I have a really simple rule looking for custom text string contained in
spam urls in the body of the email, like so:
body SHORT_BITCOIN_DATING /specific_string_here/i
score SHORT_BITCOIN_DATING 3.0
describe SHORT_BITCOIN_DATING Body URL signature of spam
I just realised that it is only working if the URL exists in both the
text and html versions. If the text version doesn't have the url, it
isn't working. Do "body" rules only work on the html part of the
message? I've tried searching through the documentation, but I can't see
that being the case. Maybe there is something else having an effect here?
Many thanks for any hints.