Hi, We've been receiving empty messages (or what appear to be empty body messages) delivered to undisclosed-recips and I wanted to figure out how to block them.
This one wasn't blocked at the time it was received, but somehow is now. https://pastebin.com/inS6qiiG I noticed despite there being no actual URI that I can see in the body, it still hits __BODY_URI_ONLY. Even if I remove the div tags it still hits. Just what does SA consider to be a URI? meta __BODY_URI_ONLY __BODY_TEXT_LINE < 3 && __HAS_ANY_URI && !__SMIME_MESSAGE uri __HAS_ANY_URI /./ Running the message through debug doesn't show me what it considered to be the URI in this message. dbg: rules: ran uri rule __DOS_HAS_ANY_URI ======> got hit: "g" I also noticed it hit PYZOR_CHECK for 1.4 points. Doesn't that seem high, considering virtually every "empty" message would be scored? Can someone also explain what NML_ADSP_CUSTOM_MED is? It appears to involve DKIM. This message appears to have been signed by gmail successfully.
