[Rspamd-Users] BASE64 Encoding in FROM
Vsevolod Stakhov
vsevolod at rspamd.com
Tue Nov 13 17:14:58 UTC 2018
On 13/11/2018 15:13, Wiethoff, Helge wrote:
> Hello everyone,
>
> I'm seeing a lot of spam where the from field is BASE64 encoded:
> From: =?UTF-8?B?TXVzdGVyLCBNYXggPG1heC5tdXN0ZXJAZXhhbXBsZS5jb20+?= <max.muster at example.com>
>
> The decoded BASE64 string is an email address (including angle brackets). Unfortunately rspamd does not recognize the doubled FROM. Has anyone an idea how to filter those multiple froms?
>
>
> Thanks
> Helge
>
> PS: Sorry for the "double post" -- I was asking this already in the chat but my client died right after asking...
>
>
>
This is very weird indeed. I have fixed that in the commit
352a465639b64e024e54e25b76d59e4e68b798b5
and then reverted it back with the following trace in IRC:
19:00 < rspamd-commits> [rspamd] vstakhov pushed 1 new commit to master:
https://git.io/vNixM
19:00 < rspamd-commits> rspamd/master a4255c6 Vsevolod Stakhov: Revert
"[Fix] Use decoded values when parsing mime addresses"...
19:01 <@cebka> hum
19:01 <@cebka> this commit seems invalid
19:01 <@cebka> and I cannot find any traces why have I done it :(
That is really quite surprising. Now I have no traces why was it
considered invalid as well :(
More information about the Users
mailing list