On Mon, 2010-02-01 at 13:15 -0500, Kevin A. McGrail wrote:
> > Ah, that widely spread mis-information The Bat! is a spam tool. Yes,
> > indeed, I've come across that too often, and The Bat! users probably are
> > used to such issues. Doesn't make it any better, does it? ;)
>
> In my experience, the bat is highly related to spam. However, I was
Now you got me confused. You mean a forged X-Mailer header, as opposed
to the real MUA itself being involved in spam. No?
> surprised to find out as you did that major ISPs in other countries were
> using it.
That's actually not what I found. What I found is, that onet.pl breaks
the MUA generated Date header, and rewrites it to at least inject that
tab. MUA agnostic. This alone trips the DATE_CONTAINS_TAB rule.
Arguably, you get what you deserve if you break MUA generated headers to
make it look like common ratware screw-ups.
This becomes more of a problem, if the onet.pl user also uses The Bat!,
since this triggers a second rule -- the real deal I hacked up a while
ago to counter a highly specific pattern in a low-scorer flood here. The
same as above, plus the X-Mailer constraint. The MUA never generates
Date headers with tab -- only ratware forging The Bat! does. And the
onet.pl SMTP servers, on behalf of their users. :-/
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
