Using Amavis to reject/quarantine email with MIME-encoded Subject Fields
Simon B
simon.buongiorno at gmail.com
Mon Sep 6 14:18:07 CEST 2021
On Wed, 1 Sept 2021 at 10:42, Patrick Ben Koetter <p at sys4.de> wrote:
>
> Benedict,
>
> Am 01.09.21 um 00:57 schrieb Benedict White:
>
> -----Original Message-----
> From: amavis-users [mailto:amavis-users-bounces+benedict.white=cse-ltd.co.uk at amavis.org] On Behalf Of Benny Pedersen
> Sent: 31 August 2021 20:44
> To: amavis-users at amavis.org
> Subject: Re: Using Amavis to reject/quarantine email with MIME-encoded Subject Fields
>
> On 2021-08-31 18:58, Benedict White wrote:
>
> header MyRuleNumberOne Subject =~ /RgNC10LTQ/i
>
> score MyRuleNumberOne 5.0
>
> The rules looks for something containing " RgNC10LTQ" and the i after
> the / means case insensitive. You can remove that if this is the
> precise spelling you are looking for.
>
> https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_WhiteListSubject.html
>
> it supports blacklist :=)
>
> it must be mime decoded content in the blacklist_subject ....
>
>
> ###
> My understanding is that the subject appears in the header and isn't encoded. The reason it appears as this gobbledegook is an error in the spam generation, as such, the error can be exploited with a simple rule as I wrote.
>
> this holds true only for ASCII-based languages, but not e.g. for German where you would have Umlauts like "Passwort zurücksetzen" (reset password) in Subject:-Headers which MUST (RFC) be MIME encoded in order not to break 7-bit servers while they are in transit.
Ah... Good point Patrick.. So blocking MIME encoded subject headers
would be bad.
I will try Benedict's solution.
Regards
Simon
More information about the amavis-users
mailing list