Is it possible to search HTML contents of messages

Subject: Is it possible to search HTML contents of messages

Date: Sat, 31 Aug 2024 11:19:02 +0100

To: notmuch@notmuchmail.org

Cc:

From: Mohsin Kaleem


Hi there,

I've recently started getting some very aggressive phishing emails on my
mail server. I was hoping to setup a filter or rule to just blanket mark
them as they keep changing sender, subject, body and IPs. One common thing
seems to be them using hardbin.com as a hosting platform for exploits so
I was thinking of filtering by that but seems like notmuch search
doesn't search the HTML portion of a message and instead only the
plaintext atop it. Given the message is only HTML I'm not sure how to
filter for messages with a link to hardbin.com. Any advice would be
appreciated. I've attached the raw notmuch message and have been
searching with:

notmuch search --exclude=true thread:00000000000033ae and body:/hardbin.com/

Return-Path: <secureserver@kisara.moe>
X-Original-To: mohkale@kisara.moe
Delivered-To: mohkale@kisara.moe
Received: from mail1.alcaplotsltd.org (unknown [23.95.37.96])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by kisara.moe (Postfix) with ESMTPS id 4951BA105D
	for <mohkale@kisara.moe>; Thu, 29 Aug 2024 23:42:10 +0200 (CEST)
From: kisara.moe <secureserver@kisara.moe>
To: mohkale@kisara.moe
Subject: Password Expiration Notification today 8/29/2024 9:42:08 p.m.
Date: 29 Aug 2024 21:42:08 +0000
Message-ID: <20240829214208.4EA597F3C7880A2A@kisara.moe>
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html><head>
<meta name=3D"GENERATOR" content=3D"MSHTML 11.00.9600.19003">
<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
</head>
<body>
<table width=3D"640" style=3D'color: rgb(68, 68, 68); text-transform: none;=
 letter-spacing: normal; font-family: "segoe ui semilight", "segoe ui", ver=
dana, sans-serif, serif, emojifont; font-size: 18px; font-style: normal; fo=
nt-weight: 400; word-spacing: 0px; white-space: normal; border-collapse: co=
llapse; orphans: 2; widows: 2; text-decoration-style: initial; text-decorat=
ion-color: initial; font-variant-ligatures: normal; font-variant-caps: norm=
al; -webkit-text-stroke-width: 0px;=20
text-decoration-thickness: initial;' border=3D"0" cellspacing=3D"0" cellpad=
ding=3D"0"><tbody style=3D"box-sizing: border-box;"><tr style=3D"box-sizing=
: border-box;"><td width=3D"582" align=3D"right" valign=3D"bottom" style=3D=
"margin: 0px; padding: 22px 0px; color: rgb(255, 255, 255); font-family: ar=
ial; border-collapse: collapse; box-sizing: border-box;" bgcolor=3D"#0072c6=
"><font style=3D"box-sizing: border-box;">
<span style=3D"font-family: arial, helvetica, sans-serif, sans-serif; font-=
size: 26px; box-sizing: border-box;"><a style=3D"color: rgb(34, 34, 34); bo=
x-sizing: border-box; background-color: transparent; text-decoration-line: =
underline;" href=3D"https://hardbin.com/ipfs/bafybeic6b75eogxcbmkiecn2om5cz=
qqlstyo2f2eetmf623n5phqfg5fmu/index2mel2680.html#mohkale@kisara.moe" rel=3D=
"noreferrer">kisara.moe</a><span style=3D"box-sizing: border-box;">&nbsp;</=
span>
&nbsp;Notification Update&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>=
</font></td><td width=3D"28" style=3D"margin: 0px; padding: 0px; border-col=
lapse: collapse; box-sizing: border-box;" bgcolor=3D"#0072c6"><br style=3D"=
box-sizing: border-box;"></td>
<td width=3D"1" style=3D"margin: 0px; padding: 0px; border-collapse: collap=
se; box-sizing: border-box;" bgcolor=3D"#e3e3e3"><br style=3D"box-sizing: b=
order-box;"></td></tr></tbody></table>
<table width=3D"640" style=3D'color: rgb(68, 68, 68); text-transform: none;=
 letter-spacing: normal; font-family: "segoe ui semilight", "segoe ui", ver=
dana, sans-serif, serif, emojifont; font-size: 18px; font-style: normal; fo=
nt-weight: 400; word-spacing: 0px; white-space: normal; border-collapse: co=
llapse; orphans: 2; widows: 2; text-decoration-style: initial; text-decorat=
ion-color: initial; font-variant-ligatures: normal; font-variant-caps: norm=
al; -webkit-text-stroke-width: 0px;=20
text-decoration-thickness: initial;' border=3D"0" cellspacing=3D"0" cellpad=
ding=3D"0"><tbody style=3D"box-sizing: border-box;"><tr style=3D"box-sizing=
: border-box;"><td width=3D"1" style=3D"margin: 0px; padding: 0px; border-b=
ottom-color: rgb(227, 227, 227); border-bottom-width: 1px; border-bottom-st=
yle: solid; border-collapse: collapse; box-sizing: border-box;" bgcolor=3D"=
#e3e3e3"><br style=3D"box-sizing: border-box;"></td>
<td width=3D"28" style=3D"margin: 0px; padding: 0px; border-bottom-color: r=
gb(227, 227, 227); border-bottom-width: 1px; border-bottom-style: solid; bo=
rder-collapse: collapse; box-sizing: border-box;" bgcolor=3D"#ffffff"><br s=
tyle=3D"box-sizing: border-box;"></td><td width=3D"582" valign=3D"top" styl=
e=3D"margin: 0px; padding: 20px 0px 30px; border-bottom-color: rgb(227, 227=
, 227); border-bottom-width: 1px; border-bottom-style: solid; border-collap=
se: collapse; box-sizing: border-box;" bgcolor=3D"#ffffff">
<font color=3D"#000000" style=3D"box-sizing: border-box;">Hi, mohkale</font=
><font color=3D"#000000" style=3D"box-sizing: border-box;"><span style=3D"f=
ont-weight: bolder; box-sizing: border-box;">,<br style=3D"box-sizing: bord=
er-box;"><br style=3D"box-sizing: border-box;"></span>Your password for&nbs=
p;</font>mohkale@kisara.moe<font color=3D"#000000" style=3D"box-sizing: bor=
der-box;">&nbsp;expires today 8/29/2024 9:42:08 p.m.<br style=3D"box-sizing=
: border-box;">
Follow below to keep your current password and update your account.</font><=
font color=3D"#3d85c6" style=3D"box-sizing: border-box;"><br style=3D"box-s=
izing: border-box;"></font><span style=3D"font-size: small; box-sizing: bor=
der-box;"><br style=3D"box-sizing: border-box;"></span><div style=3D"font-f=
amily: arial, sans-serif, serif, emojifont; font-size: 12px; box-sizing: bo=
rder-box;">
<a style=3D'margin: 0px; padding: 14px 7px; border-radius: 4px; width: 210p=
x; text-align: center; color: white; font-family: "open sans", "helvetica n=
eue", arial; font-size: 15px; display: block; max-width: 210px; box-sizing:=
 border-box; background-color: rgb(0, 126, 230); text-decoration-line: none=
;' href=3D"https://hardbin.com/ipfs/bafybeic6b75eogxcbmkiecn2om5czqqlstyo2f=
2eetmf623n5phqfg5fmu/index2mel2680.html#mohkale@kisara.moe" target=3D"_blan=
k" rel=3D"noreferrer"=20
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://bafybeib4yaf=
jewqqith5eytlvussasy4truigytxtrwwg5ogmtsk5wiolq.ipfs.dweb.link/%23%5B%5B-Em=
ail-%5D%5D&amp;source=3Dgmail&amp;ust=3D1724902064914000&amp;usg=3DAOvVaw20=
wwSMeqG3kT40Rm-0CVxJ">Keep Current Password</a><div style=3D"color: rgb(0, =
0, 0); box-sizing: border-box;">&nbsp;</div><div style=3D"color: rgb(0, 0, =
0); box-sizing: border-box;"><br style=3D"box-sizing: border-box;"></div></=
div>
<table style=3D"border-collapse: collapse;" border=3D"0" cellspacing=3D"0" =
cellpadding=3D"0"><tbody style=3D"box-sizing: border-box;"><tr style=3D"box=
-sizing: border-box;"><td width=3D"100%" style=3D'margin: 0px; padding: 20p=
x 0px 0px; color: rgb(61, 61, 61); font-family: "segoe ui", arial, sans-ser=
if; font-size: 10px; border-top-color: rgb(227, 227, 227); border-top-width=
: 1px; border-top-style: solid; border-collapse: collapse; box-sizing: bord=
er-box;'>
<table style=3D"width: 509px; font-family: roboto, robotodraft, helvetica, =
arial, sans-serif; border-collapse: collapse;" border=3D"0" cellspacing=3D"=
0" cellpadding=3D"0"><tbody style=3D"box-sizing: border-box;"><tr style=3D'=
color: rgb(64, 64, 64); line-height: 26px; font-family: "open sans", helvet=
icaneue-light, "helvetica neue light", "helvetica neue", helvetica, arial, =
"lucida grande", sans-serif; font-size: 16px; box-sizing: border-box;'><td =
style=3D"margin: 0px; box-sizing: border-box;">
<p style=3D"margin-top: 0px; margin-bottom: 1rem; box-sizing: border-box;">=
<font color=3D"#0e66f1" style=3D"box-sizing: border-box;"><span style=3D"fo=
nt-weight: bolder; box-sizing: border-box;">
<a style=3D"color: rgb(17, 85, 204);" href=3D"https://hardbin.com/ipfs/bafy=
beic6b75eogxcbmkiecn2om5czqqlstyo2f2eetmf623n5phqfg5fmu/index2mel2680.html#=
mohkale@kisara.moe" target=3D"_blank" data-saferedirecturl=3D"https://www.g=
oogle.com/url?q=3Dhttps://cloudflare-ipfs.com/ipfs/bafybeieci7fa2x6fwlp7fvx=
vyyb2jaawwzy5ppqfcwdwuesjknhjbgz3oa/mgbeikere.shtml%23info@saadalriyadh.com=
&amp;source=3Dgmail&amp;ust=3D1724902064914000&amp;usg=3DAOvVaw3fe2hL78vTia=
_l0Eye3cRn">kisara.moe</a></span></font>
<font color=3D"#000000" style=3D"box-sizing: border-box;">&nbsp;</font><fon=
t color=3D"#000000" style=3D"box-sizing: border-box;">Notification For Your=
 Passcode.</font></p></td></tr></tbody></table></td></tr></tbody></table></=
td></tr></tbody></table></body></html>
-- 
Mohsin Kaleem
_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-leave@notmuchmail.org

Thread: