[Mimedefang] Caching the results of a SpamAssassin scan
Michael Sims
michaels at mail3.crye-leike.com
Thu Apr 3 10:21:01 EST 2003
Quoting "David F. Skoll" <dfs at roaringpenguin.com>:
> > cached result if the same message-ID came through within a specified
> > interval.
>
> This is dangerous, because the message-ID is under the control of the
> sender. I could send one innocuous message with message-ID
> <3jb4.foo.2kj3b4j5 at roaringpenguin.com>, wait an hour, and then send a
> spam with that same message-ID.
Ah, I didn't think of that (obviously). :) I knew there was a reason I decided
to consult the list first. :)
> Our CanIt product can optionally cache SpamAssassin scores, but we
> declare two messages identical by running a hash over (part of) the
> message body, and comparing hashes. Even doing a SHA1 hash over 16kB
> of data is significantly faster than SpamAssassin.
Obviously I don't want to ask you specific details on how this is implemented,
since this is your commercial product, but I do have one question. Did you
have to modify SpamAssassin itself to acheive this, or does it already support
some sort of caching mechanism? I've RTFM but I thought maybe I have missed
something... If you'd rather not share this info I won't take offense. :)
___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___________________________________________
More information about the MIMEDefang
mailing list