On Tue, Oct 08, 2002 at 11:45:18AM +1000, Erik Christiansen wrote:
Content filtering of spam has worked very well for me, but one has
just snuck past my rules. It was nothing more than base64 encoding of
the body which let it through.
I get a lot of 'em. From http://www.it.ca/software/procmail-spamtrap:
:0 fhw
* ^Content-Type: text/html
* ^Content-Transfer-Encoding: base64
| formail -A "X-spamtrap: single body block base64 encoded"
The idea is that if the *header* is text/html and base64-encoded, then
it's unlikely that we're simply dealing with an international charset.
In the last 40000 or so spam messages I've caught, I have yet to see a
false positive on this.
If not, with a few lines of awk I could filter out the offending bit,
convert it with one of the above tools, and change the
"Content-Transfer-Encoding: base64" line as well, and reassemble the
email. (I just don't want to reinvent the hubcap)
Check out http://scifi.squawk.com/demime.html and
http://www.roaringpenguin.com/mimedefang/. I have not used either of
these myself, but they both look promising. Note that if you modify
MIME email in-transit, you risk breaking things like PGP-signing. If
you can live with that, or you can implement this on a per-user basis,
then more power to ya.
--
Paul Chvostek
<paul(_at_)it(_dot_)ca>
Operations / Abuse / Whatever +1 416 598-0000
it.canada - hosting and development http://www.it.ca/
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail