On 2018-02-22 (07:54 MST), saqariden <saad.aqari...@ac-montpellier.fr> wrote:
> I have the following SA rule which is supposed to block base64 encoded mails:

Wow. You are going to block a lot of legitimate email that way.

> body                EN_BASE64_B        /(Content-Transfer-Encoding: 
> base64\sContent-Type: text\/(plain|html); charset="?utf-8"?)|(Content-Type: 
> text\/(plain|html); charset="?utf-8"?\sContent-Transfer-Encoding: base64)/i

you need to be looking at the mime headers, not simply scanning the plaintext 
body. In fact, Don't think the plaintext body is even available to spam 
assassin rules, so those lines will never match as you have them. Heck, don't 
know if the encoding type is available at all to SA because... well, why would 
it. How a message is encoded is not a spam indicator.

You can do this with other tools in your MTA (postfix) or you LDA (procmail), 
but it's a very bad idea.

My personal account has 1,770 base64 encoded messages out of 90,111. I know I 
would not be happy to have missed those 1,770 message.

We are born naked, wet and hungry; then it's all downhill.

Reply via email to