On Thu, 2014-05-29 at 00:12 +0200, Axb wrote:
> On 05/28/2014 11:36 PM, Karsten Bräckelmann wrote:
> > Another approach would be to actually ensure there is only a single
> > chunk. And finally, meta them together.
> >
> > rawbody __CHUNK /^./
> > tflags __CHUNK multiple
> or a "modern" 3.4 way :)
Oh, that's nice!
> ifplugin Mail::SpamAssassin::Plugin::BodyEval
> if can(Mail::SpamAssassin::Plugin::BodyEval::has_check_body_length)
> body __BODY_LENGTH_100 eval:check_body_length('100')
This indeed may be a neat substitution to the __RB_LE_nnn and __CHUNK
rules discussed, to match short message bodies.
However, there's a considerable difference: The rawbody includes all
textual MIME-parts only, while the check_body_length() eval uses the
pristine body, covering all MIME-parts.
In retrospect, this actually (though slightly fuzzily) matches the
desired behavior of the rules originally discussed with Alex back in Oct
2013. The goal was, to identify short message bodies with a URI, but to
exempt messages where the actual payload is an attachment. That eval
includes the attachments, rawbody doesn't.
> meta BLAH_100 (__HAS_URI && __BODY_LENGTH_100)
> endif
> endif
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
