You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2006/07/24 00:51:21 UTC
svn commit: r424847 - in /spamassassin/rules/trunk: core/ sandbox/dos/
sandbox/jgmyers/ sandbox/jm/
Author: felicity
Date: Sun Jul 23 15:51:20 2006
New Revision: 424847
URL: http://svn.apache.org/viewvc?rev=424847&view=rev
Log:
get rid of EvalTests and move the code into plugins.
Modified:
spamassassin/rules/trunk/core/20_body_tests.cf
spamassassin/rules/trunk/core/20_compensate.cf
spamassassin/rules/trunk/core/20_fake_helo_tests.cf
spamassassin/rules/trunk/core/20_head_tests.cf
spamassassin/rules/trunk/core/20_meta_tests.cf
spamassassin/rules/trunk/core/20_ratware.cf
spamassassin/rules/trunk/core/20_uri_tests.cf
spamassassin/rules/trunk/core/50_scores.cf
spamassassin/rules/trunk/sandbox/dos/70_bugs.cf
spamassassin/rules/trunk/sandbox/jgmyers/70_lint.cf
spamassassin/rules/trunk/sandbox/jm/20_dob.cf
Modified: spamassassin/rules/trunk/core/20_body_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/20_body_tests.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/20_body_tests.cf (original)
+++ spamassassin/rules/trunk/core/20_body_tests.cf Sun Jul 23 15:51:20 2006
@@ -48,6 +48,76 @@
describe WEIRD_QUOTING Weird repeated double-quotation marks
###########################################################################
+# multipart/alternative has very good accuracy, other multipart types are
+# similar to MIME_HTML_ONLY so they don't need a separate rule
+header __CTYPE_MULTIPART_ALT Content-Type =~ /multipart\/alternative/i
+meta MIME_HTML_ONLY_MULTI (__CTYPE_MULTIPART_ALT && MIME_HTML_ONLY)
+describe MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
+
+# note: __HIGHBITS is used in rules/20_html_tests.cf, HTML_CHARSET_FARAWAY
+meta MIME_CHARSET_FARAWAY (__MIME_CHARSET_FARAWAY && __HIGHBITS)
+describe MIME_CHARSET_FARAWAY MIME character set indicates foreign language
+tflags MIME_CHARSET_FARAWAY userconf
+
+###########################################################################
+
+# duncf
+body EMAIL_ROT13 /\b[a-z(\]-]+\^[a-z-]+\([a-z]{2,3}\b/
+describe EMAIL_ROT13 Body contains a ROT13-encoded email address
+test EMAIL_ROT13 ok qhabs^ebtref(pbz
+test EMAIL_ROT13 ok zxrggyre^riv-vap(pbz
+test EMAIL_ROT13 fail duncf-nospam@rogers.com
+
+# this could use more work
+body __LONGWORDS_A /\b(?:[a-z]{8,}[\s\.]+){6}/
+body __LONGWORDS_B /\b(?:[a-z]{6,}[\s\.]+){9}/
+body __LONGWORDS_C /\b(?:[a-z]{5,}[\s\.]+){10}/
+meta LONGWORDS (__LONGWORDS_A + __LONGWORDS_B + __LONGWORDS_C > 1)
+describe LONGWORDS Long string of long words
+
+rawbody INTERRUPTUS /(?:[a-zA-Z0-9]<[\/ ]{0,2}?(?!br)(?!p)(?!sup)(?!li)(?!b)(?!i)(?!option)(?!a (?:href|name))(?:\b|!--)[^>]{0,64}?>[a-zA-Z0-9].{0,64}){3}/i
+describe INTERRUPTUS Message looks to contain HTML-interrupted text
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::BodyEval
+
+body UNIQUE_WORDS eval:check_unique_words('0.946', '3.1')
+describe UNIQUE_WORDS Message body has many words used only once
+
+# This rule uses a simple algorithm to determine if the text and html
+# parts of an multipart/alternative message are different.
+body MPART_ALT_DIFF eval:multipart_alternative_difference('99', '100')
+describe MPART_ALT_DIFF HTML and text parts are different
+
+body MPART_ALT_DIFF_COUNT eval:multipart_alternative_difference_count('3', '1')
+describe MPART_ALT_DIFF_COUNT HTML and text parts are different
+
+body BLANK_LINES_70_80 eval:check_blank_line_ratio('70','80','4')
+body BLANK_LINES_80_90 eval:check_blank_line_ratio('80','90','4')
+body BLANK_LINES_90_100 eval:check_blank_line_ratio('90','100','4')
+describe BLANK_LINES_70_80 Message body has 70-80% blank lines
+describe BLANK_LINES_80_90 Message body has 80-90% blank lines
+describe BLANK_LINES_90_100 Message body has 90-100% blank lines
+
+# it's the ratio of spaces to non-spaces in each paragraph. apparently
+# messages where generally there are lots of spaces mean the message is spam.
+# 8.532 10.6051 0.1897 0.982 0.75 0.01 T_VERTICAL_WORDS_TVD_1
+body TVD_SPACE_RATIO eval:tvd_vertical_words('0','10')
+
+endif
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEEval
+
+# 0.767 0.9097 0.0000 1.000 0.84 1.00 MULTIPART_ALT_NON_TEXT
+body MULTIPART_ALT_NON_TEXT eval:check_ma_non_text()
+
+body CHARSET_FARAWAY eval:check_for_faraway_charset()
+describe CHARSET_FARAWAY Character set indicates a foreign language
+tflags CHARSET_FARAWAY userconf
+
# these tests doesn't actually use rawbody since rawbody isn't raw enough;
# they must be written very carefully to avoid modifying the original content
@@ -80,67 +150,24 @@
body MIME_HTML_ONLY eval:check_for_mime_html_only()
describe MIME_HTML_ONLY Message only has text/html MIME parts
-# multipart/alternative has very good accuracy, other multipart types are
-# similar to MIME_HTML_ONLY so they don't need a separate rule
-header __CTYPE_MULTIPART_ALT Content-Type =~ /multipart\/alternative/i
-meta MIME_HTML_ONLY_MULTI (__CTYPE_MULTIPART_ALT && MIME_HTML_ONLY)
-describe MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
-
rawbody MIME_QP_LONG_LINE eval:check_for_mime('mime_qp_long_line')
describe MIME_QP_LONG_LINE Quoted-printable line longer than 76 chars
-# note: __HIGHBITS is used in rules/20_html_tests.cf, HTML_CHARSET_FARAWAY
rawbody __MIME_CHARSET_FARAWAY eval:check_for_mime('mime_faraway_charset')
-meta MIME_CHARSET_FARAWAY (__MIME_CHARSET_FARAWAY && __HIGHBITS)
-describe MIME_CHARSET_FARAWAY MIME character set indicates foreign language
-tflags MIME_CHARSET_FARAWAY userconf
-
-# This rule uses a simple algorithm to determine if the text and html
-# parts of an multipart/alternative message are different.
-body MPART_ALT_DIFF eval:multipart_alternative_difference('99', '100')
-describe MPART_ALT_DIFF HTML and text parts are different
-
-body MPART_ALT_DIFF_COUNT eval:multipart_alternative_difference_count('3', '1')
-describe MPART_ALT_DIFF_COUNT HTML and text parts are different
body MIME_BAD_ISO_CHARSET eval:check_for_mime('mime_bad_iso_charset')
describe MIME_BAD_ISO_CHARSET MIME character set is an unknown ISO charset
-###########################################################################
-
-body CHARSET_FARAWAY eval:check_for_faraway_charset()
-describe CHARSET_FARAWAY Character set indicates a foreign language
-tflags CHARSET_FARAWAY userconf
-
-# duncf
-body EMAIL_ROT13 /\b[a-z(\]-]+\^[a-z-]+\([a-z]{2,3}\b/
-describe EMAIL_ROT13 Body contains a ROT13-encoded email address
-test EMAIL_ROT13 ok qhabs^ebtref(pbz
-test EMAIL_ROT13 ok zxrggyre^riv-vap(pbz
-test EMAIL_ROT13 fail duncf-nospam@rogers.com
+endif
-body BLANK_LINES_70_80 eval:check_blank_line_ratio('70','80','4')
-body BLANK_LINES_80_90 eval:check_blank_line_ratio('80','90','4')
-body BLANK_LINES_90_100 eval:check_blank_line_ratio('90','100','4')
-describe BLANK_LINES_70_80 Message body has 70-80% blank lines
-describe BLANK_LINES_80_90 Message body has 80-90% blank lines
-describe BLANK_LINES_90_100 Message body has 90-100% blank lines
+###########################################################################
-body UNIQUE_WORDS eval:check_unique_words('0.946', '3.1')
-describe UNIQUE_WORDS Message body has many words used only once
+ifplugin Mail::SpamAssassin::Plugin::URIEval
body DOMAIN_RATIO eval:check_domain_ratio('0.022')
describe DOMAIN_RATIO Message body mentions many internet domains
-# this could use more work
-body __LONGWORDS_A /\b(?:[a-z]{8,}[\s\.]+){6}/
-body __LONGWORDS_B /\b(?:[a-z]{6,}[\s\.]+){9}/
-body __LONGWORDS_C /\b(?:[a-z]{5,}[\s\.]+){10}/
-meta LONGWORDS (__LONGWORDS_A + __LONGWORDS_B + __LONGWORDS_C > 1)
-describe LONGWORDS Long string of long words
-
body HTTPS_IP_MISMATCH eval:check_https_ip_mismatch()
describe HTTPS_IP_MISMATCH IP to HTTPS link found in HTML
-rawbody INTERRUPTUS /(?:[a-zA-Z0-9]<[\/ ]{0,2}?(?!br)(?!p)(?!sup)(?!li)(?!b)(?!i)(?!option)(?!a (?:href|name))(?:\b|!--)[^>]{0,64}?>[a-zA-Z0-9].{0,64}){3}/i
-describe INTERRUPTUS Message looks to contain HTML-interrupted text
+endif
Modified: spamassassin/rules/trunk/core/20_compensate.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/20_compensate.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/20_compensate.cf (original)
+++ spamassassin/rules/trunk/core/20_compensate.cf Sun Jul 23 15:51:20 2006
@@ -25,6 +25,15 @@
require_version @@VERSION@@
+header __HAS_RCVD exists:Received
+meta NO_RECEIVED (!__HAS_RCVD)
+tflags NO_RECEIVED nice userconf
+describe NO_RECEIVED Informational: message has no Received headers
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::RelayEval
+
# The message was never sent via an untrustworthy host.
header ALL_TRUSTED eval:check_all_trusted()
describe ALL_TRUSTED Passed through trusted hosts only via SMTP
@@ -34,8 +43,4 @@
tflags NO_RELAYS nice userconf
describe NO_RELAYS Informational: message was not relayed via SMTP
-header __HAS_RCVD exists:Received
-meta NO_RECEIVED (!__HAS_RCVD)
-tflags NO_RECEIVED nice userconf
-describe NO_RECEIVED Informational: message has no Received headers
-
+endif
Modified: spamassassin/rules/trunk/core/20_fake_helo_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/20_fake_helo_tests.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/20_fake_helo_tests.cf (original)
+++ spamassassin/rules/trunk/core/20_fake_helo_tests.cf Sun Jul 23 15:51:20 2006
@@ -26,23 +26,6 @@
require_version @@VERSION@@
-###########################################################################
-
-header FAKE_HELO_MSN eval:check_for_rdns_helo_mismatch("msn\.com","msn\.com")
-describe FAKE_HELO_MSN Host HELO did not match rDNS: msn.com
-header FAKE_HELO_MAIL_COM eval:check_for_rdns_helo_mismatch("mail\.com","mail\.com")
-describe FAKE_HELO_MAIL_COM Host HELO did not match rDNS: mail.com
-header FAKE_HELO_EMAIL_COM eval:check_for_rdns_helo_mismatch("email\.com","email\.com")
-describe FAKE_HELO_EMAIL_COM Host HELO did not match rDNS: email.com
-header FAKE_HELO_EUDORAMAIL eval:check_for_rdns_helo_mismatch("eudoramail\.com","eudoramail\.com")
-describe FAKE_HELO_EUDORAMAIL Host HELO did not match rDNS: eudoramail.com
-header FAKE_HELO_EXCITE eval:check_for_rdns_helo_mismatch("excite\S*","excite\.com")
-describe FAKE_HELO_EXCITE Host HELO did not match rDNS: excite.com
-header FAKE_HELO_LYCOS eval:check_for_rdns_helo_mismatch("lycos\S*","lycos\.com")
-describe FAKE_HELO_LYCOS Host HELO did not match rDNS: lycos.com
-header FAKE_HELO_YAHOO_CA eval:check_for_rdns_helo_mismatch("yahoo\.ca","yahoo\.ca")
-describe FAKE_HELO_YAHOO_CA Host HELO did not match rDNS: yahoo.ca
-
# ---------------------------------------------------------------------------
# Suresh says: these will never be used as HELOs from real mail.com relays.
@@ -192,3 +175,24 @@
# nwblwi-nrp3-l10-a671.nwblwi.tds.net
#header HELO_DYNAMIC_TDS X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+-[a-z]\d+\.[a-z]{6}\.tds\.net/i
#header HELO_DYNAMIC_VIRTUA X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\d+\.cps\./i
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::RelayEval
+
+header FAKE_HELO_MSN eval:check_for_rdns_helo_mismatch("msn\.com","msn\.com")
+describe FAKE_HELO_MSN Host HELO did not match rDNS: msn.com
+header FAKE_HELO_MAIL_COM eval:check_for_rdns_helo_mismatch("mail\.com","mail\.com")
+describe FAKE_HELO_MAIL_COM Host HELO did not match rDNS: mail.com
+header FAKE_HELO_EMAIL_COM eval:check_for_rdns_helo_mismatch("email\.com","email\.com")
+describe FAKE_HELO_EMAIL_COM Host HELO did not match rDNS: email.com
+header FAKE_HELO_EUDORAMAIL eval:check_for_rdns_helo_mismatch("eudoramail\.com","eudoramail\.com")
+describe FAKE_HELO_EUDORAMAIL Host HELO did not match rDNS: eudoramail.com
+header FAKE_HELO_EXCITE eval:check_for_rdns_helo_mismatch("excite\S*","excite\.com")
+describe FAKE_HELO_EXCITE Host HELO did not match rDNS: excite.com
+header FAKE_HELO_LYCOS eval:check_for_rdns_helo_mismatch("lycos\S*","lycos\.com")
+describe FAKE_HELO_LYCOS Host HELO did not match rDNS: lycos.com
+header FAKE_HELO_YAHOO_CA eval:check_for_rdns_helo_mismatch("yahoo\.ca","yahoo\.ca")
+describe FAKE_HELO_YAHOO_CA Host HELO did not match rDNS: yahoo.ca
+
+endif
Modified: spamassassin/rules/trunk/core/20_head_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/20_head_tests.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/20_head_tests.cf (original)
+++ spamassassin/rules/trunk/core/20_head_tests.cf Sun Jul 23 15:51:20 2006
@@ -24,21 +24,11 @@
require_version @@VERSION@@
-header HEAD_LONG eval:check_msg_parse_flags('truncated_header')
-describe HEAD_LONG Message headers are very long
-
# partial messages; currently-theoretical attack
# unsurprisingly this hits 0/0 right now.
header FRAGMENTED_MESSAGE Content-Type =~ /\bmessage\/partial/i
describe FRAGMENTED_MESSAGE Partial message
-header MISSING_HB_SEP eval:check_msg_parse_flags('missing_head_body_separator')
-describe MISSING_HB_SEP Missing blank line between message header and body
-
-header UNPARSEABLE_RELAY eval:check_relays_unparseable()
-tflags UNPARSEABLE_RELAY userconf
-describe UNPARSEABLE_RELAY Informational: message has unparseable relay lines
-
###########################################################################
header NO_REAL_NAME From =~ /^["\s]*\<?\S+\@\S+\>?\s*$/
@@ -107,9 +97,6 @@
header SUBJ_HAS_SPACES Subject =~ /(?:\s{6}|\t\s|\s\t)\S/
describe SUBJ_HAS_SPACES Subject contains lots of white space
-header SUBJ_ALL_CAPS eval:subject_is_all_caps()
-describe SUBJ_ALL_CAPS Subject is all capitals
-
header MSGID_SPAM_99X9XX99 MESSAGEID =~ /^<\d\d\d\d\d\d[a-z]\d[a-z][a-z]\d\d\$[a-z][a-z][a-z]\d\d\d\d\d\$\d\d\d\d\d\d\d\d\@/
describe MSGID_SPAM_99X9XX99 Spam tool Message-Id: (99x9xx99 variant)
@@ -128,9 +115,6 @@
header MSGID_NO_HOST MESSAGEID =~ /\@>(?:$|\s)/m
describe MSGID_NO_HOST Message-Id has no hostname
-header MSGID_OUTLOOK_INVALID eval:check_outlook_message_id()
-describe MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format)
-
# catches a few spams missed by MSGID_OUTLOOK_INVALID
header __HAS_OUTLOOK_IN_MAILER X-Mailer =~ /\bMSCRM\b|Microsoft (?:CDO|Outlook|Office Outlook)\b/
meta MSGID_DOLLARS (__OUTLOOK_DOLLARS_MSGID && !__HAS_OUTLOOK_IN_MAILER && !__UNUSABLE_MSGID)
@@ -190,9 +174,6 @@
meta MSGID_FROM_MTA_HEADER (__MSGID_BEFORE_RECEIVED && !__MSGID_BEFORE_OKAY)
describe MSGID_FROM_MTA_HEADER Message-Id was added by a relay
-header MSGID_FROM_MTA_ID eval:message_id_from_mta()
-describe MSGID_FROM_MTA_ID Message-Id for external message added locally
-
header MSGID_FROM_MTA_HOTMAIL Message-Id =~ /<MC\d{1,2}-F{1,2}\w{21,22}\@\S*hotmail\.com>/
describe MSGID_FROM_MTA_HOTMAIL Message-Id was added by a hotmail.com relay
@@ -236,59 +217,6 @@
header INVALID_TZ_GMT ALL =~ /[+-]\d\d[30]0(?<![+-]0000)\s+(?:\b(?:GMT|UTC)\b(?![\w+-])|\((?:GMT|UTC)\))/
describe INVALID_TZ_GMT Invalid date in header (wrong GMT/UTC timezone)
-header DATE_IN_PAST_03_06 eval:check_for_shifted_date('-6', '-3')
-describe DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
-
-header DATE_IN_PAST_06_12 eval:check_for_shifted_date('-12', '-6')
-describe DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
-
-header DATE_IN_PAST_12_24 eval:check_for_shifted_date('-24', '-12')
-describe DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
-
-header DATE_IN_PAST_24_48 eval:check_for_shifted_date('-48', '-24')
-describe DATE_IN_PAST_24_48 Date: is 24 to 48 hours before Received: date
-
-header DATE_IN_PAST_48_96 eval:check_for_shifted_date('-96', '-48')
-describe DATE_IN_PAST_48_96 Date: is 48 to 96 hours before Received: date
-
-header DATE_IN_PAST_96_XX eval:check_for_shifted_date('undef', '-96')
-describe DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
-
-header DATE_IN_FUTURE_03_06 eval:check_for_shifted_date('3', '6')
-describe DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
-
-header DATE_IN_FUTURE_06_12 eval:check_for_shifted_date('6', '12')
-describe DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
-
-header DATE_IN_FUTURE_12_24 eval:check_for_shifted_date('12', '24')
-describe DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
-
-header DATE_IN_FUTURE_24_48 eval:check_for_shifted_date('24', '48')
-describe DATE_IN_FUTURE_24_48 Date: is 24 to 48 hours after Received: date
-
-header DATE_IN_FUTURE_48_96 eval:check_for_shifted_date('48', '96')
-describe DATE_IN_FUTURE_48_96 Date: is 48 to 96 hours after Received: date
-
-header DATE_IN_FUTURE_96_XX eval:check_for_shifted_date('96', 'undef')
-describe DATE_IN_FUTURE_96_XX Date: is 96 hours or more after Received: date
-
-header UNRESOLVED_TEMPLATE eval:check_unresolved_template()
-describe UNRESOLVED_TEMPLATE Headers contain an unresolved template
-
-###########################################################################
-# illegal characters that should be MIME encoded
-# might want to exempt users using languages that don't use Latin
-# alphabets, but do it in the eval
-
-header SUBJ_ILLEGAL_CHARS eval:check_illegal_chars('Subject','0.00','2')
-describe SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters
-
-header FROM_ILLEGAL_CHARS eval:check_illegal_chars('From','0.20','2')
-describe FROM_ILLEGAL_CHARS From: has too many raw illegal characters
-
-header HEAD_ILLEGAL_CHARS eval:check_illegal_chars('ALL','0.010','2')
-describe HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters
-
###########################################################################
# MIME encoding with spam characteristics
@@ -352,21 +280,6 @@
###########################################################################
-header FROM_AND_TO_SAME eval:check_for_from_to_same()
-describe FROM_AND_TO_SAME From and To are the same, but not exactly
-
-header FORGED_RCVD_HELO eval:check_for_forged_received_helo()
-describe FORGED_RCVD_HELO Received: contains a forged HELO
-
-header RCVD_HELO_IP_MISMATCH eval:helo_ip_mismatch()
-describe RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
-
-header RCVD_NUMERIC_HELO eval:check_for_numeric_helo()
-describe RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
-
-header RCVD_ILLEGAL_IP eval:check_for_illegal_ip()
-describe RCVD_ILLEGAL_IP Received: contains illegal IP address
-
# no legit mailer claims that their mailserver has no name
# overlaps with RCVD_DOUBLE_IP*, but let's see how it is scored
header RCVD_BY_IP Received =~ /\bby\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?<!127\.0\.0\.1)\b/
@@ -384,38 +297,9 @@
meta RCVD_DOUBLE_IP_LOOSE (__DOUBLE_IP_LOOSE && !RCVD_DOUBLE_IP_SPAM)
describe RCVD_DOUBLE_IP_LOOSE Received: by and from look like IP addresses
-header FORGED_AOL_RCVD eval:check_for_fake_aol_relay_in_rcvd()
-describe FORGED_AOL_RCVD Received forged, contains fake AOL relays
-
header FORGED_TELESP_RCVD Received =~ /\.(?!br).. \(\d+-\d+-\d+-\d+\.dsl\.telesp\.net\.br /
describe FORGED_TELESP_RCVD Contains forged hostname for a DSL IP in Brazil
-# a forged Hotmail message; host HELO'd as hotmail.com, but it wasn't
-header FORGED_HOTMAIL_RCVD eval:check_for_forged_hotmail_received_headers()
-describe FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found
-
-# this, by comparison is more common: from was @hotmail.com, but it wasn't
-header FORGED_HOTMAIL_RCVD2 eval:check_for_no_hotmail_received_headers()
-describe FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
-
-header FORGED_EUDORAMAIL_RCVD eval:check_for_forged_eudoramail_received_headers()
-describe FORGED_EUDORAMAIL_RCVD Forged eudoramail.com 'Received:' header found
-
-header FORGED_YAHOO_RCVD eval:check_for_forged_yahoo_received_headers()
-describe FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
-
-header FORGED_JUNO_RCVD eval:check_for_forged_juno_received_headers()
-describe FORGED_JUNO_RCVD 'From' juno.com does not match 'Received' headers
-
-header FORGED_GW05_RCVD eval:check_for_forged_gw05_received_headers()
-describe FORGED_GW05_RCVD Forged 'by gw05' 'Received:' header found
-
-# not used directly right now due to FPs; but CONFIRMED_FORGED turns it
-# into a 1.0 S/O rule anyway, so that's not a problem ;)
-# 2.626 3.6340 1.5251 0.704 0.34 1.44 FORGED_RCVD_TRAIL
-# 0.956 3.3890 0.0000 1.000 0.98 4.30 CONFIRMED_FORGED
-header __FORGED_RCVD_TRAIL eval:check_for_forged_received_trail()
-
# forgery meta-rules: more reliable than their inputs
meta CONFIRMED_FORGED (__FORGED_RCVD_TRAIL && (FORGED_AOL_RCVD || FORGED_HOTMAIL_RCVD || FORGED_EUDORAMAIL_RCVD || FORGED_YAHOO_RCVD || FORGED_JUNO_RCVD || FORGED_GW05_RCVD))
describe CONFIRMED_FORGED Received headers are forged
@@ -426,38 +310,19 @@
header NONEXISTENT_CHARSET Content-Type =~ /charset=.?DEFAULT/
describe NONEXISTENT_CHARSET Character set doesn't exist
-header CHARSET_FARAWAY_HEADER eval:check_for_faraway_charset_in_headers()
-describe CHARSET_FARAWAY_HEADER A foreign language charset used in headers
-tflags CHARSET_FARAWAY_HEADER userconf
-
header X_PRIORITY_HIGH X-Priority =~ /^1/
describe X_PRIORITY_HIGH Sent with 'X-Priority' set to high
header X_MSMAIL_PRIORITY_HIGH X-Msmail-Priority =~ /^High/
describe X_MSMAIL_PRIORITY_HIGH Sent with 'X-Msmail-Priority' set to high
-# this variant is local, using the Received hdr itself...
-header ROUND_THE_WORLD_LOCAL eval:check_for_round_the_world_received_helo()
-describe ROUND_THE_WORLD_LOCAL Received: says mail sent around the world (HELO)
-
header MISSING_DATE Date =~ /^UNSET$/ [if-unset: UNSET]
describe MISSING_DATE Missing Date: header
-# this is a quite common false positive, as it's legal to remove a To but leave
-# a CC. so don't score it high.
-header MISSING_HEADERS eval:check_for_missing_to_header()
-describe MISSING_HEADERS Missing To: header
-
header __HAS_SUBJECT exists:Subject
meta MISSING_SUBJECT !__HAS_SUBJECT
describe MISSING_SUBJECT Missing Subject: header
-header SUSPICIOUS_RECIPS eval:similar_recipients('0.65','undef')
-describe SUSPICIOUS_RECIPS Similar addresses in recipient list
-
-header SORTED_RECIPS eval:sorted_recipients()
-describe SORTED_RECIPS Recipient list is sorted by address
-
header GAPPY_SUBJECT Subject =~ /\b(?:[a-z]([-_. =~\/:,*!\@\#\$\%\^&+;\"\'<>\\])\1{0,2}){4}/i
describe GAPPY_SUBJECT Subject: contains G.a.p.p.y-T.e.x.t
@@ -544,12 +409,6 @@
header RCVD_FAKE_HELO_DOTCOM Received =~ /^from (?:msn|yahoo|yourwebsite|lycos|excite|cs|aol|localhost|koreanmail|allexecs|mydomain|juno|eudoramail|compuserve|desertmail|excite|caramail)\.com \(/m
describe RCVD_FAKE_HELO_DOTCOM Received contains a faked HELO hostname
-header ADDRESS_IN_SUBJECT eval:check_for_to_in_subject('address')
-describe ADDRESS_IN_SUBJECT To: address appears in Subject
-
-header LOCALPART_IN_SUBJECT eval:check_for_to_in_subject('user')
-describe LOCALPART_IN_SUBJECT Local part of To: address appears in Subject
-
header SUBJECT_DIET Subject =~ /\bLose .*(?:pounds|lbs|weight)/i
describe SUBJECT_DIET Subject talks about losing pounds
@@ -610,14 +469,8 @@
header RCVD_AM_PM Received =~ /; [A-Z][a-z][a-z], \d{1,2} \d{4} \d{1,2}:\d\d:\d\d [AP]M [+-]\d{4}/
describe RCVD_AM_PM Received headers forged (AM/PM)
-header HEADER_COUNT_CTYPE eval:check_header_count_range('Content-Type','2','999')
-describe HEADER_COUNT_CTYPE Multiple Content-Type headers found
-
header __USER_AGENT_MSN X-Mailer =~ /^MSN Explorer /
-header NO_RDNS_DOTCOM_HELO eval:check_for_no_rdns_dotcom_helo()
-describe NO_RDNS_DOTCOM_HELO Host HELO'd as a big ISP, but had no rDNS
-
header X_ORIG_IP_NOT_IPV4 X-Originating-IP !~ /\[?(?:\d{1,3}\.){3}\d{1,3}\]?/ [if-unset: 0.0.0.0]
describe X_ORIG_IP_NOT_IPV4 X-Originating-IP doesn't look like IPv4 address
@@ -689,3 +542,171 @@
# text, so try to ignore that
header BAD_ENC_HEADER ALL =~ /=\?[^?\s]+\?[^?\s]\?\s*[^?]+\s(?!\?=)/
describe BAD_ENC_HEADER Message has bad MIME encoding in the header
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+
+header FORGED_AOL_RCVD eval:check_for_fake_aol_relay_in_rcvd()
+describe FORGED_AOL_RCVD Received forged, contains fake AOL relays
+
+header CHARSET_FARAWAY_HEADER eval:check_for_faraway_charset_in_headers()
+describe CHARSET_FARAWAY_HEADER A foreign language charset used in headers
+tflags CHARSET_FARAWAY_HEADER userconf
+
+ ###################################################################
+
+# illegal characters that should be MIME encoded
+# might want to exempt users using languages that don't use Latin
+# alphabets, but do it in the eval
+
+header SUBJ_ILLEGAL_CHARS eval:check_illegal_chars('Subject','0.00','2')
+describe SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters
+
+header FROM_ILLEGAL_CHARS eval:check_illegal_chars('From','0.20','2')
+describe FROM_ILLEGAL_CHARS From: has too many raw illegal characters
+
+header HEAD_ILLEGAL_CHARS eval:check_illegal_chars('ALL','0.010','2')
+describe HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters
+
+ ###################################################################
+
+# a forged Hotmail message; host HELO'd as hotmail.com, but it wasn't
+header FORGED_HOTMAIL_RCVD eval:check_for_forged_hotmail_received_headers()
+describe FORGED_HOTMAIL_RCVD Forged hotmail.com 'Received:' header found
+
+# this, by comparison is more common: from was @hotmail.com, but it wasn't
+header FORGED_HOTMAIL_RCVD2 eval:check_for_no_hotmail_received_headers()
+describe FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
+
+header FORGED_EUDORAMAIL_RCVD eval:check_for_forged_eudoramail_received_headers()
+describe FORGED_EUDORAMAIL_RCVD Forged eudoramail.com 'Received:' header found
+
+header FORGED_YAHOO_RCVD eval:check_for_forged_yahoo_received_headers()
+describe FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
+
+header FORGED_JUNO_RCVD eval:check_for_forged_juno_received_headers()
+describe FORGED_JUNO_RCVD 'From' juno.com does not match 'Received' headers
+
+header FORGED_GW05_RCVD eval:check_for_forged_gw05_received_headers()
+describe FORGED_GW05_RCVD Forged 'by gw05' 'Received:' header found
+
+header FROM_AND_TO_SAME eval:check_for_from_to_same()
+describe FROM_AND_TO_SAME From and To are the same, but not exactly
+
+header SORTED_RECIPS eval:sorted_recipients()
+describe SORTED_RECIPS Recipient list is sorted by address
+
+header SUSPICIOUS_RECIPS eval:similar_recipients('0.65','undef')
+describe SUSPICIOUS_RECIPS Similar addresses in recipient list
+
+# this is a quite common false positive, as it's legal to remove a To but leave
+# a CC. so don't score it high.
+header MISSING_HEADERS eval:check_for_missing_to_header()
+describe MISSING_HEADERS Missing To: header
+
+# this variant is local, using the Received hdr itself...
+header ROUND_THE_WORLD_LOCAL eval:check_for_round_the_world_received_helo()
+describe ROUND_THE_WORLD_LOCAL Received: says mail sent around the world (HELO)
+
+header DATE_IN_PAST_03_06 eval:check_for_shifted_date('-6', '-3')
+describe DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
+
+header DATE_IN_PAST_06_12 eval:check_for_shifted_date('-12', '-6')
+describe DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
+
+header DATE_IN_PAST_12_24 eval:check_for_shifted_date('-24', '-12')
+describe DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
+
+header DATE_IN_PAST_24_48 eval:check_for_shifted_date('-48', '-24')
+describe DATE_IN_PAST_24_48 Date: is 24 to 48 hours before Received: date
+
+header DATE_IN_PAST_48_96 eval:check_for_shifted_date('-96', '-48')
+describe DATE_IN_PAST_48_96 Date: is 48 to 96 hours before Received: date
+
+header DATE_IN_PAST_96_XX eval:check_for_shifted_date('undef', '-96')
+describe DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
+
+header DATE_IN_FUTURE_03_06 eval:check_for_shifted_date('3', '6')
+describe DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
+
+header DATE_IN_FUTURE_06_12 eval:check_for_shifted_date('6', '12')
+describe DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
+
+header DATE_IN_FUTURE_12_24 eval:check_for_shifted_date('12', '24')
+describe DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
+
+header DATE_IN_FUTURE_24_48 eval:check_for_shifted_date('24', '48')
+describe DATE_IN_FUTURE_24_48 Date: is 24 to 48 hours after Received: date
+
+header DATE_IN_FUTURE_48_96 eval:check_for_shifted_date('48', '96')
+describe DATE_IN_FUTURE_48_96 Date: is 48 to 96 hours after Received: date
+
+header DATE_IN_FUTURE_96_XX eval:check_for_shifted_date('96', 'undef')
+describe DATE_IN_FUTURE_96_XX Date: is 96 hours or more after Received: date
+
+header UNRESOLVED_TEMPLATE eval:check_unresolved_template()
+describe UNRESOLVED_TEMPLATE Headers contain an unresolved template
+
+header SUBJ_ALL_CAPS eval:subject_is_all_caps()
+describe SUBJ_ALL_CAPS Subject is all capitals
+
+header ADDRESS_IN_SUBJECT eval:check_for_to_in_subject('address')
+describe ADDRESS_IN_SUBJECT To: address appears in Subject
+
+header LOCALPART_IN_SUBJECT eval:check_for_to_in_subject('user')
+describe LOCALPART_IN_SUBJECT Local part of To: address appears in Subject
+
+header MSGID_OUTLOOK_INVALID eval:check_outlook_message_id()
+describe MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format)
+
+header HEADER_COUNT_CTYPE eval:check_header_count_range('Content-Type','2','999')
+describe HEADER_COUNT_CTYPE Multiple Content-Type headers found
+
+endif
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEEval
+
+header HEAD_LONG eval:check_msg_parse_flags('truncated_header')
+describe HEAD_LONG Message headers are very long
+
+header MISSING_HB_SEP eval:check_msg_parse_flags('missing_head_body_separator')
+describe MISSING_HB_SEP Missing blank line between message header and body
+
+endif
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::RelayEval
+
+header UNPARSEABLE_RELAY eval:check_relays_unparseable()
+tflags UNPARSEABLE_RELAY userconf
+describe UNPARSEABLE_RELAY Informational: message has unparseable relay lines
+
+header MSGID_FROM_MTA_ID eval:message_id_from_mta()
+describe MSGID_FROM_MTA_ID Message-Id for external message added locally
+
+header FORGED_RCVD_HELO eval:check_for_forged_received_helo()
+describe FORGED_RCVD_HELO Received: contains a forged HELO
+
+header RCVD_HELO_IP_MISMATCH eval:helo_ip_mismatch()
+describe RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
+
+header RCVD_NUMERIC_HELO eval:check_for_numeric_helo()
+describe RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
+
+header RCVD_ILLEGAL_IP eval:check_for_illegal_ip()
+describe RCVD_ILLEGAL_IP Received: contains illegal IP address
+
+# not used directly right now due to FPs; but CONFIRMED_FORGED turns it
+# into a 1.0 S/O rule anyway, so that's not a problem ;)
+# 2.626 3.6340 1.5251 0.704 0.34 1.44 FORGED_RCVD_TRAIL
+# 0.956 3.3890 0.0000 1.000 0.98 4.30 CONFIRMED_FORGED
+header __FORGED_RCVD_TRAIL eval:check_for_forged_received_trail()
+
+header NO_RDNS_DOTCOM_HELO eval:check_for_no_rdns_dotcom_helo()
+describe NO_RDNS_DOTCOM_HELO Host HELO'd as a big ISP, but had no rDNS
+
+endif
Modified: spamassassin/rules/trunk/core/20_meta_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/20_meta_tests.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/20_meta_tests.cf (original)
+++ spamassassin/rules/trunk/core/20_meta_tests.cf Sun Jul 23 15:51:20 2006
@@ -37,10 +37,6 @@
header __MANY_EXCLS Subject =~ /![^!]+!/
header __PLING_PLING Subject =~ /!!!/
-body __UPPERCASE_25_50 eval:check_for_uppercase('25', '50')
-body __UPPERCASE_50_75 eval:check_for_uppercase('50', '75')
-body __UPPERCASE_75_100 eval:check_for_uppercase('75', '100')
-
meta MANY_EXCLAMATIONS (!__ISO_2022_JP_DELIM && __MANY_EXCLS)
describe MANY_EXCLAMATIONS Subject has many exclamations
meta UPPERCASE_25_50 (!__ISO_2022_JP_DELIM && __UPPERCASE_25_50)
@@ -72,3 +68,13 @@
body __NONEMPTY_BODY /\S/
meta EMPTY_MESSAGE !__MIME_ATTACHMENT && !__NONEMPTY_BODY
describe EMPTY_MESSAGE Message appears to be empty with no Subject: text
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEEval
+
+body __UPPERCASE_25_50 eval:check_for_uppercase('25', '50')
+body __UPPERCASE_50_75 eval:check_for_uppercase('50', '75')
+body __UPPERCASE_75_100 eval:check_for_uppercase('75', '100')
+
+endif
Modified: spamassassin/rules/trunk/core/20_ratware.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/20_ratware.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/20_ratware.cf (original)
+++ spamassassin/rules/trunk/core/20_ratware.cf Sun Jul 23 15:51:20 2006
@@ -54,11 +54,6 @@
#
# NOTE: these rules should specify version numbers!
-# Dec 17 2002 jm: this means "message ID is either too old or has been
-# rewritten by a gateway". Made into an eval test since meta tests cannot
-# (yet) chain from other meta tests.
-header __UNUSABLE_MSGID eval:check_messageid_not_usable()
-
# AOL
header __AOL_MUA X-Mailer =~ /\bAOL\b/
@@ -183,15 +178,10 @@
# 2003-02-23: quinlan
# some useful meta rule sub-elements
-body __MIME_HTML eval:check_for_mime_html()
header __CTYPE_HTML Content-Type =~ /text\/html/i
header __ANY_AOL_MUA X-Mailer =~ /^AOL\b/
header __ANY_IMS_MUA X-Mailer =~ /^Internet Mail Service\b/
header __ANY_OUTLOOK_MUA X-Mailer =~ /^Microsoft Outlook\b/
-body __TAG_EXISTS_BODY eval:html_tag_exists('body')
-body __TAG_EXISTS_HEAD eval:html_tag_exists('head')
-body __TAG_EXISTS_HTML eval:html_tag_exists('html')
-body __TAG_EXISTS_META eval:html_tag_exists('meta')
header __ANY_QUALCOMM_MUA X-Mailer =~ /\bQUALCOMM\b/
meta FORGED_QUALCOMM_TAGS (__ANY_QUALCOMM_MUA && __MIME_HTML && !__TAG_EXISTS_HTML)
@@ -300,13 +290,43 @@
header RATWARE_BOUND_PIECE Content-Type =~ /boundary=\"?--Piece/
describe RATWARE_BOUND_PIECE Bulk email fingerprint (piece boundary) found
-header __RATWARE_NAME_ID eval:check_ratware_name_id()
-meta RATWARE_NAME_ID __RATWARE_0_TZ_DATE && __RATWARE_NAME_ID
-describe RATWARE_NAME_ID Bulk email fingerprint (msgid from) found
-
header __MIMEOLE_MS X-MIMEOLE =~ /^Produced By Microsoft MimeOLE/
meta RATWARE_MS_HASH __MSGID_DOLLARS_OK && !__MIMEOLE_MS
describe RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+
+# Dec 17 2002 jm: this means "message ID is either too old or has been
+# rewritten by a gateway". Made into an eval test since meta tests cannot
+# (yet) chain from other meta tests.
+header __UNUSABLE_MSGID eval:check_messageid_not_usable()
+
+header __RATWARE_NAME_ID eval:check_ratware_name_id()
+meta RATWARE_NAME_ID __RATWARE_0_TZ_DATE && __RATWARE_NAME_ID
+describe RATWARE_NAME_ID Bulk email fingerprint (msgid from) found
+
header RATWARE_EFROM eval:check_ratware_envelope_from()
describe RATWARE_EFROM Bulk email fingerprint (envfrom) found
+
+endif
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEEval
+
+body __MIME_HTML eval:check_for_mime_html()
+
+endif
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::HTMLEval
+
+body __TAG_EXISTS_BODY eval:html_tag_exists('body')
+body __TAG_EXISTS_HEAD eval:html_tag_exists('head')
+body __TAG_EXISTS_HTML eval:html_tag_exists('html')
+body __TAG_EXISTS_META eval:html_tag_exists('meta')
+
+endif
Modified: spamassassin/rules/trunk/core/20_uri_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/20_uri_tests.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/20_uri_tests.cf (original)
+++ spamassassin/rules/trunk/core/20_uri_tests.cf Sun Jul 23 15:51:20 2006
@@ -123,10 +123,6 @@
uri URI_AFFILIATE /aff\w+id=/i
describe URI_AFFILIATE Contains a URI with an affiliate ID code
-# really a URI rule
-header URI_REDIRECTOR eval:check_for_http_redirector()
-describe URI_REDIRECTOR Message has HTTP redirector URI
-
# a.com.b.c
uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2}}i
describe SPOOF_COM2OTH URI contains ".com" in middle
@@ -178,3 +174,13 @@
# possible IDN spoofing attack: http://www.shmoo.com/idn/homograph.txt
# not expecting any hits on this (yet)
uri HIGH_CODEPAGE_URI /^https?:\/\/[^\/]*\&\#(?:\d{4,}|[3456789]\d\d);/i
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::URIEval
+
+# really a URI rule
+header URI_REDIRECTOR eval:check_for_http_redirector()
+describe URI_REDIRECTOR Message has HTTP redirector URI
+
+endif
Modified: spamassassin/rules/trunk/core/50_scores.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/core/50_scores.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/core/50_scores.cf (original)
+++ spamassassin/rules/trunk/core/50_scores.cf Sun Jul 23 15:51:20 2006
@@ -93,13 +93,6 @@
score DIGEST_MULTIPLE 0.001 0.233 0.001 0.765
score DISGUISE_PORN 0.724 0.110 0.721 0.247
score DISGUISE_PORN_MUNDANE 1.840 1.798 2.127 2.300
-score DNS_FROM_AHBL_RHSBL 0.001 0.306 0.001 0.231
-score DNS_FROM_RFC_ABUSE 0.001 0.479 0.001 0.200
-score DNS_FROM_RFC_BOGUSMX 0.001 2.034 0.001 1.945
-score DNS_FROM_RFC_DSN 0.001 2.872 0.001 2.597
-score DNS_FROM_RFC_POST 0.001 1.440 0.001 1.708
-score DNS_FROM_RFC_WHOIS 0.001 0.879 0.001 1.447
-score DNS_FROM_SECURITYSAGE 0.001 2.001 0.001 1.513
score DOMAIN_4U2 2.160 1.429 2.362 1.994
score DOMAIN_RATIO 0.001 0.001 0.184 0.001
score DRUGS_ANXIETY 1.841 0.001 2.422 0.404
@@ -239,109 +232,17 @@
score HIDDEN_CHARGES 0.721 0.752 0.611 0.853
score HIDE_WIN_STATUS 0.001
score HOT_NASTY 0.809 0.001 0.697 0.157
-score HTML_00_10 1.232 0.642 1.996 0.795
-score HTML_10_20 0.911 0.945 1.387 1.351
-score HTML_20_30 0.911 0.001 1.053 0.001
-score HTML_30_40 0.137 0.001 0.463 0.374
-score HTML_40_50 0.611 0.001 0.497 0.496
-score HTML_50_60 0.130 0.001 0.001 0.134
-score HTML_60_70 0.290 0.001 0.001 0.001
-score HTML_70_80 0.001 0.001 0.144 0.001
-score HTML_80_90 0.001
-score HTML_90_100 0.584 0.001 0.567 0.113
-score HTML_ATTR_BAD 0.118 0.001 0.001 0.001
-score HTML_ATTR_UNIQUE 0.245 0.001 0.244 0.639
-score HTML_BACKHAIR_2 0.001
-score HTML_BACKHAIR_4 0.001
-score HTML_BACKHAIR_8 0.536 0.130 0.266 0.282
-score HTML_BADTAG_00_10 0.001
-score HTML_BADTAG_10_20 0.001
-score HTML_BADTAG_20_30 0.001
-score HTML_BADTAG_30_40 0.366 0.228 0.137 0.124
-score HTML_BADTAG_40_50 0.001
-score HTML_BADTAG_50_60 1.604 0.263 1.811 0.987
-score HTML_BADTAG_60_70 1.727 0.819 1.873 1.679
-score HTML_BADTAG_70_80 1.517 1.577 1.711 1.547
-score HTML_BADTAG_80_90 0.001 0.167 0.001 0.001
-score HTML_BADTAG_90_100 1.074 0.846 1.098 1.399
-score HTML_COMMENT_SAVED_URL 0.001 0.647 1.197 0.273
-score HTML_COMMENT_SHORT 0.001
score HTML_EHTML2 2.640 2.114 3.052 2.618
-score HTML_EMBEDS 0.495 0.273 0.292 0.325
-score HTML_EVENT_UNSAFE 0.001
-score HTML_EXTRA_CLOSE 2.880 2.699 3.330 3.600
-score HTML_FONT_BIG 0.001 0.256 0.001 0.001
-score HTML_FONT_FACE_BAD 0.001 0.452 0.231 0.156
-score HTML_FONT_FACE_CAPS 0.001
-score HTML_FONT_INVISIBLE 0.001
-score HTML_FONT_LOW_CONTRAST 1.335 0.766 1.890 0.194
-score HTML_FONT_SIZE_HUGE 0.001 0.001 0.128 0.314
-score HTML_FONT_SIZE_LARGE 1.415 1.575 1.182 1.238
-score HTML_FONT_SIZE_NONE 0.001
-score HTML_FONT_SIZE_TINY 0.106 0.001 0.276 0.001
-score HTML_FONT_TINY 0.001 0.001 0.223 0.001
-score HTML_FORMACTION_MAILTO 1.760 1.760 2.035 2.200
-score HTML_IMAGE_ONLY_04 2.820 2.880 3.330 3.600
-score HTML_IMAGE_ONLY_08 2.581 2.435 3.469 3.126
-score HTML_IMAGE_ONLY_12 2.294 1.639 2.046 1.867
-score HTML_IMAGE_ONLY_16 0.668 0.627 0.338 0.497
-score HTML_IMAGE_ONLY_20 1.108 0.640 1.416 1.157
-score HTML_IMAGE_ONLY_24 1.316 0.930 1.771 1.841
-score HTML_IMAGE_ONLY_28 1.438 1.014 1.732 1.900
-score HTML_IMAGE_ONLY_32 1.423 0.836 1.610 1.052
-score HTML_IMAGE_RATIO_02 1.245 0.192 1.800 0.463
-score HTML_IMAGE_RATIO_04 0.877 0.001 1.057 0.001
-score HTML_IMAGE_RATIO_06 0.001 0.001 0.139 0.001
-score HTML_IMAGE_RATIO_08 0.001
-score HTML_LINK_IMAGE_BUG 0.001 0.001 0.110 0.001
-score HTML_LINK_OPT_OUT 1.151 0.001 0.823 0.001
-score HTML_LINK_PUSH_HERE 1.762 0.402 1.920 0.397
score HTML_MIME_NO_HTML_TAG 0.001 0.512 0.001 1.082
score HTML_MISSING_CTYPE 2.080 2.010 2.405 2.518
-score HTML_NONELEMENT_00_10 0.001
-score HTML_NONELEMENT_10_20 0.001
-score HTML_NONELEMENT_20_30 0.001
-score HTML_NONELEMENT_30_40 0.001
-score HTML_NONELEMENT_40_50 0.001 0.001 0.001 0.126
-score HTML_NONELEMENT_50_60 0.001
-score HTML_NONELEMENT_60_70 0.001 0.316 0.001 0.001
-score HTML_NONELEMENT_70_80 0.449 1.353 1.915 2.143
-score HTML_NONELEMENT_80_90 0.001
-score HTML_NONELEMENT_90_100 0.001
-score HTML_OBFUSCATE_05_10 1.421 1.169 1.522 1.449
-score HTML_OBFUSCATE_10_20 1.936 1.397 2.371 1.770
-score HTML_OBFUSCATE_20_30 2.720 2.720 3.145 3.400
-score HTML_OBFUSCATE_30_40 2.480 2.480 2.867 2.859
-score HTML_OBFUSCATE_40_50 2.160 2.160 2.498 2.640
-score HTML_OBFUSCATE_50_60 2.049 2.061 2.342 2.031
-score HTML_OBFUSCATE_60_70 1.637 1.592 1.892 1.652
-score HTML_OBFUSCATE_70_80 1.440 1.507 1.680 1.472
-score HTML_OBFUSCATE_80_90 1.244 1.191 1.397 0.982
-score HTML_OBFUSCATE_90_100 0.001 # n=0 n=1 n=2 n=3
score HTML_SHORT_CENTER 2.240 2.105 2.590 2.179
score HTML_SHORT_COMMENT 0.001 0.294 0.001 0.001
-score HTML_SHORT_LENGTH 1.612 0.629 1.504 1.574
score HTML_SHORT_LINK_IMG_1 2.333 0.275 2.743 0.948
score HTML_SHORT_LINK_IMG_2 2.296 0.951 2.739 1.582
score HTML_SHORT_LINK_IMG_3 0.913 0.518 1.675 0.881
-score HTML_SHOUTING3 0.001 0.001 0.198 0.001
-score HTML_SHOUTING4 0.001 0.001 0.215 0.001
-score HTML_SHOUTING5 0.827 0.169 1.133 0.001
-score HTML_SHOUTING6 0.001
-score HTML_SHOUTING7 0.001 0.121 0.001 0.118
-score HTML_TAG_BALANCE_BODY 0.001 0.180 0.351 0.228
-score HTML_TAG_BALANCE_HEAD 2.143 1.159 2.498 1.447
-score HTML_TAG_EXIST_BGSOUND 1.920 1.920 2.220 2.107
-score HTML_TAG_EXIST_MARQUEE 1.642 1.348 2.036 1.899
-score HTML_TAG_EXIST_TBODY 0.221 0.126 0.282 0.001
-score HTML_TEXT_AFTER_BODY 0.153 0.001 0.001 0.115
-score HTML_TEXT_AFTER_HTML 0.274 0.001 0.286 0.001
score HTML_TINY_FONT 2.607 1.425 3.393 2.324
-score HTML_TITLE_EMPTY 0.001 0.001 0.001 0.214
score HTML_TITLE_LONG 0.482 1.329 0.458 1.655
score HTML_TITLE_SUBJ_DIFF 1.547 0.551 1.224 0.266
-score HTML_TITLE_UNTITLED 0.001 0.001 0.168 0.514
-score HTML_WEB_BUGS 0.001 0.001 0.329 0.001
score HTTPS_IP_MISMATCH 1.920 1.920 2.220 2.400
score HTTP_77 2.242 2.658 2.644 2.346
score HTTP_CTRL_CHARS_HOST 1.280 1.259 1.480 1.600
@@ -431,7 +332,6 @@
score NORMAL_HTTP_TO_IP 0.001 0.001 0.160 0.175
score NOT_ADVISOR 2.160 2.160 2.498 2.700
score NO_COST 0.001 0.001 0.565 0.001
-score NO_DNS_FOR_FROM 0.001 2.603 0.001 3.200
score NO_FORMS 1.440 0.501 1.709 0.673
score NO_MEDICAL 1.200 1.259 1.480 1.363
score NO_OBLIGATION 0.488 0.303 0.628 0.966
@@ -487,27 +387,6 @@
score RCVD_FAKE_HELO_DOTCOM 2.160 1.652 2.590 2.281
score RCVD_HELO_IP_MISMATCH 3.200 3.200 3.700 4.000
score RCVD_ILLEGAL_IP 1.585 0.234 1.813 0.288
-score RCVD_IN_BL_SPAMCOP_NET 0.001 1.332 0.001 1.558
-score RCVD_IN_DSBL 0.001 1.801 0.001 2.600
-score RCVD_IN_IADB_VOUCHED 0.001 -1.825 0.001 -2.200
-score RCVD_IN_NJABL_CGI 0.001 # n=1 n=3
-score RCVD_IN_NJABL_DUL 0.001 1.713 0.001 1.946
-score RCVD_IN_NJABL_MULTI 0.001 # n=1 n=3
-score RCVD_IN_NJABL_PROXY 0.001 0.327 0.001 0.721
-score RCVD_IN_NJABL_RELAY 0.001
-score RCVD_IN_NJABL_SPAM 0.001 1.905 0.001 2.775
-score RCVD_IN_SBL 0.001 2.712 0.001 3.160
-score RCVD_IN_SORBS_BLOCK 0.001 # n=1 n=3
-score RCVD_IN_SORBS_DUL 0.001 1.988 0.001 2.046
-score RCVD_IN_SORBS_HTTP 0.001
-score RCVD_IN_SORBS_MISC 0.001
-score RCVD_IN_SORBS_SMTP 0.001 0.001 0.001 0.201
-score RCVD_IN_SORBS_SOCKS 0.001 1.823 0.001 2.159
-score RCVD_IN_SORBS_WEB 0.001 1.236 0.001 1.456
-score RCVD_IN_SORBS_ZOMBIE 0.001 0.240 0.001 0.258
-score RCVD_IN_WHOIS_BOGONS 0.001 1.811 0.001 2.430
-score RCVD_IN_WHOIS_INVALID 0.001 2.151 0.001 2.234
-score RCVD_IN_XBL 0.001 3.114 0.001 3.897
score RCVD_NUMERIC_HELO 1.440 1.253 1.665 1.500
score RECEIVE_OFFER 0.001 0.001 0.172 0.001
score REFINANCE_NOW 1.520 0.872 1.576 1.050
@@ -526,7 +405,6 @@
score RESISTANCE_IS_FUTILE 0.001 # n=0 n=1 n=2 n=3
score REVERSE_AGING 1.520 1.600 1.795 1.555
score RISK_FREE 0.001
-score ROUND_THE_WORLD 0.001 1.267 0.001 1.495
score ROUND_THE_WORLD_LOCAL 1.840 1.429 2.127 1.659
score RUDE_HTML 2.344 1.362 2.902 2.041
score SATIS_GUAR 1.036 0.001 1.207 0.001
@@ -633,6 +511,178 @@
# End of generated scores. </gen:mutable>
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::HTMLEval
+# <gen:mutable>
+score HTML_00_10 1.232 0.642 1.996 0.795
+score HTML_10_20 0.911 0.945 1.387 1.351
+score HTML_20_30 0.911 0.001 1.053 0.001
+score HTML_30_40 0.137 0.001 0.463 0.374
+score HTML_40_50 0.611 0.001 0.497 0.496
+score HTML_50_60 0.130 0.001 0.001 0.134
+score HTML_60_70 0.290 0.001 0.001 0.001
+score HTML_70_80 0.001 0.001 0.144 0.001
+score HTML_80_90 0.001
+score HTML_90_100 0.584 0.001 0.567 0.113
+score HTML_SHOUTING3 0.001 0.001 0.198 0.001
+score HTML_SHOUTING4 0.001 0.001 0.215 0.001
+score HTML_SHOUTING5 0.827 0.169 1.133 0.001
+score HTML_SHOUTING6 0.001
+score HTML_SHOUTING7 0.001 0.121 0.001 0.118
+score HTML_TEXT_AFTER_BODY 0.153 0.001 0.001 0.115
+score HTML_TEXT_AFTER_HTML 0.274 0.001 0.286 0.001
+score HTML_COMMENT_SAVED_URL 0.001 0.647 1.197 0.273
+score HTML_COMMENT_SHORT 0.001
+score HTML_EMBEDS 0.495 0.273 0.292 0.325
+score HTML_EVENT_UNSAFE 0.001
+score HTML_EXTRA_CLOSE 2.880 2.699 3.330 3.600
+score HTML_FONT_BIG 0.001 0.256 0.001 0.001
+score HTML_FONT_FACE_BAD 0.001 0.452 0.231 0.156
+score HTML_FONT_FACE_CAPS 0.001
+score HTML_FONT_INVISIBLE 0.001
+score HTML_FONT_LOW_CONTRAST 1.335 0.766 1.890 0.194
+score HTML_FONT_SIZE_HUGE 0.001 0.001 0.128 0.314
+score HTML_FONT_SIZE_LARGE 1.415 1.575 1.182 1.238
+score HTML_FONT_SIZE_NONE 0.001
+score HTML_FONT_SIZE_TINY 0.106 0.001 0.276 0.001
+score HTML_FONT_TINY 0.001 0.001 0.223 0.001
+score HTML_FORMACTION_MAILTO 1.760 1.760 2.035 2.200
+score HTML_IMAGE_ONLY_04 2.820 2.880 3.330 3.600
+score HTML_IMAGE_ONLY_08 2.581 2.435 3.469 3.126
+score HTML_IMAGE_ONLY_12 2.294 1.639 2.046 1.867
+score HTML_IMAGE_ONLY_16 0.668 0.627 0.338 0.497
+score HTML_IMAGE_ONLY_20 1.108 0.640 1.416 1.157
+score HTML_IMAGE_ONLY_24 1.316 0.930 1.771 1.841
+score HTML_IMAGE_ONLY_28 1.438 1.014 1.732 1.900
+score HTML_IMAGE_ONLY_32 1.423 0.836 1.610 1.052
+score HTML_IMAGE_RATIO_02 1.245 0.192 1.800 0.463
+score HTML_IMAGE_RATIO_04 0.877 0.001 1.057 0.001
+score HTML_IMAGE_RATIO_06 0.001 0.001 0.139 0.001
+score HTML_IMAGE_RATIO_08 0.001
+score HTML_LINK_IMAGE_BUG 0.001 0.001 0.110 0.001
+score HTML_LINK_OPT_OUT 1.151 0.001 0.823 0.001
+score HTML_LINK_PUSH_HERE 1.762 0.402 1.920 0.397
+score HTML_OBFUSCATE_05_10 1.421 1.169 1.522 1.449
+score HTML_OBFUSCATE_10_20 1.936 1.397 2.371 1.770
+score HTML_OBFUSCATE_20_30 2.720 2.720 3.145 3.400
+score HTML_OBFUSCATE_30_40 2.480 2.480 2.867 2.859
+score HTML_OBFUSCATE_40_50 2.160 2.160 2.498 2.640
+score HTML_OBFUSCATE_50_60 2.049 2.061 2.342 2.031
+score HTML_OBFUSCATE_60_70 1.637 1.592 1.892 1.652
+score HTML_OBFUSCATE_70_80 1.440 1.507 1.680 1.472
+score HTML_OBFUSCATE_80_90 1.244 1.191 1.397 0.982
+score HTML_OBFUSCATE_90_100 0.001 # n=0 n=1 n=2 n=3
+score HTML_BACKHAIR_2 0.001
+score HTML_BACKHAIR_4 0.001
+score HTML_BACKHAIR_8 0.536 0.130 0.266 0.282
+score HTML_BADTAG_00_10 0.001
+score HTML_BADTAG_10_20 0.001
+score HTML_BADTAG_20_30 0.001
+score HTML_BADTAG_30_40 0.366 0.228 0.137 0.124
+score HTML_BADTAG_40_50 0.001
+score HTML_BADTAG_50_60 1.604 0.263 1.811 0.987
+score HTML_BADTAG_60_70 1.727 0.819 1.873 1.679
+score HTML_BADTAG_70_80 1.517 1.577 1.711 1.547
+score HTML_BADTAG_80_90 0.001 0.167 0.001 0.001
+score HTML_BADTAG_90_100 1.074 0.846 1.098 1.399
+score HTML_NONELEMENT_00_10 0.001
+score HTML_NONELEMENT_10_20 0.001
+score HTML_NONELEMENT_20_30 0.001
+score HTML_NONELEMENT_30_40 0.001
+score HTML_NONELEMENT_40_50 0.001 0.001 0.001 0.126
+score HTML_NONELEMENT_50_60 0.001
+score HTML_NONELEMENT_60_70 0.001 0.316 0.001 0.001
+score HTML_NONELEMENT_70_80 0.449 1.353 1.915 2.143
+score HTML_NONELEMENT_80_90 0.001
+score HTML_NONELEMENT_90_100 0.001
+score HTML_ATTR_BAD 0.118 0.001 0.001 0.001
+score HTML_ATTR_UNIQUE 0.245 0.001 0.244 0.639
+score HTML_WEB_BUGS 0.001 0.001 0.329 0.001
+score HTML_TAG_BALANCE_BODY 0.001 0.180 0.351 0.228
+score HTML_TAG_BALANCE_HEAD 2.143 1.159 2.498 1.447
+score HTML_TAG_EXIST_BGSOUND 1.920 1.920 2.220 2.107
+score HTML_TAG_EXIST_MARQUEE 1.642 1.348 2.036 1.899
+score HTML_TAG_EXIST_TBODY 0.221 0.126 0.282 0.001
+score HTML_SHORT_LENGTH 1.612 0.629 1.504 1.574
+score HTML_TITLE_EMPTY 0.001 0.001 0.001 0.214
+score HTML_TITLE_UNTITLED 0.001 0.001 0.168 0.514
+# </gen:mutable>
+
+# HTML control test
+score HTML_MESSAGE 0.001
+
+endif
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::DNSEval
+# <gen:mutable>
+score RCVD_IN_BL_SPAMCOP_NET 0.001 1.332 0.001 1.558
+score RCVD_IN_DSBL 0.001 1.801 0.001 2.600
+score RCVD_IN_IADB_VOUCHED 0.001 -1.825 0.001 -2.200
+score RCVD_IN_NJABL_CGI 0.001 # n=1 n=3
+score RCVD_IN_NJABL_DUL 0.001 1.713 0.001 1.946
+score RCVD_IN_NJABL_MULTI 0.001 # n=1 n=3
+score RCVD_IN_NJABL_PROXY 0.001 0.327 0.001 0.721
+score RCVD_IN_NJABL_RELAY 0.001
+score RCVD_IN_NJABL_SPAM 0.001 1.905 0.001 2.775
+score RCVD_IN_SBL 0.001 2.712 0.001 3.160
+score RCVD_IN_SORBS_BLOCK 0.001 # n=1 n=3
+score RCVD_IN_SORBS_DUL 0.001 1.988 0.001 2.046
+score RCVD_IN_SORBS_HTTP 0.001
+score RCVD_IN_SORBS_MISC 0.001
+score RCVD_IN_SORBS_SMTP 0.001 0.001 0.001 0.201
+score RCVD_IN_SORBS_SOCKS 0.001 1.823 0.001 2.159
+score RCVD_IN_SORBS_WEB 0.001 1.236 0.001 1.456
+score RCVD_IN_SORBS_ZOMBIE 0.001 0.240 0.001 0.258
+score RCVD_IN_WHOIS_BOGONS 0.001 1.811 0.001 2.430
+score RCVD_IN_WHOIS_INVALID 0.001 2.151 0.001 2.234
+score RCVD_IN_XBL 0.001 3.114 0.001 3.897
+
+score DNS_FROM_AHBL_RHSBL 0.001 0.306 0.001 0.231
+score DNS_FROM_RFC_ABUSE 0.001 0.479 0.001 0.200
+score DNS_FROM_RFC_BOGUSMX 0.001 2.034 0.001 1.945
+score DNS_FROM_RFC_DSN 0.001 2.872 0.001 2.597
+score DNS_FROM_RFC_POST 0.001 1.440 0.001 1.708
+score DNS_FROM_RFC_WHOIS 0.001 0.879 0.001 1.447
+score DNS_FROM_SECURITYSAGE 0.001 2.001 0.001 1.513
+
+score NO_DNS_FOR_FROM 0.001 2.603 0.001 3.200
+# </gen:mutable>
+
+# Bonded Sender: http://www.bondedsender.com/
+score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1
+score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3
+
+# Habeas: http://www.habeas.com/
+score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
+score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3
+score HABEAS_CHECKED 0 -0.2 0 -0.2
+
+# CompleteWhois: http://www.completewhois.com/
+score RCVD_IN_WHOIS_HIJACKED 0 1.0 0 1.0
+
+# MAPS
+# MAPS is a commercial service. If you pay for these, assign a score
+# so they will be checked.
+score RCVD_IN_MAPS_RBL 0
+score RCVD_IN_MAPS_DUL 0
+score RCVD_IN_MAPS_RSS 0
+score RCVD_IN_MAPS_NML 0
+
+endif
+
+###########################################################################
+
+ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+# <gen:mutable>
+score ROUND_THE_WORLD 0.001 1.267 0.001 1.495
+# </gen:mutable>
+endif
+
+###########################################################################
+
# Scores for tests that are scored manually or with isolated rescore runs.
# Most are net tests, userconf tests, tests occuring with very low frequency,
# or tests with many false positives.
@@ -647,6 +697,7 @@
score MISSING_HB_SEP 2.5
# make the Bayes scores unmutable (as discussed in bug 4505)
+ifplugin Mail::SpamAssassin::Plugin::Bayes
score BAYES_00 0.0001 0.0001 -2.312 -2.599
score BAYES_05 0.0001 0.0001 -1.110 -1.110
score BAYES_20 0.0001 0.0001 -0.740 -0.740
@@ -656,9 +707,7 @@
score BAYES_80 0.0001 0.0001 2.0 2.0
score BAYES_95 0.0001 0.0001 3.0 3.0
score BAYES_99 0.0001 0.0001 3.5 3.5
-
-# HTML control test
-score HTML_MESSAGE 0.001
+endif
# Informational rules about Received header parsing
score NO_RELAYS -0.001
@@ -672,11 +721,18 @@
score MIME_CHARSET_FARAWAY 2.450
# rescore never changes the whitelist/blacklist scores
+ifplugin Mail::SpamAssassin::Plugin::WLBLEval
score USER_IN_BLACKLIST 100.000
score USER_IN_WHITELIST -100.000
score USER_IN_DEF_WHITELIST -15.000
score USER_IN_BLACKLIST_TO 10.000
+# not really false positives but the user wants spam!
+score USER_IN_WHITELIST_TO -6.000
+score USER_IN_MORE_SPAM_TO -20.000
+score USER_IN_ALL_SPAM_TO -100.000
+endif
+
ifplugin Mail::SpamAssassin::Plugin::WhiteListSubject
score SUBJECT_IN_WHITELIST -100
score SUBJECT_IN_BLACKLIST 100
@@ -694,23 +750,6 @@
score ENV_AND_HDR_SPF_MATCH -7.500
endif # Mail::SpamAssassin::Plugin::SPF
-# not really false positives but the user wants spam!
-score USER_IN_WHITELIST_TO -6.000
-score USER_IN_MORE_SPAM_TO -20.000
-score USER_IN_ALL_SPAM_TO -100.000
-
-# Bonded Sender: http://www.bondedsender.com/
-score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1
-score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3
-
-# Habeas: http://www.habeas.com/
-score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
-score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3
-score HABEAS_CHECKED 0 -0.2 0 -0.2
-
-# CompleteWhois: http://www.completewhois.com/
-score RCVD_IN_WHOIS_HIJACKED 0 1.0 0 1.0
-
# DKIM
ifplugin Mail::SpamAssassin::Plugin::DKIM
score DKIM_POLICY_SIGNALL 0.001
@@ -848,11 +887,3 @@
score MICROSOFT_EXECUTABLE 0.100
score MIME_SUSPECT_NAME 0.100
endif # Mail::SpamAssassin::Plugin::AntiVirus
-
-# MAPS
-# MAPS is a commercial service. If you pay for these, assign a score
-# so they will be checked.
-score RCVD_IN_MAPS_RBL 0
-score RCVD_IN_MAPS_DUL 0
-score RCVD_IN_MAPS_RSS 0
-score RCVD_IN_MAPS_NML 0
Modified: spamassassin/rules/trunk/sandbox/dos/70_bugs.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/dos/70_bugs.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/dos/70_bugs.cf (original)
+++ spamassassin/rules/trunk/sandbox/dos/70_bugs.cf Sun Jul 23 15:51:20 2006
@@ -28,6 +28,7 @@
+ifplugin Mail::SpamAssassin::Plugin::DNSEval
### see how checking only the -firsttrusted host affects hit rates of various DNSBLs ###
@@ -81,6 +82,7 @@
describe T_E_RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/
tflags T_E_RCVD_IN_MAPS_DUL net
+endif
### bug 4678 ###
Modified: spamassassin/rules/trunk/sandbox/jgmyers/70_lint.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jgmyers/70_lint.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/jgmyers/70_lint.cf (original)
+++ spamassassin/rules/trunk/sandbox/jgmyers/70_lint.cf Sun Jul 23 15:51:20 2006
@@ -10,4 +10,8 @@
body T__FRAUD_DBI_7 /(?:\b(?:dollars?\b|usd(?:ollars)?(?:[0-9]|\b)|us\$|euros?\b|u\.?s\.? [0-9.]{1,6} m)|\$(?:[0-9,.]{6}|[0-9].{0,8}[mb]illion\b|[0-9.,]{2,10} ?m))/i
+ifplugin Mail::SpamAssassin::Plugin::HTMLEval
+
body HTML_FONT_SIZE_TINY_1 eval:html_eval('min_size', '<= 1')
+
+endif
Modified: spamassassin/rules/trunk/sandbox/jm/20_dob.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_dob.cf?rev=424847&r1=424846&r2=424847&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_dob.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_dob.cf Sun Jul 23 15:51:20 2006
@@ -1,4 +1,4 @@
-
+ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_DOB eval:check_rbl('dob', 'dob.sibl.support-intelligence.net.', '255')
describe __RCVD_IN_DOB Received via relay in new domain (Day Old Bread)
@@ -11,6 +11,8 @@
header DNS_FROM_DOB eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
describe DNS_FROM_DOB Sender from new domain (Day Old Bread)
tflags DNS_FROM_DOB net
+
+endif
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub URIBL_RHS_DOB dob.sibl.support-intelligence.net A 2