Using Amavis to reject/quarantine email with MIME-encoded Subject Fields

Patrick Ben Koetter p at sys4.de
Wed Sep 1 10:32:35 CEST 2021


Benedict,

Am 01.09.21 um 00:57 schrieb Benedict White:
> -----Original Message-----
> From: amavis-users [mailto:amavis-users-bounces+benedict.white=cse-ltd.co.uk at amavis.org] On Behalf Of Benny Pedersen
> Sent: 31 August 2021 20:44
> To: amavis-users at amavis.org
> Subject: Re: Using Amavis to reject/quarantine email with MIME-encoded Subject Fields
>
> On 2021-08-31 18:58, Benedict White wrote:
>
>> header  MyRuleNumberOne          Subject =~ /RgNC10LTQ/i
>>
>> score	MyRuleNumberOne		5.0
>>
>> The rules looks for something containing " RgNC10LTQ" and the i after
>> the / means case insensitive. You can remove that if this is the
>> precise spelling you are looking for.
> https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_WhiteListSubject.html
>
> it supports blacklist :=)
>
> it must be mime decoded content in the blacklist_subject ....
>
>
> ###
> My understanding is that the subject appears in the header and isn't encoded. The reason it appears as this gobbledegook is an error in the spam generation, as such, the error can be exploited with a simple rule as I wrote.

this holds true only for ASCII-based languages, but not e.g. for German
where you would have Umlauts like "Passwort zurücksetzen" (reset
password) in Subject:-Headers which MUST (RFC) be MIME encoded in order
not to break 7-bit servers while they are in transit.

p at rick

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20210901/31019378/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4789 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20210901/31019378/attachment.bin>


More information about the amavis-users mailing list