Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Base64 encoding
  FAQ FAQ  Forum Search   Register Register  Login Login

Base64 encoding

 Post Reply Post Reply
Author
keizersozay View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: United States
Status: Offline
Points: 77
Post Options Post Options   Thanks (0) Thanks(0)   Quote keizersozay Quote  Post ReplyReply Direct Link To This Post Topic: Base64 encoding
    Posted: 21 December 2004 at 10:08am

Good Morning,

I've noticed that the bayes filter has been blocking several emails that just appear as several lines of random text, but if you copy the entire text of the email out of the quar and save it as an eml file it opens to read perfectly readable spam. I was baffled as to how this is done. Then when reading some spam articles and found this http://david.carter-tod.com/base64/default.asp
This is how people encode those random lines of text.....

My question is this. The emails that are encoded this way seem to all have this line of text
"Content-Transfer-Encoding: base64" above the code.
Is there any reason that legit email would be encoded like this? I am thinking about blocking all email that has "Content-Transfer-Encoding: base64" in it anywhere.

Thanks.

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 11:46am

First off ...  the only "Valid" Base 64 stuff should be image attachments NOT Text.
Second ... there is an INI setting which I HIGHLY recommend:
[server settings]
FilterBase64html=1
Regards,
Dan S

Back to Top
CyberBob View Drop Down
Groupie
Groupie


Joined: 26 January 2005
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote CyberBob Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 11:53am
I don't even has this setting in my ini file? Is this a new revision or a manual entry only?
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 12:15pm

It has bee around for quite a long time AND it is a manual entry only.  Add in in and restart the SF Service

It shows up in the Reject Details as:

Found Keywords: [Found Content-Transfer-Encoding=base64 and Content-Type=text/html/plain]

Dan S.

Back to Top
keizersozay View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: United States
Status: Offline
Points: 77
Post Options Post Options   Thanks (0) Thanks(0)   Quote keizersozay Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 12:44pm
Thank you very much Dan
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 12:54pm

No problem ... let me know wow it works out for you.

Dan S.

 

Back to Top
CyberBob View Drop Down
Groupie
Groupie


Joined: 26 January 2005
Status: Offline
Points: 43
Post Options Post Options   Thanks (0) Thanks(0)   Quote CyberBob Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 1:00pm

Yes thanks Dan!

Any other "Dan" entries we should add to the .ini file?

Thanks,

Bob

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 4:59pm
The only one's I can think of that I have comments on are:
 
MaxMsgSizeForKeywordScan=28
I have found that anything larger than this is a waste of CPU and energy.
 
ScanReceivedHeaders=1
Hmmm ... This can really cause the Bayesian to get whacked out on a high traffic server.  I have it set to 1 (ON) but combine it with a short "CleanUpCorpusIntervalDays=" of say 1-4 days depending on traffic.

ExpireRetryQueueHours=24
This prevents totally undeliverable, queued messages from trying to "flush" forever.   On my backup "Queuing" Server, This is set to more like 120 but my primary is set to 24.
 
Regards,
 
Dan S.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 December 2004 at 9:18pm
As Dan correctly stated, there is an SpamFilter.ini file parameter to filter all emails with that encoding. We just noticed that while this addition was mentioned in the release notes for build 1.2.0.178, that was the *only* place where it was documented. The option is not documented in the readme.html file, nor does it appear with the default value of "0" in the SpamFilter.ini file. We apologize for this, and will update the documentation on the next release.

Roberto F. LogSat Software
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.093 seconds.