I'm trying to set up what should be a straightforward email filter. In short, a botnet is emailing a lot of .doc and .zip files and I want to filter them into a special folder instead of the Inbox.
It seems that it should be as simple as:
Body: matches regex
Content-Type: application/msword; name=".*\.doc"
Deliver to Folder: Filtered
The quick testing has this working, when I include a snippet of the email such as:
----950935275712795591635742887640851
Content-Type: application/x-zip-compressed; name="Form - Sep 22, 2020.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Form - Sep 22, 2020.zip"
UEsDBDMAAwBjAEOdNlGUvlTxZjUBACtrAgAXAAsARm9ybSAtIFNlcCAyMiwgMjAyMC5kb2MBmQcA
AgBBRQMIAJO8XGCtZTNpE0wlC3C+pjFzXicmeVAv6HwqZV52JO5qiE7XGXsZPVOkd+d9efG0qMLD
wVKDpkfrWFFfWq3k20G9g4cj0XpyI/G2keY1qTcUM/H4mHR9WdKzJf1sSADrKkUV1UACutpNLgJ3
hERzTTKuru2gnb8Yx3IvTpkdMOwDvYTWA687+2vLsUn525WzZ6CGBC1rl+vbBrYGzxf4GaR6krMG
But when I copied the entire email including the full attachment, that was ignored, and just delivered to my inbox normally. Is there perhaps a size limit on the Email filters?
It seems that it should be as simple as:
Body: matches regex
Content-Type: application/msword; name=".*\.doc"
Deliver to Folder: Filtered
The quick testing has this working, when I include a snippet of the email such as:
----950935275712795591635742887640851
Content-Type: application/x-zip-compressed; name="Form - Sep 22, 2020.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Form - Sep 22, 2020.zip"
UEsDBDMAAwBjAEOdNlGUvlTxZjUBACtrAgAXAAsARm9ybSAtIFNlcCAyMiwgMjAyMC5kb2MBmQcA
AgBBRQMIAJO8XGCtZTNpE0wlC3C+pjFzXicmeVAv6HwqZV52JO5qiE7XGXsZPVOkd+d9efG0qMLD
wVKDpkfrWFFfWq3k20G9g4cj0XpyI/G2keY1qTcUM/H4mHR9WdKzJf1sSADrKkUV1UACutpNLgJ3
hERzTTKuru2gnb8Yx3IvTpkdMOwDvYTWA687+2vLsUn525WzZ6CGBC1rl+vbBrYGzxf4GaR6krMG
But when I copied the entire email including the full attachment, that was ignored, and just delivered to my inbox normally. Is there perhaps a size limit on the Email filters?
Last edited:
