At 09:46 2005-09-02 -0400, Louis Proyect wrote:
I put this into my procmail recipes:
If you're writing to a file, you should specify a lockfile flag in there.
* ^Content-Type: text/html
* ^Content-Transfer-Encoding: base64
But I am still getting the p*nny st*ck spam I described the other day.
You know, it'd be a MUCH smoother operation if you just took one of the
problem messages - direct off your server - and posted it to a webpage --
never gracing your MS outlook program with it. Then people here could
examine the ACTUAL message instead of having to GUESS at its attributes.
Alternatives include quoted-printable or 8-bit (or even 7-bit) encoding,
and text/plain type. There are others, but these are certainly common ones
- if your message isn't being caught by the above, what leads you to
believe is SHOULD be? Have you actually reviewed it to confirm?
Also, I wonder how one can identify such base64 encoded messages.
Well, some spam takes advantage of the fact that there are some email
clients (MS Outbreak among them) which are not particularly strict in their
interpretation of headers, and will "make do" when they receive information
that isn't standards compliant. Thus, it is possible to send a message
with base-64 encoding that lacks the necessary headers identifying it as
such, and still have clients that read the message fine.
I was looking at Rick Conner's extremely useful write-up on spam at
http://www.rickconner.net/spamweb/analysis01.html yesterday where I
discovered that the base64 indicator is in the *body* of the email rather
than the header--I had been looking at :0 H.
Which specifically is a problem with some buggy versions of procmail, and
should be avoided. the H flag is unnecessary by itself anyway, seeing as
it is the default.
But how would you find this information? First of all, by the time it gets
to Eudora, you will have no such indication.
FTR, you're not using Eudora, at least not with the account your presently
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
On the other hand, if I use Pine on panix.com's server, I
can only "Show headers". How would I show indicators of special encoding
from within Pine, like base64?
How's about opening the mailbox with "LESS" and viewing the darn thing
without any possibility of translation by a mail-specific application?
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
procmail mailing list Procmail homepage: http://www.procmail.org/