procmail
[Top] [All Lists]

match question

2006-12-10 23:21:17
I am using a simple recipe to block Asian spam. I did not write it, but I have
been using it so long, I have forgotten the source. The recipe:

  UNREADABLE='[^?"]*big5|iso-2022-jp|ISO-2022-KR|euc-kr|gb2312|ks_c_5601-1987'
  :0:
  * 1^0 $ ^Subject:.*=\?($UNREADABLE)
  * 1^0 $ ^Content-Type:.*charset="?($UNREADABLE)
  spam-asian

  :0:
  * ^Content-Type:.*multipart
  * BH ?? $ ^Content-Type:.*^?.*charset="?($UNREADABLE)
  spam-asian

It occasionally misses emails such as the following. I do not understand why the
following is passed:

  Received: from 126.com ([61.140.112.24])
        by pemaquid.safeport.com (8.13.4/8.13.4) with ESMTP id kBAHXgOT088444
        for <webmaster(_at_)safeport(_dot_)com>; Sun, 10 Dec 2006 12:33:45 
-0500 (EST)
        (envelope-from liurao89(_at_)126(_dot_)com)
  Message-Id: 
<200612101733(_dot_)kBAHXgOT088444(_at_)pemaquid(_dot_)safeport(_dot_)com>
  From: =?GB2312?B?wfUgyfo=?= <liurao89(_at_)126(_dot_)com>
  Subject: =?GB2312?B?ya3pxcOz0te5q8u+?=
  To: webmaster(_at_)safeport(_dot_)com
  Content-Type: text/plain;charset="GB2312"
  Content-Transfer-Encoding: 8bit
  Date: Mon, 11 Dec 2006 01:33:58 +0800
  X-Priority: 3
  X-Mailer: FoxMail 3.11 Release [cn]

It seems to be that both the Subject and the Content-Type test should match the
above. Here is one that was caught:

  Received: from chipnuts.com ([58.61.248.240])
        by pemaquid.safeport.com (8.13.4/8.13.4) with ESMTP id kBB3hRMC037557
        for <webmaster(_at_)safeport(_dot_)com>; Sun, 10 Dec 2006 22:43:59 
-0500 (EST)
        (envelope-from gghtrer(_at_)chipnuts(_dot_)com)
  Message-Id: 
<200612110343(_dot_)kBB3hRMC037557(_at_)pemaquid(_dot_)safeport(_dot_)com>
  From: gghtrer(_at_)chipnuts(_dot_)com
  Subject: =?GB2312?B?uN+8ts7Ew9jWsNK1u6/RtcG3?=
  To: webmaster(_at_)safeport(_dot_)com
  Content-Type: text/plain;charset="GB2312"
  Date: Sun, 10 Dec 2006 11:39:56 +0800
  X-Priority: 3
  X-Mailer: FoxMail 3.11 Release [cn]

In writing this, I checked for non-printing characters as you can see the
Content-Type are exactly the same. This seem to then be some kind of timing,
locking or other non-delivery issue. So far in December, I have had 177 emails
with GB2312 in the subject line. Six (6) of these were not trapped.

Any I do not know how to proceed. Thank you for any ideas.


_____
Douglas Denault
http://www.safeport.com
doug(_at_)safeport(_dot_)com
Voice: 301-469-8766
  Fax: 301-469-0601

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>