-party rule-sets YOU installed. If they don't work for you, don't > use 'em. > I guess my point is irrelevant anyway, but if the SARE admin was listening, s/he might re-think having rules that overlap with standard rules... > Oh, and of course -- did you say 4 Meg? Dude, are you nuts? :) > Seriously, don't scan mail that large. They can easily hog SA to the > extent you'd better kill the processes to get some mail flowing again. > > Virtually no spam at all is larger than 500 k. Cut off there, and don't > scan anything larger. Needless to mention that's the spamc default > anyway. ;) > > As I said - SA *doesn't* run over these messages as they are too large. So they end up in my mailbox. I'd like that to stop :-) I wonder: what would be the real downside to "spamc -s 500000" actually sending the first 500000 bytes instead of sending nothing for email > 500K? I realise there would be at least one missing MIME end-boundary, but it would still pass all the headers and some of the content... In the case of this Chinese spam I'm getting, sending the first 500K ended up with a score of 18 and no sign of broken "mime-iness" - so it looked fine to me.... (sample size: 1) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
