Amavis Max Size exceeded leads to passed spam

John Andersen via amavis-users amavis-users at amavis.org
Mon Feb 10 21:20:41 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I post this for the Google Spiders more than anything else.

Why:  Because I've solved this problem at LEAST 3 times, each time taking way more time than it should.
Contributing factor:  As you age, the mind is the *second* thing to go.

Synopsis:  You run spamassassin via amavis-new and you see obvious spam passed with headers similar to:

X-Spam-Score: -
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=3.8 tests=[]

The key items are Score being nothing but a dash (minus sign)
No Spam Level or score=x
Nothing listed between in the Tests brackets.

If you manually scan these same mails they will show all kinds of hits, indicating
it the mail did NOT elude Spamassassin.

Reason:
This is typically the case when your amavisd.conf has $sa_mail_body_size_limit set too small
and large mails (usually with images attached) exceed this size.
These are simply not scanned even though there are headers erroneously indicating
that it was scanned.

Adjust your size limit up, and the problem goes away at the expense of additional
processing time. (Pick your poison).  Spammers seem to be sending larger and larger
spam intentionally to bypass the default limits.

Keywords
no tests run
not scanned
rails
not flagged
empty tests equal
site wide

This information may apply to an older version.
- -- 
_____________________________________
- ---This space for rent---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAlL5NJkACgkQv7M3G5+2DLLtRACggfgjqGT3Jfd4U+dSjMcRqRaN
1jsAn2A+ylQZCMQAKebFHGMt7nNl827e
=MRRO
-----END PGP SIGNATURE-----


More information about the amavis-users mailing list