Hi,
On Fri, Jan 10, 2014 at 10:32 PM, Kevin A. McGrail <kmcgr...@pccc.com>wrote:
> I checked in basic and I didn't get very far just looking at the first
> rule using your pastebin example. It didn't appear to hit your rules.
>
> Might be something lost via pastebin but it's late and I'm tired so could
> be my mistake as well. However, spamassassin -t -D < /tmp/2.mbox 2>&1 |
> grep __RB_GT showed nothing.
>
It hit all of the subrules and LOC_SHORT here, but I don't understand why
it doesn't detail the specifics of what triggered each of them.
> So you might want to look at 3.4.0 from SVN and look at using these rules:
>
> body __KAM_BODY_LENGTH_LT_128
> eval:check_body_length('128')
> describe __KAM_BODY_LENGTH_LT_128 The length of the
> body of the email is less than 128 bytes.
>
> body __KAM_BODY_LENGTH_LT_256
> eval:check_body_length('256')
> describe __KAM_BODY_LENGTH_LT_256 The length of the
> body of the email is less than 256 bytes.
>
> body __KAM_BODY_LENGTH_LT_512
> eval:check_body_length('512')
> describe __KAM_BODY_LENGTH_LT_512 The length of the
> body of the email is less than 512 bytes.
>
> body __KAM_BODY_LENGTH_LT_1024
> eval:check_body_length('1024')
> describe __KAM_BODY_LENGTH_LT_1024 The length of the
> body of the email is less than 1024 bytes.
>
I have v3.4 running on a few of the systems now. My rule (one you helped me
write, actually) detects a body with a short URL, not just the body length,
although this looks helpful.
Thanks,
Alex
