When filtering UCE, quite often these days the Subject line contents are
encoded with single or multiple encoded iso-8859-1 strings.
In the recent past, legitimate senders did not use iso-8859-1 and it was
sufficient to /dev/null all those with encoded Subject lines.
Now, we have several PR content providers who have seen fit to use the
encoding to provide "highlighting" or "accent" characters in the Subject
line, so dropping all messages with iso-8859-1 in the Subject line is no
longer an option.
Which leaves me with a problem which I would like to resolve in Procmail, or
a simple UNIX:(PERL,SH,BASH, or C) filter to convert to ASCII and return the
ASCII to procmail, inline.
I imagine there is someone on the list, who has been there/done that -- or
someone who can point me to a resource.
I've found: http://www.xs4all.nl/~rvtol/procmail/bq_head.rc and
http://www.xs4all.nl/~rvtol/procmail/bq_!readme.txt
But I am unsure how to incorporate it as a filter such that I can save
messages to a file (mbox format) based upon filter words, such as
(pharmacy|medication|moneyback|pills) etc etc
and others to "pass through" (not-trapped). Currently "not trapping" is
based upon a recognized address in the header, but this has to be monitored
for false positives, and manually added.
I would much rather have a specific list of reject words, so monitoring is
unnecessary.
This mail server is not a "general usage" server, so pharmacological words
do not appear in valid Subject lines.
However, with 10 magazine editor accounts, iso-8859 spam not caught by other
filters accounts for 100-200 messages/day/user
Spamassassin false positive rates are too high for the sales force,
impacting 1 or 2 $10,000 - $50,000 accounts/month.
So, I get to build custom "non-impacting" header filters.
Jim
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail