Viktor Dukhovni via Postfix-users:
> On Wed, Jan 28, 2026 at 06:03:06PM +0100, Michiel Hazelhof via Postfix-users
> wrote:
>
> > Now let's send another email?where the subject contains
> > "RandomStringToKeepEverythingFunctioning`MoreText", will pass the filter,
> > the left single quotation mark (U+2018) will make the email bypass all
> > regex/pcre filters.
>
> Subjects with non-ASCII characters are encoded per RFC2047, possibly
> entirely in base64. For example, when I compose a message with
> subject:
>
> $ perl -C7 -e 'printf qq{foo\x{2018}bar\n}'
> foo?bar
>
> The resulting RFC5322 message has for a subject header:
>
> Subject: =?utf-8?B?Zm9v4oCYYmFy?=
>
> this is unsurprisingly not matched by:
>
> /^Subject: foo/
>
> Postfix header_checks DO NOT do RFC2047 decoding, you need
> a content_filter or milter for that.
You could use header checks, but to match a fixed substring you
would need four patterns to match every possible baase64 encoding,
plus a huge pattern that matches every valid quoted-printable
representation of the substring. It just isn't practical.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
