Guys, anyone else seeing these? What I am mostly interested in is, whether this pattern is specific to this long-standing German spam run, or if there are actually payload variants in other languages, too.
header BCDE From:addr =~ /^(?:[bcde][a-z]){16,}\@/ Going from memory, they are botnet generated and usually hit PBL. Please don't feel left out if you're not seeing them, and reject at the SMTP level based on ZEN. Don't even bother grepping your reject logs -- the Envelope-From does not match this pattern, but uses an unrelated, almost as stupid forged address. Bonus points if you find a FP match. ;) -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}