>>Is there a possibility that in default Exim setups, or default
>>OS-specific Exim packages, the exiscan config lines are being inserted
>>*without* the required message size limits, thereby allowing massive
>>emails to be scanned by SpamAssassin? that would inflate scanner
>>sizes nonlinearly (and is always a no-no with SpamAssassin).
>
>As mentioned above, the shipped config files don't include any
>content scanning features. The 4.5 Debian packages include
>commented out options for specifying spamd's IP/socket, but
>don't include any ACL statements.
>
>>Here's what I mean. here's a good configuration stanza:
>>
>> deny message = Classified as spam (score $spam_score)
>> condition = ${if <{$message_size}{300k}{1}{0}}
>> spam = nobody
Yes, I was burned by this myself, having recently switched from using
http://marc.merlins.org/linux/exim/sa.html with exim to using the now
build-in exiscan feature.
While I did not forget the size condition statement, the mistake I made was
to put the "spam = nobody" statement before the condition statement, so that
the call to spamd was made regardless of the size.
>It's entirelly possible someone configured their system this
>way. In fact, the examples shown in the 4.5 spec
>(documentation) don't include any size checks. However, the
>examples from the exiscan website do.
While http://duncanthrax.net/exiscan-acl/exiscan-acl-examples.txt has
examples with the size condition,
http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt does not.
>I'll make mention of this to Phillip on the Exim list and
>see if he'll update the spec examples.
You might mention the above as well :)
--
John C. Ring, Jr.
[EMAIL PROTECTED]
Network Engineer
Union Switch & Signal Inc.
"If all mankind minus one, were of one opinion, & only one person of the
contrary opinion, mankind would be no more justified in silencing that one
person, than he, if he had the power, would be justified in silencing
mankind" -- John Stuart Mill
