>>Is there a possibility that in default Exim setups, or default >>OS-specific Exim packages, the exiscan config lines are being inserted >>*without* the required message size limits, thereby allowing massive >>emails to be scanned by SpamAssassin? that would inflate scanner >>sizes nonlinearly (and is always a no-no with SpamAssassin). > >As mentioned above, the shipped config files don't include any >content scanning features. The 4.5 Debian packages include >commented out options for specifying spamd's IP/socket, but >don't include any ACL statements. > >>Here's what I mean. here's a good configuration stanza: >> >> deny message = Classified as spam (score $spam_score) >> condition = ${if <{$message_size}{300k}{1}{0}} >> spam = nobody
Yes, I was burned by this myself, having recently switched from using http://marc.merlins.org/linux/exim/sa.html with exim to using the now build-in exiscan feature. While I did not forget the size condition statement, the mistake I made was to put the "spam = nobody" statement before the condition statement, so that the call to spamd was made regardless of the size. >It's entirelly possible someone configured their system this >way. In fact, the examples shown in the 4.5 spec >(documentation) don't include any size checks. However, the >examples from the exiscan website do. While http://duncanthrax.net/exiscan-acl/exiscan-acl-examples.txt has examples with the size condition, http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt does not. >I'll make mention of this to Phillip on the Exim list and >see if he'll update the spec examples. You might mention the above as well :) -- John C. Ring, Jr. [EMAIL PROTECTED] Network Engineer Union Switch & Signal Inc. "If all mankind minus one, were of one opinion, & only one person of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind" -- John Stuart Mill