Adjust SpamAssassin message scan size limit

I haven’t looked into the SMTP level scan since I leave this off and let the maildrop spam scan (SiteWorx Level) do all the work. So this is just for the SiteWorx level.

I had a client that was getting a bunch of spam, not marked as spam. When looking at the headers I noticed that SA wasn’t even checking the emails. After some research (google’n) I figured out that it was based on a size limit. I didn’t find anything in NodeWorx - Mail - Spam settings to adjust this (I’ve now got a feature request in with the devs, so maybe in the future) so I went searching on SSH.

I found the maildrop spamfilter under the InterWorx folder

There I saw the following line:

That’s not very large at all, 256k.

I’ve changed this now to:

Not only did this solve the issue with the new spams that alerted me to the situation in the first place, but now my client is seeing about a 75% reduction in all spam getting through to the inbox.

[UPDATE 7.12.2012]
You also need to edit one line of this spamfilter file in order for it to work completely. The reason for this is the spam engine has it’s own threshold of 500k default, so even raising this to IW limit to 1MB, I was still limited to 500k.

Should be line 129.

xfilter "/usr/bin/spamc -u $EXT@$HOST"

Changes to:

xfilter "/usr/bin/spamc -s $IW_MAXSIZE -u $EXT@$HOST"

This changes the default scan limit for SpamAssassin to the same as the IW_MAXSIZE. The limit of this is 256MB.

Thanks for Paul for find this info:

Just remember to be careful in that InterWorx folder, you don’t won’t to screw anything up. You’ve been warned.

My client told me today that a couple more have gotten in without being scanned. When I looked at the size in RoundCube, it showed they were 699KB, which is within my scan threshold, so not sure what happen.

I’ve now setup logging in the maildrop file to record any emails that are not scanned and their size.

Updated original post with more information to fully get this to work.