You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/09/01 18:38:23 UTC
svn commit: r1621839 - in /spamassassin/trunk/rulesrc/sandbox/jhardin:
20_misc_testing.cf 20_tbird_image_spam.cf
Author: jhardin
Date: Mon Sep 1 16:38:23 2014
New Revision: 1621839
URL: http://svn.apache.org/r1621839
Log:
FP avoidance and score tuning
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1621839&r1=1621838&r2=1621839&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Sep 1 16:38:23 2014
@@ -957,7 +957,7 @@ meta TVD_SPACE_RATIO_MINFP __TVD
score TVD_SPACE_RATIO_MINFP 3.500 # limit
meta TVD_SPACE_ENCODED __TVD_SPACE_RATIO && __SUBJECT_ENCODED_B64 && !__LCL__ENV_AND_HDR_FROM_MATCH
-score TVD_SPACE_ENCODED 3.000 # limit
+score TVD_SPACE_ENCODED 1.000 # limit
# sample from users list: Subject: Sta ffWork sFastToSen dTab le tsGood s
header __SUBJ_BROKEN_WORD Subject =~ /\s(?!i[PTM][aoh][bcdou])[a-z]{1,3}[A-Z][a-z]{2}/
@@ -985,18 +985,21 @@ tflags XM_PHPMAILER_FORGED publi
# from spample on users list 7/24/2011
header __XM_EC_MESSENGER X-Mailer =~ /\beC-Messenger\b/
-meta XM_EC_MESSENGER __XM_EC_MESSENGER
-describe XM_EC_MESSENGER eC-Messenger bulk mail service
+#meta XM_EC_MESSENGER __XM_EC_MESSENGER
+#describe XM_EC_MESSENGER eC-Messenger bulk mail service
header __SUBJ_OBFU_PUNCT Subject =~ /(?:(?!<[a-z][a-z])[-~`"!@\#$%^&*()_+={}|\\\/?<>,.:;][a-z][-~`"!@\#$%^&*()_+={}|\\\/?<>,.:;\s]|[a-z][~`"!@\#$%^&*()_+={}|\\?<>,.:;][a-z])/i
tflags __SUBJ_OBFU_PUNCT multiple maxhits=4
-meta SUBJ_OBFU_PUNCT_FEW __SUBJ_OBFU_PUNCT > 1 && !__SUBJECT_ENCODED_B64 && !__VIA_ML && !__THREADED && !__RP_MATCHES_RCVD && !__DKIM_EXISTS && !NO_RELAYS && !__X_CRON_ENV && !__MSOE_MID_WRONG_CASE && !__HS_SUBJ_RE_FW && !__HAS_THREAD_INDEX && !__REPLYTO_EXISTS && !__RCD_RDNS_MAIL_MESSY
+meta SUBJ_OBFU_PUNCT_FEW __SUBJ_OBFU_PUNCT > 1 && !__THREADED && !__RP_MATCHES_RCVD && !__NOT_SPOOFED && !__LCL__ENV_AND_HDR_FROM_MATCH
describe SUBJ_OBFU_PUNCT_FEW Possible punctuation-obfuscated Subject: header
score SUBJ_OBFU_PUNCT_FEW 0.750
-meta SUBJ_OBFU_PUNCT_MANY __SUBJ_OBFU_PUNCT > 2 && !__SUBJECT_ENCODED_B64 && !__VIA_ML && !__THREADED && !__RP_MATCHES_RCVD && !__DKIM_EXISTS && !NO_RELAYS && !__X_CRON_ENV && !__MSOE_MID_WRONG_CASE && !__HS_SUBJ_RE_FW && !__HAS_THREAD_INDEX && !__REPLYTO_EXISTS && !__RCD_RDNS_MAIL_MESSY
+meta SUBJ_OBFU_PUNCT_MANY __SUBJ_OBFU_PUNCT > 2 && !__THREADED && !__RP_MATCHES_RCVD && !__NOT_SPOOFED && !__LCL__ENV_AND_HDR_FROM_MATCH
describe SUBJ_OBFU_PUNCT_MANY Punctuation-obfuscated Subject: header
score SUBJ_OBFU_PUNCT_MANY 1.750
+meta SUBJ_MANGLED __SUBJ_OBFU_PUNCT && __GAPPY_SUBJECT
+score SUBJ_MANGLED 2.000 # limit
+
# A document was scanned and sentto you using a Hewlett-Packard HP Officejet
# A document was scanned and sent to you using a Hewlett-Packard HP Officejet
# Scan from Hewlet-Packard Officejet
@@ -1259,7 +1262,7 @@ score GAPPY_LOW_CONTRAST 2.500
meta URI_ONLY_LOW_CONTRAST __HTML_FONT_LOW_CONTRAST_MINFP && __BODY_URI_ONLY
score URI_ONLY_LOW_CONTRAST 2.500 # limit
-meta SUBJ_OBFU_LOW_CNTRST __HTML_FONT_LOW_CONTRAST_MINFP && SUBJ_OBFU_PUNCT_FEW
+meta SUBJ_OBFU_LOW_CNTRST __HTML_FONT_LOW_CONTRAST_MINFP && __SUBJ_OBFU_PUNCT && !ALL_TRUSTED
describe SUBJ_OBFU_LOW_CNTRST Subject obfuscation + hidden text
score SUBJ_OBFU_LOW_CNTRST 2.500 # limit
@@ -1637,7 +1640,8 @@ describe URI_GOOGLE_PROXY Ac
tflags URI_GOOGLE_PROXY publish
-meta RPATH_NULL_CTCQ __BOUNCE_RPATH_NULL && __CTYPE_CHARSET_QUOTED && !__VIA_ML && !__SUBJECT_ENCODED_QP && !ANY_BOUNCE_MESSAGE && !__DOS_HAS_LIST_UNSUB
+meta RPATH_NULL_CTCQ __BOUNCE_RPATH_NULL && __CTYPE_CHARSET_QUOTED && !__VIA_ML && !__SUBJECT_ENCODED_QP && !ANY_BOUNCE_MESSAGE && !__DOS_HAS_LIST_UNSUB && !__TAG_EXISTS_STYLE
+score RPATH_NULL_CTCQ 2.000 # limit
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf?rev=1621839&r1=1621838&r2=1621839&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf Mon Sep 1 16:38:23 2014
@@ -28,7 +28,7 @@ describe FORGED_TBIRD_IMG_ARROW Likel
#score FORGED_TBIRD_IMG_ARROW 0.8
meta __TO_NO_BRKTS_HTML_IMG __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && HTML_MESSAGE && __ONE_IMG
-meta TO_NO_BRKTS_HTML_IMG __TO_NO_BRKTS_HTML_IMG && !__FM_TO_ALL_NUMS && !__FROM_FULL_NAME && !__HAS_THREAD_INDEX && !__DKIM_EXISTS
+meta TO_NO_BRKTS_HTML_IMG __TO_NO_BRKTS_HTML_IMG && !__FM_TO_ALL_NUMS && !__FROM_FULL_NAME && !__HAS_THREAD_INDEX && !__DKIM_EXISTS && !__KHOP_NO_FULL_NAME
describe TO_NO_BRKTS_HTML_IMG To: misformatted and HTML and one image
score TO_NO_BRKTS_HTML_IMG 2.000 # limit
tflags TO_NO_BRKTS_HTML_IMG publish