LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   PROCMAIL Spam Filter on base64 content (https://www.linuxquestions.org/questions/linux-software-2/procmail-spam-filter-on-base64-content-4175660801/)

pshoaf 09-12-2019 10:41 AM
PROCMAIL Spam Filter on base64 content
 
I am trying to filter SPAM with procmail. I am receiving emails where the HTML content has been encoded as base64.

I am running on Oracle Linux 6 and mimeencode is included.

The following is a portion of a SPAM email.

Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
X-BESS-ID: 1568295682-893335-3181-18792-1
X-BESS-VER: 2019.1_20190911.2255
X-BESS-Apparent-Source-IP: 95.189.78.2


PCFkb2N0eXBlIGh0bWw+DQo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRt
bCIgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVybjpz
Y2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSI+DQo8aGVhZD4NCjwhLS0gTkFNRTog

I would want to
-- check the header for "Content-Transfer-Encoding: base64"
-- if yes, then
----- decode content
----- parse HTML code for specific words in content using pregexp pattern
----- when found send message to /dev/null or to a junk mail box

Can anyone help me with a rule for this?

Thanks

scasey 09-13-2019 08:16 PM
You might want to edit your post to remove your email address. Spammers will harvest it.

You'll need to use an external program to decode the base64. Do you know how to run an external program in procmail?
I found several informative links with this search.

An alternative is to use spamassassin, which decodes base64 already and is probably in your distro's repositories.

On my server, I run all email through spamassassin, and mail that's not rejected goes through procmail for some further checks and sorting.

pshoaf 09-14-2019 08:24 PM
RE: PROCMAIL Spam Filter on base64 content
 
Thanks for the catch on my Signature. I fixed that.

I added SPAMASASSIN again and it is catching most of the MIME encoded emails.

I had found a document on using mimeencode -d to decode the base64 encoded message, but was unsure how to properly write the PROCMAIL filter.

I guess for now, unless someone has a better method, I will keep using SPAMASASSIN and tweek that to get best results.

scasey 09-14-2019 08:37 PM
I didn’t know how to it either...there were a couple of examples in that search I posted.
If you’re happy, you can mark the thread SOLVED using the Thread tools at the top of the page.


All times are GMT -5. The time now is 10:03 PM.