[Rspamd-Users] BASE64 Encoding in FROM

Vsevolod Stakhov vsevolod at rspamd.com
Tue Nov 13 17:14:58 UTC 2018

On 13/11/2018 15:13, Wiethoff, Helge wrote:
> Hello everyone,
> I'm seeing a lot of spam where the from field is BASE64 encoded:
> From: =?UTF-8?B?TXVzdGVyLCBNYXggPG1heC5tdXN0ZXJAZXhhbXBsZS5jb20+?= <max.muster at example.com>
> The decoded BASE64 string is an email address (including angle brackets). Unfortunately rspamd does not recognize the doubled FROM. Has anyone an idea how to filter those multiple froms?
> Thanks
> Helge
> PS: Sorry for the "double post" -- I was asking this already in the chat but my client died right after asking...

This is very weird indeed. I have fixed that in the commit


and then reverted it back with the following trace in IRC:

19:00 < rspamd-commits> [rspamd] vstakhov pushed 1 new commit to master:
19:00 < rspamd-commits> rspamd/master a4255c6 Vsevolod Stakhov: Revert
"[Fix] Use decoded values when parsing mime addresses"...
19:01 <@cebka> hum
19:01 <@cebka> this commit seems invalid
19:01 <@cebka> and I cannot find any traces why have I done it :(

That is really quite surprising. Now I have no traces why was it
considered invalid as well :(

More information about the Users mailing list