You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2020/10/29 16:21:39 UTC
svn commit: r1882969 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Thu Oct 29 16:21:39 2020
New Revision: 1882969
URL: http://svn.apache.org/viewvc?rev=1882969&view=rev
Log:
Add google docs meta for evaluation, tune GOOG_STO rules and expose for scoring
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1882969&r1=1882968&r2=1882969&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Oct 29 16:21:39 2020
@@ -1237,6 +1237,9 @@ uri __URI_YOUSENDIT m,^http
uri __URI_GOOGLE_DOC m,^https?://docs\.google\.com/(?:[^/]+/)*(?:view(?:form)?\?(?:id|formkey)=|document/),i
uri __URI_GOOGLE_DRV m,^https?://(?:drive\.google|googledrive)\.com/,i
+meta __GOOGLE_DOC_SUSP __URI_GOOGLE_DOC && (__HAS_DOMAINKEY_SIG || __RDNS_NONE || __SYSADMIN) && !ALL_TRUSTED
+
+
body __WEBMAIL_ACCT /\byour web ?mail account/i
body __MAILBOX_FULL /\b(?:you(?:r (?:mail\s?box|(?:e-?|web ?)mail))? (?:is (?:almost )?full|(?:quota )?ha(?:s|ve) (?:reached|exceeded|passed) (?:the|your|it'?s?) (?:university )?(?:size|storage|set|(?:e-?|web ?)mail|quota|folder|mail ?box)[\/\s](?:limit |quota |account )+)|over your mail\s?box (?:size )?(?:limit|quota)|maximum mail\s?box (?:size )?(?:limit|quota) exceeded|sua (?:conta|caixa) de (?:(?:e-?|web ?)mail|correio) (?:excedeu (?:sua|o) limite|est(?:=E1|[\xe1]|[\xc3][\xa1]) quase cheio))\b/i
body __CLEAN_MAILBOX /\b(?:(?:e-?mail|mail\s?box|violation:|(?-i:CLICK)) (?:quota size|clean(?:-?up))|clean ?up click ?here)\b/i
@@ -3200,13 +3203,24 @@ tflags URI_DASHGOVEDU p
#meta __NOINR_MONEY __NO_INR_YES_REF && __LOTSA_MONEY_01
#meta __NOINR_FRAUD __NO_INR_YES_REF && (__AFRICAN_STATE || __BENEFICIARY || __COMPENSATION || __FILL_THIS_FORM_PARTIAL || __LOTTO_DEPT || __WIRE_XFR || __TRANSFORM_LIFE )
-
+# Apparent use of content hosted at storage.googleapis.com
+# (mapped images and HTML landing pages for the imagemap URIs)
+# to avoid URIBL hits
uri __URI_GOOG_STO_IMG m,^https?://storage\.googleapis\.com/.*\.(?:png|jpe?g)$,i
tflags __URI_GOOG_STO_IMG multiple maxhits=5
uri __URI_GOOG_STO_HTML m,^https?://storage\.googleapis\.com/.*\.html?$,i
tflags __URI_GOOG_STO_HTML multiple maxhits=5
-meta __GOOG_STO_IMG_HTML __URI_GOOG_STO_IMG && (__URI_GOOG_STO_HTML > 1)
+meta __GOOG_STO_IMG_NOHTML __URI_GOOG_STO_IMG && !__URI_GOOG_STO_HTML
+meta __GOOG_STO_NOIMG_HTML !__URI_GOOG_STO_IMG && __URI_GOOG_STO_HTML
+
+meta __GOOG_STO_IMG_HTML_2 __URI_GOOG_STO_IMG && (__URI_GOOG_STO_HTML > 1)
+meta __GOOG_STO_IMG_HTML_1 __URI_GOOG_STO_IMG && __URI_GOOG_STO_HTML
+
+meta GOOG_STO_IMG_HTML __GOOG_STO_IMG_HTML_2
+describe GOOG_STO_IMG_HTML Apparently using google content hosting to avoid URIBL
+score GOOG_STO_IMG_HTML 3.000 # limit
+tflags GOOG_STO_IMG_HTML publish