Amavis *should* detect encrypted archive mail and log as “UNCHECKED-ENCRYPTED”.
Disposition of such mail is dependent on CC_UNCHECKED (final destiny) in your
amavisd.conf. There is a setting to rewrite Subject when unchecked disposition
is set to pass.
* a string can be prepended to Subject (for local recipients only)
if mail could not be decoded or checked entirely, e.g. due to
password-protected archives or non-decodable mail bombs:
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
> On 22.12.2020., at 09:25, Nikolaos Milas <[email protected]> wrote:
>
> Hello,
>
> We are facing the following problem:
>
> We are receiving floods of spam mail which mainly consist of excerpts from
> older legitimate mail (and with identical Subject text). These mails have
> been fitted with password-protected zip files (which are virus-infected) - so
> that they cannot be scanned - and in the body of the mail is included the
> password of these zip files.
