Am 26.03.2016 um 04:21 schrieb Reindl Harald:
Am 26.03.2016 um 03:54 schrieb David B Funk:On Sat, 26 Mar 2016, Reindl Harald wrote:BODY_URI_ONLY Message body is only a URI in one line of text how can that hit the (anonymized) mail below? ___________________________ Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <h2>****** =C3=9Cbermittlung: **** in ***= ***</h2><table><tr><td>From:</td><td>*** **<somebody@example= .com></td></tr><tr><td>=C3=9Cberpr=C3=BCfen Sie bitte den Artikel unter f= olgender URL:</td><td><a href=3D"http://example.com/administra= tor/index.php?option=3Dcom_k2&view=3Ditem&cid=3D1832">Artikel =C3=BCberpr= =C3=BCfen</a></td></tr><table class=3D"admintable" id=3D"extraFields"><tr=<td align=3D"left" class=3D"key">****</td><td></td></tr><tr><td a=lign=3D"left" class=3D"key">****</td><td>Array </td></tr><tr><td ali= gn=3D"left" class=3D"key">***</td><td></td></tr></table>Because that is one long line that has been broken up for shipment using QP encoding (those '=' at the end of each part). Before doing body checks SA decodes all MIME text components (EG Base64, QP, etc). So as far as the SA body rules are concerned that -is- only one line* it is *not* an URI only * with that logic *any* message with a link would hit that rule * the message has a headline and a table hit that rule is plain wrong
stats of the whole month: 110 hits total 108 clear ham hits (BAYES_00) 1 false positive - the mail above - and flagged because of that 1 spam hit with 17 points, so it did not matter 1.0 points is way too much for a rule which hits prcatically only ham
signature.asc
Description: OpenPGP digital signature
