For the past several weeks I’ve been getting a fairly large amount of Chinese language spam leaking through. Since nearly all of the data (From:, subject, etc) are Chinese characters, my regular Postfix spam filters have not been effective in eliminating it. I finally got tired enough of it to do a little Googling. It’s trivially simple to just reject any incoming email with Chinese characters in the subject line:
/^Subject:.*=\?GB2312\?/ REJECT Sorry, this looks like SPAM (C1).
/^Subject:.*=\?GBK\?/ REJECT Sorry, this looks like SPAM (C2).
/^Subject:.*=\?GB18030\?/ REJECT Sorry, this looks like SPAM (C3).
/^Subject:.*=\?utf-8\?B\?/ REJECT Sorry, this looks like SPAM (C4).
I made the change last night, and this morning came in to find no Chinese spam and several rejects in the mail log… all from pretty obvious spam sources, like this one:
Jul 6 01:12:51 newman postfix/cleanup: 99EB31A6D3: reject: header Subject: =?utf-8?B?44CQ5Lqk6YCa6ZO26KGM5L+h55So5Y2h5Lit5b+D44CR5bCK6LS155qEZGFpbmlz?=??=?utf-8?B?6I635b6XMTAw5YWD57qi5YyF5aSn56S85rS75Yqo6LWE5qC877yM6aKG5Yiw5bCx5piv6LWa?=??=?utf-8?B?5Yiw?= from spamtitan2.hadara.ps[188.8.131.52]; from=<firstname.lastname@example.org> to=<email@example.com> proto=ESMTP helo=<spamtitan2.hadara.ps>: 5.7.1 Sorry, this looks like SPAM (C4).