On Wed, 3 Sep 2014, David F. Skoll wrote:
On Wed, 03 Sep 2014 20:26:21 +0200
Axb <axb.li...@gmail.com> wrote:
try adding this to the meta (req SA 3.4)
Gah, I'm still running 3.3. I'm assuming that
check_body_length('100') fires on a message that is less than 100
characters. However, I'm seeing other types of spam hitting the rule
that are much larger. Mildly-edited log lines illustrating one of
them:
2014-09-03T14:29:53.454470-04:00 colo12 sm-mta[13846]: s83ITlNc013846:
from=<namk...@chuavosinhhanoi.com>, size=1795, class=0, nrcpts=1,
msgid=<e1xpfen-0008e0...@chuavosinhhanoi.com>, proto=ESMTP,
daemon=MTA, relay=static.vdc.vn [123.30.174.30] (may be forged)
2014-09-03T14:29:56.538594-04:00 colo12 CanIt[11638]: s83ITlNc013846:
what=pending, city=Hanoi, country_code=VN, incident=08MKGtN9v,
linktype=Ethernet or modem, nrcpts=1, os=Linux, osver=3.1-3.10,
relay=123.30.174.30, score=20.08, sender=namk...@chuavosinhhanoi.com,
subject=Update Information From NetBank..................40356943
Do you understand that the visible body size may be completely different
from the MTA byte-count? M$ Outlook can generate e-mail that have 32KB of
html formatting for a two line message.
Thus the utility of a SA module that will evaluate the message to count up
the actual visible character count.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
