On 2018-02-22 (07:54 MST), saqariden <saad.aqari...@ac-montpellier.fr> wrote: > > I have the following SA rule which is supposed to block base64 encoded mails:
Wow. You are going to block a lot of legitimate email that way. > body EN_BASE64_B /(Content-Transfer-Encoding: > base64\sContent-Type: text\/(plain|html); charset="?utf-8"?)|(Content-Type: > text\/(plain|html); charset="?utf-8"?\sContent-Transfer-Encoding: base64)/i you need to be looking at the mime headers, not simply scanning the plaintext body. In fact, Don't think the plaintext body is even available to spam assassin rules, so those lines will never match as you have them. Heck, don't know if the encoding type is available at all to SA because... well, why would it. How a message is encoded is not a spam indicator. You can do this with other tools in your MTA (postfix) or you LDA (procmail), but it's a very bad idea. My personal account has 1,770 base64 encoded messages out of 90,111. I know I would not be happy to have missed those 1,770 message. -- We are born naked, wet and hungry; then it's all downhill.