You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2014/02/10 08:57:41 UTC
svn commit: r1566525 -
/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Author: khopesh
Date: Mon Feb 10 07:57:40 2014
New Revision: 1566525
URL: http://svn.apache.org/r1566525
Log:
auto-generated rules
Modified:
spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1566525&r1=1566524&r2=1566525&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Mon Feb 10 07:57:40 2014
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf v 20140292
+## khop-sc-neighbors.cf v 201402102
## Khopesh's syndication of SpamCop's top offenders and top offending networks.
##
## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@ meta __KHOP_SC_EXCLUSIONS __VIA_ML || __
# http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
# Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:[25]|188|46)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:[25]|(?:18|4)6)(?:\.[012]?\d{1,2}){3}\b) /
# and gets cleaned up a bit
meta KHOP_SC_CIDR8 __KHOP_SC_CIDR8 && !__KHOP_SC_EXCLUSIONS
describe KHOP_SC_CIDR8 Relay CIDR /8 is among worst in SpamCop
@@ -101,7 +101,7 @@ score KHOP_SC_TOP_CIDR16 0.6 0.2 0.7 0
# http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:7(?:3\.2(?:08\.21|12\.20)5|7\.223\.15[67])|(?:03\.25\.1|98\.246\.)46|84\.22\.53)|(?:221\.238\.2|91\.214\.13)1|6(?:1\.163\.101|0\.29\.104)|79\.124\.58|37\.48\.66)\.[012]?\d{1,2}\b)/
+header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:(?:03\.25\.1|98\.246\.)46|18\.244\.239|73\.208\.215|84\.22\.53)|2(?:21\.238\.21|04\.45\.55)|6(?:1\.163\.101|0\.29\.104)|3(?:1\.192\.111|7\.48\.66)|91\.214\.131|81\.92\.126)\.[012]?\d{1,2}\b)/
describe KHOP_SC_CIDR24 Relay CIDR /24 is among worst in SpamCop
tflags KHOP_SC_CIDR24 nopublish
score KHOP_SC_CIDR24 0.6 0 0.6 0
@@ -122,7 +122,7 @@ score KHOP_SC_CIDR24 0.6 0 0.6 0
# 0.4428/0 1.000 20130705@376k resume scores -> .6 0 .6 0
-header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:8(?:1\.66\.15[67]|3\.182\.39)|7(?:3\.208\.186|7\.223\.143)|1(?:8\.244\.239|6\.112\.66)|2(?:0\.143\.5|5\.93\.77)|03\.25\.14[56]|98\.143\.150)|9(?:(?:1\.218\.(?:11|24)|3\.115\.8)5|4\.20\.224)|(?:31\.192\.11|74\.91\.3)1)\.[012]?\d{1,2}\b)/
+header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:9(?:0\.234\.10[56]|8\.143\.150)|8(?:1\.66\.15[67]|3\.182\.39)|(?:73\.208\.18|16\.112\.6)6|2(?:0\.143\.5|5\.93\.77)|03\.25\.14[56])|9(?:(?:1\.218\.(?:11|24)|3\.115\.8)5|4\.20\.224)|7(?:9\.124\.58|4\.91\.31)|31\.192\.111)\.[012]?\d{1,2}\b)/
describe KHOP_SC_TOP_CIDR24 Relay CIDR /24 leads SpamCop in worst /24s
tflags KHOP_SC_TOP_CIDR24 nopublish
score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0.5
@@ -142,7 +142,7 @@ score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0
# http://www.spamcop.net/w3m?action=hoshame
-header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:2(?:1(?:6\.(?:20\.50|8\.158)|7\.161\.3)|20\.224\.59)|1(?:59\.101\.37|63\.149\.29))|6\.(?:255\.241\.111|112\.66\.102)|3\.199\.80\.47|8\.244\.239\.2)|8(?:4\.(?:22\.(?:1(?:97\.216|52\.8)|53\.(?:190?|201))|82\.1(?:7(?:1\.234|9\.117)|23\.85))|5\.(?:24\.232\.(?:193|206)|8\.107\.51)|2\.172\.22\.57)|9(?:8\.(?:143\.1(?:50\.2(?:4[0789]|5[012]|39)|28\.1(?:39|44))|246\.46\.27)|(?:2\.208\.185\.17|7\.253\.6\.6)8|0\.107\.140\.76|3\.109\.69\.145)|2(?:1\.(?:13(?:4\.238\.129|7\.91\.42)|88\.54\.17)|(?:8\.140\.219\.10|5\.93\.77\.12)5|4\.160\.35\.2)|73\.2(?:08\.(?:186\.8[3456]|215\.164)|12\.205\.158)|\.209\.242\.218)|2(?:1(?:1\.(?:1(?:69\.224\.17|15\.71\.18)|233\.(?:64\.110|71\.76))|0\.(?:217\.150\.195|183\.179\.39)|3\.135\.113\.197|9\.238\.181\.120|6\.107\.159\.92|7\.13\.154\.155|8\.38\.29\.68)|2(?:1\.2(?:3(?:2\.247\.27|8\.21\.251)|14\.2(?:08\.226|14\.187))|2\.(?:200\.182\.65|99\.202\.239)|0\.164\.162\.22)|0(?:2\.(?:234\.40\.41|179\.0\.88)
|3\.230\.112\.4[45]|5\.164\.26\.36)|3\.238\.207\.130)|9(?:1\.218\.(?:115\.1(?:6[01246789]|8[01245678]|7[013459]|3[3456])|245\.(?:[456]|2[012345789]?|1[01356789]|30?))|3\.115\.85\.2(?:3[01345689]|4[012345]|2[789])|4\.(?:232\.184\.67|77\.199\.148))|6(?:1\.(?:1(?:06\.235\.189|63\.101\.42)|43\.97\.132|98\.77\.169)|0\.(?:190\.92\.234|29\.104\.197))|7(?:(?:7\.106\.232\.1|8\.29\.4\.)78|9\.124\.58\.1(?:3[26]|5[15]|46)|4\.91\.31\.2(?:29|30))|3(?:1\.1(?:92\.111\.(?:9[0123456]|[78]\d|6[89])|86\.87\.231)|7\.48\.66\.(?:2[04]|18?|3))|8(?:(?:4\.203\.244\.5|1\.92\.126\.4)0|7\.204\.110\.176|5\.185\.112\.8)|5(?:8\.151\.(?:171\.114|38\.107)|0\.193\.157\.62)|46\.182\.92\.117)\b)/
+header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:2(?:1(?:6\.[23]0\.50|7\.161\.3)|20\.224\.59)|1(?:59\.101\.37|63\.149\.29))|6\.(?:255\.241\.111|112\.66\.102)|3\.199\.80\.47|8\.244\.239\.2)|8(?:4\.(?:82\.1(?:7(?:1\.234|9\.117)|23\.85)|22\.(?:53\.(?:190?|201)|197\.216))|5\.(?:24\.232\.(?:193|206)|8\.107\.51)|2\.172\.22\.57)|2(?:1\.(?:1(?:3(?:4\.238\.129|7\.91\.42)|51\.122\.38)|88\.54\.17)|(?:8\.140\.219\.10|5\.93\.77\.12)5|4\.160\.35\.2)|9(?:8\.(?:143\.1(?:50\.2(?:4[0789]|5[012]|39)|28\.1(?:39|44))|246\.46\.27)|0\.107\.140\.76|3\.109\.69\.145)|7(?:3\.2(?:08\.(?:186\.8[3456]|215\.164)|12\.205\.158)|8\.175\.159\.93)|\.209\.242\.218)|2(?:1(?:0\.(?:183\.179\.3[89]|217\.150\.195)|1\.1(?:69\.224\.17|15\.71\.18)|3\.135\.113\.197|9\.238\.181\.120|6\.107\.159\.92|7\.13\.154\.155|8\.38\.29\.68)|2(?:1\.2(?:3(?:2\.247\.27|8\.21\.251)|14\.2(?:08\.226|14\.187))|2\.(?:200\.182\.65|99\.202\.239)|0\.164\.162\.22)|0(?:2\.(?:234\.40\.41|179\.0\.88)|3\.230\.112\.44|5\.164\.26\.36)|3\.238\.
207\.130)|9(?:1\.218\.(?:115\.1(?:6[01246789]|3[3456]|7[05]|88)|245\.(?:[456]|2[01234789]|30?|19))|3\.115\.85\.2(?:3[01345689]|4[012345]|2[789])|4\.(?:232\.184\.67|77\.199\.148))|7(?:9\.124\.58\.1(?:4[013456789]|3[01245689]|5[01234567])|(?:7\.106\.232\.1|8\.29\.4\.)78|4\.91\.31\.2(?:29|30))|6(?:1\.(?:(?:163\.101\.4|43\.97\.13)2|38\.252\.21|98\.77\.169)|0\.(?:190\.92\.234|29\.104\.197))|3(?:1\.1(?:92\.111\.(?:[789]\d|6[89]|100)|86\.87\.231)|7\.48\.66\.(?:2[04]|18?|3))|8(?:(?:4\.203\.244\.5|1\.92\.126\.4)0|7\.204\.110\.176|5\.185\.112\.8)|5(?:0\.193\.157\.62|8\.151\.38\.107)|46\.182\.92\.117)\b)/
describe KHOP_SC_TOP200 Relay listed in SpamCop top 200 spammer IPs
tflags KHOP_SC_TOP200 nopublish
score KHOP_SC_TOP200 4 0 4 0 # unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score KHOP_SPAMHAUS_DROP_LE 2 0 2 0 #
# PSBL-neighbors: any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
# as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:6\.207\.(?:5[01345]|4[89])|1\.176\.8[67])|8(?:1\.66\.15[67]|9\.126\.130)|90\.234\.10[56])|27\.20\.(?:1(?:[28][89]|[39][01]|0[0123]|7[6789])|24[01234567])|58\.50\.1(?:[2345]|1[6789]))\.[012]?\d{1,2}\b)/
+header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:6\.207\.(?:5[0123459]|4[89]|63)|1\.176\.(?:8[4567]|12[56]|48))|8(?:1\.66\.15[67]|9\.126\.130)|90\.234\.10[56])|27\.20\.(?:1(?:0[0123]?|[28][89]|[39][01]|7[6789])|24[01234567]|5[789]|4[23]|8)|58\.50\.1(?:[2345]|1[6789]|06))\.[012]?\d{1,2}\b)/
describe KHOP_PSBL_CIDR24 Relay's IP/24 CIDR contains many PSBL hits
tflags KHOP_PSBL_CIDR24 nopublish
score KHOP_PSBL_CIDR24 2 0.6 2 0.6