Greetings!
I've just newly subscribed, so if this question is old, my apologies.
I've constructed a spam filter using procmail. One of the tests that I
perform is to check for either 'euc-kr' or 'ks_c_5601-1987', and trashcan
the mail, as it is obviously in a character set I cannot (and do not want
to) read.
However, just today I received two e-mails that specify these strings
clearly in the 'from' and 'subject' headers, but still got past the
filter. It would appear to do so because of some effect of the surrounding
characters on the line. If I use Pine's "full headers" command, I see
expanded strings consisting of:
From: "=?EUC-KR?B?sbnBpiCxs8ivx9C7/SC8vsXN?="
Subject: =?EUC-KR?B?ucyxubGzyK/H0Lv9uPDB/VuxpLDtXQ==?=
Interestingly enough, if I use Pine's *bounce* command, the 'Resent
Subject' turns up as:
Resent-Subject: =?X-UNKNOWN?B?ucyxubGzyK/H0Lv9uPDB/VuxpLDtXQ==?=
So I suspect that some sort of processing is occurring, and that my
procmail filter never really 'sees' the 'euc-kr' string, because of some
'handling' done on the control characters(?). My question is, how would I
get procmail to ignore control characters so that it 'sees' the euc-kr
that is obviously there?
---------
Also, while I'm here, I've noticed another spammer trick, of late, is to
send spam encoded as base64. I can capture this by looking for
'Content-Type: text/html
Content-Transfer-Endocing: BASE64'
(BASE64 is still legitimate for attachments)
Is there a tool/module to DECODE the base64 so that procmail filtering
checks on the message body can be performed? This would be preferable to
treating all BASE64 text as spam.......
Thanks for any/all replies.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Charles Gregory Hamilton CommunityNet Webmaster
cgregory(_at_)hwcn(_dot_)org Connecting the Community! www.hwcn.org
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail