MikeL's FreeBSD howto - SpamAss

Apologies for this page being nearly useless, but... I've had spamassassin running on my system for years now. Sorry that I never noted the initial configuration challanges. However, the following notes may help you with ongoing issues...

Suddenly I'm seeing the following message in my maillog:

Mar 2 02:07:21 systemname spamc[6286]: skipped message, greater than max message size (512000 bytes)
Mar 2 02:07:21 systemname spamass-milter[93284]: Could not extract score from <>
This is not a spamassassin problem, it is actually a spamc configuration issue. By default, spamc seems to refuse to handle emails larger than 512000 bytes. I'm suddenly seeing a lot of spam just larger than this which makes me believe the spammers have figured this out and are intentionally thwarting it regardless of the fact that larger messages take longer to deliver thus reducing their overall throughput. Anyways, it was hours of reading through old email threads to find how to fix this.

First task is to look through your maillog in an editor and search for "skipped", and check out the sizes of the mail causing the skip. Pick a nice slightly larger number. Most of my obvious spam oversized mails were ~549k, so I'm rounding up to a nice 600k. I'm leery of going up to 1MB as I don't know what the performance hit will be, but I'll keep an eye on it.

If interested spamc config file help, for details on the file format and options, there was no problem finding this. The one I'm concerned with is simply '-s'.

Here's the tricky part... When searching for where the config file should go, all the different locations I found mentioned were bogus, or at least did not work on my FreeBSD 5.4 system. Some claimed the file should be called 'spamassassin', but eventually I found one that said it should be 'spamc.conf'. What finally works on my system is:

In the config file add the line:
-s 600000

Revisited logfile. Am seeing scantimes up to 19 seconds with a setting of 1024000. I have hundreds, possibly thousands of distinct rules to be parsed. The machine is possibly 10 year old dual proc 1.8(?)GHz with 15krpm scsi, probably only 4G ram. A modern machine would do much better, so it's probably safe to go with an even bigger number.

Copyright © 1995-2018 Mike Lempriere