You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2006/11/14 13:57:23 UTC
svn commit: r474774 - /spamassassin/rules/trunk/sandbox/jm/20_basic.cf
Author: jm
Date: Tue Nov 14 04:57:22 2006
New Revision: 474774
URL: http://svn.apache.org/viewvc?view=rev&rev=474774
Log:
some rule updating
Modified:
spamassassin/rules/trunk/sandbox/jm/20_basic.cf
Modified: spamassassin/rules/trunk/sandbox/jm/20_basic.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_basic.cf?view=diff&rev=474774&r1=474773&r2=474774
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_basic.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_basic.cf Tue Nov 14 04:57:22 2006
@@ -114,14 +114,17 @@
header __HELO_NO_DOMAIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^\.]+ /
-meta DYN_RDNS_SHORT_HELO_FROM (__HELO_NO_DOMAIN && RDNS_DYNAMIC && __ENV_AND_HDR_FROM_MATCH)
-describe DYN_RDNS_SHORT_HELO_FROM Sent by dynamic rDNS, short HELO, matching From
-
meta DYN_RDNS_SHORT_HELO_HTML (__HELO_NO_DOMAIN && RDNS_DYNAMIC && HTML_MESSAGE)
describe DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
-meta DYN_RDNS_SHORT_HELO_MIMEOLE (__HELO_NO_DOMAIN && RDNS_DYNAMIC && __MIMEOLE_MS)
-describe DYN_RDNS_SHORT_HELO_MIMEOLE Sent by dynamic rDNS, short HELO, and X-MIMEOLE
+meta STOCK_IMG_HDR_FROM (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&T_TVD_FW_GRAPHIC_ID1&&__HTML_IMG_ONLY)
+describe STOCK_IMG_HDR_FROM Stock spam image part, with distinctive From line
+
+meta STOCK_IMG_HTML (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&__PART_STOCK_CID&&__HTML_IMG_ONLY)
+describe STOCK_IMG_HTML Stock spam image part, with distinctive HTML
+
+meta STOCK_IMG_OUTLOOK (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&__HAS_OUTLOOK_IN_MAILER_NEW&&__HTML_LENGTH_1536_2048)
+describe STOCK_IMG_OUTLOOK Stock spam image part, with Outlook-like features
# ---------------------------------------------------------------------------
# Testing bit
@@ -130,11 +133,13 @@
# 9.1138 39580 of 434286 messages 0.0842 84 of 99747 messages
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader __CTYPE_ONETAB_GIF Content-Type:raw =~ /^image\/gif;\n\tname=\".+?\"$/s
-mimeheader __CONT_LOC_GIF Content-Location =~ /\.gif$/
-meta CTYPE_ONETAB_GIF (__CTYPE_ONETAB_GIF && !__CONT_LOC_GIF)
-describe CTYPE_ONETAB_GIF Stock spam image part 'Content-Type' found (1 tab)
+# mimeheader __CONT_LOC_GIF Content-Location =~ /\.gif$/
+# meta __CTYPE_ONETAB_GIF2 (__CTYPE_ONETAB_GIF && !__CONT_LOC_GIF)
endif
+meta STOCK_IMG_CTYPE (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&__CTYPE_ONETAB_GIF&&__HTML_IMG_ONLY)
+describe STOCK_IMG_CTYPE Stock spam image part, with distinctive Content-Type header
+
header __HDR_ORDER_FTSDMCXXXX ALL =~ /\nFrom: .{1,80}?\nTo: .{1,80}?\nSubject: .{1,200}?\nDate: .{1,40}?\nMIME-Version: .{1,40}?\nContent-Type: .{1,80}?\nX-Priority: .{1,40}?\nX-MSMail-Priority: .{1,40}?\nX-Mailer: .{1,40}?\nX-MimeOLE:/s
header __MID_START_001C Message-ID =~ /^<000001c/
meta HDR_ORDER_FTSDMCXX (__HDR_ORDER_FTSDMCXXXX && !__MIME_ATTACHMENT)
@@ -142,17 +147,7 @@
meta HDR_ORDER_FTSDMCXX3 (__HDR_ORDER_FTSDMCXXXX && __MID_START_001C)
# describe HDR_ORDER_FTSDMCXX Header order is similar to spam (FTSDMCXX variant)
-meta SHORT_HELO_AND_INLINE_IMAGE (__HELO_NO_DOMAIN && __PART_STOCK_IMG)
-
-# some meta combos that look promising
-meta PART_STOCK_IMG2 (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&T_TVD_FW_GRAPHIC_ID1&&__HTML_IMG_ONLY)
-meta PART_STOCK_IMG3 (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&__PART_STOCK_CID&&__HTML_IMG_ONLY)
-meta PART_STOCK_IMG4 (__PART_STOCK_IMG&&__HAS_X_MAILER&&__ENV_AND_HDR_FROM_MATCH&&__HTML_LENGTH_1536_2048)
-meta PART_STOCK_IMG5 (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&__HAS_OUTLOOK_IN_MAILER_NEW&&__HTML_LENGTH_1536_2048)
-meta PART_STOCK_IMG6 (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&CTYPE_ONETAB_GIF&&__HTML_LENGTH_1536_2048)
-meta PART_STOCK_IMG7 (__PART_STOCK_IMG&&__ENV_AND_HDR_FROM_MATCH&&CTYPE_ONETAB_GIF&&__HTML_IMG_ONLY)
-meta IMG_AND_HEAD (__PART_STOCK_IMG&&__TAG_EXISTS_HEAD&&__HAS_X_MAILER&&__GIF_ATTACH_1)
-
+# meta SHORT_HELO_AND_INLINE_IMAGE (__HELO_NO_DOMAIN && __PART_STOCK_IMG)
# Spammy X-Mailer version strings; no longer seen in ham, due to MS' auto-updates
# but still appearing in plenty of spam templates
@@ -177,7 +172,7 @@
meta SB_GIF_AND_NO_URIS (__GIF_ATTACH&&!__HAS_ANY_URI&&!__HAS_ANY_EMAIL)
-header RATWARE_RCVD_LC_ESMTP2 Received =~ /^from (?:unknown|\d+\.\d+\.\d+\.\d+) \(HELO \S+\) by \S+ with (?:esmtp|local|smtp); /m
+header RATWARE_RCVD_LC_ESMTP2 Received =~ /from (?:unknown|\d+\.\d+\.\d+\.\d+)\s+\(HELO\s+\S+\)\s+by\s+\S+\s+with\s+(?:esmtp|local|smtp);\s/
meta JM_RCVD_FROM_2 (JM_RCVD_FROM && __ENV_AND_HDR_FROM_MATCH)