Hi Rick
Will you be willing to share your Exim and SA rules / code?
So that the community can benefit from your finding and work.
Regards
Brent Clark
On 2020/05/05 20:00, Rick Cooper wrote:
Henrik K wrote:
On Tue, May 05, 2020 at 12:51:36PM -0400, Rick Cooper wrote:
We received a couple emails yesterday that barely got caught and
when I looked at them they should have hit big time. As I looked it
would appear the body parts are encoded quoted-printable utf-7.
Apparently SA doesn't handle utf-7?
I added $self->{'decoded'} = Encode::decode("UTF-7",
$self->{'decoded'}); just before the decoded body is returned in
Node.pm and the body rules hit again including some quick tests I
put together.
Is ignoring utf-7 intentional or is this a new spammer tactic? The
actual email messages are rendered perfectly through outlook and our
webmail application.
If I remember right, normalize_charset 1 will handle this just fine.
Atleast in trunk/4.0.
In any case, UTF-7 mails can be blocked on sight, no one uses it
legimately..
Bingo, that does it, And yes I added a check for utf-7 to exim and add a
header that causes emails to be quarantined and marked so users cannot
releaseor view them on their own.
Thanks
Rick
