On Wed, 6 Jan 2016, Alarig Le Lay wrote:
Hello,
I would like to mark as spam some mails with some non-RFC headers, like
deWBv5PD: offrespourlespros.net$
PFoRSKwhcmpngevb: 13716$
3D2rJMSW: 57$
WbCMJZG5: Gfo9K3iRJMJfbUms0jMjfpCWb+Q6Cp8F67lfYgxMoVw=$
(You can get the full mail here: https://paste.swordarmor.fr/raw/EEgF)
So, I’m looking for a test witch matches this kind of headers but I
didn’t find it. Does it exist?
There's __RAND_HEADER and RAND_HEADER_MANY, but prior examples of random
garbage headers had some structure that was recognizable. This example
doesn't.
I could be interesting to have a regex that matches all the headers not
in https://tools.ietf.org/html/rfc4021.
I think that might be very FP-prone. There are a lot of legit non-standard
headers that don't start with X-
I'll see if I can do something with your sample...
...OK, lets see what masscheck thinks.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Je ne suis pas Charlie. Je suis armé.
-----------------------------------------------------------------------
Tomorrow: the 1st anniversary of the Charlie Hebdo massacre
