Greek regex
- Thread starter treloskilo
- Start date
Try out spamassassin custom rules. I use below custom rules to score email subject with special encoding.
I believe Greek encoding is ISO-8859-7, you can double check it from your Greek email raw format.
You can customized your own rule under /etc/mail/spamassassin/custom.cf, and restart spamassinssin service with command "systemctl restart pmt-smtp-filter"
I believe Greek encoding is ISO-8859-7, you can double check it from your Greek email raw format.
You can customized your own rule under /etc/mail/spamassassin/custom.cf, and restart spamassinssin service with command "systemctl restart pmt-smtp-filter"
Code:
# Subjects with UTF-8 encoding
header SUBJ_UTF8 Subject:raw =~ /=?utf-8?.?/i
describe SUBJ_UTF8 Subject with UTF-8 encoding
score SUBJ_UTF8 1.0
# Subjects with EUC encoding
header __EUC_CN Subject:raw =~ /=?euc-cn?.?/i
header __EUC_JP Subject:raw =~ /=?euc-jp?.?/i
header __EUC_KR Subject:raw =~ /=?euc-kr?.?/i
header __EUC_TW Subject:raw =~ /=?euc-tw?.?/i
meta SUBJ_EUC ( __EUC_CN || __EUC_JP || __EUC_KR || __EUC_TW )
describe SUBJ_EUC Subjects with EUC encoding
score SUBJ_EUC 1.0how will i write that ? Its the subject in raw in utf8
=?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?=
=?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?=
ifplugin Mail::SpamAssassin:
lugin::RelayCountry
add_header all Relay-Country _RELAYCOUNTRY_
header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(CN|RU|UA|RO|VN)/
describe RELAYCOUNTRY_BAD Relayed through spammy country at some point
score RELAYCOUNTRY_BAD 2.0
header RELAYCOUNTRY_GOOD X-Relay-Countries =~ /^(CO|AT|CH)/
describe RELAYCOUNTRY_GOOD First untrusted GW is CO, AT or CH
score RELAYCOUNTRY_GOOD -0.5
endif # Mail::SpamAssassin:lugin::RelayCountry
header RCVD_IN_BRBL eval:check_rbl('brbl-lastexternal', 'b.barracudacentral.org.', '127.0.0.2')
describe RCVD_IN_BRBL Received via a relay in Barracuda RBL
tflags RCVD_IN_BRBL net
score RCVD_IN_BRBL 1.4
header RCVD_IN_NIX_SPAM eval:check_rbl('nix-spam-lastexternal', 'ix.dnsbl.manitu.net.')
describe RCVD_IN_NIX_SPAM Listed in NiX Spam DNSBL (heise.de)
tflags RCVD_IN_NIX_SPAM net
score RCVD_IN_NIX_SPAM 1.4
header RCVD_IN_WPBL eval:check_rbl('wpbl-lastexternal', 'db.wpbl.info.', '127.0.0.2')
describe RCVD_IN_WPBL Listed in WPBL
tflags RCVD_IN_WPBL net
score RCVD_IN_WPBL 1.4
ifplugin Mail::SpamAssassin:lugin::HashBL
header HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
describe HASHBL_EMAIL Message contains email address found on EBL
score HASHBL_EMAIL 1.0
endif
# Subjects with UTF-8 encoding
header SUBJ_UTF8 Subject:raw =~ /=?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?=.?/i
describe SUBJ_UTF8 Subject with UTF-8 encoding
score SUBJ_UTF8 4.0
lugin::RelayCountryadd_header all Relay-Country _RELAYCOUNTRY_
header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(CN|RU|UA|RO|VN)/
describe RELAYCOUNTRY_BAD Relayed through spammy country at some point
score RELAYCOUNTRY_BAD 2.0
header RELAYCOUNTRY_GOOD X-Relay-Countries =~ /^(CO|AT|CH)/
describe RELAYCOUNTRY_GOOD First untrusted GW is CO, AT or CH
score RELAYCOUNTRY_GOOD -0.5
endif # Mail::SpamAssassin:
lugin::RelayCountryheader RCVD_IN_BRBL eval:check_rbl('brbl-lastexternal', 'b.barracudacentral.org.', '127.0.0.2')
describe RCVD_IN_BRBL Received via a relay in Barracuda RBL
tflags RCVD_IN_BRBL net
score RCVD_IN_BRBL 1.4
header RCVD_IN_NIX_SPAM eval:check_rbl('nix-spam-lastexternal', 'ix.dnsbl.manitu.net.')
describe RCVD_IN_NIX_SPAM Listed in NiX Spam DNSBL (heise.de)
tflags RCVD_IN_NIX_SPAM net
score RCVD_IN_NIX_SPAM 1.4
header RCVD_IN_WPBL eval:check_rbl('wpbl-lastexternal', 'db.wpbl.info.', '127.0.0.2')
describe RCVD_IN_WPBL Listed in WPBL
tflags RCVD_IN_WPBL net
score RCVD_IN_WPBL 1.4
ifplugin Mail::SpamAssassin:
lugin::HashBLheader HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
describe HASHBL_EMAIL Message contains email address found on EBL
score HASHBL_EMAIL 1.0
endif
# Subjects with UTF-8 encoding
header SUBJ_UTF8 Subject:raw =~ /=?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?=.?/i
describe SUBJ_UTF8 Subject with UTF-8 encoding
score SUBJ_UTF8 4.0
Dec 26 12:16:32 mail postfix/cleanup[2014062]: D3AC4BC0981: info: header From: from mail-ua1-f54.google.com[209.85.222.54]; from=<> to=<> proto=ESMTP helo=<>
Dec 26 12:16:32 mail postfix/cleanup[2014062]: D3AC4BC0981: info: header Subject: =?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?= from mail-ua1-f54.google.com[209.85.222.54]; from=<> to=<> proto=ESMTP helo=<>
Dec 26 12:16:32 mail postfix/cleanup[2014062]: D3AC4BC0981: info: header To: from mail-ua1-f54.google.com[209.85.222.54]; from=<> to=<> proto=ESMTP helo=<>
Dec 26 12:16:32 mail postfix/qmgr[1979424]: D3AC4BC0981: from=<>, size=3413, nrcpt=1 (queue active)
Dec 26 12:16:34 mail postfix/qmgr[1979424]: 0D012BC14CD: from=<>, size=4830, nrcpt=1 (queue active)
Dec 26 12:16:32 mail postfix/cleanup[2014062]: D3AC4BC0981: info: header Subject: =?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?= from mail-ua1-f54.google.com[209.85.222.54]; from=<> to=<> proto=ESMTP helo=<>
Dec 26 12:16:32 mail postfix/cleanup[2014062]: D3AC4BC0981: info: header To: from mail-ua1-f54.google.com[209.85.222.54]; from=<> to=<> proto=ESMTP helo=<>
Dec 26 12:16:32 mail postfix/qmgr[1979424]: D3AC4BC0981: from=<>, size=3413, nrcpt=1 (queue active)
Dec 26 12:16:34 mail postfix/qmgr[1979424]: 0D012BC14CD: from=<>, size=4830, nrcpt=1 (queue active)
I want the specific =?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?=
And besides that i want it to be completely blocked not quarantined
And besides that i want it to be completely blocked not quarantined
Last edited:
Then are you sure your incoming email have the same subject in the UTF-8 encoding?
Attach your email raw format like this.
Code:
Delivered-To: ashley@eadeco.com.my
Return-Path: cenderarnata1@gmail.com
Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'cenderarnata1@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=pmg.eadeco.com.my; identity=mailfrom; envelope-from="cenderarnata1@gmail.com"; helo=mail-yb1-f176.google.com; client-ip=209.85.219.176
Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176])
by pmg.eadeco.com.my (Proxmox) with ESMTP
for <ashley@eadeco.com.my>; Sun, 26 Dec 2021 12:47:25 +0800 (+08)
Received: by mail-yb1-f176.google.com with SMTP id d201so10673406ybc.7
for <ashley@eadeco.com.my>; Sat, 25 Dec 2021 20:47:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:from:date:message-id:subject:to;
bh=XwltW8BxOKO7JFWY0erWTk+udaLImsXOVM/94YZ0U1k=;
b=hsVMQJ7VyliPXRLdhI4JMEBdAStKcb/XvqbIX+DoTI3f2RC1MHuoqzNEfbAm8sIbq4
TW4NSZ4PzSx5ekkCp82k8iWBSfcO4pBJX77KVJoW8Tthy0pIvszM01UPrFRafwVoWR3E
j9YZwkCtDCR8C73uHhF99B+sE7TMFmrDdio4FrysMFrVpuC5tKFhmSsTN8kOG2t+nOe8
699GsAmo2yXLM39W9jZqNzWgbtLjj2J8mCTsbTlIKDO89SCTuHGuIWJ0rgYDwLMA2ept
c2Y9mZwqfkTDkUCwtO4N7vi993HbvD4XUYdY3gWBxSjEYhsi36d5+pHBL34rnz9qDKA9
NVtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=XwltW8BxOKO7JFWY0erWTk+udaLImsXOVM/94YZ0U1k=;
b=Ue4+eeUWjg+nzuYhv85NGaOtAJSwzrbdiWQFh+tQy5mVN6XqC69t5sNavMvH4bOU5p
8o2YcKQC83LZvyCei8VKMqaEhgbl0QNKi4kt7sbykBt/t9ZBNo8BeWuicCC4wB6rDA1b
Ns+7WMI6VBPNTsn07ax1mYMD+bU6e077c6YH+1B7rnQ5PjlaazUWZvdMWBC6HKocMTiZ
14DHOoBeHYvRgCZt6X+GZ7jAH/wIijc1GpbWCO1kKM9F2+WJQRDRtzNjVdOCUMfNWtei
ZhMb+bTSxOkczILSzmrjB8lPQX6PblGg78f9U9jIXKZkaLpgdUws0DxNre/18Op9hY5g
AuKw==
X-Gm-Message-State: AOAM530gEO2mVzMQx6vz2STaOcmWyVqLCoki1yVROycR288z5goDm9vf
hM853KpDj9dnfw/sW31aFRHrIbtf8GF6WE+jyf8=
X-Google-Smtp-Source: ABdhPJxdgGMI7u8a5GH8Ze9OG93Oe5qtF/FVNyzoX8I61lBxeBX1sV6hmNiR49lHJJp4kq1mOf5PRNodmKsETvtHbUA=
X-Received: by 2002:a25:1342:: with SMTP id 63mr9941178ybt.51.1640494028609;
Sat, 25 Dec 2021 20:47:08 -0800 (PST)
MIME-Version: 1.0
From: Chew Sk <cenderarnata1@gmail.com>
Date: Sun, 26 Dec 2021 12:46:54 +0800
Message-ID: <CAGh+TxL=FgVMMvf4x5g41q3G=3Sg-5jGcFBhV5Akd4nn3JY=wA@mail.gmail.com>
Subject: Re: western union
To: Chew Sk <cenderarnata1@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000d4dfd305d40547fd"
Bcc: ashley@eadeco.com.my
X-SPAM-LEVEL: Spam detection results: 8
BAYES_40 -0.001 Bayes spam probability is 20 to 40%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
FREEMAIL_ENVFROM_END_DIGIT 0.25 Envelope-from freemail username ends in digit
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
FREEMAIL_REPLY 1 From and body contain different freemails
HTML_MESSAGE 0.001 HTML included in message
KAM_WU 5 Western Union Scam
LOTS_OF_MONEY 0.001 Huge... sums of money
MONEY_FORM_SHORT 2.5 Lots of money if you fill out a short form
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_FILL_THIS_FORM_SHORT 0.01 Fill in a short form with personal information
--000000000000d4dfd305d40547fd
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
The IMF is compensating all the victims which victimized by excess tax and
charges during claim / transfer of funds processes. Your among the list
that won
We have concluded to effect payment in your favor by Western Union Money
Transfer for easy pick up of Five Thousand United States Dollars Only
($5,000.00 USD) twice daily until is completely transferred to you.
Stated below is the information of the first Four Thousand United States
Dollars ($5,000.00 USD) We paid today ..
Money Transfer Control Numbers (MTCN) . 9827606794
You can use the below western union tracking website to track and confirm
the availability of your fist four thousand dollars we transfer today..
www.westernunion.com/global-service/track-transfer
We now need your information where we will be sending the funds, such as;
Receiver=E2=80=99s Name (Your full Name), address and phone number. Contact=
Western
Union Agent with this E-mail: (transferagenstwesternunion@gmail.com
Thanks you,
--000000000000d4dfd305d40547fd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">The IMF is compensating all the victims which victimized b=
y excess tax and charges during claim / transfer of funds processes. Your a=
mong the list that won<br>We have concluded to effect payment in your favor=
by Western Union Money Transfer for easy pick up of Five Thousand United S=
tates Dollars Only ($5,000.00 USD) twice daily until is completely transfer=
red to you.<br>Stated below is the information of the first Four Thousand U=
nited States Dollars ($5,000.00 USD) =C2=A0We paid today ..<br>Money Transf=
er Control Numbers (MTCN) . 9827606794<br>You can use the below western uni=
on tracking website to track and confirm the availability of your fist four=
thousand dollars we transfer today..<br><a href=3D"http://www.westernunion=
.com/global-service/track-transfer">www.westernunion.com/global-service/tra=
ck-transfer</a> =C2=A0<br>We now need your information where we will be sen=
ding the funds, such as; Receiver=E2=80=99s Name (Your full Name), address =
and phone number. Contact Western Union Agent with this E-mail: (<a href=3D=
"mailto:transferagenstwesternunion@gmail.com">transferagenstwesternunion@gm=
ail.com</a><br><br>Thanks you,<br></div>
--000000000000d4dfd305d40547fd--Received: from by
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Mailbox
Transport; Sun, 26 Dec 2021 14:45:13 +0200
Received: from by
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Sun, 26 Dec
2021 14:45:13 +0200
Received: from by
with Microsoft SMTP Server id 15.1.2242.12 via Frontend
Transport; Sun, 26 Dec 2021 14:45:13 +0200
Received: from mail (localhost.localdomain [127.0.0.1])
by (email server) with ESMTP id 9187CBC156B
for <>; Sun, 26 Dec 2021 14:45:13 +0200 (EET)
Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use '' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=; identity=mailfrom; envelope-from=""; helo=; client-ip=209.85.222.53
Received: from (mail-ua1-f53.google.com [209.85.222.53])
by (email server) with ESMTP id 59045BC13CC
for <>; Sun, 26 Dec 2021 14:45:11 +0200 (EET)
Received: by mail-ua1-f53.google.com with SMTP id i6so22371065uae.6
for <>; Sun, 26 Dec 2021 04:45:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:from:date:message-id:subject:to;
bh=XtTr58bJCi7+7vBWky0KglM1SJc45RibWSrC7L20Jtw=;
b=Q6MD7ibL8+1STVlBOR6HeK0Fq4ID5q1c8hm4fJ9O38aK/bUm+qYl2iSFcFuqvrOFKZ
IpjrasOiokZZ3itRyUJxg8rND3M+LVitzKWkc2wUSKkbeJH+m0R6f2r/br/sMEmP5mxz
PpmfPgOK9LJNCKh1KPXWS+G7WGCouXvL6u8Yk3x5G7VcD+PZmpka9dUQwM8FPlHRKj24
/BEf27aTHoaLmr4y12cBIcUGlxTy3AqRVWzBUzS987uGLXfkllitasjpVf3HH6UbwyHX
WjqJT/nyf9+R9yBnWoSX+Je8yTSnuUbex0g0QWfIw9XdNLa5GAhGLEJI+/gNFKZohVGd
fM7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=XtTr58bJCi7+7vBWky0KglM1SJc45RibWSrC7L20Jtw=;
b=ZFp2hntvjkAoPEPz4mbIYplFwTKyRE0dfYVfGV7rFZHrKXU/jIaN/z1FIWUzrUYmTr
sFFZJg/RUhnpiEjbyE/BIXDTXwu1oMrJfaSsuUAkg+Kd11R2ydvPu8s1nmv4hAxzaKVp
9aGNYV+SWuRYBXh1ijIxWhMQMHdy/yyMV+j3qA5LPSbf1O/o8t8VXH7bNKJdQ3OFwIaR
1Iuzs+3pWgmpPJ4dXLOGwqc/1A3j9UydawBYef2GmphqLbqNm++j5wD6wv1Rwr4QY37s
+78OsEFaxgxJdnNSmUol1pKnVOYpciWKYDHjXH8boodH81YZ0DfwKMMb8szjzxhmY0Ww
jgKA==
X-Gm-Message-State: AOAM533GcJfqbhSGzICaOGLn4xipPbEufonX2TNbSrV7RdQNBLxx5u1Z
jfbEiIbmPfeeHcQsUj2TWqTACCxCymtqgotjqhIYTYnW
X-Google-Smtp-Source: ABdhPJxeg/PCHRCVf/Cf4DLyCYxMEk9kMtu0HE1TSGWGxF783Ubtog0p0B2Tase/1QCpF8CxnZ0zAL7sCVapbHgcoO4=
X-Received: by 2002:a05:6102:1346:: with SMTP id j6mr3654963vsl.44.1640522709970;
Sun, 26 Dec 2021 04:45:09 -0800 (PST)
From:
Date: Sun, 26 Dec 2021 14:44:56 +0200
Message-ID: <CAHDZEEHd7ij7zpm3QZJ2LQsE=LvJUZk0ssW-_foWTunGLZ4iVA@mail.gmail.com>
Subject: =?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=
=?UTF-8?B?z4nOuM61zq8u?=
To:
Content-Type: multipart/alternative; boundary="0000000000005fb45205d40bf59b"
X-WatchGuard-Spam-ID: v=2.4 cv=VfSUgHl9 c=1 sm=1 tr=0 ts=61c863d7 a=nvrhNPqt7iNyxjAkBxserw==:117 a=IOMw9HtfNCkA:10 a=5KLPUuaC_9wA:10 a=x7bEGLp0ZPQA:10 a=lL60hPLNXA4A:10 a=WypApS6OpP-Hjt4RPHoA:9 a=QEXdDO2ut3YA:10 a=xaQ34Qmgsrlp6UVKqTsA:9
X-WatchGuard-Spam-Score: clean
X-WatchGuard-Mail-Client-IP: 209.85.222.53
X-WatchGuard-Mail-From:
X-WatchGuard-Mail-Recipients:
X-SPAM-LEVEL: Spam detection results: 5
AWL -3.533 Adjusted score from AWL reputation of From: address
DKIM_ADSP_CUSTOM_MED 0.001 No valid author signature, adsp_override is CUSTOM_MED
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
FSL_BULK_SIG 1.774 Bulk signature with no Unsubscribe
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
NML_ADSP_CUSTOM_MED 1.2 ADSP custom_med hit, and not from a mailing list
PYZOR_CHECK 1.985 Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/)
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
RCVD_IN_ZEN_BLOCKED_OPENDNS 0.001 ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
SUBJ_UTF8 4 Subject with UTF-8 encoding
Return-Path: treloskilo@gmail.com
X-MS-Exchange-Organization-Network-Message-Id: 0666d230-5711-46bd-60c4-08d9c86d8fa0
X-MS-Exchange-Organization-AuthSource: Mail1.htravel.local
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.3150763
X-MS-Exchange-Processed-By-BccFoldering: 15.01.2242.012
MIME-Version: 1.0
--0000000000005fb45205d40bf59b
Content-Type: text/plain; charset="UTF-8"
vd
--0000000000005fb45205d40bf59b
Content-Type: text/html; charset="UTF-8"
X-WatchGuard-AntiVirus: part scanned. clean action=allow
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div dir="ltr">vd</div>
--0000000000005fb45205d40bf59b--
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Mailbox
Transport; Sun, 26 Dec 2021 14:45:13 +0200
Received: from by
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Sun, 26 Dec
2021 14:45:13 +0200
Received: from by
with Microsoft SMTP Server id 15.1.2242.12 via Frontend
Transport; Sun, 26 Dec 2021 14:45:13 +0200
Received: from mail (localhost.localdomain [127.0.0.1])
by (email server) with ESMTP id 9187CBC156B
for <>; Sun, 26 Dec 2021 14:45:13 +0200 (EET)
Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use '' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=; identity=mailfrom; envelope-from=""; helo=; client-ip=209.85.222.53
Received: from (mail-ua1-f53.google.com [209.85.222.53])
by (email server) with ESMTP id 59045BC13CC
for <>; Sun, 26 Dec 2021 14:45:11 +0200 (EET)
Received: by mail-ua1-f53.google.com with SMTP id i6so22371065uae.6
for <>; Sun, 26 Dec 2021 04:45:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:from:date:message-id:subject:to;
bh=XtTr58bJCi7+7vBWky0KglM1SJc45RibWSrC7L20Jtw=;
b=Q6MD7ibL8+1STVlBOR6HeK0Fq4ID5q1c8hm4fJ9O38aK/bUm+qYl2iSFcFuqvrOFKZ
IpjrasOiokZZ3itRyUJxg8rND3M+LVitzKWkc2wUSKkbeJH+m0R6f2r/br/sMEmP5mxz
PpmfPgOK9LJNCKh1KPXWS+G7WGCouXvL6u8Yk3x5G7VcD+PZmpka9dUQwM8FPlHRKj24
/BEf27aTHoaLmr4y12cBIcUGlxTy3AqRVWzBUzS987uGLXfkllitasjpVf3HH6UbwyHX
WjqJT/nyf9+R9yBnWoSX+Je8yTSnuUbex0g0QWfIw9XdNLa5GAhGLEJI+/gNFKZohVGd
fM7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=XtTr58bJCi7+7vBWky0KglM1SJc45RibWSrC7L20Jtw=;
b=ZFp2hntvjkAoPEPz4mbIYplFwTKyRE0dfYVfGV7rFZHrKXU/jIaN/z1FIWUzrUYmTr
sFFZJg/RUhnpiEjbyE/BIXDTXwu1oMrJfaSsuUAkg+Kd11R2ydvPu8s1nmv4hAxzaKVp
9aGNYV+SWuRYBXh1ijIxWhMQMHdy/yyMV+j3qA5LPSbf1O/o8t8VXH7bNKJdQ3OFwIaR
1Iuzs+3pWgmpPJ4dXLOGwqc/1A3j9UydawBYef2GmphqLbqNm++j5wD6wv1Rwr4QY37s
+78OsEFaxgxJdnNSmUol1pKnVOYpciWKYDHjXH8boodH81YZ0DfwKMMb8szjzxhmY0Ww
jgKA==
X-Gm-Message-State: AOAM533GcJfqbhSGzICaOGLn4xipPbEufonX2TNbSrV7RdQNBLxx5u1Z
jfbEiIbmPfeeHcQsUj2TWqTACCxCymtqgotjqhIYTYnW
X-Google-Smtp-Source: ABdhPJxeg/PCHRCVf/Cf4DLyCYxMEk9kMtu0HE1TSGWGxF783Ubtog0p0B2Tase/1QCpF8CxnZ0zAL7sCVapbHgcoO4=
X-Received: by 2002:a05:6102:1346:: with SMTP id j6mr3654963vsl.44.1640522709970;
Sun, 26 Dec 2021 04:45:09 -0800 (PST)
From:
Date: Sun, 26 Dec 2021 14:44:56 +0200
Message-ID: <CAHDZEEHd7ij7zpm3QZJ2LQsE=LvJUZk0ssW-_foWTunGLZ4iVA@mail.gmail.com>
Subject: =?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=
=?UTF-8?B?z4nOuM61zq8u?=
To:
Content-Type: multipart/alternative; boundary="0000000000005fb45205d40bf59b"
X-WatchGuard-Spam-ID: v=2.4 cv=VfSUgHl9 c=1 sm=1 tr=0 ts=61c863d7 a=nvrhNPqt7iNyxjAkBxserw==:117 a=IOMw9HtfNCkA:10 a=5KLPUuaC_9wA:10 a=x7bEGLp0ZPQA:10 a=lL60hPLNXA4A:10 a=WypApS6OpP-Hjt4RPHoA:9 a=QEXdDO2ut3YA:10 a=xaQ34Qmgsrlp6UVKqTsA:9
X-WatchGuard-Spam-Score: clean
X-WatchGuard-Mail-Client-IP: 209.85.222.53
X-WatchGuard-Mail-From:
X-WatchGuard-Mail-Recipients:
X-SPAM-LEVEL: Spam detection results: 5
AWL -3.533 Adjusted score from AWL reputation of From: address
DKIM_ADSP_CUSTOM_MED 0.001 No valid author signature, adsp_override is CUSTOM_MED
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
FSL_BULK_SIG 1.774 Bulk signature with no Unsubscribe
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
NML_ADSP_CUSTOM_MED 1.2 ADSP custom_med hit, and not from a mailing list
PYZOR_CHECK 1.985 Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/)
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
RCVD_IN_ZEN_BLOCKED_OPENDNS 0.001 ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
SUBJ_UTF8 4 Subject with UTF-8 encoding
Return-Path: treloskilo@gmail.com
X-MS-Exchange-Organization-Network-Message-Id: 0666d230-5711-46bd-60c4-08d9c86d8fa0
X-MS-Exchange-Organization-AuthSource: Mail1.htravel.local
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.3150763
X-MS-Exchange-Processed-By-BccFoldering: 15.01.2242.012
MIME-Version: 1.0
--0000000000005fb45205d40bf59b
Content-Type: text/plain; charset="UTF-8"
vd
--0000000000005fb45205d40bf59b
Content-Type: text/html; charset="UTF-8"
X-WatchGuard-AntiVirus: part scanned. clean action=allow
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div dir="ltr">vd</div>
--0000000000005fb45205d40bf59b--
try this
Code:
# Subjects with UTF-8 encoding
header SUBJ_UTF8 Subject:raw =~ /=?UTF-8?B?zr8gzrvOv86zzrHPgc65zrHPg868z4zPgiDPg86xz4Igzq3Ph861zrkgzrrOu861zrnOtA==?=??=?UTF-8?B?z4nOuM61zq8u?=/i
describe SUBJ_UTF8 Subject with UTF-8 encoding
score SUBJ_UTF8 1.0Check back your previous reply, it hit a SUBJ_UTF8 score of 4.
So mean the spamassassin rule is working. You need to create a filter spam rule to quarantine/block the email.
So mean the spamassassin rule is working. You need to create a filter spam rule to quarantine/block the email.
Code:
X-SPAM-LEVEL: Spam detection results: 5
AWL -3.533 Adjusted score from AWL reputation of From: address
DKIM_ADSP_CUSTOM_MED 0.001 No valid author signature, adsp_override is CUSTOM_MED
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
FSL_BULK_SIG 1.774 Bulk signature with no Unsubscribe
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
NML_ADSP_CUSTOM_MED 1.2 ADSP custom_med hit, and not from a mailing list
PYZOR_CHECK 1.985 Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/)
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
RCVD_IN_ZEN_BLOCKED_OPENDNS 0.001 ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
SUBJ_UTF8 4 Subject with UTF-8 encoding