On Tuesday, December 31, 2002, at 08:31 AM, dman(_at_)nomotek(_dot_)com wrote:
David Turley <dturley(_at_)pobox(_dot_)com> wrote:
http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/2002-11/
msg00239.html
It seems these base64 encoded messages the pond scum are sending can
be trapped base on the headers, no need to decode. I've not had any
false positives.
Your last remark is a different kettle of fish from that discussed in
the
URL you offer. In the URL, it says:
lp> I am thinking of writing a script to throw out the multipart/mixed
from all
lp> messasges where there is only one part, but I suspect someone must
lp> already have done that. Can anyone give me a pointer?
lp> / Lars Poulsen - lars(_at_)beagle-ears(_dot_)com -
http://www.beagle-ears.com/lars/
As for that, I have this:
there is this, as well:
:0
* ^Content-Type:[ ]text/(plain|html)
* ^Content-Transfer-Encoding:[ ]base64
| formail -A "X-Spam-Flag: Yes" \
-A "X-Xpamtrap: single body block base64 encoded"
As for the entire message being encoded, per your last remark, I have
this:
# concept: Paul Chvostek <paul(_at_)it(_dot_)ca>
:0 # 021109 () base-64-encoded html head is shrouding more than
charset
* ^Content-Type:(.*\<)?text/(html|plain)^^
* ^Content-Transfer-Encoding:(.*\<)?base64
{ RX = "${RX:+$RX, }UBE.CT.HTML+BASE64" }
OK, that looks the same. That has been successfully trapping all the
base64 encoded spam I've been getting and not trapping other base64
encoded messages.
What base64 spam are you seeing that isn't tagged by this recipe?
--
Man is born free, but is everywhere in chains.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail