Think I may have a possibility....
My rule checks the subject line for a string 'You are my victim'
Looking at the raw email its utf8 encoded.
Does that mean that hMail wont see the string in clear text, and therefore the rule fails?
X-LCID: 4254148
Received: from [(194.58.58.14)] by xeams.mspportal with Spam Filtering System SMTP; Thu, 22 Nov 2018 21:56:18 +0000 (GMT)
X-SM_EnvelopeFrom:
peter@wigvillage.com
X-SMRecipient: MY EMAIL ADDRESS IS REMOVED
X-SMDestinationServer: 192.168.1.25
X-SM_Proxy: true
X-SM_RECEIVED_ON: Thu, 22 Nov 2018 21:56:18 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=wigvillage.com;
h=Message-ID:From:To:Subject:Date:MIME-Version:Content-Type; i=
Peter@wigvillage.com;
bh=CfkTvjDC6RcAD5k3MDec0nK0BBS7hSRBAcBXYUW/JFw=;
b=H4qL97AimE1WpqP9JJuwcGNfhO3j/Wkm2XGEUT9R8C+3tFzxL8b1lGAbQBHJtztvizXQfhAmNkW0
mNR5pZe1o578z0bhXe8BjGoPDv0dxDm8agrApyPDuALsj7uZE8S/calYJLlNB0YjcgpwOZVumR7i
0TTu8noMIUYf1/DK9N8=
Message-ID: <
800148e32a9eb4bc5055e34fa94d6769a9460a@wigvillage.com>
From: "Ws" <
Peter@wigvillage.com>
To: <MY EMAIL ADDRESS IS REMOVED>
Subject: =?utf-8?B?WW91IGFyZSBteSAgdmnRgXRpbS4=?=
Date: Fri, 23 Nov 2018 00:46:10 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="201950fb3286aca4484dfb57b1557f71b4a583"
--201950fb3286aca4484dfb57b1557f71b4a583
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Hi, my prey.
THIS IS MY L=D0=90ST W=D0=90RNING!
I writ=D0=B5 y=D0=BEu be=D1=81aus=D0=B5 I att=D0=B0ch=D0=B5d a virus =D0=BE=
n th=D0=B5 web site with porno whi=D1=81h y=D0=BEu h=D0=B0ve visit=D0=B5d=
.
My tr=D0=BEjan =D1=81a=D1=80tured =D0=B0ll y=D0=BEur priv=D0=B0te d=D0=B0=
ta =D0=B0nd switched =D0=BEn y=D0=BEur c=D0=B0mer=D0=B0 whi=D1=81h r=D0=B5=
c=D0=BErded th=D0=B5 act of your s=D0=BElit=D0=B0ry s=D0=B5x. Just =D0=B0=
fter th=D0=B0t the troj=D0=B0n saved your =D1=81=D0=BEnt=D0=B0=D1=81t lis=
t.
I will er=D0=B0se th=D0=B5 com=D1=80r=D0=BEmising video r=D0=B5=D1=81ords=
=D0=B0nd inf=D0=BErmati=D0=BEn if you s=D0=B5nd m=D0=B5 500 EURO in bitc=
oin.
This is address f=D0=BEr =D1=80=D0=B0yment :=C2=A0 1E4Jnnodm52gCJJjS7YJ5m=
63eyjGWFqzF
I give you 30 hours =D0=B0fter y=D0=BEu =D0=BEpen my m=D0=B5ssag=D0=B5 f=D0=
=BEr m=D0=B0king the =D1=80ayment.
=D0=90s s=D0=BEon as you re=D0=B0d the mess=D0=B0ge I'll see it right awa=
y.
It is n=D0=BEt n=D0=B5=D1=81=D0=B5ssary t=D0=BE t=D0=B5ll m=D0=B5 th=D0=B0=
t y=D0=BEu have s=D0=B5nt m=D0=BEney to me. This =D0=B0ddress is c=D0=BEn=
nect=D0=B5d to y=D0=BEu, my system will eras=D0=B5d =D0=B0utom=D0=B0tic=D0=
=B0lly aft=D0=B5r tr=D0=B0nsf=D0=B5r confirm=D0=B0tion.
If y=D0=BEu n=D0=B5ed 48h just Open the c=D0=B0lculat=D0=BEr on your d=D0=
=B5sktop and =D1=80r=D0=B5ss +++
If you don't =D1=80=D0=B0y, I'll send dirt t=D0=BE all your =D1=81=D0=BEn=
ta=D1=81ts.=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
Let m=D0=B5 r=D0=B5mind y=D0=BEu-I s=D0=B5e what you're doing!
Y=D0=BEu =D1=81an visit the poli=D1=81e =D0=BEffi=D1=81e but =D0=B0nyb=D0=
=BEdy =D1=81an't help you.
If you try to dec=D0=B5ive me , I'll kn=D0=BEw it imm=D0=B5diately!
I don't live in your =D1=81ountry. So any=D0=BEn=D0=B5 =D1=81=D0=B0n n=D0=
=BEt tr=D0=B0ck my l=D0=BE=D1=81=D0=B0tion even for 9 m=D0=BEnths.
bye. D=D0=BEn't f=D0=BErg=D0=B5t ab=D0=BEut the shame =D0=B0nd t=D0=BE ig=
n=D0=BEr=D0=B5, Y=D0=BEur life can be ruin=D0=B5d.
_________________________________________________________________________=
___________________
--201950fb3286aca4484dfb57b1557f71b4a583
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD>
<META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi, my prey.</DIV>
<DIV> </DIV>
<DIV>THIS IS MY L=D0=90ST W=D0=90RNING!<BR> <BR>I writ=D0=B5=20
y=D0=BEu be=D1=81aus=D0=B5 I=20
att=D0=B0ch=D0=B5d a virus =D0=BEn th=D0=B5=20
web site with porno whi=D1=81h=20
y=D0=BEu h=D0=B0ve visit=D0=B5d.<BR>My tr=D0=BEjan=20
=D1=81a=D1=80tured =D0=B0ll y=D0=BEur=20
priv=D0=B0te d=D0=B0ta =D0=B0nd=20
switched =D0=BEn y=D0=BEur=20
c=D0=B0mer=D0=B0 whi=D1=81h=20
r=D0=B5c=D0=BErded th=D0=B5 act=20
of your s=D0=BElit=D0=B0ry s=D0=B5x. Just=20
=D0=B0fter th=D0=B0t the troj=D0=B0n=20
saved your =D1=81=D0=BEnt=D0=B0=D1=81t=20
list.<BR>I will er=D0=B0se th=D0=B5=20
com=D1=80r=D0=BEmising video=20
r=D0=B5=D1=81ords =D0=B0nd inf=D0=BErmati=D0=BEn=20
if you s=D0=B5nd m=D0=B5=20
500=20
EURO in bitcoin.<BR> <BR>This is address=20
f=D0=BEr =D1=80=D0=B0yment : =20
1E4Jnnodm52gCJJjS7YJ5m63eyjGWFqzF</DIV>
<DIV> </DIV>
<DIV>I give you 30 hours =D0=B0fter=20
y=D0=BEu =D0=BEpen my m=D0=B5ssag=D0=B5=20
f=D0=BEr m=D0=B0king the=20
=D1=80ayment.<BR>=D0=90s s=D0=BEon as=20
you re=D0=B0d the mess=D0=B0ge=20
I'll see it right away.<BR>It is n=D0=BEt=20
n=D0=B5=D1=81=D0=B5ssary t=D0=BE t=D0=B5ll m=D0=B5=20
th=D0=B0t y=D0=BEu have s=D0=B5nt m=D0=BEney=20
to me. This =D0=B0ddress is=20
c=D0=BEnnect=D0=B5d to y=D0=BEu, my=20
system will eras=D0=B5d=20
=D0=B0utom=D0=B0tic=D0=B0lly aft=D0=B5r=20
tr=D0=B0nsf=D0=B5r confirm=D0=B0tion.<BR>If=20
y=D0=BEu n=D0=B5ed 48h just Open=20
the c=D0=B0lculat=D0=BEr on=20
your d=D0=B5sktop and =D1=80r=D0=B5ss=20
+++<BR>If you don't =D1=80=D0=B0y, I'll send dirt=20
t=D0=BE all your=20
=D1=81=D0=BEnta=D1=81ts. =20
<BR>Let m=D0=B5 r=D0=B5mind y=D0=BEu-I s=D0=B5e=20
what you're doing!<BR>Y=D0=BEu=20
=D1=81an visit the poli=D1=81e=20
=D0=BEffi=D1=81e but =D0=B0nyb=D0=BEdy =D1=81an't=20
help you. <BR>If you try to=20
dec=D0=B5ive me , I'll kn=D0=BEw it=20
imm=D0=B5diately! <BR>I don't live in=20
your =D1=81ountry. So any=D0=BEn=D0=B5=20
=D1=81=D0=B0n n=D0=BEt tr=D0=B0ck my=20
l=D0=BE=D1=81=D0=B0tion even for 9=20
m=D0=BEnths.<BR>bye. D=D0=BEn't f=D0=BErg=D0=B5t=20
ab=D0=BEut the shame =D0=B0nd t=D0=BE=20
ign=D0=BEr=D0=B5, Y=D0=BEur life can be=20
ruin=D0=B5d.<BR> <BR> <BR> </DIV>
<DIV> </DIV>
<DIV>____________________________________________________________________=
________________________<BR></DIV></BODY></HTML>
--201950fb3286aca4484dfb57b1557f71b4a583--
