[Mimedefang] Caching the results of a SpamAssassin scan

Michael Sims michaels at mail3.crye-leike.com
Thu Apr 3 10:21:01 EST 2003


Quoting "David F. Skoll" <dfs at roaringpenguin.com>:

> > cached result if the same message-ID came through within a specified
> > interval.
> 
> This is dangerous, because the message-ID is under the control of the
> sender.  I could send one innocuous message with message-ID
> <3jb4.foo.2kj3b4j5 at roaringpenguin.com>, wait an hour, and then send a
> spam with that same message-ID.

Ah, I didn't think of that (obviously). :)  I knew there was a reason I decided 
to consult the list first. :)

> Our CanIt product can optionally cache SpamAssassin scores, but we
> declare two messages identical by running a hash over (part of) the
> message body, and comparing hashes.  Even doing a SHA1 hash over 16kB
> of data is significantly faster than SpamAssassin.

Obviously I don't want to ask you specific details on how this is implemented, 
since this is your commercial product, but I do have one question.  Did you 
have to modify SpamAssassin itself to acheive this, or does it already support 
some sort of caching mechanism?  I've RTFM but I thought maybe I have missed 
something...  If you'd rather not share this info I won't take offense. :)

___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___________________________________________



More information about the MIMEDefang mailing list