NAME

Mail::SpamAssassin::Plugin::MIMEEval - perform various tests against MIME structure and body

SYNOPSIS

  loadplugin    Mail::SpamAssassin::Plugin::MIMEEval
  body NAME_OF_RULE  eval:check_for_mime
  body NAME_OF_RULE  eval:check_for_mime_html
  body NAME_OF_RULE  eval:check_for_mime_html_only
  body NAME_OF_RULE  eval:check_mime_multipart_ratio
  body NAME_OF_RULE  eval:check_msg_parse_flags
  body NAME_OF_RULE  eval:check_for_ascii_text_illegal
  body NAME_OF_RULE  eval:check_abundant_unicode_ratio
  body NAME_OF_RULE  eval:check_for_faraway_charset
  body NAME_OF_RULE  eval:check_for_uppercase
  body NAME_OF_RULE  eval:check_ma_non_text
  body NAME_OF_RULE  eval:check_base64_length
  body NAME_OF_RULE  eval:check_qp_ratio

DESCRIPTION

Perform various tests against MIME structure and body.

has_check_for_ascii_text_illegal

Adds capability check for "if can()" for check_for_ascii_text_illegal

check_for_ascii_text_illegal

If a MIME part claims to be text/plain or text/plain;charset=us-ascii and the Content-Transfer-Encoding is 7bit (either explicitly or by default), then we should enforce the actual text being only TAB, NL, SPACE through TILDE, i.e. all 7bit characters excluding NO-WS-CTL (per RFC-2822).

All mainstream MTA's get this right.

has_check_abundant_unicode_ratio

Adds capability check for "if can()" for check_abundant_unicode_ratio

check_abundant_unicode_ratio

A MIME part claiming to be text/plain and containing Unicode characters must be encoded as quoted-printable or base64, or use UTF data coding (typically with 8bit encoding). Any message in 7bit or 8bit encoding containing (HTML) Unicode entities will not render them as Unicode, but literally.

Thus a few such sequences might occur on a mailing list of developers discussing such characters, but a message with a high density of such characters is likely spam.

check_for_mime

Check for various MIME properties.

Use in rules such as:

  rawbody MIME_BASE64      eval:check_for_mime('mime_base64_count')
  describe MIME_BASE64     Includes a base64 attachment
  mime_base64_count
  mime_base64_encoded_text
  mime_body_html_count
  mime_body_text_count
  mime_faraway_charset
  mime_missing_boundary
  mime_multipart_alternative
  mime_multipart_ratio
  mime_qp_count
  mime_qp_long_line
  mime_qp_ratio
  mime_ascii_text_illegal
  mime_text_unicode_ratio
    

check_for_mime_html_only

Check for messages containing only text/html body parts

has_check_qp_ratio

Adds capability check for "if can()" for check_qp_ratio

check_qp_ratio

Takes a min ratio to use in eval to see if there is an spamminess to the ratio of quoted printable to total bytes in an email.