You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2013/10/13 08:59:41 UTC
svn commit: r1531621 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Author: khopesh
Date: Sun Oct 13 06:59:41 2013
New Revision: 1531621

URL: http://svn.apache.org/r1531621
Log:
auto-generated rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1531621&r1=1531620&r2=1531621&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Sun Oct 13 06:59:41 2013
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf	v 201310102
+## khop-sc-neighbors.cf	v 201310132
 ## Khopesh's syndication of SpamCop's top offenders and top offending networks.
 ## 
 ## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@ meta	__KHOP_SC_EXCLUSIONS	__VIA_ML || __
 
 # http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
 # Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|88)|9?5)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|88)|46|95)(?:\.[012]?\d{1,2}){3}\b) /
 # and gets cleaned up a bit
 meta	 KHOP_SC_CIDR8	__KHOP_SC_CIDR8 && !__KHOP_SC_EXCLUSIONS
 describe KHOP_SC_CIDR8  Relay CIDR /8 is among worst in SpamCop
@@ -81,7 +81,7 @@ score	 KHOP_SC_CIDR16  0.4 0.1 0.4 0.1
 # crap, still empty   20130629@465k net
 # crap, still empty   20130705@376k net. lowering for low vol -> .4 .1 .4 .1
 
-header	 KHOP_SC_TOP_CIDR16  Received =~ /(?-xism:\b89\.121(?:\.[012]?\d{1,2}){2}\b)/
+header	 KHOP_SC_TOP_CIDR16  Received =~ /___ FAILED TO POPULATE ___/
 describe KHOP_SC_TOP_CIDR16  Relay CIDR /16 leads SpamCop in worst /16s
 tflags	 KHOP_SC_TOP_CIDR16  nopublish
 score	 KHOP_SC_TOP_CIDR16  0.6 0.2 0.7 0.3
@@ -101,7 +101,7 @@ score	 KHOP_SC_TOP_CIDR16  0.6 0.2 0.7 0
 
 
 # http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:9(?:8\.24\.173|9\.30\.137)|(?:72\.245\.4|21\.54\.5)4|0(?:3\.246\.245|1\.9\.49)|84\.22\.172)|2(?:13\.139\.7|\.183\.155)|91\.235\.142|69\.64\.59)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:84\.22\.17[27]|98\.24\.178|21\.54\.54)|2(?:1(?:1\.119\.86|7\.118\.81)|21\.4\.142)|9(?:1\.214\.131|3\.119\.105|8\.143\.158)|(?:58\.254\.17|49\.218\.3)2|65\.60\.15)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_CIDR24  Relay CIDR /24 is among worst in SpamCop
 tflags	 KHOP_SC_CIDR24  nopublish
 score	 KHOP_SC_CIDR24  0.6 0 0.6 0
@@ -122,7 +122,7 @@ score	 KHOP_SC_CIDR24  0.6 0 0.6 0
 # 0.4428/0      1.000 20130705@376k  resume scores -> .6 0 .6 0
 
 
-header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:98\.(?:24\.17[45]|50\.163)|25\.60\.156|78\.20\.148|41\.0\.61)|21(?:3\.132\.241|1\.119\.86|6\.155\.17)|91\.218\.245|69\.64\.54)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:215\.4|97\.2)4|1\.68\.32)|78\.124\.1(?:0[4568]|2[1237]|1[17])|98\.(?:24\.17[45]|50\.163)|2(?:5\.60\.156|0\.84\.13)|(?:57\.250\.8|41\.0\.6)1)|21(?:3\.13(?:2\.241|9\.7)|6\.155\.17)|91\.2(?:18\.245|35\.142)|86\.57\.18[6789]|41\.254\.5|69\.64\.54)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_TOP_CIDR24  Relay CIDR /24 leads SpamCop in worst /24s
 tflags	 KHOP_SC_TOP_CIDR24  nopublish
 score	 KHOP_SC_TOP_CIDR24  1.7 0.5 1.7 0.5
@@ -142,7 +142,7 @@ score	 KHOP_SC_TOP_CIDR24  1.7 0.5 1.7 0
 
 
 # http://www.spamcop.net/w3m?action=hoshame
-header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:1(?:9\.(?:1(?:84\.214\.18|93\.93\.25)|3(?:7\.195\.59|0\.39\.1))|2\.(?:1(?:84\.172\.244|24\.15\.141|64\.62\.8)|216\.46\.75)|8\.(?:97\.(?:196\.163|63\.227)|244\.239\.2|175\.28\.3)|4\.1(?:13\.229\.146|41\.253\.14)|6\.1(?:12\.66\.102|93\.90\.26)|5\.82\.2(?:42\.158|54\.254)|3\.21\.228\.230)|9(?:8\.(?:5(?:0\.163\.(?:20[0234]|19[57])|2\.247\.103)|24\.17(?:(?:8\.13|3\.8)0|4\.16[67]|5\.[34]))|3\.(?:251\.155\.67|95\.90\.194)|5\.2(?:52\.108\.6|9\.81\.30)|9\.30\.137\.10[67]|2\.163\.193\.199|0\.107\.140\.77|4\.106\.16\.6)|7(?:7\.(?:1(?:84\.140\.222|\.223\.73)|222\.66\.165|43\.210\.162|69\.8\.50)|3\.2(?:12\.205\.158|00\.90\.196)|8\.(?:168\.43\.130|20\.148\.11)|4\.36\.1(?:37\.170|87\.172)|2\.245\.44\.191)|8(?:4\.22\.(?:1(?:7(?:2\.14[46]|7\.51)|97\.216|52\.8)|230\.213)|7\.(?:111\.255\.130|51\.175\.122)|8\.2(?:40\.221\.11|52\.0\.237)|9\.78\.155\.168|3\.234\.60\.43)|2(?:2\.1(?:5(?:5\.167\.115|4\.57\.19)|82\.28\.245)|1\.(?:12\.167\.95|22\.127\.17)|
 3\.(?:142\.218\.89|63\.31\.13)|5\.46\.24\.62)|0(?:3\.(?:24(?:6\.245\.40|4\.13\.37)|9\.157\.12[69])|1\.(?:129\.2\.47|44\.3\.50|9\.49\.53))|6(?:2\.216\.3\.1[45]|8\.63\.174\.108)|4(?:1\.0\.61\.166|\.63\.74\.204)|\.215\.206\.242)|2(?:0(?:2\.(?:1(?:(?:29\.216\.6|37\.22\.20|58\.39\.25)0|1(?:8\.236\.178|7\.120\.24)|42\.203\.19)|29\.2(?:39\.210|14\.61|41\.58)|7(?:1\.136\.200|7\.180\.72))|0\.(?:7(?:2\.11\.132|9\.27\.60)|148\.94\.78|51\.45\.180)|1\.(?:2(?:45\.175\.217|21\.132\.83)|195\.239\.27)|3\.1(?:56\.207\.249|71\.233\.243)|8\.84\.135\.14[78]|7\.194\.87\.105)|1(?:3\.1(?:(?:71\.39\.15|95\.77\.11)4|3(?:2\.241\.13|9\.7\.95)|64\.18\.147)|8\.(?:15(?:1\.141\.75|8\.3\.1)|56\.37\.250)|1\.1(?:19\.86\.14[4579]|47\.211\.16)|0\.(?:14\.133\.202|245\.89\.69)|6\.155\.17\.(?:1[0123]|6)|2\.144\.254\.122|7\.218\.43\.130)|2(?:1\.2(?:14\.2(?:08\.226|14\.187)|34\.24\.46)|0\.227\.90\.238|2\.174\.155\.19)|\.18(?:6\.230\.30|3\.155\.2)|3\.91\.25\.82)|6(?:1\.(?:1(?:3(?:2\.229\.115|3\.125\.162)|05\.174\.6|41\.21\.3
 4)|55\.156\.210)|9\.(?:64\.5(?:4\.115|9\.111)|198\.197\.156)|2\.(?:141\.37\.85|212\.89\.74)|(?:0\.21\.209|7\.90\.21)\.150|5\.60\.15\.173)|8(?:0\.(?:73\.71\.248|86\.88\.113|240\.35\.5)|4\.(?:241\.37\.199|95\.244\.11)|2\.117\.194\.229|6\.111\.144\.194|3\.3\.103\.227)|9(?:1\.218\.245\.(?:7[12356789]|6[79]|9[01]|8\d)|(?:3\.159\.160\.16|4\.24\.245\.10)4|5\.159\.105\.2)|4(?:9\.2(?:18\.32\.130|48\.113\.53)|1\.22(?:0\.28\.138|3\.26\.11)|2\.121\.117\.153|6\.22\.173\.86)|7(?:2\.(?:166\.187\.139|35\.20\.131)|4\.(?:216\.223\.82|9\.203\.186)|8\.31\.74\.211|7\.245\.4\.58)|37\.(?:206\.210\.130|123\.98\.115)|58\.246\.43\.122)\b)/
+header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:2(?:20\.(?:224\.59|67\.130)|16\.(?:46\.75|92\.12))|1(?:84\.172\.244|70\.181\.99|64\.62\.8))|8\.(?:1(?:30\.107\.235|63\.29\.53)|97\.196\.163)|5\.82\.2(?:42\.158|54\.254)|9\.201\.16\.211|6\.193\.90\.26|0\.10\.12\.98)|8(?:4\.(?:22\.(?:1(?:7(?:2\.14[1456]|7\.5[12])|97\.216|1\.23|52\.8)|2(?:30\.213|28\.62)|53\.190)|82\.1(?:79\.117|23\.85))|8\.2(?:40\.221\.1[12]|52\.0\.237)|3\.10(?:6\.150\.7|0\.193\.)8|9\.75\.63\.114)|7(?:7\.(?:1(?:84\.140\.222|\.223\.73)|80\.107\.115|69\.8\.50)|3\.2(?:12\.205\.158|00\.90\.196)|4\.(?:142\.53\.251|36\.187\.172)|8\.20(?:8\.75\.173|\.148\.11)|2\.245\.44\.122|5\.96\.180\.100)|9(?:8\.(?:24\.1(?:7(?:(?:8\.13|3\.8)0|4\.16[67]|5\.[234])|80\.91)|50\.163\.(?:20[023]|197))|5\.(?:2(?:52\.108\.6|9\.81\.30)|138\.195\.125)|9\.30\.137\.10[67]|0\.107\.140\.77|4\.106\.16\.6)|2(?:1\.(?:1(?:81\.252\.228|25\.71\.25)|22\.127\.17)|(?:4\.160\.35\.|5\.46\.24\.6)2|2\.182\.28\.245|3\.142\.218\.89)|4(?:\.(?:35\.201\.15|
 63\.74\.204)|8\.223\.59\.187|1\.0\.61\.166)|0(?:1\.(?:129\.2\.(?:175|47)|44\.3\.50)|3\.9\.157\.12[679])|6(?:2\.216\.3\.1[45]|8\.63\.174\.108)|\.224\.163\.99)|2(?:1(?:1\.(?:1(?:1(?:9\.86\.14[45789]|8\.37\.56)|74\.120\.123|47\.211\.16)|234\.122\.10)|3\.1(?:(?:71\.39\.15|95\.77\.11)4|3(?:2\.241\.13|9\.7\.95))|0\.(?:1(?:83\.179\.3[89]|7\.248\.78)|245\.89\.69)|6\.1(?:55\.17\.(?:1[123]|6)|89\.101\.110)|8\.15(?:1\.141\.75|8\.3\.1))|0(?:2\.(?:1(?:(?:29\.216\.6|37\.22\.20|58\.39\.25)0|17\.120\.24|42\.203\.19)|71\.136\.200)|3\.(?:1(?:56\.207\.249|71\.233\.243)|238\.64\.250)|1\.(?:1(?:16\.199\.34|95\.239\.27)|221\.132\.83)|0\.(?:7(?:2\.11\.132|9\.27\.60)|51\.45\.180)|8\.84\.135\.14[78])|2(?:1\.(?:2(?:14\.2(?:08\.226|14\.187)|34\.24\.46)|4\.142\.(?:5[678]|41))|0\.130\.142\.42))|9(?:1\.(?:2(?:18\.245\.(?:7[123456789]|8[1235789]|6[6789]|9[1234])|35\.142\.2(?:2[35]|4[34]))|194\.99\.242)|3\.1(?:19\.105\.[34]|59\.160\.164|88\.8\.67)|8\.143\.158\.[45]3)|6(?:9\.(?:64\.5(?:4\.115|9\.111)|198\.197\.156)
 |(?:6\.96\.205\.13|5\.60\.15\.17)3|(?:0\.21\.209|7\.90\.21)\.150|1\.105\.174\.6)|7(?:2\.(?:166\.187\.139|35\.20\.131)|4\.(?:216\.223\.82|9\.203\.186)|7\.106\.232\.178|6\.74\.186\.237|8\.31\.74\.211)|8(?:2\.(?:1(?:17\.194\.22|89\.158\.6)9|99\.246\.10)|(?:7\.106\.173\.11|1\.23\.106\.7)5|0\.73\.71\.248|3\.3\.103\.227)|3(?:7\.(?:206\.210\.130|123\.98\.115)|1\.220\.42\.77)|4(?:9\.218\.3(?:2\.130|3\.159)|1\.137\.24\.4)|59\.124\.115\.88)\b)/
 describe KHOP_SC_TOP200  Relay listed in SpamCop top 200 spammer IPs
 tflags	 KHOP_SC_TOP200  nopublish
 score	 KHOP_SC_TOP200  4 0 4 0	# unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score	 KHOP_SPAMHAUS_DROP_LE	2 0 2 0 	# 
 
 # PSBL-neighbors:  any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
 # as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.(?:176\.(?:(?:12|8)[4567]|7[235789]?|4[89]?|5[01]?|69?)|68\.32)|6\.207\.(?:6[0123]|1[23]|4[89]|5\d)|5\.63\.(?:[89]|1[012345])|3\.56\.2(?:4[89]|5[01])|2\.(?:215\.44|72\.13)|0\.52\.[0123]|9\.36\.21[23])|8(?:3\.9(?:3\.11[45]|5\.6[67])|1\.66\.15[67]|2\.18\.222|6\.37\.203)|0(?:3\.(?:240\.(?:117|252)|7\.243|5\.27)|9\.127\.8[016])|9(?:0\.234\.10[56]|8\.50\.174|7\.252\.0)|7(?:7\.(?:47\.10|86\.4)6|3\.44\.232)|2(?:3\.136\.10|5\.60\.15)6|30\.193\.1(?:46|65))|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|0(?:2\.29\.17[89]|3\.194\.115|7\.199\.166)|1(?:6\.155\.(?:20|54|63)|2\.34\.12))|58\.(?:50\.(?:1(?:[2345]|0[456789]|1[016789])|70)|19\.19[01])|4(?:1\.2(?:54\.[1258]|23\.161)|9\.0\.11[89])|79\.106\.109)\.[012]?\d{1,2}\b)/
+header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.(?:176\.(?:(?:12|8)[4567]|7[26789]?|4[89]?|5[01]?|6)|68\.32)|6\.207\.(?:6[0123]|1[23]|4[89]|5\d)|5\.63\.(?:[89]|1[012345])|3\.56\.2(?:4[89]|5[01])|2\.(?:215\.44|72\.13)|0\.52\.[0123]|9\.36\.21[23])|0(?:3\.(?:2(?:40\.(?:117|252)|6\.29)|7\.243|5\.27)|9\.127\.8[016])|8(?:3\.9(?:3\.11[45]|5\.6[67])|1\.66\.15[67]|6\.37\.203)|2(?:(?:3\.136\.10|5\.60\.15)6|2\.155\.44)|9(?:0\.234\.10[56]|8\.50\.174|7\.252\.0)|7(?:3\.44\.232|7\.47\.106)|30\.193\.1(?:46|65))|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|0(?:3\.194\.115|7\.199\.166|2\.29\.179)|1(?:6\.155\.(?:20|54|63)|2\.34\.12))|58\.(?:50\.(?:1(?:[2345]|0[456789]|1[016789])|70)|19\.19[01])|4(?:1\.254\.[1258]|9\.0\.11[89])|79\.106\.109)\.[012]?\d{1,2}\b)/
 describe KHOP_PSBL_CIDR24	Relay's IP/24 CIDR contains many PSBL hits
 tflags	 KHOP_PSBL_CIDR24	nopublish
 score	 KHOP_PSBL_CIDR24	2 0.6 2 0.6