dspam not checking emails

Posted by: Brad Waite

Tagged in: Untagged 

I've been plagued with a recurring problem with dspam that I had been unable to track down for months.  While dspam catches nearly every spam that comes into my Inbox, I noticed a pattern of email that not only weren't flagged as spam, they apparently weren't even checked by dspam; there were no X-DSPAM headers in the email.

I spent hours tracking down whether there were any qmail aliases that were dropping mail directly into users Maildirs, since that would explain what I was seeing, but there were none to be found.

I then turned on tcpserver logging to see if maybe these spams were coming from a previously whitelisted IP in my tcp.smtp.  Nothing there either.

After all of this, I happened to notice an error in my qmail logs:

delivery 76475: success: 19066:_[10/05/2009_13:02:17]_message_too_big,_delivering/did_0+0+1/

I dunno why I didn't notice that before, but that error explained the problem.  dspam has a setting in dspam.com called "MaxMessageSize".  Any emails larger than this are passed through without any spam checking.  The idea is that you don't want dspam slowing down your mail server by choking through emails with 200MB binary attachments.  In my case, MaxMessageSize was set to 300KB, and sure enough, most of the spams getting through were larger than 300KB. After bumping it up to 2MB, nearly all of them have been stopped.

Comments (0)Add Comment

Write comment
You must be logged in to post a comment. Please register if you do not have an account yet.

busy