Re: Message bypassed
- Original Message - From: mouss [EMAIL PROTECTED] To: Spamass users@spamassassin.apache.org Sent: Saturday, November 24, 2007 1:19 PM Subject: Re: Message bypassed Jack Gostl wrote: I was trying to figure out why a piece of spam got through with no spamassassin headers at all. I finally found this message in my log: spamc[523292]: skipped message, greater than max message size (256000 bytes) The message was close to 2mb, including a very, very large bmp file. Does anyone have any thoughts on how to handle this? 2 Mo spam? is this a new trend? Can you put a copy somewhere? I've got another of those 2mb spams. How can I get it to you?
Re: Message bypassed
Jack Gostl wrote: - Original Message - From: mouss [EMAIL PROTECTED] To: Spamass users@spamassassin.apache.org Sent: Saturday, November 24, 2007 1:19 PM Subject: Re: Message bypassed 2 Mo spam? is this a new trend? Can you put a copy somewhere? I've got another of those 2mb spams. How can I get it to you? you can use pastebin: http://pastebin.com/
Re: Message bypassed
Jack Gostl wrote: I was trying to figure out why a piece of spam got through with no spamassassin headers at all. I finally found this message in my log: spamc[523292]: skipped message, greater than max message size (256000 bytes) The message was close to 2mb, including a very, very large bmp file. Does anyone have any thoughts on how to handle this? 2 Mo spam? is this a new trend? Can you put a copy somewhere? It may be possible to block this at the MTA level, if there are obvious spam patterns. otherwise, passing large messages to SA has performance consequences, so you probably don't want to do that unless you receive hundreds of such spam messages. If you have the resource, you could raise the limit. This depends on how you call SA.
Re: Message bypassed
Jack Gostl wrote: I was trying to figure out why a piece of spam got through with no spamassassin headers at all. I finally found this message in my log: spamc[523292]: skipped message, greater than max message size (256000 bytes) The message was close to 2mb, including a very, very large bmp file. Does anyone have any thoughts on how to handle this? 2 Mo spam? is this a new trend? Can you put a copy somewhere? It may be possible to block this at the MTA level, if there are obvious spam patterns. otherwise, passing large messages to SA has performance consequences, so you probably don't want to do that unless you receive hundreds of such spam messages. If you have the resource, you could raise the limit. This depends on how you call SA. Too late, its already in the bit bucket. Surprised me too. As I said, it was just a few words with a 2mb dot bmp file. Nex time I'll save it in case someone wants to see this piece of junk.
Re: Message bypassed
At 10:42 AM 11/24/2007, Jack Gostl wrote: Too late, its already in the bit bucket. Surprised me too. As I said, it was just a few words with a 2mb dot bmp file. Nex time I'll save it in case someone wants to see this piece of junk. We were receiving some huge spams for a while from a company in China. An extra rule in now kills anything mentioning that company. I also bumped up our max scan size a bit from the OS X default, that's helped too. I'm in the process of porting the mail over to a new server, so rules and scan sizes may change, the new server has more RAM, disk, and speed (and isn't a Mac). -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand