On Tue, 9 Sep 2014, Bob Proulx wrote:
I am helping a friend who is getting hit with a lot of spam. He is
running SpamAssassin. While looking at the spam that he is receiving
I am seeing a pattern in the headers. Along with the normal headers
the messages also contain a random set of "random" headers. Here are
just the pattern headers from the message.
Spam 1:
Martian-Scurf: d4b0a3f064bc16518af081b52350787f9442861
Gonad-Marfa: 9442861.d4b0a3f064bc16518af081b52350787f.9442861
Diamant-Hop:
d4b0a3f064bc16518af081b52350787f22464616.9442861d4b0a3f064bc16518af
Mutiny-Tardo: 22464616-22464616
Odinist-Gawsy: d4b0a3f064bc16518af081b52350787f-22464616
Pennant-Agape: 9442861-22464616
That sort of random garbage was reported last week and there's a rule in
the sandbox for it, but there's almost none in the masscheck corpus so it
won't be scored or released.
http://ruleqa.spamassassin.org/?daterev=20140909-r1623698-n&rule=%2FRAND_HEADER
If it starts hitting the corpora it might get scored and released...
Is there a way to use this to create a SpamAssassin rule to try to
catch this type of spam?
Grab the RAND_HEADER rules (there are several related, get them all) from
my sandbox and score as you see fit.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #9: Accuracy is relative: most combat
shooting standards will be more dependent on "pucker factor" than
the inherent accuracy of the gun.
-----------------------------------------------------------------------
Tomorrow: the 13rd anniversary of 9/11
