You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by John Adams <ma...@belfin.ch> on 2010/12/05 22:41:20 UTC

message size has preference before blacklist

Hi

using Spamassassin 3.3.1 I today saw in the spamassassin logs that a
message was not checked because it was larger than 150kb, which is OK.
However, the sender of the message was spamassassin blacklisted (in sql
lookup tables).

Is it possible that the messsage size check (spamc -s parameter) has
preference before black- or whitelisting?

Thanks,
John

Re: message size has preference before blacklist

Posted by RW <rw...@googlemail.com>.

On Sun, 05 Dec 2010 22:41:20 +0100
John Adams <ma...@belfin.ch> wrote:

> 
> Hi
> 
> using Spamassassin 3.3.1 I today saw in the spamassassin logs that a
> message was not checked because it was larger than 150kb, which is OK.
> However, the sender of the message was spamassassin blacklisted (in
> sql lookup tables).
> 
> Is it possible that the messsage size check (spamc -s parameter) has
> preference before black- or whitelisting?

Oversized messages aren't even passed to spamd.

Re: message size has preference before blacklist

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Sun, 2010-12-05 at 22:41 +0100, John Adams wrote:
> using Spamassassin 3.3.1 I today saw in the spamassassin logs that a
> message was not checked because it was larger than 150kb, which is OK.
> However, the sender of the message was spamassassin blacklisted (in sql
> lookup tables).

Just for the record, the default is 500 kByte. Adjusting that value is
on your discretion and entirely fine, though IMHO a limit of 150 kByte
is quite low.

> Is it possible that the messsage size check (spamc -s parameter) has
> preference before black- or whitelisting?

Indeed. But that's inherent in the lightweight design of spamc.

The lightweight spamc client simply does not even pass messages
exceeding the size limit to spamd, the daemon that actually constitutes
SA here. Any SA rules, including white and blacklisted addresses, are
dealt with in spamd. The latter (actually SA itself) does not have any
size limits, and processes the message it got fed regardless of size.

In this case, a blacklisted sender address, the best place for it would
be up the chain anyway, in your MX -- why even accept the message,
rather than SMTP reject it?

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}