You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2010/12/17 07:57:38 UTC
svn commit: r1050290 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Author: khopesh
Date: Fri Dec 17 06:57:38 2010
New Revision: 1050290

URL: http://svn.apache.org/viewvc?rev=1050290&view=rev
Log:
auto-generated rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1050290&r1=1050289&r2=1050290&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Fri Dec 17 06:57:38 2010
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf	v 201012161
+## khop-sc-neighbors.cf	v 201012171
 ## Khopesh's syndication of SpamCop's top offenders and top offending networks.
 ## 
 ## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@
 
 # http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
 # Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:13|89)|59|94)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:22|89)|59|94)(?:\.[012]?\d{1,2}){3}\b) /
 # and gets cleaned up a bit
 meta	 KHOP_SC_CIDR8	__KHOP_SC_CIDR8 && !(__VIA_ML||__freemail_safe||__RCVD_IN_DNSWL||RCVD_IN_HOSTKARMA_WL)
 describe KHOP_SC_CIDR8  Relay CIDR /8 is among worst in SpamCop
@@ -72,7 +72,7 @@ score	 KHOP_SC_CIDR16  1.6 0.5 1.6 0.5
 # 0     /0      0     20100409  (wha!?)
 # crap, still empty   20100410  bad scrape, script failed to populate rule
 
-header	 KHOP_SC_TOP_CIDR16  Received =~ /(?-xism:\b1(?:23\.2[67]|78\.125|82\.178)(?:\.[012]?\d{1,2}){2}\b)/
+header	 KHOP_SC_TOP_CIDR16  Received =~ /(?-xism:\b1(?:23\.2[67]|78\.125)(?:\.[012]?\d{1,2}){2}\b)/
 describe KHOP_SC_TOP_CIDR16  Relay CIDR /16 leads SpamCop in worst /16s
 tflags	 KHOP_SC_TOP_CIDR16  nopublish
 score	 KHOP_SC_TOP_CIDR16  2.0 0.5 2.0 0.5
@@ -89,7 +89,7 @@ score	 KHOP_SC_TOP_CIDR16  2.0 0.5 2.0 0
 
 
 # http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:7(?:3\.236\.84|4\.137\.41|8\.49\.255)|40\.135\.131|09\.172\.40)|2(?:1(?:(?:3\.233|8\.248)\.64|6\.157\.148|7\.118\.81)|08\.100\.48)|8(?:(?:9\.232\.10|5\.26\.22)5|1\.192\.238|0\.95\.70)|9(?:(?:5\.129\.16|1\.198\.8)6|3\.1(?:25\.40|86\.96))|7(?:7\.232\.143|4\.82\.212)|41\.254\.1)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:7(?:3\.236\.84|4\.137\.41|8\.49\.255)|09\.172\.(?:40|53)|13\.162\.125)|2(?:1(?:(?:3\.233|8\.248)\.64|7\.118\.(?:81|90))|08\.100\.48)|8(?:5\.26\.(?:164|225)|1\.192\.238|9\.232\.105|3\.149\.21)|7(?:7\.232\.143|4\.82\.212)|9(?:5\.129\.16|3\.186\.9)6|41\.254\.1|68\.67\.95)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_CIDR24  Relay CIDR /24 is among worst in SpamCop
 tflags	 KHOP_SC_CIDR24  nopublish
 score	 KHOP_SC_CIDR24  2.5 0.6 2.5 0.6
@@ -106,7 +106,7 @@ score	 KHOP_SC_CIDR24  2.5 0.6 2.5 0.6
 # 0.2960/0      1.000 20100409
 # 0.2905/0      1.000 20100410  net
 
-header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:2(?:1(?:7\.(?:118\.(?:8[23]|90)|8\.2(?:25|36)|66\.146)|3\.(?:87\.7[46]|233\.64)|1\.147\.3)|0(?:3\.(?:152\.2|82\.95)|2\.152\.243))|8(?:5\.26\.(?:1(?:6[45]|8[36])|2(?:3[2345]|41))|3\.149\.(?:3[268]?|2[18]|4[16])|1\.192\.(?:2(?:11|38)|199)|0\.83\.239)|1(?:13\.1(?:62\.(?:[67]7|246)|0\.16[78])|78\.(?:49\.255|32\.64)|84\.105\.195|09\.172\.53)|7(?:6\.164\.226|7\.232\.142|9\.106\.109)|6(?:5\.110\.50|1\.19\.66)|41\.(?:254\.[01]|95\.4)|91\.203\.67)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:8(?:5\.26\.(?:1(?:6[45]|8[36])|2(?:3[2345]|41))|3\.149\.(?:3[268]?|2[18]|4[16])|1\.192\.(?:2(?:11|38)|199)|0\.83\.239)|2(?:1(?:7\.(?:118\.(?:8[23]|90)|8\.2(?:25|36)|66\.146)|3\.(?:87\.7[46]|233\.64)|1\.147\.3)|03\.(?:152\.2|82\.95))|1(?:13\.1(?:62\.(?:[67]7|246)|0\.16[78])|78\.(?:49\.255|32\.64)|84\.105\.195)|7(?:6\.164\.226|7\.232\.142|9\.106\.109)|6(?:5\.110\.50|1\.19\.66)|41\.(?:254\.[01]|95\.4)|91\.203\.67)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_TOP_CIDR24  Relay CIDR /24 leads SpamCop in worst /24s
 tflags	 KHOP_SC_TOP_CIDR24  nopublish
 score	 KHOP_SC_TOP_CIDR24  2.7 0.6 2.7 0.6
@@ -123,7 +123,7 @@ score	 KHOP_SC_TOP_CIDR24  2.7 0.6 2.7 0
 
 
 # http://www.spamcop.net/w3m?action=hoshame
-header	 KHOP_SC_TOP200  Received =~ /___ FAILED TO POPULATE ___/
+header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:9(?:5\.(?:1(?:6(?:1\.(?:40\.10|8\.1|9\.2)|0\.253\.4)|38\.78\.124)|205\.162\.36|82\.172\.28)|4\.(?:1(?:26\.180\.118|58\.206\.90|65\.147\.23|35\.105\.1)|50\.9\.114)|3\.(?:1(?:07\.184\.193|72\.248\.194)|239\.44\.193)|6\.(?:201\.207\.191|43\.84\.145)|0\.(?:210\.25\.225|30\.236\.34)|9\.236\.117\.210|2\.192\.3\.4)|7(?:4\.(?:137\.41\.2(?:4[147]|3[07])|34\.178\.18)|8\.(?:49\.255\.1(?:0[34]|25)|32\.64\.195)|3\.236\.84\.1(?:5[567]|46))|2(?:4\.1(?:58\.110\.64|24\.43\.32)|1\.(?:78\.236\.38|52\.152\.2)|2\.252\.234\.74|5\.20\.82\.195|3\.27\.79\.11)|1(?:3\.1(?:6(?:2\.125\.130|1\.4\.102)|90\.161\.239)|1\.(?:224\.250\.13[45]|68\.108\.200)|7\.211\.83\.131)|8(?:4\.105\.195\.(?:8[1378]|9[02]|77)|7\.8\.185\.202)|40\.135\.131\.202|59\.148\.96\.251|63\.21\.100\.4)|2(?:1(?:6\.(?:157\.1(?:4(?:6\.(?:1(?:28|92)|64|2)|8\.(?:128|64|2)|1\.2)|5(?:0\.(?:1(?:28|92)|64|2)|4\.(?:1(?:28|92)|2)))|81\.7(?:[02]\.(?:1(?:28|92)|64|2)|3\.(?:128|64|2)|1\.(?:192|64
 ))|38\.2\.1(?:7[19]|8[04]))|3\.(?:1(?:8(?:2\.85\.167|6\.38\.38)|92\.0\.99)|79\.125\.122)|0\.(?:2(?:45\.234\.130|12\.163\.42)|91\.239\.10)|2\.(?:(?:71\.150\.14|156\.51\.6)6|244\.131\.5)|9\.(?:94\.175\.135|147\.172\.2)|8\.2(?:48\.44\.196|34\.21\.89)|1\.1(?:3\.204\.1|47\.3\.74)|7\.76\.2\.129)|0(?:2\.(?:1(?:02\.194\.78|83\.233\.4)|28\.24\.99)|8\.(?:100\.48\.(?:2[267]|10)|64\.25\.29)|0\.(?:108\.109\.179|95\.162\.206)|1\.(?:251\.250\.3|86\.130\.94)|3\.177\.237\.103)|2(?:2\.(?:179\.44\.11|252\.223\.2)|0\.231\.69\.13)|4\.245\.41\.131)|9(?:1\.(?:1(?:(?:49\.173\.10|21\.175\.2)0|9(?:5\.230\.13|3\.199\.4))|214\.(?:128\.20|83\.2))|4\.(?:2(?:(?:00\.27\.1|3\.60\.12)4|29\.228\.240|45\.156\.33)|79\.4\.3)|3\.1(?:2(?:5\.40\.15|6\.15\.49)|09\.251\.130|90\.104\.7)|8\.239\.105\.218)|6(?:6\.1(?:1(?:7\.247\.178|\.225\.66)|97\.246\.(?:108|99))|1\.1(?:39\.151\.18|12\.19\.81|26\.28\.97)|5\.110\.50\.1(?:5[79]|6[49]|7[17])|2\.(?:176\.169\.79|75\.222\.61)|9\.6(?:4\.155\.181|5\.43\.99)|8\.67\.95\.(?:8[01]
 |77)|7\.15\.97\.5)|7(?:4\.(?:8(?:2\.212\.1(?:35|52)|6\.133\.183)|53\.229\.178)|7\.(?:2(?:21\.143\.163|32\.68\.24)|92\.159\.102)|6\.16(?:4\.226\.(?:3[48]|5[15]|48)|1\.241\.115)|9\.1(?:33\.193\.194|72\.211\.67)|0\.108\.253\.223|2\.29\.104\.15)|8(?:2\.(?:1(?:93\.140\.168|17\.194\.66)|207\.99\.94)|0\.(?:9(?:3\.17\.249|5\.70\.173)|65\.16\.71)|3\.(?:142\.111\.228|240\.1\.136)|4\.1(?:09\.59\.111|5\.191\.254)|8\.255\.153\.106|1\.255\.83\.190)|41\.(?:137\.(?:(?:2[04]|56)\.4|63\.20[123])|206\.13\.3)|58\.150\.55\.59)\b)/
 describe KHOP_SC_TOP200  Relay listed in SpamCop top 200 spammer IPs
 tflags	 KHOP_SC_TOP200  nopublish
 score	 KHOP_SC_TOP200  4 0 4 0	# unnecessary if DNSBLs work
@@ -140,7 +140,7 @@ score	 KHOP_SC_TOP200  4 0 4 0	# unneces
 
 # PSBL-neighbors:  any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
 # as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ /(?-xism:\b(?:1(?:1(?:9\.15(?:9\.(?:2(?:1[1234579]|0[123]|2[013])|19[39])|5\.(?:10[02]|3[379]|[49]7)|3\.(?:9[78]?|14))|3\.1(?:6(?:2\.(?:2(?:2[4578]|3[48]|4[46])|6[57]|9[67]|[78]7|132|56)|9\.181)|0\.168)|6\.71\.(?:2(?:1[346]|0[89]|20|7)|1(?:4[789]|5[01]?|8)?|32|0)|7\.2(?:00\.(?:193|209)|41\.(?:248|81))|0\.49\.(?:193|205))|8(?:6\.2\.136|8\.135\.2)|25\.23(?:4\.144|5\.192)|78\.49\.255|\.53\.149)|8(?:5\.26\.(?:1(?:6[45]|8[36])|2(?:3[2345]|41))|3\.149\.(?:3[5678]?|4[156]|2[18])|2\.1(?:28\.5[45]|13\.106|78\.69)|9\.2(?:04\.1(?:37|53)|32\.105)|1\.192\.(?:2(?:1[15]|38)|199)|0\.83\.239)|2(?:1(?:7\.(?:118\.(?:8[23]|90)|8\.2(?:3[68]|25)|66\.146)|3\.87\.(?:8[01789]|9[012]|7[46]|197))|0(?:3\.(?:152\.2|82\.95)|2\.152\.243|8\.54\.14))|59\.9(?:9\.(?:1(?:2[89]|5[23]|30)|5[78])|7\.210|8\.152)|6(?:1\.19\.6[567]|6\.87\.[016])|41\.(?:254\.[0123]|95\.[48])|77\.232\.142)\.[012]?\d{1,2}\b)/
+header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ /(?-xism:\b(?:1(?:1(?:3\.1(?:6(?:2\.(?:2(?:2[4578]|3[48]|4[46])|6[57]|9[67]|[78]7|132|56)|9\.181)|0\.168)|9\.15(?:9\.(?:2(?:1[123579]|0[123]|23)|19[39])|5\.(?:3[379]|[49]7)|3\.97?)|6\.71\.(?:1(?:50?|49)?|2(?:1[46]|7)|32)|7\.2(?:41\.(?:248|81)|00\.193)|0\.49\.(?:193|205))|25\.23(?:4\.144|5\.192)|78\.49\.255|88\.135\.2)|8(?:5\.26\.(?:1(?:6[45]|8[36])|2(?:3[2345]|41))|3\.149\.(?:3[568]?|2[18]|4[16])|9\.2(?:04\.1(?:37|53)|32\.105)|1\.192\.(?:2(?:1[15]|38)|199)|2\.1(?:28\.5[45]|78\.69)|0\.83\.239)|2(?:1(?:7\.(?:118\.(?:8[23]|90)|8\.2(?:3[68]|25)|66\.146)|3\.87\.(?:8[01789]|9[012]|7[46]|197))|0(?:3\.(?:152\.2|82\.95)|2\.152\.243|8\.54\.14))|59\.9(?:9\.(?:1(?:2[89]|5[23]|30)|5[78])|7\.216)|41\.(?:95\.(?:[248]|10)|254\.[012])|6(?:1\.19\.6[567]|6\.87\.[016])|77\.232\.142|91\.203\.67)\.[012]?\d{1,2}\b)/
 describe KHOP_PSBL_CIDR24	Relay's IP/24 CIDR contains many PSBL hits
 tflags	 KHOP_PSBL_CIDR24	nopublish
 score	 KHOP_PSBL_CIDR24	1.8 0.8 1.8 0.8