On 9/16/2016 12:59 PM, li...@rhsoft.net wrote:

in case you have postscreen or something else which does proper rbl-scoring in front of the content-scanners it's no problem because only a small part of spam attempts are mahing it to SA

may depend on the amount of ham which can be also mitigated by shortcurcuit trustable senders with large amount of mail

i have seen in the past a lot of junk with some 5-10 MB crap attached, completly unrelated images because spammers know that they can bypass many spamfilters that way (in case of a large binary it's also no problem for cpu ressources, only when they have a wrong text mimetype)
Another strategy sometimes is to truncate the message to that max size before scanning, though making sure you get the most meaningful content of a message without breaking the MIME format is in general not an easy problem.

Reply via email to