Using Amavis to reject/quarantine email with MIME-encoded Subject Fields

Benedict White Benedict.White at cse-ltd.co.uk
Tue Aug 31 18:58:33 CEST 2021 

Assuming that you are using Spamassassin, you could add your own custom rule sets. They can be made quite intricate but a rule set in a file in 
/etc/mail/spamassassin/
Called say MyRules.cf
With the following contents:

header  MyRuleNumberOne          Subject =~ /RgNC10LTQ/i

score	MyRuleNumberOne		5.0

The rules looks for something containing " RgNC10LTQ" and the i after the / means case insensitive. You can remove that if this is the precise spelling you are looking for.

Kind regards

Benedict White


From: amavis-users [mailto:amavis-users-bounces+benedict.white=cse-ltd.co.uk at amavis.org] On Behalf Of Simon B
Sent: 31 August 2021 14:44
To: amavis-users at amavis.org
Subject: Using Amavis to reject/quarantine email with MIME-encoded Subject Fields

Hi

I am receing a lot of spam, and the only constant is the email subject

Subject: =?utf-8?B?0J/RgNC10LTQu9C+0LbQtdC90LjQtQ==?=

How can I user Amavis to block, or at least add a couple of points to the X-Spam-Score?

In fact the majority of the email is MIME-encoded..

--b2_99ead861c45e013f459393918fae40b7
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

=D0=97=D0=B4=D1=80=D0=B0=D0=B2=D1=81=D1=82=D0=B2=D1=83=D0=B9=D1=82=D0=B5. =
=D0=9F=D0=BE=D0=B6=D0=B0=D0=BB=D1=83=D0=B9=D1=81=D1=82=D0=B0 =D0=BF=D0=
=B5=D1=80=D0=B5=D0=B4=D0=B0=D0=B9=D1=82=D0=B5
=D0=BC=D0=BE=D0=B8 =D0=BF=D1=80=D0=B5=D0=B4=D0=BB=D0=BE=D0=B6=D0=B5=D0=
=BD=D0=B8=D1=8F, =D0=BA=D0=BE=D1=82=D0=BE=D1=80=D1=8B=D0=B5 =D1=8F =D0=
=BE=D1=82=D0=BF=D1=80=D0=B0=D0=B2=D0=B8=D0=BB =D0=B2
=D0=BF=D0=B8=D1=81=D1=8C=D0=BC=D0=B5 =D0=B4=D0=BB=D1=8F =D0=92=D0=B0=D1=
=88=D0=B5=D0=B3=D0=BE =D1=80=D1=83=D0=BA=D0=BE=D0=B2=D0=BE=D0=B4=D1=81=
=D1=82=D0=B2=D0=B0.
=D0=9F=D1=80=D0=BE=D1=88=D1=83 =D1=81=D0=B2=D1=8F=D0=B7=D0=B0=D1=82=D1=
=8C=D1=81=D1=8F =D1=81=D0=BE =D0=BC=D0=BD=D0=BE=D0=B9 =D0=BF=D0=BE =D1=
=83=D0=BA=D0=B0=D0=B7=D0=B0=D0=BD=D0=BD=D1=8B=D0=BC
=D0=B2 =D0=BF=D1=80=D0=B5=D0=B4=D0=BB=D0=BE=D0=B6=D0=B5=D0=BD=D0=B8=D0=
=B8 =D0=BA=D0=BE=D0=BD=D1=82=D0=B0=D0=BA=D1=82=D0=B0=D0=BC.
Hello. Please pass on my suggestions that I sent in a letter for your
guidance.
Please contact me at the contacts indicated in the offer.


--b2_99ead861c45e013f459393918fae40b7


Googling was not helpful - most of the results were complaining about emails being blocked because of it.  I.e. the opposite of what I am trying to achieve.

Thanks.

Simon

More information about the amavis-users mailing list