“X-Mailer: RLSP Mailer” appears to be a highly reliable indicator for spam, at least judging by the 250 or so messages i’ve gotten with that header in the last several months, which appear to all be variants of lottery and 419 spam. one place it comes up in a google search is the source for myphpnuke. i wonder if there’s a connection.

that reminds me: i should start using the spamassassin backport, to join the world of spamassassin 3.0. something to add to the list of things to play with over the long holiday weekend.

» » code » 2 comments, add yours
« november 21, 2004 8:08am november 23, 2004 2:23pm »

comments

I once did some similar research and noticed that spammers tend to use really strange X-Mailer identifications from time to time:

embeddable crestfallen, ekstrom beijing justiciable, ejpmdg opixsf pysode, drunken headwater, divergent scrimmage mansfield, bridegroom greenwood

Just to name a few ...

» Martin Jansen (link) » november 23, 2004 2:03pm

wow, just found this entry via a google search for guess-what ;)

Yep, phpnuke has a mailer bug that is actively being exploited, mostly by 419 spammers as far as I can see. LOTS of this spam recently. AFAIK, they've fixed it upstream, but there's still a lot of vulnerable phpnukes out there...

» Justin Mason (link) » january 5, 2005 6:33pm

add a comment

sorry, comments on this post are closed.