You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by ma...@apache.org on 2010/10/20 23:41:09 UTC
svn commit: r1025769 -
/spamassassin/trunk/rulesrc/sandbox/maddoc/99_fsl_testing.cf
Author: maddoc
Date: Wed Oct 20 21:41:09 2010
New Revision: 1025769
URL: http://svn.apache.org/viewvc?rev=1025769&view=rev
Log:
Docs new test rules
Added:
spamassassin/trunk/rulesrc/sandbox/maddoc/99_fsl_testing.cf
Added: spamassassin/trunk/rulesrc/sandbox/maddoc/99_fsl_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/maddoc/99_fsl_testing.cf?rev=1025769&view=auto
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/maddoc/99_fsl_testing.cf (added)
+++ spamassassin/trunk/rulesrc/sandbox/maddoc/99_fsl_testing.cf Wed Oct 20 21:41:09 2010
@@ -0,0 +1,100 @@
+# 419 Spam
+header __FSL_HELO_USER_1 X-Spam-Relays-External =~ / helo=user /i
+header __FSL_HELO_USER_2 Received =~ /from User(?:\s+by|\s*\(|$)/i
+header __FSL_HELO_USER_3 Received =~ /helo(?:=|\s)User/i
+meta FSL_NEW_HELO_USER (__FSL_HELO_USER_1 || __FSL_HELO_USER_2 || __FSL_HELO_USER_3)
+score FSL_NEW_HELO_USER 2.0
+
+# 419 Spam
+header FSL_XM_419 X-Mailer =~ /\s+6\.00\.2600\.0000$/
+describe FSL_XM_419 Old OE version in X-Mailer only seen in 419 spam
+score FSL_XM_419 2.0
+
+# 419 Spam
+header FSL_CTYPE_WIN1251 Content-Type =~ /charset="Windows-1251"/
+describe FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
+score FSL_CTYPE_WIN1251 2.0
+
+# 419 Spam
+header FSL_MID_419 MESSAGE-ID =~ /\@User>$/
+describe FSL_MID_419 Spam signature in Message-ID
+score FSL_MID_419 2.0
+
+meta FSL_MISSP_REPLYTO (__FROM_MISSPACED && __HAS_REPLY_TO)
+describe FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
+score FSL_MISSP_REPLYTO 2.0
+
+# http://groups.yahoo.com/group/oftajscns/message
+uri FSL_YHG_ABUSE /groups\.yahoo\.com\/group\/\S+\/message/
+describe FSL_YHG_ABUSE URI pointing to a message in an abused Yahoo Group
+score FSL_YHG_ABUSE 2.0
+
+# Bot spew
+rawbody FSL_BOTSPAM_1 /^[^\n]+\nhttp:\/\/[^\n]+\.ru\/\n$/s
+describe FSL_BOTSPAM_1 Two-line spam with URI pointing to .ru domain
+score FSL_BOTSPAM_1 2.0
+
+# Mainsleaze
+body FSL_THIS_IS_ADV /This is an advertisement\./
+describe FSL_THIS_IS_ADV This is an advertisement
+score FSL_THIS_IS_ADV 3.0
+
+# Bot spew
+rawbody FSL_BOTSPAM_2 /alt="Click here to show image"/
+score FSL_BOTSPAM_2 0.01
+
+rawbody FSL_BOTSPAM_3 /<img alt="\*\*\* Click here \*\*\*"/
+score FSL_BOTSPAM_3 0.01
+
+# Fake Amazon order e-mails
+rawbody FSL_BOTSPAM_4 /Sorry for taking your time\.\./
+score FSL_BOTSPAM_4 0.01
+
+uri FSL_RU_URL /[^\/]+\.ru(?:$|\/|\?)/i
+score FSL_RU_URL 0.01
+
+# SpamEatingMonkey lists
+# SEM-BACKSCATTER
+#header RCVD_IN_SEMBACKSCATTER eval:check_rbl('sembackscatter-lastexternal', 'backscatter.spameatingmonkey.net')
+#tflags RCVD_IN_SEMBACKSCATTER net
+#describe RCVD_IN_SEMBACKSCATTER Received from an IP listed by SEM-BACKSCATTER
+#score RCVD_IN_SEMBACKSCATTER 0.5
+
+# SEM-BLACK
+#header RCVD_IN_SEMBLACK eval:check_rbl('semblack-lastexternal', 'bl.spameatingmonkey.net')
+#tflags RCVD_IN_SEMBLACK net
+#describe RCVD_IN_SEMBLACK Received from an IP listed by SEM-BLACK
+#score RCVD_IN_SEMBLACK 0.5
+
+# SEM-URI
+#urirhssub SEM_URI uribl.spameatingmonkey.net. A 2
+#body SEM_URI eval:check_uridnsbl('SEM_URI')
+#describe SEM_URI Contains a URI listed by SEM-URI
+#tflags SEM_URI net
+#score SEM_URI 0.5
+
+# SEM-URIRED
+#urirhssub SEM_URIRED urired.spameatingmonkey.net. A 2
+#body SEM_URIRED eval:check_uridnsbl('SEM_URIRED')
+#describe SEM_URIRED Contains a URI listed by SEM-URIRED
+#tflags SEM_URIRED net
+#score SEM_URIRED 0.5
+
+# SEM-FRESH
+#urirhssub SEM_FRESH fresh.spameatingmonkey.net. A 2
+#body SEM_FRESH eval:check_uridnsbl('SEM_FRESH')
+#describe SEM_FRESH Contains a domain registered less than 5 days ago
+#tflags SEM_FRESH net
+#score SEM_FRESH 0.5
+
+#urirhssub SEM_FRESH_10 fresh10.spameatingmonkey.net. A 2
+#body SEM_FRESH_10 eval:check_uridnsbl('SEM_FRESH_10')
+#describe SEM_FRESH_10 Contains a domain registered less than 10 days ago
+#tflags SEM_FRESH_10 net
+#score SEM_FRESH_10 0.5
+
+#urirhssub SEM_FRESH_15 fresh15.spameatingmonkey.net. A 2
+#body SEM_FRESH_15 eval:check_uridnsbl('SEM_FRESH_15')
+#describe SEM_FRESH_15 Contains a domain registered less than 15 days ago
+#tflags SEM_FRESH_15 net
+#score SEM_FRESH_15 0.5