Hello,
This is what I found on the headers, maybe is what you are referring to?
MIME-Version: 1.0
Content-Type: text/html
charset="us-ascii"
X-Priority: 3
X-Mailer: ahmntvo_65
Message-ID: <0748119269.gq3b5r14926...@vbflxbkym.cqkoekaungmhnec.ru>
Content-Transfer-Encoding: quoted-printable
Thanks.
----- Original Message -----
From: David B Funk <dbf...@engineering.uiowa.edu>
To: "users@spamassassin.apache.org" <users@spamassassin.apache.org>
Cc:
Sent: Wednesday, September 14, 2011 3:35 AM
Subject: Re: rawbody rule for a txt attachment
On Tue, 13 Sep 2011, Jose Sanchez wrote:
> Hello guys,
>
> I would like to know how can I create a SA rule to search for a certain
> domain inside a .txt attachment. Im getting spam emails with no text on the
> body and .txt attachment only, the .txt attachment contains the spam email
> and I would like to tag it as spam if the attachment contains a certain
> domain on it.
>
> Is this possible? If it isnt do you have any suggestions for mitigating this
> type of spam?
>
> Thanks in advance!
I'm betting that your "txt attachment" is also MIME-typed in a way
to bypass SA, something like "Application/OCTET-STREAM"?
If it were properly MIME-typed as "Text/PLAIN" SA should automagically
decode it and place it in the text body to match normal rules.
These attachment-obfuscating spammers bork the MIME-typed to try
to prevent that and rely on the mail client's automagic guess-timation
decoding of the attachment as text due to the file's ending in ".txt"
So does anybody know of a way to get SA to treat these attachments
as text, inspite of the attachment-MIME-obfuscation?
It would be nice if Bayes, URIBL, etc tools could score their contents.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
