For HTML content, we can check the length with eval:html_eval('length', '< 384')
but I don't see anything similar for body or rawbody. For my purposes, the Content-Length from the spamc connection would do, but it doesn't seem to be exposed. I see at least two plugins looking at length: ImageInfo.pm: my $textlen = length(join('',@$body)); TextCat.pm: my $len = length($body); but it seems a waste to make multiple in-memory copies a large message just to see how big it is. The bigger picture: I'm working on some ISP/.edu phishing rules inspired by the old 419 rules... lots of words and short phrases indicating an attempt to get our account information (either through email or free web form sites), and a meta rule that fires only if there are several hits. Due to the risk of false positives on long messages, I'd only like to apply the rules to messages with short bodies. -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin CMC135: 507-222-7079 Cell: 952-292-6529