[Dovecot] Sieve mails with decoded subject
Dear all,
I accidently posted this message to dovecot-news and want to apologize
for any trouble I may have caused. Here it is again to the correct
mailing list:
Recently I'm getting a ton of porn/viagra/diet/casino spam mails which I
tried to filter with sieve:
if header :contains Subject [ [SPAM],
Bett,
Schlafzimmer,
Spielen,
Luder,
abhenmen,
poppen,
Casino,
Bonus,
abnehmen,
Gewinn,
Potenz ] {
addflag \\seen;
fileinto Spam;
stop;
}
Sadly, this didn't work - taking a closer look upon one of the spam
mails, it seems the spamming rats have encoded the subject:
Subject: =?US-ASCII?B?RW5kbGljaCBtZWhyIGVuZ2FnZW1lbnQgaW0gQmV0dGNoZW4=?=
(reads: Endlich mehr engagement im Bettchen)
I'm thinking about filtering all such encoded subjects (as there's no
reason to encode them US-ASCII), but suppose it were UTF-8 or something:
how can I filter on the actual content, not the encoded subject? Surely
someone has solved that problem already?
Kind regards,
Johannes
Re: [Dovecot] Sieve mails with decoded subject
On Thu, 2009-12-10 at 19:34 +0100, Johannes Bauer wrote: Dear all, I accidently posted this message to dovecot-news and want to apologize for any trouble I may have caused. Don't worry. All mails there from non-trusted addresses simply get discarded (or rejected?) Sadly, this didn't work - taking a closer look upon one of the spam mails, it seems the spamming rats have encoded the subject: Subject: =?US-ASCII?B?RW5kbGljaCBtZWhyIGVuZ2FnZW1lbnQgaW0gQmV0dGNoZW4=?= (reads: Endlich mehr engagement im Bettchen) They're decoded at least in v1.2 with the new Sieve plugin. I don't remember if CMU Sieve decoded them, I'm guessing not. So maybe it's time for an upgrade? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Sieve mails with decoded subject
On Qui, 10 Dez 2009, Johannes Bauer wrote: I'm thinking about filtering all such encoded subjects (as there's no reason to encode them US-ASCII), but suppose it were UTF-8 or something: how can I filter on the actual content, not the encoded subject? Surely someone has solved that problem already? Yes, such as the guys behind SpamAssassin, or dspam, or any of the many spam filtering programs that exist. Actually, they make much more complicated decisions instead of only looking for bad words in the subject field. I'd suggest you try installing one of them. -- Eduardo M KALINOWSKI edua...@kalinowski.com.br
Re: [Dovecot] Sieve mails with decoded subject
Timo Sirainen schrieb: They're decoded at least in v1.2 with the new Sieve plugin. I don't remember if CMU Sieve decoded them, I'm guessing not. So maybe it's time for an upgrade? *sigh*, I guess it might be. brick [~]: dovecot --version 1.0.rc15 I'm still somewhat reluctant to change to 1.2, because that would mean that I cannot rely on my distros packages anymore (Etch that is for that server) but must maintain the packages myself. Well... Kind regards, Johannes
Re: [Dovecot] Sieve mails with decoded subject
Eduardo M KALINOWSKI schrieb: On Qui, 10 Dez 2009, Johannes Bauer wrote: I'm thinking about filtering all such encoded subjects (as there's no reason to encode them US-ASCII), but suppose it were UTF-8 or something: how can I filter on the actual content, not the encoded subject? Surely someone has solved that problem already? Yes, such as the guys behind SpamAssassin, or dspam, or any of the many spam filtering programs that exist. Actually, they make much more complicated decisions instead of only looking for bad words in the subject field. I'd suggest you try installing one of them. I had SpamAssassin running once and was pretty disappointed. All those complicated rules and scoring and smart bayesian filtering did not work very well, although I taught it in around 50k mails right from wrong. I had both lots of false-positives and lots of false-negatives, which was kind of annoying. However, analyzing 274 spam mails I deleted in the last 5 months I can conclude that by using that extremely simple filter list I'd catch 258 of them (that's 94%). So I'd like to stick to KISS in this case. Kind regards, Johannes
Re: [Dovecot] Sieve mails with decoded subject
On Thu, 2009-12-10 at 20:22 +0100, Johannes Bauer wrote: I'm still somewhat reluctant to change to 1.2, because that would mean that I cannot rely on my distros packages anymore (Etch that is for that server) but must maintain the packages myself. Well... How about using backports.org? signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Sieve mails with decoded subject
Timo Sirainen t...@iki.fi writes: On Thu, 2009-12-10 at 20:22 +0100, Johannes Bauer wrote: I'm still somewhat reluctant to change to 1.2, because that would mean that I cannot rely on my distros packages anymore (Etch that is for that server) but must maintain the packages myself. Well... How about using backports.org? Well, for etch the backport is not enough for 1.2.x: http://packages.debian.org/etch-backports/dovecot-imapd BTW, according to http://wiki.debian.org/DebianEtch, on Feb 2010, Etch will be declared as EOLed, so, imho, an Etch-to-Lenny upgrade should be planned very soon there. -- Nicolas
