Spam-tagging russian encoded spam with sieve rules and its regex extension

Since a few weeks I have been receiving numerous e-mails in russian language. Sadly enough, I don’t speak Russian. However, about 20 or 30 mails per day made it through my three layers of spam detection. Two Spam Assassins, one at my provider (powered by the experience of several hundred domains), one on my own Cyrus IMAP server including my preferences and “personal experiences” plus (third level) a rather complex set of Sieve mail filtering rules could not prevent those mails from traveling to my Inbox.
From: “?koi8-r…”
Thus I had a look in the mails’ source code and found the “From:”-field starting with “?koi8-r?” like this:
From: =?koi8-r?B?18/azcXdxc7JxSDu5PM=?= <pinstripev6@rodswan.com>
That’s perfectly enough for my Third Stage (no Boston here!). I just had to add the fifth line to my sieve script below – and now now more illegible Russian mails appear in my inbox. Okay, they now are in the “spam”-folder, but lateron I will just redirect the “fileinto”-command and have them rejected.
The Sieve part: 
require [ “fileinto”, “regex”, “reject” ];
[…]
if anyof (
 header :regex :comparator “i;ascii-casemap” [“Subject”, “From”, “To”, “Cc”, “Bcc”] “[.]*[vV]iagra[.]*”,
 header :regex :comparator “i;ascii-casemap” [“From”] “[.]*koi8-r[.]*”,
 header :contains [“X-Spam-Level”] “*****”
)
{
        fileinto “INBOX.spam” ;
        stop;
}
[…]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: