You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jm...@apache.org on 2006/11/03 14:50:31 UTC

svn commit: r470814 - /spamassassin/rules/branches/3.1/80_additional.cf

Author: jm
Date: Fri Nov  3 05:50:31 2006
New Revision: 470814

URL: http://svn.apache.org/viewvc?view=rev&rev=470814
Log:
backport another batch of rules from my sandbox; DRUGS_STOCK_MIMEOLE, RCVD_MAIL_COM, OUTLOOK_3416, MID_14DIGITS_HEX

Modified:
    spamassassin/rules/branches/3.1/80_additional.cf

Modified: spamassassin/rules/branches/3.1/80_additional.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/branches/3.1/80_additional.cf?view=diff&rev=470814&r1=470813&r2=470814
==============================================================================
--- spamassassin/rules/branches/3.1/80_additional.cf (original)
+++ spamassassin/rules/branches/3.1/80_additional.cf Fri Nov  3 05:50:31 2006
@@ -287,6 +287,32 @@
 header RCVD_FORGED_WROTE    Received =~ /from \d\S+\d \(HELO [a-z]\S+\) by \S+ with esmtp \([A-Z0-9]/s
 describe RCVD_FORGED_WROTE  Forged 'Received' header found ('wrote:' spam)
 
+header __MIMEOLE_1106   X-MimeOLE =~ /^Produced By Microsoft MimeOLE V6.00.2800.1106$/
+header __MAILER_OL_5510 X-Mailer =~ /^Microsoft Office Outlook, Build 11.0.5510$/
+meta DRUGS_STOCK_MIMEOLE (__MIMEOLE_1106 && __MAILER_OL_5510)
+describe DRUGS_STOCK_MIMEOLE Stock-spam forged headers found (5510)
+
+# Suresh: 'Finding "mail.com", "post.com" etc in a received header is ALWAYS bogus'
+header RCVD_MAIL_COM        Received =~ /[\s\(\[](?:post|mail)\.com[\s\)\]]/is
+describe RCVD_MAIL_COM      Forged Received header (contains post.com or mail.com)
+
+header OUTLOOK_3416     X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.3416$/
+describe OUTLOOK_3416   Claims to be sent by an unusual build of Outlook (3416)
+
+# this seems to appear with a faked 'Microsoft Office Outlook' X-Mailer
+header MID_14DIGITS_HEX     Message-ID =~ /^<[0-9]{14}\.[A-F0-9]{10}\@[0-9A-Z]/
+
+# <gen:mutable>
+score MID_14DIGITS_HEX     2.8
+score OUTLOOK_3416      2.0
+score RCVD_MAIL_COM         3.0
+score DRUGS_STOCK_MIMEOLE   2.0
+score RCVD_FORGED_WROTE     2.8
+score CTYPE_1SPACE_GIF      1.0
+score PART_CID_STOCK_LESS    2.0
+score PART_CID_STOCK     2.0
+# </gen:mutable>
+
 ###########################################################################
 # SCORES