On Tue, Jul 20, 2010 at 11:55:58PM -0700, Daniel Lemke wrote: > > As far as I know SpamAssassin looks for the mime type of the message, if > it's text/xyz it will perform a scan. Be careful in pushing the message size > limit! As said before, it doesn't make sense to set it to such a large > value, as spammers WILL NOT send spam messages of that size (it's just to > expensive in terms of hardware/traffic).
Yes only textual parts are scanned. Exception is the rare "full" rule which looks at pristine un-decoded message as whole. > To hijack the thread: Does anyone know an optimum for message size limit? > Ours is set to 2MB at the moment, but we have problems when receiving large > text mails (e.g. more than 1MB) as the message check will become REALLY time > consuming. This leads to a curious situation where our Exchange (or maybe > it's the external mail server, not sure of that) sends the message again > after ~55 seconds, so the next child begins checking the mail... And there > we've got a loop (until the server runs out of memory)... One option is using amavisd-new which truncates big messages and only let's SA see the xxx first bytes of message. [1] Other option is just letting ClamAV+Sanesecurity etc signatures handle the big messages. But make sure you have SA 3.3, you should use the time_limit [2] local.cf option. If you have latest SA and there are rules which "hang", you should identify them (can't remember the easiest way right now) and maybe post a bug. [1] http://www.gossamer-threads.com/lists/spamassassin/users/151763 [2] http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html