You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/09/08 04:47:13 UTC
svn commit: r1623256 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Mon Sep 8 02:47:12 2014
New Revision: 1623256
URL: http://svn.apache.org/r1623256
Log:
more FP avoidance
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1623256&r1=1623255&r2=1623256&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Sep 8 02:47:12 2014
@@ -1215,7 +1215,7 @@ uri __URI_TLD_MC /\.(?!(
uri __URI_GOOG_MC /(?!(?-i:[Gg]oogle))google/i
rawbody __HTML_FONT_TINY_01 /font-size:\s{0,5}[0-4]px;/i
-meta HTML_FONT_TINY __HTML_FONT_TINY_01 && __TAG_EXISTS_BODY && !__DKIM_EXISTS && !__BUGGED_IMG && !__VIA_ML && !__RP_MATCHES_RCVD && !__THREADED && !__LCL__ENV_AND_HDR_FROM_MATCH
+meta HTML_FONT_TINY __HTML_FONT_TINY_01 && __TAG_EXISTS_BODY && !__DKIM_EXISTS && !__BUGGED_IMG && !__VIA_ML && !__RP_MATCHES_RCVD && !__THREADED && !__LCL__ENV_AND_HDR_FROM_MATCH && !__MSGID_JAVAMAIL
describe HTML_FONT_TINY Font too small to read
score HTML_FONT_TINY 1.00 # limit
@@ -1277,7 +1277,7 @@ tflags FORM_LOW_CONTRAST publis
# try to FP-reduce HTML_FONT_LOW_CONTRAST
-meta __HTML_FONT_LOW_CONTRAST_MINFP HTML_FONT_LOW_CONTRAST && !__VIA_ML && !__RP_MATCHES_RCVD && !__RCD_RDNS_MAIL && !__DKIM_EXISTS && !__LCL__ENV_AND_HDR_FROM_MATCH && !__BUGGED_IMG && !__THREADED && !__SENDER_BOT && !__HAS_THREAD_INDEX && !ALL_TRUSTED && !__NOT_SPOOFED
+meta __HTML_FONT_LOW_CONTRAST_MINFP HTML_FONT_LOW_CONTRAST && !__VIA_ML && !__RP_MATCHES_RCVD && !__RCD_RDNS_MAIL && !__DKIM_EXISTS && !__LCL__ENV_AND_HDR_FROM_MATCH && !__BUGGED_IMG && !__THREADED && !__SENDER_BOT && !__HAS_THREAD_INDEX && !ALL_TRUSTED && !__NOT_SPOOFED && !__RCD_RDNS_SMTP_MESSY && !__RCD_RDNS_SMTP
# some no-ham combinations
meta GAPPY_LOW_CONTRAST __HTML_FONT_LOW_CONTRAST_MINFP && __GAPPY_SUBJECT
@@ -1317,7 +1317,7 @@ tflags FOUND_YOU publish
#describe ADMITS_CANSPAM Admits to being spam
body __ADMITS_SPAM /\bth(?:e[- ]+above|is)(?:\?+s|[- ]+is)[- ]+(?:intended[- ]+as[- ]+)?an?[- ]+(?:email[- ]+)?advert[i1l]sement\b/i
-meta ADMITS_SPAM __ADMITS_SPAM && !__TO___LOWER && !__MSOE_MID_WRONG_CASE
+meta ADMITS_SPAM __ADMITS_SPAM && !__TO___LOWER && !__MSOE_MID_WRONG_CASE && !__RP_MATCHES_RCVD
describe ADMITS_SPAM Admits this is an ad
#body __OBFU_ADVERT /\badvert[1l]sement\b/i
@@ -1365,7 +1365,8 @@ tflags URI_WPADMIN publish
uri __URI_WPCONTENT m,/wp-content/.*\.php\b,i
uri __URI_WPINCLUDES m,/wp-includes/.*\.php\b,i
-meta URI_WP_HACKED (__URI_WPCONTENT || __URI_WPINCLUDES)
+uri __URI_WPDIRINDEX m,/wp-(?:content|includes)/.*/$,i
+meta URI_WP_HACKED (__URI_WPCONTENT || __URI_WPINCLUDES) && !__VIA_ML && !__HAS_ERRORS_TO && !__RCD_RDNS_SMTP && !__THREADED && !ALL_TRUSTED && !__NOT_SPOOFED
describe URI_WP_HACKED URI for compromised WordPress site, possible malware
score URI_WP_HACKED 3.000 # limit
tflags URI_WP_HACKED publish
@@ -1398,6 +1399,8 @@ score FROM_MISSP_XPRIO 2.500 #
meta XPRIO_RPATH_NULL __XPRIO && __BOUNCE_RPATH_NULL && !__HAS_ERRORS_TO && !__VIA_ML && !ANY_BOUNCE_MESSAGE && !__HAS_ORGANIZATION && !__RCD_RDNS_SMTP_MESSY && !__NOT_SPOOFED
score XPRIO_RPATH_NULL 2.500 # limit
+meta TO_EQ_FM_RPATH_NULL (__TO_EQ_FROM_USR_NN && __BOUNCE_RPATH_NULL)
+score TO_EQ_FM_RPATH_NULL 2.000 # limit
header __FS_SUBJ_RE Subject =~ /^Re: /