You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Stefan-Michael Guenther <sp...@in-put.de> on 2009/06/08 14:40:09 UTC

tests= SIZE_LIMIT_EXCEEDED ??

Hi,

I just had a closer look at the header of an email which should have 
been recognized by spamassassin as spam.

Waht I found was this:

X-SpamScore:   0
	tests= SIZE_LIMIT_EXCEEDED

I have checked /usr/share/spamassassin/ for a rule which might contain a 
size limit, but didn't finde any.

A search with Google didn't help either.

So, any suggestions from the list members where I can define the size 
that has been exceeded?

Thanks,

Stefan

Re: tests= SIZE_LIMIT_EXCEEDED ??

Posted by Martin Gregorie <ma...@gregorie.org>.

On Tue, 2009-06-09 at 14:58 +0200, Karsten Bräckelmann wrote:
> On Tue, 2009-06-09 at 04:46 -0700, Stefan Guenther wrote:
> > Karsten Bräckelmann wrote:
> 
> > > > Some sw components to be ruled out:
> > > > - this isn't amavisd-new doing it, at least none of the official
> > > > versions;
> > > 
> > > Right, that's definitely something else adding the headers, as has been
> > > pointed out before. Not SA. Anything, even a trivial filter foo calling
> > > formail easily can inject such a header (though the order in the chain
> > > may vary, which is not obvious from the OP). 
> > 
> > I have switched off amavis, but still the header contains
> 
> As we explained before, it is neither Amavisd-new nor SA adding that
> header. You need to check your mail processing chain for another
> culprit.
> 
> > X-SpamScore:   0
> >         tests= SIZE_LIMIT_EXCEEDED
> 
This header may be coming from something called Border Patrol:
http://open-mail.org/BorderPatrol.html

However that rather chaotic website contains nothing in the way of
useful documentation.


Martin

Re: tests= SIZE_LIMIT_EXCEEDED ??

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Tue, 2009-06-09 at 04:46 -0700, Stefan Guenther wrote:
> Karsten Bräckelmann wrote:

> > > Some sw components to be ruled out:
> > > - this isn't amavisd-new doing it, at least none of the official
> > > versions;
> > 
> > Right, that's definitely something else adding the headers, as has been
> > pointed out before. Not SA. Anything, even a trivial filter foo calling
> > formail easily can inject such a header (though the order in the chain
> > may vary, which is not obvious from the OP). 
> 
> I have switched off amavis, but still the header contains

As we explained before, it is neither Amavisd-new nor SA adding that
header. You need to check your mail processing chain for another
culprit.

> X-SpamScore:   0
>         tests= SIZE_LIMIT_EXCEEDED

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: tests= SIZE_LIMIT_EXCEEDED ??

Posted by Stefan Guenther <S....@in-put.de>.

Hi,


Karsten Bräckelmann-2 wrote:
> 
>> > X-SpamScore:   0
>> >         tests= SIZE_LIMIT_EXCEEDED
> 
>> Some sw components to be ruled out:
>> - this isn't amavisd-new doing it, at least none of the official
>> versions;
> 
> Right, that's definitely something else adding the headers, as has been
> pointed out before. Not SA. Anything, even a trivial filter foo calling
> formail easily can inject such a header (though the order in the chain
> may vary, which is not obvious from the OP).
> 
> 

I have switched off amavis, but still the header contains

X-SpamScore:   0
        tests= SIZE_LIMIT_EXCEEDED

Spamassassin is called in /etc/procmailrc:

:0 hbfw
| /usr/bin/spamc

That's all and there are no user-defined files to procmail or SA.

Stefan
-- 
View this message in context: http://www.nabble.com/tests%3D-SIZE_LIMIT_EXCEEDED------tp23923284p23941272.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: tests= SIZE_LIMIT_EXCEEDED ??

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Tue, 2009-06-09 at 01:18 +0200, Mark Martinec wrote:
> >
> > X-SpamScore:   0
> >         tests= SIZE_LIMIT_EXCEEDED

> Some sw components to be ruled out:
> - this isn't amavisd-new doing it, at least none of the official versions;

Sorry, Mark. :)  I was entirely going by the OPs outgoing headers, which
clearly shows an amavisd-new header in the chain. Though at a second
look, I realize that's about a hop after SA processing...

> - this isn't Maia Mailguard;
> - this isn't old versions of amavis;
> - this isn't SpamAssassin (neither spamc/spamd, nor the library).
> 
> Although the most recent version of amavisd-new (2.6.3) does provide
> ability to pass partial message to SpamAssassin and to insert rule hits
> into the final result, this isn't the case here, and there is no
> SIZE_LIMIT_EXCEEDED message generated anywhere.
> 
> Look for another culprit in your mail path, such as a webmail component
> or a content filter at some ISP. My guess at pointing fingers is Nemesis.

Right, that's definitely something else adding the headers, as has been
pointed out before. Not SA. Anything, even a trivial filter foo calling
formail easily can inject such a header (though the order in the chain
may vary, which is not obvious from the OP).

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: tests= SIZE_LIMIT_EXCEEDED ??

Posted by Mark Martinec <Ma...@ijs.si>.

Stefan,

> I just had a closer look at the header of an email which should have
> been recognized by spamassassin as spam.
> Waht I found was this:
>
> X-SpamScore:   0
>         tests= SIZE_LIMIT_EXCEEDED
>
> I have checked /usr/share/spamassassin/ for a rule which might contain a
> size limit, but didn't finde any.
> A search with Google didn't help either.
> So, any suggestions from the list members where I can define the size
> that has been exceeded?

Some sw components to be ruled out:
- this isn't amavisd-new doing it, at least none of the official versions;
- this isn't Maia Mailguard;
- this isn't old versions of amavis;
- this isn't SpamAssassin (neither spamc/spamd, nor the library).

Although the most recent version of amavisd-new (2.6.3) does provide
ability to pass partial message to SpamAssassin and to insert rule hits
into the final result, this isn't the case here, and there is no
SIZE_LIMIT_EXCEEDED message generated anywhere.

Look for another culprit in your mail path, such as a webmail component
or a content filter at some ISP. My guess at pointing fingers is Nemesis.

  Mark

Re: tests= SIZE_LIMIT_EXCEEDED ??

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Mon, 2009-06-08 at 08:48 -0400, Matt Kettler wrote:
> Stefan-Michael Guenther wrote:
> >
> > I just had a closer look at the header of an email which should have
> > been recognized by spamassassin as spam.
> >
> > Waht I found was this:
> >
> > X-SpamScore:   0
> >     tests= SIZE_LIMIT_EXCEEDED

> Interesting, are you just using spamc/spamd, or a different integration
> tool?

Looking at the OPs headers, it's a setting in his Amavisd-new.

> In general it sounds like something decided not to feed the message to
> the main SpamAssassin instance at all. Spamc can do this, but I didn't
> know it added a test when doing so.

It doesn't. :)  Neither tests, nor headers. spamc will return the
message unprocessed, if the size limit is exceeded.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: tests= SIZE_LIMIT_EXCEEDED ??

Posted by Matt Kettler <mk...@verizon.net>.

Stefan-Michael Guenther wrote:
> Hi,
>
> I just had a closer look at the header of an email which should have
> been recognized by spamassassin as spam.
>
> Waht I found was this:
>
> X-SpamScore:   0
>     tests= SIZE_LIMIT_EXCEEDED
>
> I have checked /usr/share/spamassassin/ for a rule which might contain
> a size limit, but didn't finde any.
>
> A search with Google didn't help either.
>
> So, any suggestions from the list members where I can define the size
> that has been exceeded?
>
> Thanks,
>
> Stefan
>
>
Interesting, are you just using spamc/spamd, or a different integration
tool?

In general it sounds like something decided not to feed the message to
the main SpamAssassin instance at all. Spamc can do this, but I didn't
know it added a test when doing so.

Also, X-SpamScore is not a default header, and one that SA couldn't add
itself. (it must add headers beginning with X-Spam-, so you'd get
X-Spam-Score at the closest), so I'm suspecting this was done by your
integration tools.