[Mimedefang] again - Overlong line in RESULTS file

[Kelson]

David F. Skoll wrote:
> But what could be writing an 8K line to RESULTS?

Certain custom rulesets for SpamAssassin will result in triggering 
*lots* of rules.

Mainly, this is the Tripwire ruleset, which looks for unusual letter 
combinations and assigns a low score to each, the idea being that if 
something has just a few, like an alphanumeric confirmation number, it 
won't cause a false positive, but if it has a lot, it will trigger many 
of these rules and result in a big boost to the spam score.  If you're 
adding the spam report to the headers, a lot of its on tripwire can 
easily stretch that report past 8K.

What I do is have MD check length($report) and reject/quarantine the 
message if it's too long.  Another approach would be to try to collapse 
all the TW_ lines in the report into a single line.  A longer-term 
solution would be to rewrite Tripwire using count-based meta rules so 
that only a few rules will actually be visible in the report. (At the 
time it was written, that capability wasn't available.)

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>