Re: mail bypass spamassassin
Ok that is it. I have increased the limit size of spamc (with -s) and the message got a nice : X-Spam-Status: Yes, hits=16.3 required=5.0 tests=FROM_MALFORMED,FROM_NO_USER,BADTRANS_WORM,MISSING_HEADERS version=2.11 Christophe -- Christophe Barbé <[EMAIL PROTECTED]> GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E Imagination is more important than knowledge. Albert Einstein, On Science pgplgKHcBuc2u.pgp Description: PGP signature
Re: mail bypass spamassassin
On Thu, Apr 11, 2002 at 08:07:10PM -0400, Duncan Findlay wrote: > On Thu, Apr 11, 2002 at 06:52:10PM -0400, christophe barbé wrote: > > I got a mail with sample.exe (2.4MB) attachment. This mail has not been > > scanned by spamassassin. I don't understand why. I use a procmail rule > > as below : > > spamassassin, by default, does not check messages larger than 250k. Messages > larger than 250k take way too long to scan because of the regexps used, and > large messages are rarely spam. > > -- > Duncan Findlay First my apologies because this message was intended for debian-users where it would have been less OT. Now Thanks for your replies (Colin too). I was aware of -f (I put it voluntarily) I hope it is not the reason and I will write a script to know how much mails have been ignored by spamassassin. I guess I noticed this one was not scanned by spamassassin because it obviously should have been tagged as spam, so perhaps this is something that happen regularly. I was not aware of this 250k limit. I would have expected spamassassin to check at least the header in this case. I looks enough to detect it as a spam. I am so used of the spamassasssin efficiency ... Christophe -- Christophe Barbé <[EMAIL PROTECTED]> GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E A qui sait comprendre, peu de mots suffisent. (Intelligenti pauca.) pgpm5OR0slQSa.pgp Description: PGP signature
Re: mail bypass spamassassin
On Thu, Apr 11, 2002 at 06:52:10PM -0400, christophe barbé wrote: > I got a mail with sample.exe (2.4MB) attachment. This mail has not been > scanned by spamassassin. I don't understand why. I use a procmail rule > as below : spamassassin, by default, does not check messages larger than 250k. Messages larger than 250k take way too long to scan because of the regexps used, and large messages are rarely spam. -- Duncan Findlay pgpP3JMw8VVP7.pgp Description: PGP signature
Re: mail bypass spamassassin
On Thu, Apr 11, 2002 at 06:52:10PM -0400, christophe barbé wrote: > I got a mail with sample.exe (2.4MB) attachment. This mail has not been > scanned by spamassassin. I don't understand why. I use a procmail rule > as below : > > # SPAMASSASSIN > :0fw > | spamc -f Could it be that spamd was overloaded or spamc otherwise couldn't talk to it, and so spamc just passed the message through unscanned? -f Cause spamc to safe-failover if it can't connect to spamd -- what this means is that in case spamc fails to connect to spamd, it will not return with an exit code set, it will instead dump the original message to stdout, allowing the message to be delivered, albeit unscanned for spam. Without this flag, connection failures to spamd will cause message delivery fail ures. Even with this flag set however, if spamc con nects successfully, and then encounters an error at a later stage of communication, it will still return an exitcode. This now defaults to on, and can't be turned off. This flag is accepted though for back wards-compatibility. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]