Michael Eriksen wrote:
> Jeg fik en spammail, der burde være knaldet af mit spamfilters body-
> søgning. Jeg bruger procmail/Mandrake.
>
> Efter lidt undersøgelse fandt jeg ud af, at procmail blev snydt fordi
> mail'en ankom som en mime64-kodet html-fil:
> --
> PEhUTUw+PFAgQUxJR049Q0VOVEVSPjxGT05UICBTSVpFPTYgUFRTSVpFPTI0PjxCPmttZSw8
> QlI+DQo8L0ZPTlQ+PEZPTlQgIENPTE9SPSIjZmYwMDAwIiBCQUNLPSIjZmZmZmZmIiBzdHls
> ZT0iQkFDS0dST1VORC1DT0xPUjogI2ZmZmZmZiIgU0laRT02IFBUU0laRT0yNCBGQU1JTFk9
> osv osv
Og dit spoergsmaal/din kommentar er?
Hvis du smider dine breve igennem spamassassin, finder denne selv ud af
at dekode evt kodet indhold. Jeg har en ~/.procmailrc:
:0fw
| /b/96/omic/bin/SpamAssassin/spamassassin -P -c
/b/96/omic/bin/SpamAssassin/rules
:0:
* ^X-Spam-Status: Yes
spam
og faar saadan noget som det her i min ~/Mail/spam mbox:
Reply-To: "Bill Boxin" <Billboxin1iia@yahoo.com>
From: "Bill Boxin" <Billboxin1iia@yahoo.com>
To: <santaclaus@santa.org>
Subject: *****SPAM***** Improve your Penis size: within weeks
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-Spam-Status: Yes, hits=29.8 required=5.0
tests=MIME_ODD_CASE,PENIS_ENLARGE2,CLICK_BELOW,MONEY_BACK,
IMPOTENCE,PENIS_ENLARGE,REMOVE_PAGE,BIG_FONT,
CLICK_HERE_LINK,MIME_MISSING_BOUNDARY,BASE64_ENC_TEXT,
DATE_IN_FUTURE_03_06,FORGED_YAHOO_RCVD
version=2.30
X-Spam-Flag: YES
X-Spam-Level: *****************************
X-Spam-Checker-Version: SpamAssassin 2.30 (devel $Id: SpamAssassin.pm,v 1.94 2002/06/14 23:17:15 hughescr Exp $)
X-Spam-Prev-Content-Type: multipart/mixed; boundary="----=_NextPart_000_00B3_31C62A8B.E4442B51"
SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See
http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (29.8 hits, 5 required)
SPAM: MIME_ODD_CASE (4.3 points) MiME-Version header (oddly capitalized)
SPAM: PENIS_ENLARGE2 (4.3 points) BODY: Information on getting a larger penis or breasts (2)
SPAM: CLICK_BELOW (1.5 points) BODY: Asks you to click below
SPAM: MONEY_BACK (-0.2 points) BODY: Money back guarantee.
SPAM: IMPOTENCE (2.6 points) BODY: Impotence cure
SPAM: PENIS_ENLARGE (1.3 points) BODY: Information on getting a larger penis or breasts
SPAM: REMOVE_PAGE (2.2 points) URI: URL of page called "remove"
SPAM: BIG_FONT (2.1 points) BODY: FONT Size +2 and up or 3 and up
SPAM: CLICK_HERE_LINK (0.8 points) BODY: Tells you to click on a URL
SPAM: MIME_MISSING_BOUNDARY (3.9 points) RAW: MIME section missing boundary
SPAM: BASE64_ENC_TEXT (2.1 points) Message text disguised using base-64 encoding
SPAM: DATE_IN_FUTURE_03_06 (3.4 points) Date: is 3 to 6 hours after Received: date
SPAM: FORGED_YAHOO_RCVD (1.5 points) 'From' yahoo.com does not match 'Received' headers
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------
------=_NextPart_000_00B3_31C62A8B.E4442B51
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: base64
PGh0bWw+DQo8aGVhZD4NCjx0aXRsZT5WUC1SWCBQZW5pcyBFbmxhcmdlbWVu
dCBQaWxsczwvdGl0bGU+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5
cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIj4N
CjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IiNGRkZGRkYiIHRleHQ9IiMwMDAw
MDAiPg0KPGZvbnQgY29sb3I9IiNGRkZGRkYiIGZhY2U9InZlcmRhbmEiIHNp
etc etc.
Fungerer perfekt.
--
Ole Michaelsen, Darmstadt, Germany
http://www.fys.ku.dk/~omic