Tomasz Papszun
2004-11-30 11:34:14 UTC
Hello, List.
I have searched the list archive and read the documentation but I
haven't found the answer.
The question is:
how to block messages with _encoded_ known, "blacklisted" contents in
the Subject field?
I have
header_checks = pcre:$config_directory/badheaders
and the badheaders file contains some simple patterns used (among
other steps) for rejecting spam, e.g.:
/^Subject: .*prescription/ REJECT
/^Subject: .*penis/ REJECT
It works for not encoded headers but unfortunately, when the Subject
field is encoded (ISO-8859-1, utf-8 etc.) a spam containing the unwanted
word in the Subject is accepted anyway.
The MUA (mutt) displays the subject in a readable way but the real
header contents isn't human-readable. Below are 3 examples:
1) The MUA displays:
Subject: FREE Sildenafil Citrate PRESCRIPTION
But the raw mailbox contains:
Subject: =?ISO-8859-1?b?RlJFRSBTaWxkZW5hZmlsIENpdHJhdGUgIFBSRVNDUklQVElPTg==?=
2) The MUA displays:
Subject: isde Natural penis enlaargement pilll. NEW! niku
But the raw mailbox contains:
Subject: =?utf-8?B?aXNkZSBOYXR1cmFsIHBl?=
=?utf-8?B?bmlzIGVubGFhcmdlbWVu?=
=?utf-8?B?dCBwaWxsbC4gTkVXISBu?=
=?utf-8?B?aWt1?=
3) The MUA displays:
Subject: =?utf-8?q?Natural increase you?=
=?utf-8?q?r penis solution!?=
And the raw mailbox contains:
Subject: =?utf-8?q?Natural increase you?=
=?utf-8?q?r penis solution!?=
Oh, the 3rd example is another case. The raw header does contain that
word but the message was let in probably due to 2-line Subject?
So there is another question: how to reject such illegal(?) (multi-line)
headers?
Thank you in advance
I have searched the list archive and read the documentation but I
haven't found the answer.
The question is:
how to block messages with _encoded_ known, "blacklisted" contents in
the Subject field?
I have
header_checks = pcre:$config_directory/badheaders
and the badheaders file contains some simple patterns used (among
other steps) for rejecting spam, e.g.:
/^Subject: .*prescription/ REJECT
/^Subject: .*penis/ REJECT
It works for not encoded headers but unfortunately, when the Subject
field is encoded (ISO-8859-1, utf-8 etc.) a spam containing the unwanted
word in the Subject is accepted anyway.
The MUA (mutt) displays the subject in a readable way but the real
header contents isn't human-readable. Below are 3 examples:
1) The MUA displays:
Subject: FREE Sildenafil Citrate PRESCRIPTION
But the raw mailbox contains:
Subject: =?ISO-8859-1?b?RlJFRSBTaWxkZW5hZmlsIENpdHJhdGUgIFBSRVNDUklQVElPTg==?=
2) The MUA displays:
Subject: isde Natural penis enlaargement pilll. NEW! niku
But the raw mailbox contains:
Subject: =?utf-8?B?aXNkZSBOYXR1cmFsIHBl?=
=?utf-8?B?bmlzIGVubGFhcmdlbWVu?=
=?utf-8?B?dCBwaWxsbC4gTkVXISBu?=
=?utf-8?B?aWt1?=
3) The MUA displays:
Subject: =?utf-8?q?Natural increase you?=
=?utf-8?q?r penis solution!?=
And the raw mailbox contains:
Subject: =?utf-8?q?Natural increase you?=
=?utf-8?q?r penis solution!?=
Oh, the 3rd example is another case. The raw header does contain that
word but the message was let in probably due to 2-line Subject?
So there is another question: how to reject such illegal(?) (multi-line)
headers?
Thank you in advance
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
***@lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
***@clamav.net http://www.ClamAV.net/ A GPL virus scanner