You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2013/09/11 08:58:08 UTC

svn commit: r1521749 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Author: khopesh
Date: Wed Sep 11 06:58:08 2013
New Revision: 1521749

URL: http://svn.apache.org/r1521749
Log:
auto-generated rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1521749&r1=1521748&r2=1521749&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Wed Sep 11 06:58:08 2013
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf	v 201309102
+## khop-sc-neighbors.cf	v 201309112
 ## Khopesh's syndication of SpamCop's top offenders and top offending networks.
 ## 
 ## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@ meta	__KHOP_SC_EXCLUSIONS	__VIA_ML || __
 
 # http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
 # Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1[12]3|27?)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:1[37]|23)|95)(?:\.[012]?\d{1,2}){3}\b) /
 # and gets cleaned up a bit
 meta	 KHOP_SC_CIDR8	__KHOP_SC_CIDR8 && !__KHOP_SC_EXCLUSIONS
 describe KHOP_SC_CIDR8  Relay CIDR /8 is among worst in SpamCop
@@ -42,7 +42,7 @@ score	 KHOP_SC_CIDR8	0.1 0.02 0.2 0.1
 #  1.5335/0.5063 0.752 20130629@465k net, solo=1.5947/0.5379@0.748
 #  2.0256/0.7432 0.732 20130705@376k  solo=2.0429/0.7595@0.729, ->.1 .02 .2 .1
 
-header __KHOP_SC_TOP_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|78|90)|37)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_TOP_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:78|90)|37|2)(?:\.[012]?\d{1,2}){3}\b) /
 meta	 KHOP_SC_TOP_CIDR8  __KHOP_SC_TOP_CIDR8 && !__KHOP_SC_EXCLUSIONS
 describe KHOP_SC_TOP_CIDR8  Relay CIDR /8 leads SpamCop in worst /8s
 tflags	 KHOP_SC_TOP_CIDR8  nopublish
@@ -101,7 +101,7 @@ score	 KHOP_SC_TOP_CIDR16  0.6 0.2 0.7 0
 
 
 # http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:1(?:9\.184\.214|6\.112\.66)|(?:73\.44\.18|03\.30\.7)2|84\.22\.177|98\.24\.180|21\.54\.54)|21(?:7\.12\.113|8\.2\.129)|61\.1(?:36\.68|41\.21)|58\.254\.172)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:(?:19\.184\.21|21\.54\.5)4|7(?:3\.44\.182|7\.1\.223)|84\.22\.177|98\.24\.180|03\.30\.72)|21(?:7\.12\.113|8\.2\.129)|61\.1(?:36\.68|41\.21)|58\.254\.172)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_CIDR24  Relay CIDR /24 is among worst in SpamCop
 tflags	 KHOP_SC_CIDR24  nopublish
 score	 KHOP_SC_CIDR24  0.6 0 0.6 0
@@ -142,7 +142,7 @@ score	 KHOP_SC_TOP_CIDR24  1.7 0.5 1.7 0
 
 
 # http://www.spamcop.net/w3m?action=hoshame
-header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:1(?:68\.(?:218\.86|141\.5)|84\.172\.244)|216\.(?:4(?:8\.252|6\.75)|8\.158)|90\.222\.134)|8\.(?:130\.107\.235|244\.239\.2|46\.127\.36)|6\.1(?:12\.66\.102|26\.87\.245|93\.90\.26)|1\.(?:68\.104\.132|94\.144\.177)|9\.1(?:97\.181\.120|84\.214\.18)|5\.82\.240\.23)|8(?:4\.(?:22\.(?:1(?:7(?:7\.5[12]|2\.145)|97\.216|1\.23)|2(?:30\.213|7\.171))|82\.(?:53\.1(?:0[69]|43|1)|179\.117|251\.100))|3\.(?:1(?:06\.116\.109|36\.146\.110)|98\.23\.158)|0\.2(?:25\.148\.206|11\.179\.30)|(?:7\.4\.111\.21|5\.19\.94\.2)8)|7(?:3\.(?:2(?:12\.205\.158|00\.90\.196)|44\.182\.(?:1[469]|2[28]?|5))|8\.20(?:7\.158\.230|\.148\.11)|7\.(?:69\.243\.74|1\.223\.73)|4\.36\.1(?:37\.170|64\.184)|6\.192\.15\.229)|2(?:1\.(?:1(?:34\.238\.129|81\.237\.251|2\.167\.95|57\.3\.252|99\.12\.28)|22\.127\.17)|3\.(?:142\.218\.89|234\.230\.45)|4\.(?:207\.34\.91|160\.35\.2)|2\.49\.119\.188)|9(?:8\.(?:24\.1(?:7(?:4\.(?:16[67]|57)|5\.[234]|3\.80)|80\.91)|52\.247\.103)|2\.1(?:86\.15
 7\.(?:79|92)|63\.193\.199)|9\.30\.137\.10[67]|5\.138\.195\.125)|4(?:\.(?:52\.137\.(?:54|77)|45\.130\.155|63\.74\.204)|4\.76\.136\.228|8\.223\.59\.187|1\.0\.61\.166)|0(?:1\.(?:12\.2(?:45\.96|27\.0)|9\.52\.119)|3\.9\.157\.12[679])|\.(?:2(?:15\.206\.242|09\.163\.3|26\.84\.27)|93\.12\.143)|37\.11(?:6\.1(?:22\.218|12\.51)|7\.69\.226)|62\.216\.3\.1[4567])|2(?:1(?:1\.(?:1(?:7(?:2\.242\.74|6\.61\.112)|40\.207\.100|57\.144\.27|18\.37\.56)|33\.121\.231)|3\.1(?:9(?:5\.77\.114|9\.248\.27)|32\.241\.13|71\.39\.154)|0\.(?:109\.97\.63|246\.155\.2|93\.48\.211)|(?:6\.24\.201\.17|7\.12\.113\.6)7|8\.(?:56\.161\.14|2\.129\.53)|2\.156\.44\.134|9\.255\.77\.42)|2(?:1\.(?:4\.142\.(?:[49][0123]|7[01]|8[89]|69)|214\.2(?:08\.226|21\.148))|2\.(?:122\.79\.103|92\.141\.155)|0\.68\.224\.45|3\.25\.242\.62)|0(?:2\.(?:142\.203\.19|52\.236\.162|71\.136\.200)|3\.(?:171\.233\.243|255\.15\.146)|8\.84\.135\.14[78]|0\.175\.56\.190|1\.116\.199\.34)|\.183\.155\.2)|6(?:1\.(?:1(?:4(?:3\.158\.24|1\.21\.3)4|75\.223\.141|36\.68\.
 76)|3(?:8\.186\.117|6\.79\.99)|55\.156\.210|98\.77\.169)|5\.(?:60\.15\.18[46]|125\.155\.90)|9\.(?:198\.197\.156|64\.49\.109)|0\.2(?:1\.209\.150|9\.75\.142)|6\.96\.205\.133|7\.90\.21\.150)|8(?:2\.(?:117\.194\.229|99\.246\.10)|3\.(?:167\.231\.38|238\.208\.55)|5\.120\.148\.111|6\.111\.144\.194|9\.222\.181\.225|0\.73\.71\.248)|5(?:8\.2(?:15\.176\.210|54\.172\.163)|\.(?:102\.156\.|39\.77\.1)25|9\.(?:12\.17\.6|8\.26\.22)|0\.30\.4(?:2\.187|7\.121))|9(?:0\.(?:83\.184\.211|150\.9\.38)|3\.1(?:59\.160\.164|88\.8\.67)|5\.(?:78\.123\.159|48\.24\.10))|3(?:7\.(?:123\.98\.115|59\.238\.178)|1\.216\.178\.142)|7(?:9\.174\.204\.134|4\.216\.223\.82|2\.35\.20\.131)|4(?:1\.(?:84\.135\.22|137\.24\.4)|2\.121\.121\.42))\b)/
+header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:8(?:4\.(?:22\.(?:1(?:7(?:7\.5[12]|2\.145)|97\.216|1\.23)|2(?:30\.213|7\.171))|82\.(?:53\.1(?:0[69]|43|1)|179\.117|251\.100))|3\.(?:1(?:06\.116\.109|36\.146\.110)|98\.23\.158)|0\.2(?:25\.1(?:31\.17|48\.20)6|11\.179\.30)|(?:7\.4\.111\.21|5\.19\.94\.2)8|2\.71\.123\.186|9\.75\.63\.114)|1(?:2\.(?:1(?:68\.(?:218\.86|141\.5)|84\.172\.244|24\.38\.250)|216\.(?:4(?:8\.252|6\.75)|8\.158))|8\.(?:130\.107\.235|244\.239\.2|46\.127\.36)|6\.1(?:12\.66\.102|26\.87\.245|93\.90\.26)|1\.(?:68\.104\.132|94\.144\.177)|9\.1(?:97\.181\.120|84\.214\.18)|5\.82\.240\.23|3\.0\.85\.249)|9(?:8\.(?:24\.1(?:7(?:4\.(?:16[67]|57)|5\.[234]|3\.80)|80\.91)|52\.247\.103)|2\.1(?:86\.157\.(?:79|92)|63\.193\.199)|9\.(?:30\.137\.10[67]|71\.215\.141)|5\.138\.195\.125)|2(?:1\.(?:1(?:34\.238\.129|81\.237\.251|2\.167\.95|57\.3\.252|99\.12\.28)|22\.127\.17)|3\.(?:142\.218\.89|234\.230\.45)|4\.(?:207\.34\.91|160\.35\.2)|2\.49\.119\.188)|7(?:3\.2(?:12\.205\.158|00\.90\.196)|8\.
 20(?:7\.158\.230|\.148\.11)|7\.(?:69\.243\.74|1\.223\.73)|4\.36\.1(?:37\.170|64\.184)|6\.192\.15\.229)|4(?:\.(?:52\.137\.(?:54|77)|45\.130\.155|63\.74\.204)|4\.76\.136\.228|8\.223\.59\.187|1\.0\.61\.166)|0(?:1\.(?:12\.2(?:45\.96|27\.0)|9\.52\.119)|3\.9\.157\.12[679])|\.(?:2(?:09\.163\.3|26\.84\.27)|93\.12\.143)|37\.11(?:6\.1(?:22\.218|12\.51)|7\.69\.226)|62\.216\.3\.1[4567])|2(?:1(?:1\.(?:1(?:7(?:2\.242\.74|6\.61\.112)|40\.207\.100|57\.144\.27|18\.37\.56)|33\.121\.231)|3\.1(?:9(?:5\.77\.114|9\.248\.27)|32\.241\.13|71\.39\.154)|0\.(?:109\.97\.63|246\.155\.2|93\.48\.211)|(?:6\.24\.201\.17|7\.12\.113\.6)7|8\.(?:56\.161\.14|2\.129\.53)|2\.156\.44\.134)|2(?:1\.(?:4\.142\.(?:[49][0123]|7[01]|8[89]|69)|214\.2(?:08\.226|14\.187|21\.148))|2\.(?:122\.79\.103|51\.160\.156|92\.141\.155|231\.33\.38)|0\.68\.224\.45|3\.25\.242\.62)|0(?:2\.(?:1(?:37\.22\.200|42\.203\.19)|52\.236\.162|71\.136\.200)|3\.(?:171\.233\.243|255\.15\.146)|8\.84\.135\.14[78]|0\.175\.56\.190|7\.46\.132\.188)|\.183\.155\.2)|6
 (?:1\.(?:1(?:4(?:3\.158\.24|1\.21\.3)4|75\.223\.141|36\.68\.76)|38\.186\.117|55\.156\.210|98\.77\.169)|5\.(?:60\.15\.18[46]|125\.155\.90)|9\.(?:198\.197\.156|64\.49\.109)|0\.2(?:1\.209\.150|9\.75\.142)|6\.96\.205\.133|7\.90\.21\.150)|5(?:8\.2(?:15\.176\.210|54\.172\.163)|0\.30\.4(?:7\.(?:121|87)|2\.187)|\.(?:102\.156\.|39\.77\.1)25|9\.(?:12\.17\.6|8\.26\.22))|8(?:(?:3\.167\.231\.3|0\.73\.71\.24)8|2\.(?:117\.194\.229|99\.246\.10)|5\.120\.148\.111|6\.111\.144\.194|9\.222\.181\.225)|9(?:0\.(?:83\.184\.211|150\.9\.38)|3\.1(?:59\.160\.164|88\.8\.67)|5\.(?:78\.123\.159|48\.24\.10))|4(?:1\.(?:84\.135\.22|137\.24\.4)|2\.121\.121\.42|6\.35\.169\.38)|3(?:7\.(?:123\.98\.115|59\.238\.178)|1\.216\.178\.142)|7(?:9\.174\.204\.134|4\.216\.223\.82|2\.35\.20\.131))\b)/
 describe KHOP_SC_TOP200  Relay listed in SpamCop top 200 spammer IPs
 tflags	 KHOP_SC_TOP200  nopublish
 score	 KHOP_SC_TOP200  4 0 4 0	# unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score	 KHOP_SPAMHAUS_DROP_LE	2 0 2 0 	# 
 
 # PSBL-neighbors:  any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
 # as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.(?:176\.(?:(?:12|8)[4567]|[46][89]?|5[01]?|7\d?)|68\.32)|5\.(?:63\.(?:[89]|1[012345])|58\.134)|6\.207\.(?:1[2345]|6[0123]|4[89]|5\d)|3\.56\.2(?:4[589]|5[01]|25)|2\.215\.(?:6[34]|44)|0\.52\.[0123]|9\.36\.21[23])|2(?:5\.(?:44\.24[1234567]|60\.156)|(?:2\.155\.4|1\.54\.5)4|3\.(?:136\.106|30\.165)|4\.107\.127)|0(?:3\.(?:2(?:0\.(?:37|8)|8\.184)|30\.72|7\.243|1\.69|5\.27)|9\.127\.8[016])|8(?:3\.93\.(?:1[12]5|9[78]|69|84)|1\.66\.15[67]|6\.123\.135|2\.18\.222)|9(?:0\.(?:113\.2(?:1[01]|09)|234\.10[56])|7\.252\.[01])|30\.193\.1(?:46|65)|77\.47\.10[26]|42\.234\.186)|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|0(?:2\.(?:153\.84|29\.176)|3\.(?:194\.115|82\.81))|12\.34\.12)|58\.50\.(?:1(?:[2345]|0[456789]|1[016789])|6[89]|70)|4(?:1\.2(?:54\.[1258]|23\.161)|9\.0\.11[89])|79\.106\.109)\.[012]?\d{1,2}\b)/
+header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.(?:176\.(?:(?:12|8)[4567]|[46][89]?|5[01]?|7\d?)|68\.32)|5\.(?:63\.(?:[89]|1[012345])|58\.134)|6\.207\.(?:1[2345]|6[0123]|4[89]|5\d)|3\.56\.2(?:4[589]|5[01]|25)|0\.(?:52\.[0123]|205\.32)|2\.215\.(?:6[34]|44)|9\.36\.21[23])|2(?:5\.(?:44\.24[1234567]|60\.156)|(?:2\.155\.4|1\.54\.5)4|3\.(?:136\.106|30\.165)|4\.107\.127)|8(?:3\.93\.(?:1[12]5|9[78]|69|84)|(?:2\.18\.22|8\.73\.25)2|1\.66\.15[67]|6\.123\.135)|0(?:3\.(?:2(?:8\.184|0\.8)|30\.72|7\.243|5\.27)|9\.127\.8[016])|9(?:0\.234\.10[56]|7\.252\.[01])|30\.193\.1(?:46|65)|77\.47\.10[26]|42\.234\.186)|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|0(?:3\.(?:194\.115|82\.81)|2\.29\.17[67]|6\.246\.99)|22\.140\.15[89]|12\.34\.12)|5(?:8\.(?:50\.(?:1(?:[2345]|0[456789]|1[016789])|6[89]|70)|19\.19[01])|9\.55\.254)|4(?:1\.2(?:54\.[1258]|23\.161)|9\.0\.11[89])|79\.106\.109)\.[012]?\d{1,2}\b)/
 describe KHOP_PSBL_CIDR24	Relay's IP/24 CIDR contains many PSBL hits
 tflags	 KHOP_PSBL_CIDR24	nopublish
 score	 KHOP_PSBL_CIDR24	2 0.6 2 0.6