Answer the question
In order to leave comments, you need to log in
W
W
weranda2018-07-10 23:42:16
weranda, 2018-07-10 23:42:16
How to filter letters encoded in HZ what?
Greetings
The site has mail, it receives the same type of letters, encoded HZ as. I opened the letter many times, highlighted the text for filtering on it, but despite this, the letters bypassed the spam filter. I wrote to the hosting provider, they say, this way and that, letters are not filtered. They said:
An error occurred in the operation of the filters, because in the source email, the text is encoded in base64, while Exim's filtering works on the source email and cannot work on the encoded text.
If you send a letter in which the text will not be encoded, the filters are successfully applied or if you add an already encoded word or phrase that is found in the letter to the filter, the filter also works.
I opened the source of the letter, and there is such a hat:
spoiler
=C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, =EF=F0=E5=E4=EB=E0=E3=E0=E5=EC =C2=E0=
=F8=E5=EC=F3 =E2=ED=E8=EC=E0=ED=E8=FE =ED=E0=E8=E1=EE=EB=E5=E5 =EF=EE=EB=ED=
=F3=FE =E8 =EA=E0=F7=E5=F1=F2=E2=E5=ED=ED=F3=FE =EA=EE=EB=EB=E5=EA=F6=E8=FE=
=E7=ED=E0=EC=E5=ED=E8=F2=EE=E3=EE =E4=E5=F2=F1=EA=EE=E3=EE =FE=EC=EE=F0=E8=
=F1=F2=E8=F7=E5=F1=EA=EE=E3=EE =EA=E8=ED=EE=E6=F3=F0=ED=E0=EB=E0 =C5=F0=E0=
=EB=E0=F8, =E2 =EA=EE=F2=EE=F0=F3=FE =E2=F5=EE=E4=FF=F2 =E2=F1=E5 =E2=FB=EF=
=F3=F1=EA=E8 =EF=F0=EE=F8=EB=FB=F5 =EB=E5=F2, =E0 =F2=E0=EA =E6=E5 =F1=EE=
=E2=F0=E5=EC=E5=ED=ED=FB=E5. =C5=F0=E0=EB=E0=F8 =96 =FD=F2=EE =E8=F1=F2=EE=
=F0=E8=E8 =EA=EE=F2=EE=F0=FB=E5 =F1=EB=F3=F7=E0=FE=F2=F1=FF =F1 =F0=E5=E1=
=FF=F2=E0=EC=E8 =E2 =F8=EA=EE=EB=E5 =E8 =E4=EE=EC=E0, =E2=EE =E4=E2=EE=F0=
=E0=F5 =E8 =ED=E0 =F3=EB=E8=F6=E5. =CF=EE=F3=F7=E8=F2=E5=EB=FC=ED=FB=E5 =EA=
=E8=ED=EE=E7=E0=F0=E8=F1=EE=E2=EA=E8 =EF=F0=E8=E2=E8=E2=E0=FE=F2 =EC=EE=EB=
=EE=E4=EE=EC=F3 =EF=EE=EA=EE=EB=E5=ED=E8=FE =EB=FE=E1=EE=E2=FC =E8 =F3=E2=
=E0=E6=E5=ED=E8=E5 =EA =F1=E2=E5=F0=F1=F2=ED=E8=EA=E0=EC =E8 =EE=EA=F0=F3=
=E6=E0=FE=F9=E8=EC. =C1=FB=EB=EE =E2=F0=E5=EC=FF, =EA=EE=E3=E4=E0 =ED=E0 =
=EF=E5=F0=E2=FB=E5 =E7=E2=F3=EA=E8 "=CC=E0=EB=FC=F7=E8=F8=EA=E8 =E8 =E4=E5=
=E2=F7=EE=ED=EA=E8..." =E4=E5=F2=E8 =E1=F0=EE=F1=E0=EB=E8 =E2=F1=E5 =F1=E2=
=EE=E8 =E4=E5=EB=E0 =E8 =E1=E5=E6=E0=EB=E8 =EA =F2=E5=EB=E5=E2=E8=E7=EE=F0=
=F3, =F7=F2=EE =E1=FB =EF=EE=F1=EC=EE=F2=F0=E5=F2=FC =F0=E5=E4=EA=E8=E5 =F2=
=EE=E3=E4=E0 =F1=E5=F0=E8=E8. =CC=FB =E4=F3=EC=E0=E5=EC, =F7=F2=EE =E4=E5=
=F2=FF=EC =ED=F3=E6=ED=EE =EA=E0=EA =EC=EE=E6=ED=EE =F7=E0=F9=E5 =EF=EE=EA=
=E0=E7=FB=E2=E0=F2=FC =C5=F0=E0=EB=E0=F8, =EF=EE=F1=EA=EE=EB=FC=EA=F3 =FD=
=F2=EE =E8=ED=F2=E5=F0=E5=F1=ED=EE, =E2=E5=F1=E5=EB=EE =E8 =EF=EE=F3=F7=E8=
=F2=E5=EB=FC=ED=EE. =C1=FB=F2=F3=E5=F2 =EC=ED=E5=ED=E8=E5, =F7=F2=EE =F1=EE=
=E2=F0=E5=EC=E5=ED=ED=FB=E5 =F1=FE=E6=E5=F2=FB =F5=F3=E6=E5 =F1=F2=E0=F0=FB=
=F5, =ED=EE =FD=F2=EE =ED=E5 =F2=E0=EA, =EE=ED=E8 =ED=E5 =F5=F3=E6=E5 =E8=
=ED=E5 =EB=F3=F7=F8=E5 =F1=F2=E0=F0=FB=F5, =EF=EE=F1=EA=EE=EB=FC=EA=F3 =EE=
=ED=E8 =EE=F2=F0=E0=E6=E0=FE=F2 =F0=E5=E0=EB=E8=E8 =ED=E0=F8=E5=E3=EE =E2=
=F0=E5=EC=E5=ED=E8. =C4=E5=F2=F1=EA=EE=E3=EE =EA=E8=ED=EE =F1=E5=E9=F7=E0=
=F1 =EF=EE=F7=F2=E8 =ED=E5=F2, =EF=EE=FD=F2=EE=EC=F3 "=C5=F0=E0=EB=E0=F8"=
, =EE=F1=EE=E1=E5=ED=ED=EE =ED=E0 =F4=EE=ED=E5 =F2=EE=E3=EE, =F7=F2=EE =EF=
=EE=EA=E0=E7=FB=E2=E0=FE=F2 =ED=E0=F8=E8=EC =E4=E5=F2=FF=EC =EF=EE =F2=E5=
=EB=E5=E2=E8=E7=EE=F0=F3, =F1=F2=E0=ED=EE=E2=E8=F2=F1=FF =F1=EF=E0=F1=E8=F2=
=E5=EB=FC=ED=EE=E9 =F1=EE=EB=EE=EC=E8=ED=EA=EE=E9. =CE=F2=EB=E8=F7=E8=F2=E5=
=EB=FC=ED=EE=E9 =EE=F1=EE=E1=E5=ED=ED=EE=F1=F2=FC=FE =ED=E0=F8=E5=E9 =EA=EE=
=EB=EB=E5=EA=F6=E8=E8 =EE=F2 =E4=F0=F3=E3=E8=F5, =FF=E2=EB=FF=E5=F2=F1=FF=
=E2=FB=F1=EE=EA=EE=E5 =EA=E0=F7=E5=F1=F2=E2=EE. =C1=EB=E0=E3=EE=E4=E0=F0=
=FF =F1=EE=E2=F0=E5=EC=E5=ED=ED=FB=EC =F2=E5=F5=ED=EE=EB=EE=E3=E8=FF=EC =F3=
=E4=E0=EB=EE=F1=FC =F1=EE=F5=F0=E0=ED=E8=F2=FC =EE=F0=E8=E3=E8=ED=E0=EB=FC=
=ED=FB=E9 =E7=E2=F3=EA =E8 =E2=E8=E4=E5=EE (=EF=F0=E8=E2=FB=F7=ED=FB=E5 =E3=
=EE=EB=EE=F1=E0 =E3=E5=F0=EE=E5=E2 =E8 =E2=E8=E4=E5=EE) =EF=EE=FD=F2=EE=EC=
=F3 =EA=EE=EB=EB=E5=EA=F6=E8=FF =EE=F2=EB=E8=F7=ED=EE =F1=EC=EE=F2=F0=E8=F2=
=F1=FF.
=F8=E5=EC=F3 =E2=ED=E8=EC=E0=ED=E8=FE =ED=E0=E8=E1=EE=EB=E5=E5 =EF=EE=EB=ED=
=F3=FE =E8 =EA=E0=F7=E5=F1=F2=E2=E5=ED=ED=F3=FE =EA=EE=EB=EB=E5=EA=F6=E8=FE=
=E7=ED=E0=EC=E5=ED=E8=F2=EE=E3=EE =E4=E5=F2=F1=EA=EE=E3=EE =FE=EC=EE=F0=E8=
=F1=F2=E8=F7=E5=F1=EA=EE=E3=EE =EA=E8=ED=EE=E6=F3=F0=ED=E0=EB=E0 =C5=F0=E0=
=EB=E0=F8, =E2 =EA=EE=F2=EE=F0=F3=FE =E2=F5=EE=E4=FF=F2 =E2=F1=E5 =E2=FB=EF=
=F3=F1=EA=E8 =EF=F0=EE=F8=EB=FB=F5 =EB=E5=F2, =E0 =F2=E0=EA =E6=E5 =F1=EE=
=E2=F0=E5=EC=E5=ED=ED=FB=E5. =C5=F0=E0=EB=E0=F8 =96 =FD=F2=EE =E8=F1=F2=EE=
=F0=E8=E8 =EA=EE=F2=EE=F0=FB=E5 =F1=EB=F3=F7=E0=FE=F2=F1=FF =F1 =F0=E5=E1=
=FF=F2=E0=EC=E8 =E2 =F8=EA=EE=EB=E5 =E8 =E4=EE=EC=E0, =E2=EE =E4=E2=EE=F0=
=E0=F5 =E8 =ED=E0 =F3=EB=E8=F6=E5. =CF=EE=F3=F7=E8=F2=E5=EB=FC=ED=FB=E5 =EA=
=E8=ED=EE=E7=E0=F0=E8=F1=EE=E2=EA=E8 =EF=F0=E8=E2=E8=E2=E0=FE=F2 =EC=EE=EB=
=EE=E4=EE=EC=F3 =EF=EE=EA=EE=EB=E5=ED=E8=FE =EB=FE=E1=EE=E2=FC =E8 =F3=E2=
=E0=E6=E5=ED=E8=E5 =EA =F1=E2=E5=F0=F1=F2=ED=E8=EA=E0=EC =E8 =EE=EA=F0=F3=
=E6=E0=FE=F9=E8=EC. =C1=FB=EB=EE =E2=F0=E5=EC=FF, =EA=EE=E3=E4=E0 =ED=E0 =
=EF=E5=F0=E2=FB=E5 =E7=E2=F3=EA=E8 "=CC=E0=EB=FC=F7=E8=F8=EA=E8 =E8 =E4=E5=
=E2=F7=EE=ED=EA=E8..." =E4=E5=F2=E8 =E1=F0=EE=F1=E0=EB=E8 =E2=F1=E5 =F1=E2=
=EE=E8 =E4=E5=EB=E0 =E8 =E1=E5=E6=E0=EB=E8 =EA =F2=E5=EB=E5=E2=E8=E7=EE=F0=
=F3, =F7=F2=EE =E1=FB =EF=EE=F1=EC=EE=F2=F0=E5=F2=FC =F0=E5=E4=EA=E8=E5 =F2=
=EE=E3=E4=E0 =F1=E5=F0=E8=E8. =CC=FB =E4=F3=EC=E0=E5=EC, =F7=F2=EE =E4=E5=
=F2=FF=EC =ED=F3=E6=ED=EE =EA=E0=EA =EC=EE=E6=ED=EE =F7=E0=F9=E5 =EF=EE=EA=
=E0=E7=FB=E2=E0=F2=FC =C5=F0=E0=EB=E0=F8, =EF=EE=F1=EA=EE=EB=FC=EA=F3 =FD=
=F2=EE =E8=ED=F2=E5=F0=E5=F1=ED=EE, =E2=E5=F1=E5=EB=EE =E8 =EF=EE=F3=F7=E8=
=F2=E5=EB=FC=ED=EE. =C1=FB=F2=F3=E5=F2 =EC=ED=E5=ED=E8=E5, =F7=F2=EE =F1=EE=
=E2=F0=E5=EC=E5=ED=ED=FB=E5 =F1=FE=E6=E5=F2=FB =F5=F3=E6=E5 =F1=F2=E0=F0=FB=
=F5, =ED=EE =FD=F2=EE =ED=E5 =F2=E0=EA, =EE=ED=E8 =ED=E5 =F5=F3=E6=E5 =E8=
=ED=E5 =EB=F3=F7=F8=E5 =F1=F2=E0=F0=FB=F5, =EF=EE=F1=EA=EE=EB=FC=EA=F3 =EE=
=ED=E8 =EE=F2=F0=E0=E6=E0=FE=F2 =F0=E5=E0=EB=E8=E8 =ED=E0=F8=E5=E3=EE =E2=
=F0=E5=EC=E5=ED=E8. =C4=E5=F2=F1=EA=EE=E3=EE =EA=E8=ED=EE =F1=E5=E9=F7=E0=
=F1 =EF=EE=F7=F2=E8 =ED=E5=F2, =EF=EE=FD=F2=EE=EC=F3 "=C5=F0=E0=EB=E0=F8"=
, =EE=F1=EE=E1=E5=ED=ED=EE =ED=E0 =F4=EE=ED=E5 =F2=EE=E3=EE, =F7=F2=EE =EF=
=EE=EA=E0=E7=FB=E2=E0=FE=F2 =ED=E0=F8=E8=EC =E4=E5=F2=FF=EC =EF=EE =F2=E5=
=EB=E5=E2=E8=E7=EE=F0=F3, =F1=F2=E0=ED=EE=E2=E8=F2=F1=FF =F1=EF=E0=F1=E8=F2=
=E5=EB=FC=ED=EE=E9 =F1=EE=EB=EE=EC=E8=ED=EA=EE=E9. =CE=F2=EB=E8=F7=E8=F2=E5=
=EB=FC=ED=EE=E9 =EE=F1=EE=E1=E5=ED=ED=EE=F1=F2=FC=FE =ED=E0=F8=E5=E9 =EA=EE=
=EB=EB=E5=EA=F6=E8=E8 =EE=F2 =E4=F0=F3=E3=E8=F5, =FF=E2=EB=FF=E5=F2=F1=FF=
=E2=FB=F1=EE=EA=EE=E5 =EA=E0=F7=E5=F1=F2=E2=EE. =C1=EB=E0=E3=EE=E4=E0=F0=
=FF =F1=EE=E2=F0=E5=EC=E5=ED=ED=FB=EC =F2=E5=F5=ED=EE=EB=EE=E3=E8=FF=EC =F3=
=E4=E0=EB=EE=F1=FC =F1=EE=F5=F0=E0=ED=E8=F2=FC =EE=F0=E8=E3=E8=ED=E0=EB=FC=
=ED=FB=E9 =E7=E2=F3=EA =E8 =E2=E8=E4=E5=EE (=EF=F0=E8=E2=FB=F7=ED=FB=E5 =E3=
=EE=EB=EE=F1=E0 =E3=E5=F0=EE=E5=E2 =E8 =E2=E8=E4=E5=EE) =EF=EE=FD=F2=EE=EC=
=F3 =EA=EE=EB=EB=E5=EA=F6=E8=FF =EE=F2=EB=E8=F7=ED=EE =F1=EC=EE=F2=F0=E8=F2=
=F1=FF.
I tried to determine decrypt, I got a service for enumerating encodings and somehow managed to decrypt it, here is a screen:
spoiler
But what to do with all this now, I do not know. How can you quickly filter out such emails? It is clear that the average person will not send valid emails (spam), spammers do. You can add some piece of text from the porridge of this code to the spam filter, but there is one thing - it is possible that some mail services from which letters will be sent can write something in a similar encoding in the source code of even a normal letter, and then such a letter will go to spam.
I ask for your advice on what can be done in this situation. The option of connecting domain mail to any mail service (mail, yandex, google, etc.), unfortunately, is impossible for a number of reasons and, by the way, mail on a regular hosting with CPanel, so there are special tricks with installing and configuring additional software - the thing is not easy and there is a possibility that the hoster will refuse to install / configure specific software.
2 answer(s)
@Moskus
@z3apa3a
M
Moskus, 2018-07-11 @Moskus
This is not "HZ what", but the quoted-printable encoding. https://en.wikipedia.org/wiki/Quoted-printable
Further, options are possible (because, as is traditional on the Toaster, you provided only a piece of information that you considered important, and not the code of the entire source code of the letter, for example):
- either your mailer does not understand this encoding (unlikely), but the filtering system does,
- either the letters are formed with errors (for example, they contain the wrong encoding in the header, because the mailer will not decode them,
- or you are doing something wrong (which - hard to guess).
However, this is not very important, because it is impossible to filter messages only by encoding (useful letters can also be sent to QP), it is also unlikely that they can be filtered by text, because spam can be different.
V
Vladimir Dubrovin, 2018-07-11 @z3apa3a
Translate the text you want to filter into windows-1251 encoding and encode it in quoted-printable - your filter will work on the received string. The easiest way is to simply copy the corresponding already encoded string from the source of the letter.
Similar questions
L
A
A
7
O
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question