Mailing List Archive: Random Words

Random Words

jason at akota

Feb 23, 2004, 9:16 AM

Post #1 of 6 (1046 views)

Permalink

Hello,

Can anyone point me to a random words rule?

Thanks,

Jason

Re: Random Words [ In reply to ]

johnh at aproposretail

Feb 23, 2004, 10:30 AM

Post #2 of 6 (1026 views)

Permalink

On Mon, 2004-02-23 at 08:16, Jason Granat wrote:
> Hello,
>
> Can anyone point me to a random words rule?

Do you mean something like:

describe CLUMSY_SPAMMER_01 Spammer botched his email obfuscation
rawbody CLUMSY_SPAMMER_01 //
score CLUMSY_SPAMMER_01 1.0

?

--
John Hardin KA7OHZ
Internal Systems Administrator/Guru voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute an
emergency on my part.
- David W. Barts in a.s.r
-----------------------------------------------------------------------
7 days until ICQ Corp goes away - have you installed Jabber yet?

Re: Random Words [ In reply to ]

spamassassin.andy at spiegl

Feb 23, 2004, 2:45 PM

Post #3 of 6 (1025 views)

Permalink

Hi John,

> describe CLUMSY_SPAMMER_01 Spammer botched his email obfuscation
> rawbody CLUMSY_SPAMMER_01 //
> score CLUMSY_SPAMMER_01 1.0

Is RANDOM_WORD part of the standard SA-distribution? (v2.63)
I can't find it anywhere in the perl code...

[OT]
> 7 days until ICQ Corp goes away - have you installed Jabber yet?
Oops, what? Haven't heard about that one before? Are you sure?
I don't see anything on the ICQ website...
[/OT]

Thanks,
Andy.

--
o _ _ _
------- __o __o /\_ _ \\o (_)\__/o (_) -o)
----- _`\<,_ _`\<,_ _>(_) (_)/<_ \_| \ _|/' \/ /\\
---- (_)/ (_) (_)/ (_) (_) (_) (_) (_)' _\o_ _\_v
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cogito ergo sum, bibo ergo sum, cogito ergo bib, bibo ergo bib?

Re: Random Words [ In reply to ]

wstearns at pobox

Feb 23, 2004, 2:52 PM

Post #4 of 6 (1032 views)

Permalink

Good afternoon, Jason,

On Mon, 23 Feb 2004, Jason Granat wrote:

> Can anyone point me to a random words rule?

http://www.stearns.org/sa-blacklist/random.current.cf
Cheers,
- Bill

---------------------------------------------------------------------------
"Villanueva pointed out that the state has recently begun paying
water and energy bills on behalf of many schools. '(T)hey are so poor
that they could not afford these services, and the provision was being
interrupted,' he said. 'Does it make sense in this context to use
tax-payer's money to pay Microsoft licenses?' "
-- Peruvian congressman Edgar Villanueva
(Courtesy of http://www.wired.com/news/business/0,1367,54141-2,00.html )
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------

Re: Random Words [ In reply to ]

lwilton at earthlink

Feb 23, 2004, 2:59 PM

Post #5 of 6 (1023 views)

Permalink

You probably want to trip off to the Rules Emporium and grab all the great
rulesets floating around to catch the current spams. However, the specific
case of 'stupid spammer' is handled by:

http://www.stearns.org/sa-blacklist/random.current.cf

----- Original Message -----
From: "Andy Spiegl" <spamassassin.andy@spiegl.de>
To: "SpamAssassin list" <spamassassin-users@incubator.apache.org>
Sent: Monday, February 23, 2004 1:45 PM
Subject: Re: Random Words

> Hi John,
>
> > describe CLUMSY_SPAMMER_01 Spammer botched his email obfuscation
> > rawbody CLUMSY_SPAMMER_01 //
> > score CLUMSY_SPAMMER_01 1.0
>
> Is RANDOM_WORD part of the standard SA-distribution? (v2.63)
> I can't find it anywhere in the perl code...

Re: Random Words [ In reply to ]

johnh at aproposretail

Feb 23, 2004, 3:02 PM

Post #6 of 6 (1026 views)

Permalink

On Mon, 2004-02-23 at 13:45, Andy Spiegl wrote:
> Hi John,
>
> > describe CLUMSY_SPAMMER_01 Spammer botched his email obfuscation
> > rawbody CLUMSY_SPAMMER_01 //
> > score CLUMSY_SPAMMER_01 1.0
>
> Is RANDOM_WORD part of the standard SA-distribution? (v2.63)
> I can't find it anywhere in the perl code...

Nope, that's apparently part of an automated spam tool. I noticed in the
raw body of a few spams and decided it'd be a good trigger. Apparently
the spammers in question didn't run their spam tool correctly, and it
didn't do all the keyword substitutions it was supposed to.

I've also seen something similar on subject lines. I don't remember what
the precise token was, though.

> [OT]
> > 7 days until ICQ Corp goes away - have you installed Jabber yet?
> Oops, what?

"ICQ Corporate" (a.k.a. "ICQ Groupware") is a private-network
("corporate") ICQ server/client package that never made it out of beta
before being orphaned. It doesn't use the standard (Internet) ICQ
protocols so *only* the proprietary ICQ Corporate client will talk to
it. And the client isn't available on Linux. It's a dead end, so we're
replacing it with a living FOSS equivalent.

Gosh, I wish there was a way in Evolution to pick .sig files based on
the To: address. Then I wouldn't be bothering you guys with that purely
internal countdown... :)

--
John Hardin KA7OHZ
Internal Systems Administrator/Guru voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute an
emergency on my part.
- David W. Barts in a.s.r
-----------------------------------------------------------------------
7 days until ICQ Corp goes away - have you installed Jabber yet?