On Wed, 03 Sep 2014 20:26:21 +0200
Axb <axb.li...@gmail.com> wrote:
> try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types of spam hitting the rule
that are much larger. Mildly-edited log lines illustrating one of
them:
2014-09-03T14:29:53.454470-04:00 colo12 sm-mta[13846]: s83ITlNc013846:
from=<namk...@chuavosinhhanoi.com>, size=1795, class=0, nrcpts=1,
msgid=<e1xpfen-0008e0...@chuavosinhhanoi.com>, proto=ESMTP,
daemon=MTA, relay=static.vdc.vn [123.30.174.30] (may be forged)
2014-09-03T14:29:56.538594-04:00 colo12 CanIt[11638]: s83ITlNc013846:
what=pending, city=Hanoi, country_code=VN, incident=08MKGtN9v,
linktype=Ethernet or modem, nrcpts=1, os=Linux, osver=3.1-3.10,
relay=123.30.174.30, score=20.08, sender=namk...@chuavosinhhanoi.com,
subject=Update Information From NetBank..................40356943
Regards,
David.
