Mailing List Archive

See <http://thread.gmane.org/gmane.mail.spam.spamassassin.general/37446>
for a previous discussion of this.

Mike


> -----Original Message-----
> From: Brad Tarver [mailto:btarver@fpwk.com]
> Sent: Wednesday, February 11, 2004 7:40 PM
> To: spamassassin-users@incubator.apache.org
> Subject: ISO subject line
>
>
> What can I put in sa-mimedefang.cf to stomp emails with
> =?iso-8859-1?b?
> in the subject?
>
>
> --
> Brad Tarver, CCNA
> Network Administrator
> Forman Perry Watkins Krutz & Tardy LLP
> 188 East Capitol Street
> Suite 200
> Jackson, MS 39201
> United States
> Ph: 601-960-8600
> Fax: 601-960-8613
>
>
>
> Important Confidentiality And Limited Liability Notice
>
> This email and any attachments may be confidential and
> protected by law. If you are not the intended recipient, be
> aware that any disclosure, copying, distribution or use of
> the email or any attachment is prohibited. If you have
> received this email in error, please notify us immediately by
> replying to the sender and deleting this copy and the reply
> from your system. Please note that any views or opinions
> expressed in this email are solely those of the author and do
> not necessarily represent those of Forman Perry Watkins Krutz
> & Tardy LLP. (FPWK&T). The recipient should check this email
> and any attachments for the presence of viruses. FPWK&T
> accepts no liability for any damage caused by any virus
> transmitted by this email. Thank you for your cooperation.
>
>

> From: Brad Tarver [mailto:btarver@fpwk.com]
> What can I put in sa-mimedefang.cf to stomp emails with
> =?iso-8859-1?b?
> in the subject?

We use this:

header SUBJECT_ENCODED_CE Subject:raw =~ /=\?.*\?=/i
describe SUBJECT_ENCODED_CE Subject encoded
score SUBJECT_ENCODED_CE 10.7

Appears to kill any encoded subject.

If they go to the trouble of encoding the subject
I guess they lose here

Greg


----- Original Message -----
From: "Mike Kuentz (2)" <JunkEmail@rapidigm.com>
To: <spamassassin-users@incubator.apache.org>
Sent: Thursday, February 12, 2004 8:33 AM
Subject: RE: ISO subject line


See <http://thread.gmane.org/gmane.mail.spam.spamassassin.general/37446>
for a previous discussion of this.

Mike


> -----Original Message-----
> From: Brad Tarver [mailto:btarver@fpwk.com]
> Sent: Wednesday, February 11, 2004 7:40 PM
> To: spamassassin-users@incubator.apache.org
> Subject: ISO subject line
>
>
> What can I put in sa-mimedefang.cf to stomp emails with
> =?iso-8859-1?b?
> in the subject?
>
>
> --
> Brad Tarver, CCNA
> Network Administrator
> Forman Perry Watkins Krutz & Tardy LLP
> 188 East Capitol Street
> Suite 200
> Jackson, MS 39201
> United States
> Ph: 601-960-8600
> Fax: 601-960-8613
>
>
>
> Important Confidentiality And Limited Liability Notice
>
> This email and any attachments may be confidential and
> protected by law. If you are not the intended recipient, be
> aware that any disclosure, copying, distribution or use of
> the email or any attachment is prohibited. If you have
> received this email in error, please notify us immediately by
> replying to the sender and deleting this copy and the reply
> from your system. Please note that any views or opinions
> expressed in this email are solely those of the author and do
> not necessarily represent those of Forman Perry Watkins Krutz
> & Tardy LLP. (FPWK&T). The recipient should check this email
> and any attachments for the presence of viruses. FPWK&T
> accepts no liability for any damage caused by any virus
> transmitted by this email. Thank you for your cooperation.
>
>

On Thu, 12 Feb 2004, Greg Cirino - Cirelle Enterprises wrote:

> > From: Brad Tarver [mailto:btarver@fpwk.com]
> > What can I put in sa-mimedefang.cf to stomp emails with
> > =?iso-8859-1?b?
> > in the subject?
>
> We use this:
>
> header SUBJECT_ENCODED_CE Subject:raw =~ /=\?.*\?=/i
> describe SUBJECT_ENCODED_CE Subject encoded
> score SUBJECT_ENCODED_CE 10.7
>
> Appears to kill any encoded subject.
>
> If they go to the trouble of encoding the subject
> I guess they lose here

Just so long as you never need to receive email from somebody
outside the US. QP-encoding is the -correct- way to send
messages with international characters in the headers.
Note that SA has rules that (correctly) hit messages that
have raw 8-bit chars in the headers (that's a violation of
RFC-2822 ).

Some international email clients QP-encode their subjects,
even when it contains nothing but 7-bit ASCII.

--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

From: "David B Funk"
| Just so long as you never need to receive email from somebody
| outside the US. QP-encoding is the -correct- way to send
| messages with international characters in the headers.
| Note that SA has rules that (correctly) hit messages that
| have raw 8-bit chars in the headers (that's a violation of
| RFC-2822 ).
|
| Some international email clients QP-encode their subjects,
| even when it contains nothing but 7-bit ASCII.

I agree there will always be the caveat

I think the flexibility of individual rule setting is the beauty
of SA

Earlier there was a post with a url to a site claiming to be
able to cut past all the filters.

This is one example of a rule they may have no idea exists
(up until now of course)

I'm sure there are a ton more.

Regards
Greg


----- Original Message -----
From: "David B Funk" <dbfunk@engineering.uiowa.edu>
To: "Greg Cirino - Cirelle Enterprises" <gcirino@cirelle.com>
Cc: <spamassassin-users@incubator.apache.org>
Sent: Thursday, February 12, 2004 5:58 PM
Subject: Re: ISO subject line


| On Thu, 12 Feb 2004, Greg Cirino - Cirelle Enterprises wrote:
|
| > > From: Brad Tarver [mailto:btarver@fpwk.com]
| > > What can I put in sa-mimedefang.cf to stomp emails with
| > > =?iso-8859-1?b?
| > > in the subject?
| >
| > We use this:
| >
| > header SUBJECT_ENCODED_CE Subject:raw =~ /=\?.*\?=/i
| > describe SUBJECT_ENCODED_CE Subject encoded
| > score SUBJECT_ENCODED_CE 10.7
| >
| > Appears to kill any encoded subject.
| >
| > If they go to the trouble of encoding the subject
| > I guess they lose here
|
| Just so long as you never need to receive email from somebody
| outside the US. QP-encoding is the -correct- way to send
| messages with international characters in the headers.
| Note that SA has rules that (correctly) hit messages that
| have raw 8-bit chars in the headers (that's a violation of
| RFC-2822 ).
|
| Some international email clients QP-encode their subjects,
| even when it contains nothing but 7-bit ASCII.
|
| --
| Dave Funk University of Iowa
| <dbfunk (at) engineering.uiowa.edu> College of Engineering
| 319/335-5751 FAX: 319/384-0549 1256 Seamans Center
| Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
| #include <std_disclaimer.h>
| Better is not better, 'standard' is better. B{

On Thu, 12 Feb 2004 16:45:21 -0500, Greg Cirino - Cirelle Enterprises wrote:

header SUBJECT_ENCODED_CE  Subject:raw =~ /=\?.*\?=/i
score SUBJECT_ENCODED_CE 10.7

> Appears to kill any encoded subject.

Wich, of clourse, means that you're also killing anything with correctly handled accented, or foreign characters as well as some symbols that are not in the 32-127 range. I guess you don't want to see discussions of the understandably popular drink "piña colada". :-/

Do you do the same with To: and From: (meaning, do you also kill mail from people with such characters in their names?)

I really do think that if you're killing messages just because someone put a "è" in the subject, you should bounce it with an explanation of what you're doing.

And when discussing such rules here, it might be prudent to point out that most europeans should never implement them, so people don't get nasty surpises.

Regards
/Jonas
--
Jonas Eckerman, jonas_lists@frukt.org
http://www.fsdb.org/

Greg Cirino - Cirelle Enterprises <gcirino@cirelle.com> wrote:

> We use this:
>
> header SUBJECT_ENCODED_CE Subject:raw =~ /=\?.*\?=/i
> describe SUBJECT_ENCODED_CE Subject encoded
> score SUBJECT_ENCODED_CE 10.7
>
> Appears to kill any encoded subject.

And how much real mail do you lose because of it? Do you even
know? Assigning 10 points to a single rule -- especially one
with so much potential for false positives -- seems to defeat
the whole philosophy of SpamAssassin.

Note that your rule will block lots of mail from people outside

the US. I hope you don't subscribe to many software-related
discussion lists (like this one). It will even block mail from
Americans who happen to be silly enough to use a Microsoftian
curly apostrophe in a subject line, and that happens all the
time in a business environment.

I use a rule for catching some similar subjects, but it's
limited to catch only those where the encoding is unnecessary
(the characters in the subject are all ASCII), and I score it
low because even then it hits some legitimate mail. Here it
is:

header __SUBJ_ASCII Subject !~ /[^\t -~]/
header __SUBJ_EQ_BANG Subject =~ /=\?/
header __SUBJ_ENCODED Subject:raw =~ /=\?/
meta L_SUBJ_GRATUITOUS_ENCODING __SUBJ_ASCII &&
!__SUBJ_EQ_BANG && __SUBJ_ENCODED
describe L_SUBJ_GRATUITOUS_ENCODING Subject is encoded
unnecessarily
score L_SUBJ_GRATUITOUS_ENCODING 1

--
Keith C. Ivey <kcivey@cpcug.org>
Washington, DC

From: "Keith C. Ivey" <kcivey@cpcug.org>
| Note that your rule will block lots of mail from people outside
|
| the US. I hope you don't subscribe to many software-related
| discussion lists (like this one). It will even block mail from
| Americans who happen to be silly enough to use a Microsoftian
| curly apostrophe in a subject line, and that happens all the
| time in a business environment.


In our application, the mail is not bounced or not delivered

It's just not delivered to the Inbox

Also, every one of the messages that has arrived with the
subject encoded has had text that is normally blocked by SA
when unencoded.

When encoded SA fails to catch it.

In our case there have been zero FPs and appears to do the
job it was intended to perform.

Besides, someone asked, I just shared. I didn't require them
to use it.

It works perfectly for us.

If they use it and it works for them, more power to them, If it
fails, I guess they just need to keep looking.

Best Regards
Greg