svn commit: r1621839 - in /spamassassin/trunk/rulesrc/sandbox/jhardin: 20_misc_testing.cf 20_tbird_image_spam.cf

[jh...@apache.org]

Author: jhardin
Date: Mon Sep  1 16:38:23 2014
New Revision: 1621839

URL: http://svn.apache.org/r1621839
Log:
FP avoidance and score tuning

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1621839&r1=1621838&r2=1621839&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Sep  1 16:38:23 2014
@@ -957,7 +957,7 @@ meta        TVD_SPACE_RATIO_MINFP  __TVD
 score       TVD_SPACE_RATIO_MINFP  3.500   # limit
 
 meta        TVD_SPACE_ENCODED      __TVD_SPACE_RATIO && __SUBJECT_ENCODED_B64 && !__LCL__ENV_AND_HDR_FROM_MATCH 
-score       TVD_SPACE_ENCODED      3.000   # limit
+score       TVD_SPACE_ENCODED      1.000   # limit
 
 # sample from users list:   Subject: Sta ffWork sFastToSen dTab le tsGood s
 header      __SUBJ_BROKEN_WORD     Subject =~ /\s(?!i[PTM][aoh][bcdou])[a-z]{1,3}[A-Z][a-z]{2}/
@@ -985,18 +985,21 @@ tflags      XM_PHPMAILER_FORGED    publi
 
 # from spample on users list 7/24/2011
 header      __XM_EC_MESSENGER      X-Mailer =~ /\beC-Messenger\b/
-meta        XM_EC_MESSENGER        __XM_EC_MESSENGER
-describe    XM_EC_MESSENGER        eC-Messenger bulk mail service
+#meta        XM_EC_MESSENGER        __XM_EC_MESSENGER
+#describe    XM_EC_MESSENGER        eC-Messenger bulk mail service
 
 header      __SUBJ_OBFU_PUNCT      Subject =~ /(?:(?!<[a-z][a-z])[-~`"!@\#$%^&*()_+={}|\\\/?<>,.:;][a-z][-~`"!@\#$%^&*()_+={}|\\\/?<>,.:;\s]|[a-z][~`"!@\#$%^&*()_+={}|\\?<>,.:;][a-z])/i
 tflags      __SUBJ_OBFU_PUNCT      multiple maxhits=4
-meta        SUBJ_OBFU_PUNCT_FEW    __SUBJ_OBFU_PUNCT > 1 && !__SUBJECT_ENCODED_B64 && !__VIA_ML && !__THREADED && !__RP_MATCHES_RCVD && !__DKIM_EXISTS && !NO_RELAYS && !__X_CRON_ENV && !__MSOE_MID_WRONG_CASE && !__HS_SUBJ_RE_FW && !__HAS_THREAD_INDEX && !__REPLYTO_EXISTS && !__RCD_RDNS_MAIL_MESSY
+meta        SUBJ_OBFU_PUNCT_FEW    __SUBJ_OBFU_PUNCT > 1 && !__THREADED && !__RP_MATCHES_RCVD && !__NOT_SPOOFED && !__LCL__ENV_AND_HDR_FROM_MATCH 
 describe    SUBJ_OBFU_PUNCT_FEW    Possible punctuation-obfuscated Subject: header
 score       SUBJ_OBFU_PUNCT_FEW    0.750
-meta        SUBJ_OBFU_PUNCT_MANY   __SUBJ_OBFU_PUNCT > 2 && !__SUBJECT_ENCODED_B64 && !__VIA_ML && !__THREADED && !__RP_MATCHES_RCVD && !__DKIM_EXISTS && !NO_RELAYS && !__X_CRON_ENV && !__MSOE_MID_WRONG_CASE && !__HS_SUBJ_RE_FW && !__HAS_THREAD_INDEX && !__REPLYTO_EXISTS && !__RCD_RDNS_MAIL_MESSY
+meta        SUBJ_OBFU_PUNCT_MANY   __SUBJ_OBFU_PUNCT > 2 && !__THREADED && !__RP_MATCHES_RCVD && !__NOT_SPOOFED && !__LCL__ENV_AND_HDR_FROM_MATCH 
 describe    SUBJ_OBFU_PUNCT_MANY   Punctuation-obfuscated Subject: header
 score       SUBJ_OBFU_PUNCT_MANY   1.750
 
+meta        SUBJ_MANGLED           __SUBJ_OBFU_PUNCT && __GAPPY_SUBJECT 
+score       SUBJ_MANGLED           2.000    # limit
+
 # A document was scanned and sentto you using a Hewlett-Packard HP Officejet
 # A document was scanned and sent to you using a Hewlett-Packard HP Officejet
 # Scan from Hewlet-Packard Officejet
@@ -1259,7 +1262,7 @@ score       GAPPY_LOW_CONTRAST    2.500 
 meta        URI_ONLY_LOW_CONTRAST __HTML_FONT_LOW_CONTRAST_MINFP && __BODY_URI_ONLY 
 score       URI_ONLY_LOW_CONTRAST 2.500   # limit
 
-meta        SUBJ_OBFU_LOW_CNTRST  __HTML_FONT_LOW_CONTRAST_MINFP && SUBJ_OBFU_PUNCT_FEW 
+meta        SUBJ_OBFU_LOW_CNTRST  __HTML_FONT_LOW_CONTRAST_MINFP && __SUBJ_OBFU_PUNCT && !ALL_TRUSTED 
 describe    SUBJ_OBFU_LOW_CNTRST  Subject obfuscation + hidden text
 score       SUBJ_OBFU_LOW_CNTRST  2.500   # limit
 
@@ -1637,7 +1640,8 @@ describe       URI_GOOGLE_PROXY       Ac
 tflags         URI_GOOGLE_PROXY       publish
 
 
-meta           RPATH_NULL_CTCQ        __BOUNCE_RPATH_NULL && __CTYPE_CHARSET_QUOTED && !__VIA_ML && !__SUBJECT_ENCODED_QP && !ANY_BOUNCE_MESSAGE && !__DOS_HAS_LIST_UNSUB 
+meta           RPATH_NULL_CTCQ        __BOUNCE_RPATH_NULL && __CTYPE_CHARSET_QUOTED && !__VIA_ML && !__SUBJECT_ENCODED_QP && !ANY_BOUNCE_MESSAGE && !__DOS_HAS_LIST_UNSUB && !__TAG_EXISTS_STYLE 
+score          RPATH_NULL_CTCQ        2.000   # limit
 
 
 

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf?rev=1621839&r1=1621838&r2=1621839&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf Mon Sep  1 16:38:23 2014
@@ -28,7 +28,7 @@ describe   FORGED_TBIRD_IMG_ARROW  Likel
 #score      FORGED_TBIRD_IMG_ARROW  0.8
 
 meta       __TO_NO_BRKTS_HTML_IMG  __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && HTML_MESSAGE && __ONE_IMG
-meta       TO_NO_BRKTS_HTML_IMG    __TO_NO_BRKTS_HTML_IMG && !__FM_TO_ALL_NUMS && !__FROM_FULL_NAME && !__HAS_THREAD_INDEX && !__DKIM_EXISTS 
+meta       TO_NO_BRKTS_HTML_IMG    __TO_NO_BRKTS_HTML_IMG && !__FM_TO_ALL_NUMS && !__FROM_FULL_NAME && !__HAS_THREAD_INDEX && !__DKIM_EXISTS && !__KHOP_NO_FULL_NAME 
 describe   TO_NO_BRKTS_HTML_IMG    To: misformatted and HTML and one image
 score      TO_NO_BRKTS_HTML_IMG    2.000   # limit
 tflags     TO_NO_BRKTS_HTML_IMG    publish