smtp-url.bro not parsing URLs correctly

[jakub-kudela]

Hi, I've tried to use one of your Bro scripts (smtp-url.bro). I've basically captured my SMTP communication which has sent 10 emails (pure lorem ipsums with some embedded links). When I have run Bro on the pcap file with your script and I have noticed that the links embedded in the mails were not parsed correctly. The preview of the content of the url column of the resulting smtp_url_links.log is attached below:

http://anaahem.com/DROPBOX/dropbox/dropbox/index.php orci sollicitudin 
http://icloud9712.com/ nulla felis, dignissim id finibus eu, maximus sed 
https://purchase-payments.no.com/webapps/60c2f/ ultricies mauris porttitor. 
https://purchase-payments.no.com/webapps/60c2f/ aliquet vel. 
http://cnttststsak.tk/ congue semper eros, vitae 

As you can see, the parsed URLs contain more tokens then they should. As in this case the optimal result would look something like:

http://anaahem.com/DROPBOX/dropbox/dropbox/index.php
http://icloud9712.com/
https://purchase-payments.no.com/webapps/60c2f/
https://purchase-payments.no.com/webapps/60c2f/
http://cnttststsak.tk/

Please, would you know how to fix this problem? Thanks for the good job, btw :).