The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SpamAssassin not hitting mail

Discussion in 'E-mail Discussions' started by pubwvj, Jan 27, 2005.

  1. pubwvj

    pubwvj Active Member

    Joined:
    Mar 15, 2004
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    In the Mountains of Vermont
    I have now gotten two emails today that were huge (254KB) and from china (or at least in Chinese, I think) that some how circumvented SpamAssassin. Below is the header for one. The other was similar. SpamAssassin is getting all the mail before the first of these. All the mail after that one until the second and all the mail after the second so SpamAssassin is running fine. But it is missing these mails consistantly. How is this happening? How do I prevent it?

    Thanks

    -Walter

    From cioe@cioe.vicp.net Thu Jan 27 14:29:31 2005
    Return-path: <cioe@cioe.vicp.net>
    Envelope-to: X@blacklightning.com
    Delivery-date: Thu, 27 Jan 2005 13:12:28 -0600
    Received: from bl by host32.root-name-server.net with local-bsmtp (Exim 4.43)
    id 1CuF48-0007n6-3d
    for X@blacklightning.com; Thu, 27 Jan 2005 13:12:28 -0600
    Received: from [61.145.129.100] (helo=cioe.vicp.net)
    by host32.root-name-server.net with smtp (Exim 4.43)
    id 1CuEwu-0007Mh-Ue
    for hollyhga@hollygraphicart.com; Thu, 27 Jan 2005 13:12:27 -0600
    Received: from [61.145.129.100]; Thu, 27 Jan 2005 14:23:51 +0800
    Date: Thu, 27 Jan 2005 14:23:12 +0800
    From: "=?gb2312?B?1tC5+rnisqm74Q==?=" <cioe@cioe.vicp.net>
    Reply-To: opto2005@163.com
    To: "05" <5005?~LIST~?@host32.root-name-server.net>
    Subject: =?gb2312?B?oba54rXnvPLRtqG3tdoxN8baLi4uLg==?=
    X-mailer: Foxmail 5.0 [cn]
    Mime-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="=====003_Dragon367111856088_====="
    Message-Id: <E1CuF48-0007n6-3d@host32.root-name-server.net>
    Sender: <bl@host32.root-name-server.net>




    This is a multi-part message in MIME format.

    --=====003_Dragon367111856088_=====
    Content-Type: text/plain;
    charset="gb2312"
    Content-Transfer-Encoding: base64

    1eLKx9K7t+LTydbQufq54rKpu+G3osC0tcS159fT08q8/qOsyOe5+9TaxPrV4sDvzt63qNX9s6PP
    1Mq+o6zH69LUSFRNTLe9yr3kr8DAuMPTyrz+oaPI59PQzsrM4rvyvajS6aOsv8nWwrXnu/JlbWFp
    bLj4ztLDx6OsuNDQu8T6ttTW0Ln6ueKyqbvhtcTWp7PWo6EgOjoguPy7u9DFz+QgOjoguf3G2uSv
    wMAgOjogzba45dDFz+Qgb3B0bzIwMDVAMTYzLmNvbSA6OqGhye7b2rvh1bnW0NDELi4utdrG373s
    1tC5+rnisqm74Q0KDQq54rXnvPLRtiC159fT1NPWvg0KMjAwNcTqMdTCMjfI1SAgtdoxN8bayOe5
     
    #1 pubwvj, Jan 27, 2005
    Last edited: Jan 28, 2005
  2. BenThomas

    BenThomas Well-Known Member

    Joined:
    Feb 12, 2004
    Messages:
    598
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Texas USA
    cPanel Access Level:
    Root Administrator
    From spamc's man page:

    -s max_size
    Set the maximum message size which will be sent to spamd -- any
    bigger than this threshold and the message will be returned unpro-
    cessed (default: 250k). If spamc gets handed a message bigger than
    this, it won't be passed to spamd.

    Maybe spamc thought they were too large?
     
  3. pubwvj

    pubwvj Active Member

    Joined:
    Mar 15, 2004
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    In the Mountains of Vermont
    Thanks! I bet you're right. I have asked my web hosting service if they can adjust the size setting.

    In the mean time I setup a filter that watches for this message based on some header characteristics and that is working well. This spammer has sent a lot of these, each 254KB in size which is a real bother. Even at DSL my mail connection gags slightly.

    Anyone know of any way to use message size as a filter criteria in the Exim filters (accessed via CPanel mail filters)? In an ideal world I would like to be able to filter out messages over size X from unknown senders but I would settle for merely blocking all attachments and then use a different account for the very rare times I want to receive an attachment.
     
Loading...

Share This Page