On Fri, 2010-07-16 at 03:40 -0700, Gnanam wrote:
> Daniel Lemke wrote:
> > > "The maximum message size is 256 MB."
> > >
> > > So, email messages that are greater than 256 MB can never be tested with
> > > SA? Or is there any tweaks to get around this?
> >
> > You need to scan mails that are greater than 256MB?!
>
> Reason I'm asking this is that sometimes email attachment(s) size may be on
> the higher side, that it would easily exceed 256 MB limit.
Whoa, slow down, dude. I'm with Daniel here.
Fact is, spam even larger than 512 kB is rare. Sure, they do exist, and
this topic comes up here every now and then. However, they still are a
rare occurrence, and it is not worth the trouble raising the limit to an
arbitrarily large number.
The limit exists for two reasons. First, *really* large spam simply
doesn't exist, and mail that size just is ham. And second, scanning
really large messages will slow down SA and hog resources.
It's a trade-off. Not even scanning those rare, huge spam. Versus a
dramatically increased need for resources.
Don't think of the max size limit as "which size *mail* do I get", but
"which size *spam* do I see". Ham exceeding the threshold will just be
passed along un-scanned.
Really, think about it. How much spam exceeding 1 MB do you get? One a
year? How much ham? Plenty, due to creative folks tossing around huge
images?
So, set your max size limit to something sane, say 1 MB, and live with
that single spam per year sneaking through unprocessed. Sparing your
servers the load of processing all the bulk of huge messages.
Oh, and another one. Any chance, these huge messages might be Cc'ed to
more folks on your site? Awesome, so we just multiplied the resources
needed. If there are max 5 children, all fed with a piece of ham that
"easily exceeds 256 MB" concurrently, will your server die a slow and
horrible death of hitting swap?
IMHO, if you are ever to raise the threshold to anything above 10 MB, do
test it extensively before going into production.
Bottom line: Keep your max size limit sane. No kidding.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
