On Sun, 24 May 2009, Cedric Knight wrote:
header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\//i
Veto. If you want to ignore the subtype, name the rule __CTYPE_MULTIPART_ANY.
because I've also recall them coming in as multipart/related. The inbuilt rule only looked for "image/jpeg", so: mimeheader __ANY_IMAGE_ATTACH Content-Type =~ /image\/(?:gif|jpe?g|png)/
I've just submitted a bug for that. Amazing nobody has noticed it until now.
I don't think image/jpg is a standard MIME type, so we could also create: mimeheader MIME_IMAGE_JPG Content-Type =~ /image\/jpg/ describe MIME_IMAGE_JPG contains wrong MIME type image\/jpg score MIME_IMAGE_JPG 1.0
...that might be why. :)
I think image with not text in the body part at all is pretty rare, but I might do something like that if I was sending a picture to myself.
I think most mailers will do that if you compose a message and drop an image on it without entering any text. The multipart/mixed with _no_ text body parts at all is pretty clearly spam.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Efficiency can magnify good, but it magnifies evil just as well. So, we should not be surprised to find that modern electronic communication magnifies stupidity as *efficiently* as it magnifies intelligence. -- Robert A. Matern ----------------------------------------------------------------------- Tomorrow: Memorial Day - honor those who sacrificed for our liberty
