You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2011/06/27 05:59:39 UTC

svn commit: r1140013 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_postcards.cf

Author: jhardin
Date: Mon Jun 27 03:59:39 2011
New Revision: 1140013

URL: http://svn.apache.org/viewvc?rev=1140013&view=rev
Log:
Add postcards.cf to sandbox

Added:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_postcards.cf

Added: spamassassin/trunk/rulesrc/sandbox/jhardin/20_postcards.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_postcards.cf?rev=1140013&view=auto
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_postcards.cf (added)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_postcards.cf Mon Jun 27 03:59:39 2011
@@ -0,0 +1,60 @@
+# Postcard spam rules
+# $Id: postcards.cf,v 1.23 2009-05-17 12:41:29-07 jhardin Exp jhardin $
+# originally http://www.impsec.org/~jhardin/antispam/
+
+header     POSTCARD_01   Subject =~ /You(?:'ve| have) (?:just )?(?:rec[ei]{2}ved )?an? (?:new )?(?:greeting |anonymous |virtual )?(?:post|e-?)?card (?:sen[dt] )?(?:from|by) an? (?:admirer|colleague|family member|friend|mate|neighbou?r|partner|(?:class|school).?(?:friend|mate)|worshipper|anonymous|buddy)/i
+describe   POSTCARD_01   You got a postcard!
+#score      POSTCARD_01   2.50
+
+header     POSTCARD_02   Subject =~ /you have a new greeting/i
+describe   POSTCARD_02   You got a postcard!
+
+header     POSTCARD_03   From =~ /\b(?:[a-z]{0,10}greeting[a-z]{0,10}|(?:[a-z]{0,10}post|netfun)card[a-z]{0,10})\.[a-z]{2,5}/i
+describe   POSTCARD_03   From a postcard domain
+
+header     POSTCARD_04   Subject =~ /You(?:'ve| have) (?:just )?(?:rec[ei]{2}ved )?an? (?:new )?(?:greeting |anonymous |virtual )?Hallmark (?:post|love-|e-?)?card(?: (?:sen[dt] )?(?:from|by) an? (?:admirer|colleague|family member|friend|mate|neighbou?r|partner|(?:class|school).?(?:friend|mate)|worshipper|anonymous|buddy))?/i
+describe   POSTCARD_04   You got a forged Hallmark postcard!
+#score      POSTCARD_04   2.50
+
+header     POSTCARD_05   Subject =~ /(?:[-\w]{3,20}\s+)+(?:has\s+)?sen[dt]\s+you\s+an?\s+(?:[-\w]{3,20}\s+)*"?(?:post|e-?)?card"?/i
+describe   POSTCARD_05   You got a postcard!
+#score      POSTCARD_05   2.50
+
+# based on a rule by Jared Hall
+header     POSTCARD_06   Subject =~ /^(?:an?\s+)?(?:Animated|Digital|Funny|Greeting|Holiday|Thank[-\s]you|Musical|Love|Birthday|Movie[-\s]quality)\s+(?:e-?|post)?card/i
+describe   POSTCARD_06   You got a postcard!
+#score      POSTCARD_06   2.50
+
+header     POSTCARD_07   Subject =~ /^You(?:'ve| have) an? (?:new )?(?:greeting |anonymous |virtual )?(?:post|e-?)?card (?:.{0,30}\s)?waiting for you/i
+describe   POSTCARD_07   You got a postcard!
+
+header     POSTCARD_08   Subject =~ /You(?:'ve| have) (?:just )?(?:rec[ei]{2}ved )?an? (?:new )?(?:greeting |anonymous |virtual )?(?:post|e-?)?card/i
+describe   POSTCARD_08   You got a postcard!
+#score      POSTCARD_08   0.25
+
+body       POSTCARD_09   /(?:rec[ie]{2}ve|view|enjoy|download|open|pick\sup)\syour\s(?:post|e-?)?card/i
+describe   POSTCARD_09   You got a postcard!
+#score      POSTCARD_09   0.25
+
+body       __POSTCARD_HALLMARK_01   /\bYou(?:'ve| have) (?:just )?(?:rec[ei]{2}ved )?an? (?:new )?(?:greeting |anonymous |virtual )?Hallmark (?:post|e-?)?card\b/i
+body       __POSTCARD_HALLMARK_02   /\bA (?:friend) has (?:just )?sent you an? (?:new )?(?:greeting |anonymous |virtual )?Hallmark (?:post|e-?)?card\b/i
+
+# based on rule by Michael Schout
+uri        __DQ_URI_ONLY_ARGS       m'^https?://\d+\.\d+\.\d+\.\d+/\?[0-9a-f]{8,}'
+#describe   __DQ_URI_ONLY_ARGS       Dotted-Quad URI with only CGI arguments
+
+meta       POSTCARD_DQ   NORMAL_HTTP_TO_IP && (POSTCARD_01 || POSTCARD_02 || POSTCARD_03 || POSTCARD_04 || POSTCARD_05 || POSTCARD_06 || POSTCARD_07 || POSTCARD_08 || POSTCARD_09 || __POSTCARD_HALLMARK_01 || __POSTCARD_HALLMARK_02)
+describe   POSTCARD_DQ   Postcard + DQ URI
+#score      POSTCARD_DQ   2.00
+
+# EXECUTABLE_URI is a generally-useful rule.
+# It appears here so a meta with the postcard rules can be made
+uri        __EXECUTABLE_URI         /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
+meta       EXECUTABLE_URI   __EXECUTABLE_URI
+describe   EXECUTABLE_URI   Link to an executable file
+#score      EXECUTABLE_URI   2.00
+
+meta       POSTCARD_EXE   __EXECUTABLE_URI && (POSTCARD_01 || POSTCARD_02 || POSTCARD_03 || POSTCARD_04 || POSTCARD_05 || POSTCARD_06 || POSTCARD_07 || POSTCARD_08 || POSTCARD_09 || __POSTCARD_HALLMARK_01 || __POSTCARD_HALLMARK_02)
+describe   POSTCARD_EXE   Postcard + Executable URI
+#score      POSTCARD_EXE   2.00
+