Base64 body

hi,

can you show us an example?
 
Pls show the entire email raw format include the headers as well.
 
@oguz you can see the raw text here
Code: 
Received: from SERVER001 (127.0.0.1) by SERVER001.RETE.local (127.0.0.1)
 with Microsoft SMTP Server id 14.3.382.0; Thu, 6 May 2021 07:06:38 +0200
Received: by [SERVER001.RETE.local (Microsoft Connector for POP3
 Mailboxes)] id <"{78E10915-ABA6-42C7-9D17-94E73FFA7BE1}"@RETE.local>; Thu,
 6 May 2021 07:06:38 +0200
Received: from proxmox.domain.ext (UnknownHost) by mailserver.domain.ext
 with SMTP    (version=TLS\Tls12    cipher=Aes256 bits=256);   Thu, 6 May 2021
 07:05:33 +0200
Received: from proxmox.domain.ext (localhost.localdomain [127.0.0.1])    by
 proxmox.domain.ext (Proxmox) with ESMTP id 076931C4532    for
 <user@domain.ext>; Thu,  6 May 2021 07:05:28 +0200 (CEST)
Received: from contato55.rlsfinanceiro.com (Bb021.markstore1404.website
 [188.124.51.117])    by proxmox.domain.ext (Proxmox) with ESMTP id AD5561C4499    for
 <user@domain.ext>; Thu,  6 May 2021 07:05:26 +0200 (CEST)
Received: by contato55.rlsfinanceiro.com (Exim, from userid 33)    id A14093E477;
 Thu,  6 May 2021 02:00:58 -0300 (-03)
From: REMAX BRASIL <remax@contato55.rlsfinanceiro.com>
To: User <user@domain.ext>
Subject: SEU ORCAMENTO FOI CONCLUIDO.
Thread-Topic: SEU ORCAMENTO FOI CONCLUIDO.
Thread-Index: AQHXQjWYwNGokmTwC0uE5586XzI2rA==
Date: Thu, 6 May 2021 05:00:58 +0000
Message-ID: <20210506050526.A14093E477@contato55.rlsfinanceiro.com>
Reply-To: "remax@contato55.rlsfinanceiro.com"
    <remax@contato55.rlsfinanceiro.com>
Content-Language: it-IT
X-MS-Exchange-Organization-AuthSource: SERVER001.RETE.local
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
received-spf: pass (contato55.rlsfinanceiro.com: 188.124.51.117 is
 authorized to use 'remax@contato55.rlsfinanceiro.com' in 'mfrom' identity
 (mechanism 'a' matched)) receiver=proxmox.domain.ext; identity=mailfrom;
 envelope-from="remax@contato55.rlsfinanceiro.com";
 helo=contato55.rlsfinanceiro.com; client-ip=188.124.51.117
Content-Type: multipart/alternative;
    boundary="_000_20210506050526A14093E477contato55rlsfinanceirocom_"
MIME-Version: 1.0

--_000_20210506050526A14093E477contato55rlsfinanceirocom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

DQoNCiA8aHR0cHM6Ly9yZW1heC5yZG1haWwuY29tLmJyL3RoZW1lcy9fcmVtYXgvaW1nL2hlYWRl
ci5qcGc+DQoNCg0KUEVESURPIERFIE9Sw4dBTUVOVE86DQoNClByZXphZG8gYWNxdWlzdGlAZGRs
c3RhbXBhZ2dpby5pdCwgZW52aWFtb3MgbyBvcsOnYW1lbnRvIHVuaWZpY2FkbyByZWZlcmVudGUg
w6AgdG9kb3Mgb3MgbWF0ZXJpYWlzIG5lY2Vzc8OhcmlvcyBwYXJhIGEgcmVmb3JtYSBkbyBzZXUg
aW3Ds3ZlbC4NCk9Sw4dBTUVOVE9fVU5JRklDQURPLlBERjxodHRwOi8vbGNhd2UuZ3NmYm9mZmNo
Y3JhcmNzY3JlaG1hZ3VzYW1qZnNhY2guYnV6ei9BMjNaMlZDTlVpTi8uLkFVaVprUlpERE4wWU5p
M0Q2L1ZYRUM3MFlUMEwzLzY3NTY3My5PUkNBTUVOVE9fVU5JRklDQURPLlBERj4NCg0KDQpQZWRp
bW9zIHF1ZSB2b2PDqiBjb25maXJhIGF0ZW50YW1lbnRlIHRvZG9zIG9zIGl0ZW5zIGUgdmFsb3Jl
cy4NCg0KQXRlbmNpb3NhbWVudGUsDQpFcXVpcGUgUkUvTUFYIEJyYXNpbA0KIDxodHRwczovL3Jl
bWF4LnJkbWFpbC5jb20uYnIvdGhlbWVzL19yZW1heC9pbWcvZm9vdGVyLmpwZz4NCg0KDQoNCiA8
aHR0cHM6Ly9yZW1heC5yZG1haWwuY29tLmJyL2VtYWlsLzYwODlkYWJmNjVlNDk1MTc5MzIxMTUu
Z2lmPg0KDQo=

--_000_20210506050526A14093E477contato55rlsfinanceirocom_
Content-Type: text/html; charset="utf-8"
Content-ID: <13D020A7BEB8CE4880F70CDF55F1FFA8@RETE.local>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjx0aXRsZT5SRU1BWCBCUkFTSUw8L3RpdGxlPg0K
PC9oZWFkPg0KPGJvZHk+DQo8ZGl2IHN0eWxlPSJ0ZXh0LWFsaWduOiBjZW50ZXI7Ij4mbmJzcDs8
L2Rpdj4NCjxkaXYgY2xhc3M9InYxY29udGVudC1wYWRkaW5nIiBzdHlsZT0icGFkZGluZzogMHB4
OyBib3JkZXItdG9wOiAwcHg7IGZvbnQtZmFtaWx5OiBIZWx2ZXRpY2EsIEFyaWFsLCBzYW5zLXNl
cmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiByZ2IoMjQ3LCAyNDcsIDI0Nyk7IHdpZHRoOiA2ODRweDsg
Zm9udC1zaXplOiAxNHB4OyBjb2xvcjogcmdiKDExOSwgMTE5LCAxMTkpOyB0ZXh0LWFsaWduOiBj
ZW50ZXI7IGxpbmUtaGVpZ2h0OiAyMHB4OyI+DQo8Y2VudGVyPg0KPHRhYmxlIGNlbGxwYWRkaW5n
PSIwIiBjZWxsc3BhY2luZz0iMCIgY2xhc3M9InYxdzMyMCIgc3R5bGU9ImJvcmRlci1jb2xsYXBz
ZTogY29sbGFwc2U7IGJhY2tncm91bmQ6IHJnYigyNTUsIDI1NSwgMjU1KTsiIHdpZHRoPSI2MDAi
Pg0KPHRib2R5Pg0KPHRyPg0KPHRkIGNsYXNzPSJ2MWhlYWRlci1sZyB2MXVpLXNvcnRhYmxlIiBz
dHlsZT0iZm9udC1zaXplOiAyMHB4OyBjb2xvcjogcmdiKDc3LCA3NywgNzcpOyB0ZXh0LWFsaWdu
OiBjZW50ZXI7IGxpbmUtaGVpZ2h0OiAyMHB4OyBib3JkZXItY29sbGFwc2U6IGNvbGxhcHNlOyBm
b250LXdlaWdodDogNzAwOyBwYWRkaW5nOiAwcHg7Ij4NCiZuYnNwOzwvdGQ+DQo8L3RyPg0KPHRy
Pg0KPHRkIGNsYXNzPSJ2MW1pbmktYmxvY2stY29udGFpbmVyIiBzdHlsZT0ibGluZS1oZWlnaHQ6
IDIwcHg7IGJvcmRlci1jb2xsYXBzZTogY29sbGFwc2U7IHdpZHRoOiA1MDBweDsiPg0KPHRhYmxl
IGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgd2lkdGg9IjEwMCUiPg0KPHRib2R5Pg0K
PHRyPg0KPHRkPg0KPGRpdiBzdHlsZT0icGFkZGluZy10b3A6IDBweDsgYm9yZGVyLXRvcDogMHB4
OyBwb3NpdGlvbjogcmVsYXRpdmU7IGxlZnQ6IDBweDsgdG9wOiAwcHg7Ij4NCjxpbWcgYWx0PSJM
b2dvdGlwbyIgY2xhc3M9InYxZnItdmlldyIgc3JjPSJodHRwczovL3JlbWF4LnJkbWFpbC5jb20u
YnIvdGhlbWVzL19yZW1heC9pbWcvaGVhZGVyLmpwZyIgc3R5bGU9ImJvcmRlcjogMHB4OyIgd2lk
dGg9IjYwMCI+PGJyPg0KPGRpdiBzdHlsZT0iY2xlYXI6IGJvdGg7Ij4mbmJzcDs8L2Rpdj4NCjwv
ZGl2Pg0KPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgY2xhc3M9InYxbWluaS1ibG9jayB2MXVpLXNv
cnRhYmxlIiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyBsaW5lLWhlaWdodDogMjBweDsgYm9y
ZGVyLWNvbGxhcHNlOiBjb2xsYXBzZTsgd2lkdGg6IDQ5OHB4OyBwYWRkaW5nOiAyMHB4OyI+DQo8
ZGl2IGNsYXNzPSJ2MXVzZXItbXNnIiBzdHlsZT0icGFkZGluZzogMTBweCAwcHg7IGJvcmRlci10
b3A6IDBweDsgdGV4dC1hbGlnbjogbGVmdDsiPg0KPHNwYW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwg
MCwgMCk7Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxOHB4OyI+PHN0cm9uZz5QRURJRE8gREUg
T1LDh0FNRU5UTzo8L3N0cm9uZz48L3NwYW4+PC9zcGFuPg0KPGRpdiBzdHlsZT0idGV4dC1hbGln
bjoganVzdGlmeTsiPjxicj4NCjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyI+UHJl
emFkbyBhY3F1aXN0aUBkZGxzdGFtcGFnZ2lvLml0LCBlbnZpYW1vcyBvIG9yw6dhbWVudG8gdW5p
ZmljYWRvIHJlZmVyZW50ZSDDoCB0b2RvcyBvcyBtYXRlcmlhaXMgbmVjZXNzw6FyaW9zIHBhcmEg
YSByZWZvcm1hIGRvIHNldSBpbcOzdmVsLjwvc3Bhbj48L2Rpdj4NCjwvZGl2Pg0KPGRpdiBhbGln
bj0ibGVmdCI+PGEgaHJlZj0iaHR0cDovL2xjYXdlLmdzZmJvZmZjaGNyYXJjc2NyZWhtYWd1c2Ft
amZzYWNoLmJ1enovQTIzWjJWQ05VaU4vLi5BVWlaa1JaREROMFlOaTNENi9WWEVDNzBZVDBMMy82
NzU2NzMuT1JDQU1FTlRPX1VOSUZJQ0FETy5QREYiPjxmb250IGNvbG9yPSIjZmZmZmZmIj48c3Bh
biBzdHlsZT0iYm9yZGVyLWNvbG9yOiByZ2IoNzgsIDkzLCAxNTcpOyBib3JkZXItd2lkdGg6IDEw
cHggMjBweDsgYm9yZGVyLXN0eWxlOiBzb2xpZDsgYm9yZGVyLXJhZGl1czogM3B4OyBiYWNrZ3Jv
dW5kLWNvbG9yOiByZ2IoNzgsIDkzLCAxNTcpOyBkaXNwbGF5OiBpbmxpbmUtYmxvY2s7IGZvbnQt
c2l6ZTogMTZweDsiPk9Sw4dBTUVOVE9fVU5JRklDQURPLlBERjwvc3Bhbj48L2ZvbnQ+PC9hPg0K
PGRpdiBzdHlsZT0iY2xlYXI6IGJvdGg7Ij4mbmJzcDs8L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFz
cz0idjF1c2VyLW1zZyIgc3R5bGU9InBhZGRpbmc6IDEwcHggMHB4OyB0ZXh0LWFsaWduOiBsZWZ0
OyI+PGJyPg0KPHNwYW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7Ij48c3Ryb25nPlBlZGlt
b3MgcXVlIHZvY8OqIGNvbmZpcmEgYXRlbnRhbWVudGUgdG9kb3Mgb3MgaXRlbnMgZSB2YWxvcmVz
Ljwvc3Ryb25nPjxicj4NCjxicj4NCkF0ZW5jaW9zYW1lbnRlLCA8YnI+DQpFcXVpcGUgUkUvTUFY
IEJyYXNpbCAmbmJzcDs8L3NwYW4+PC9kaXY+DQo8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD4NCjxk
aXYgc3R5bGU9InBhZGRpbmctdG9wOiAwcHg7IGJvcmRlci10b3A6IDBweDsgcG9zaXRpb246IHJl
bGF0aXZlOyBsZWZ0OiAwcHg7IHRvcDogMHB4OyI+DQo8aW1nIGFsdD0iUm9kYXDDqSIgY2xhc3M9
InYxZnItdmlldyIgc3JjPSJodHRwczovL3JlbWF4LnJkbWFpbC5jb20uYnIvdGhlbWVzL19yZW1h
eC9pbWcvZm9vdGVyLmpwZyIgc3R5bGU9ImJvcmRlcjogMHB4OyIgd2lkdGg9IjYwMCI+PGJyPg0K
PGRpdiBzdHlsZT0iY2xlYXI6IGJvdGg7Ij4mbmJzcDs8L2Rpdj4NCjwvZGl2Pg0KPC90ZD4NCjwv
dHI+DQo8L3Rib2R5Pg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+
DQo8cCBzdHlsZT0iZm9udC1zaXplOiAxMXB4OyBjb2xvcjogcmdiKDE1MywgMTUzLCAxNTMpOyI+
PGltZyBoZWlnaHQ9IjEiIHNyYz0iaHR0cHM6Ly9yZW1heC5yZG1haWwuY29tLmJyL2VtYWlsLzYw
ODlkYWJmNjVlNDk1MTc5MzIxMTUuZ2lmIiBzdHlsZT0iYm9yZGVyOiAwcHg7IGNvbG9yOiByZ2Io
MTAzLCAxMDMsIDEwMyk7IGZvbnQtc2l6ZTogMTJweDsiIHdpZHRoPSIxIj48L3A+DQo8L2NlbnRl
cj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_20210506050526A14093E477contato55rlsfinanceirocom_--
 
abzsol said:
in these days I've seen some spam messages with all the body coded with base64.
Is there anything I can do for blocking messages with all the body encoded?
Thanks in advance.
Click to expand...
Not really - since encoding utf-8 characters in the mail-body with base64 is quite common and in my experience not a good indication for spam...

Things I would rather consider:
* check the logs on PMG for that mail - the spamassassin-hits can point to problems in the configuration


There is one spamassassin rule which might help:
Code: 
describe MIME_BASE64_TEXT    Message text disguised using base64 encoding

but as said - base64 in the mail-body is not a direct indication of spam.

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back