On Thu, 2005-06-02 at 14:39 +0100, Jeremy Harris wrote:
> Marc Sherman wrote:
> > The problems being reported are with the exiscan case. With exiscan,
> > exim is sending the data directly to spamd over a socket, so exim has to
> > implement the limiting logic to keep the data from getting to
> > spamassassin in the first place.
>
> I don't agree. Just sending that much data, while inefficient,
> surely isn't costing as much as scanning it within spamd.
I'm not sure you are addressing the same point. Lets see if I can muddy
the waters:-
* Exim does not use spamc to inject spam to spamd for scanning,
instead using its own socket based injection
* Hence the standard SA command line tweaks to stop SA scanning
big messages are not available
* However Exim *can*, but does not in the default config examples,
exclude larger messages from SA scanning.
So it was suggested that the default config examples are changed to
restrict scanning of large messages.
Additionally, Chris Edwards suggested that it be possible to scan the
first n KB of a message. This raises the following issues:-
* Is SA on a part message sensible? A partial message could, in
theory, banjax a load of SA rules, so getting lots of extra hits
for (say) maleformed MIME
* Should we add this feature to exiscan (or rather exim since its
in the main line now).
If we do want to do this AFAICS it has to be done within exim since SA
cannot do that for us right now (since we bypass the bit that could do
it for us).
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
