[Mimedefang] Caching the results of a SpamAssassin scan
David F. Skoll
dfs at roaringpenguin.com
Thu Apr 3 08:38:00 EST 2003
On Wed, 2 Apr 2003, Michael Sims wrote:
> Even though these were all separate SMTP sessions, each message has the
> exact same message-ID. I thought it would be really nice if SpamAssassin
> could cache the results of it's scan for a particular message, and use the
> cached result if the same message-ID came through within a specified
> interval.
This is dangerous, because the message-ID is under the control of the
sender. I could send one innocuous message with message-ID
<3jb4.foo.2kj3b4j5 at roaringpenguin.com>, wait an hour, and then send a
spam with that same message-ID.
Our CanIt product can optionally cache SpamAssassin scores, but we
declare two messages identical by running a hash over (part of) the
message body, and comparing hashes. Even doing a SHA1 hash over 16kB
of data is significantly faster than SpamAssassin.
--
David.
More information about the MIMEDefang
mailing list