daryle: Date: Wed, 04 Jun 2003 11:07:22 -0600
daryle: From: Daryle A. Tilroe <daryle(_at_)micralyne(_dot_)com>
daryle: To: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
daryle: Subject: Microsoft Exchange base64 encoding testand html messages?
daryle:
daryle: In the last month I have been getting a lot of false positives
daryle: from my rule that tags base64 encoded text or html as spam.
daryle: It seems to be that the latest(?) Exchange server implementations
daryle: or upgrades are default (mis)configured to to do this. Here is
daryle: an example from the headers of a recent message:
daryle:
daryle: X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
daryle:
daryle: Can anyone corroborate this? And more to the point do you
daryle: think there is any hope of getting, potentially technically
daryle: challenged, MS exchange admins (or MS themselves) to realize
daryle: this is a problem and fix it? I know of no good/legit reason
daryle: why text or html should be base64 encoded.
daryle:
daryle: Without this rule I open up my system to any spam that is
daryle: encoded for obfuscation purposes unless I hack in decoding
daryle: before procmail filtering. A hassle but I suppose it may
daryle: be getting to the point that email has to be decoded and
daryle: partly html rendered before scanning due to all the
daryle: obfuscation tricks that spammers are trying.
I wonder if you are better off searching the body for the "Content-Type"
rather than the headers. Though I suppose that not all messages would be
encoded.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail