You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2004/04/05 20:49:12 UTC
svn commit: rev 9875 - in incubator/spamassassin/trunk: . rules
Author: jm
Date: Mon Apr 5 11:49:11 2004
New Revision: 9875
Modified:
incubator/spamassassin/trunk/USAGE
incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf
incubator/spamassassin/trunk/rules/20_phrases.cf
incubator/spamassassin/trunk/rules/20_ratware.cf
incubator/spamassassin/trunk/rules/50_scores.cf
incubator/spamassassin/trunk/rules/70_testing.cf
Log:
promoted T_FORGED_MUA_THEBAT_BOUN; added a couple of RND-tag rules
Modified: incubator/spamassassin/trunk/USAGE
==============================================================================
--- incubator/spamassassin/trunk/USAGE (original)
+++ incubator/spamassassin/trunk/USAGE Mon Apr 5 11:49:11 2004
@@ -102,9 +102,9 @@
The Auto-Whitelist
------------------
-The auto-whitelist is enabled using the -a flag to spamassassin or spamd.
-See http://wiki.spamassassin.org/w/AutoWhitelist for details on how it
-works, if you're curious.
+The auto-whitelist is enabled using the -a flag to spamassassin or spamd.
+(See http://wiki.apache.org/spamassassin/AutoWhitelist for details on how
+it works, if you're curious.)
Other Installation Notes
@@ -206,30 +206,10 @@
''SPAM TRAPPING'' section of the spamassassin manual page for details.
If you don't want to go to the bother of setting up a system yourself
- to do this, feel free to set up a simple alias to forward any mails to
- <so...@spamtraps.taint.org> -- replace "someaddress" with
- something to identify you, such as your email addr or website with
- non-alphanumeric chars replaced by underscores, or similar. (Please
- also send me a mail at jm - spamtraps at jmason dot org if you do
- this, so that I know who to contact if it starts going haywire, or the
- quality drops.)
-
- Mails sent to an address at the spamtraps domain are fed into the
- SpamAssassin.org spam-trapping system, where they will then be
- virus-scanned, de-duplicated, and fed into various scanning and
- spam-blocking systems, including some blocklists.
-
- Some notes: I monitor the quality of feeds coming into this, and if it
- turns out to contain occasional bits of non-spam mail, I'll start
- bouncing your feed with a 550 -- as a spam feed that isn't reliably
- spam-only is *not* suitable for a spamtrap.
-
- Also, messages relayed to the spamtrap must be either (a) direct
- relaying as performed by a sendmail alias, or (b) message/rfc822
- attachments with no Content-Transfer-Encoding. Again, if they're not,
- I'll 550 them. And finally, if I can't figure out who's in control of
- the feed, you guessed it, 550. So try to keep the quality control
- up! ;)
+ to do this, take a look here [1] for a simple forwarding-based
+ alternative.
+
+ [1]: http://wiki.apache.org/spamassassin/SpamTrapping
- Scores and other user preferences can now be loaded from an SQL
Modified: incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf (original)
+++ incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf Mon Apr 5 11:49:11 2004
@@ -121,29 +121,32 @@
# pay-to-use: no
# delist: automatic expiry, no fee, retested on request (free)
-header __RCVD_IN_OPM eval:check_rbl('opm', 'opm.blitzed.org.')
-describe __RCVD_IN_OPM Received via a relay in opm.blitzed.org
-tflags __RCVD_IN_OPM net
+# 2004-03-31: OPM now included in Spamhaus XBL, so no need to perform
+# duplicate lookups.
-header RCVD_IN_OPM_WINGATE eval:check_rbl_sub('opm', '1')
-describe RCVD_IN_OPM_WINGATE OPM: sender is open WinGate proxy
-tflags RCVD_IN_OPM_WINGATE net
-
-header RCVD_IN_OPM_SOCKS eval:check_rbl_sub('opm', '2')
-describe RCVD_IN_OPM_SOCKS OPM: sender is open SOCKS proxy
-tflags RCVD_IN_OPM_SOCKS net
-
-header RCVD_IN_OPM_HTTP eval:check_rbl_sub('opm', '4')
-describe RCVD_IN_OPM_HTTP OPM: sender is open HTTP CONNECT proxy
-tflags RCVD_IN_OPM_HTTP net
-
-header RCVD_IN_OPM_ROUTER eval:check_rbl_sub('opm', '8')
-describe RCVD_IN_OPM_ROUTER OPM: sender is open router proxy
-tflags RCVD_IN_OPM_ROUTER net
-
-header RCVD_IN_OPM_HTTP_POST eval:check_rbl_sub('opm', '16')
-describe RCVD_IN_OPM_HTTP_POST OPM: sender is open HTTP POST proxy
-tflags RCVD_IN_OPM_HTTP_POST net
+# header __RCVD_IN_OPM eval:check_rbl('opm', 'opm.blitzed.org.')
+# describe __RCVD_IN_OPM Received via a relay in opm.blitzed.org
+# tflags __RCVD_IN_OPM net
+#
+# header RCVD_IN_OPM_WINGATE eval:check_rbl_sub('opm', '1')
+# describe RCVD_IN_OPM_WINGATE OPM: sender is open WinGate proxy
+# tflags RCVD_IN_OPM_WINGATE net
+#
+# header RCVD_IN_OPM_SOCKS eval:check_rbl_sub('opm', '2')
+# describe RCVD_IN_OPM_SOCKS OPM: sender is open SOCKS proxy
+# tflags RCVD_IN_OPM_SOCKS net
+#
+# header RCVD_IN_OPM_HTTP eval:check_rbl_sub('opm', '4')
+# describe RCVD_IN_OPM_HTTP OPM: sender is open HTTP CONNECT proxy
+# tflags RCVD_IN_OPM_HTTP net
+#
+# header RCVD_IN_OPM_ROUTER eval:check_rbl_sub('opm', '8')
+# describe RCVD_IN_OPM_ROUTER OPM: sender is open router proxy
+# tflags RCVD_IN_OPM_ROUTER net
+#
+# header RCVD_IN_OPM_HTTP_POST eval:check_rbl_sub('opm', '16')
+# describe RCVD_IN_OPM_HTTP_POST OPM: sender is open HTTP POST proxy
+# tflags RCVD_IN_OPM_HTTP_POST net
# ---------------------------------------------------------------------------
# Spamhaus XBL+SBL
Modified: incubator/spamassassin/trunk/rules/20_phrases.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_phrases.cf (original)
+++ incubator/spamassassin/trunk/rules/20_phrases.cf Mon Apr 5 11:49:11 2004
@@ -345,13 +345,13 @@
describe CREDIT_CARD Credit Card Offers
body NO_CREDIT_CHECK /\bno credit check\b/i
-describe NO_CREDIT_CHECK No Credit Check
+describe NO_CREDIT_CHECK Without a credit check
body BANKRUPTCY /\b(?:avoid|past) bankruptcy\b/i
-describe BANKRUPTCY Avoid Bankruptcy
+describe BANKRUPTCY Avoiding bankruptcy
body ACCEPT_CREDIT_CARDS /\b(?:accept\b|are accepting).{1,15}credit cards?\b/i
-describe ACCEPT_CREDIT_CARDS Accept Credit Cards
+describe ACCEPT_CREDIT_CARDS Accepting credit cards
body BAD_CREDIT /\b(?:bad|poor|no\b|eliminate|repair|(?:re)?establish|damag).{0,10} (?:credit|debt)\b/i
describe BAD_CREDIT Eliminate Bad Credit
Modified: incubator/spamassassin/trunk/rules/20_ratware.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_ratware.cf (original)
+++ incubator/spamassassin/trunk/rules/20_ratware.cf Mon Apr 5 11:49:11 2004
@@ -136,8 +136,9 @@
header __CTYPE_CHARSET_QUOTED Content-Type =~ /charset=\"/i
header __CTYPE_HAS_BOUNDARY Content-Type =~ /boundary/i
header __BAT_BOUNDARY Content-Type =~ /boundary=\"?-{10}/
+header __MAILMAN_21 X-Mailman-Version =~ /\d/
meta FORGED_MUA_THEBAT_CS (__THEBAT_MUA && __CTYPE_CHARSET_QUOTED)
-meta FORGED_MUA_THEBAT_BOUN (__THEBAT_MUA && !__THEBAT_MUA_V2 && __CTYPE_HAS_BOUNDARY && !__BAT_BOUNDARY)
+meta FORGED_MUA_THEBAT_BOUN (__THEBAT_MUA && !__THEBAT_MUA_V2 && __CTYPE_HAS_BOUNDARY && !__BAT_BOUNDARY && !__MAILMAN_21)
describe FORGED_MUA_THEBAT_CS Mail pretending to be from The Bat! (charset)
describe FORGED_MUA_THEBAT_BOUN Mail pretending to be from The Bat! (boundary)
Modified: incubator/spamassassin/trunk/rules/50_scores.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/50_scores.cf (original)
+++ incubator/spamassassin/trunk/rules/50_scores.cf Mon Apr 5 11:49:11 2004
@@ -733,11 +733,6 @@
score RCVD_IN_NJABL_PROXY 0 1.201 0 0.6
score RCVD_IN_NJABL_RELAY 0 1.414 0 0.101
score RCVD_IN_NJABL_SPAM 0 0.739 0 1.306
-score RCVD_IN_OPM_HTTP 0 8.6 0 2.002
-score RCVD_IN_OPM_HTTP_POST 0 8.6 0 2.002
-score RCVD_IN_OPM_ROUTER 0 7.1 0 1.001
-score RCVD_IN_OPM_SOCKS 0 8.6 0 2.258
-score RCVD_IN_OPM_WINGATE 0 8.6 0 3.701
score RCVD_IN_RFCI 0 0.100 0 0.100
score RCVD_IN_RSL 0 0.53 0 0.53
score RCVD_IN_SBL 0 1.271 0 1.113
Modified: incubator/spamassassin/trunk/rules/70_testing.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/70_testing.cf (original)
+++ incubator/spamassassin/trunk/rules/70_testing.cf Mon Apr 5 11:49:11 2004
@@ -489,7 +489,8 @@
endif # Mail::SpamAssassin::Plugin::URIDNSBL
-# replacement FORGED_MUA_THEBAT_BOUN
-# bug 2415
-header __MAILMAN_21 X-Mailman-Version =~ /\d/
-meta T_FORGED_MUA_THEBAT_BOUN (__THEBAT_MUA && !__THEBAT_MUA_V2 && __CTYPE_HAS_BOUNDARY && !__BAT_BOUNDARY && !__MAILMAN_21)
+# a couple to try out
+header PC_CUR_DATE_TIME ALL =~ /%CURRENT_DATE_TIME/
+header PC_RND_HEADER ALL =~ /%RA?ND_[A-Z]/
+body PC_RND_BODY /%RA?ND_[A-Z]/
+
Re: svn commit: rev 9875 - in incubator/spamassassin/trunk: . rules
Posted by Michael Parker <pa...@pobox.com>.
On Mon, Apr 05, 2004 at 06:49:12PM -0000, jm@apache.org wrote:
> +The auto-whitelist is enabled using the -a flag to spamassassin or spamd.
> +(See http://wiki.apache.org/spamassassin/AutoWhitelist for details on how
> +it works, if you're curious.)
Hmmm....this isn't true any longer, auto-whitelist is enabled by
default and controlled by use_auto_whitelist in the config file.
I'll update the docs if noone beats me to it.
Michael
OPM now included in SpamHaus XBL
Posted by Daniel Quinlan <qu...@pathname.com>.
jm@apache.org writes:
> +# 2004-03-31: OPM now included in Spamhaus XBL, so no need to perform
> +# duplicate lookups.
Looks good to me. One caveat is that "only" 99.8% of our OPM hits are
in XBL.
I checked the corpus results for the April 3rd weekly run and these are
the estimated recevied dates of those messages:
Sun Feb 29 22:05:35 2004
Sat Mar 20 17:49:02 2004
Tue Mar 23 07:23:00 2004
Tue Mar 23 08:48:27 2004
Tue Mar 23 08:48:27 2004
Thu Mar 25 09:59:18 2004
Tue Mar 30 09:00:57 2004
Tue Mar 30 09:00:57 2004
Thu Apr 1 05:05:17 2004
Thu Apr 1 05:07:46 2004
Pretty well distributed, so those are probably just time-outs or other
randomness. I think 99.8% is close enough, but we should perhaps see
what the real-time difference is.
For the last week of my spam, it's only 96.6% so it seems like the XBL
feed from OPM is a bit behind.
Daniel
--
Daniel Quinlan anti-spam (SpamAssassin), Linux,
http://www.pathname.com/~quinlan/ and open source consulting