You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2011/08/11 06:55:44 UTC
svn commit: r1156487 - in /spamassassin/trunk/rulesrc/sandbox/jhardin:
20_lotsa_money.cf 20_misc_testing.cf 20_tbird_image_spam.cf
Author: jhardin
Date: Thu Aug 11 04:55:43 2011
New Revision: 1156487
URL: http://svn.apache.org/viewvc?rev=1156487&view=rev
Log:
More FP avoidance and rule tweaking, add SPF test rule
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf?rev=1156487&r1=1156486&r2=1156487&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf Thu Aug 11 04:55:43 2011
@@ -87,7 +87,17 @@ describe LOTTO_AGENT_RPLY Claims Agent
body __LOTTO_ADMITS_1 /\b(?:on-?line|e-?mail|ballot|(?:inter)?national|state|(?:UK|euro)[- ]?(?:mil+ions?|PW)|Canada|Microsoft|MSN|internet|mega|jackpot|Royal Heritage|foundation|cash\sgrant|mercato|univers|staatsloterij|bill\s?gates|swiss|this|esta)(?:\s(?!lot|swe|prom)\w{1,20}){0,3}\s?(?:lot(?:to|tery|eri[ea])|sweepstakes?|promo(?:tion|cao|cion)?)\b/i
body __LOTTO_ADMITS_2 /\b(?:free)?(?:lot(?:to|tery|erie)|sweepstakes)\s(?:(?:inter)?na[tz]ional|department|bureau|group|award)/i
uri __LOTTO_ADMITS_3 /lottery/i
-meta __LOTTO_ADMITS __LOTTO_ADMITS_1 || __LOTTO_ADMITS_2 || __LOTTO_ADMITS_3
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+ mimeheader __LOTTO_ATTACH_1 Content-Type =~ /lott(?:o|ery)/i
+ mimeheader __LOTTO_ATTACH_2 Content-Disposition =~ /lott(?:o|ery)/i
+else
+ meta __LOTTO_ATTACH_1 0
+ meta __LOTTO_ATTACH_2 0
+endif
+
+meta __LOTTO_ADMITS __LOTTO_ADMITS_1 || __LOTTO_ADMITS_2 || __LOTTO_ADMITS_3 || __LOTTO_ATTACH_1 || __LOTTO_ATTACH_2
+
body __LOTTO_RELATED /\b(?:lott(?:o|ery)|sweepstakes)\s(?:prize|draw(?:s|ing)?|(?:ge)?win(?:n?er|n?ing)?|jackpot|award|fund|com+it+e+|com+is+ion|guild|promotion|promocao|program|day|online|company|(?:in)?corporat|agent|co[-,]?ordinator|team)/i
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1156487&r1=1156486&r2=1156487&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Thu Aug 11 04:55:43 2011
@@ -511,9 +511,11 @@ describe LH_URI_DOM_IN_PATH
# observed in phish 4/10/10
uri URI_1234 m,//1\.2\.3\.4/,
-# requested by Benny Pedersen 17 Apr 2010
+# requested by Benny Pedersen 17 Apr 2010, 10 Aug 2011
meta __SPF_FULL_PASS (SPF_PASS && SPF_HELO_PASS)
tflags __SPF_FULL_PASS net
+meta __SPF_RANDOM_SENDER (SPF_HELO_PASS && !SPF_PASS)
+tflags __SPF_RANDOM_SENDER net
# Spam from ZA
header CAN_SPAM_HDR CAN-SPAM_Compliant =~ /./
@@ -608,8 +610,10 @@ if can(Mail::SpamAssassin::Conf::feature
body __PILL_PRICE_02 /(?=[ptc])(?:pill|tablet|cap(?:sule|let))s[ :-]{1,5}\$?[\d .]{3}/i
tflags __PILL_PRICE_01 multiple maxhits=3
tflags __PILL_PRICE_02 multiple maxhits=3
+ meta ANY_PILL_PRICE (__PILL_PRICE_01 || __PILL_PRICE_02) && !__NOT_A_PERSON
+ describe ANY_PILL_PRICE Prices for pills
meta MANY_PILL_PRICE (__PILL_PRICE_01 + __PILL_PRICE_02) > 2
- describe MANY_PILL_PRICE Prices for pills
+ describe MANY_PILL_PRICE Prices for many pills
endif
# More from Ned Slider
@@ -704,9 +708,9 @@ describe GAPPY_PHONE_NA Phone
full __GAPPY_HTML_01 m;</?[a-z]{1,6}(?:\s[^>]{0,40})?>(?:\s|=09){0,80}(?:(?!\d)[\w'()\#,.:!]{1,15}(?:\s|=09){4,80}){7}\S;
full __GAPPY_HTML_02 m;\S(?:(?:\s|=09){4,80}(?!\d)[\w'()\#,.:!]{1,15}){7}(?:\s|=09){0,5}</?[a-z]{1,6}/?>;
-full __GAPPY_HTML_03 /^(?:=09){3,20}</m
+full __GAPPY_HTML_03 /^(?:=09){5,20}</m
tflags __GAPPY_HTML_03 multiple maxhits=11
-full __GAPPY_HTML_04 /^(?:=0A){4,20}/m
+full __GAPPY_HTML_04 /^(?:=0A){5,20}/m
tflags __GAPPY_HTML_04 multiple maxhits=11
meta __GAPPY_HTML __MIME_HTML && (__GAPPY_HTML_01 || __GAPPY_HTML_02 || (__GAPPY_HTML_03 > 10) || (__GAPPY_HTML_04 > 10))
meta GAPPY_HTML __GAPPY_HTML && !__UNSUB_LINK && !__RP_MATCHES_RCVD && !__RCD_RDNS_MAIL_MESSY
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf?rev=1156487&r1=1156486&r2=1156487&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf Thu Aug 11 04:55:43 2011
@@ -65,7 +65,7 @@ describe TO_NO_BRKTS_PCNT To:
#score TO_NO_BRKTS_PCNT 0.20
meta __TO_NO_BRKTS_DIRECT __TO_NO_ARROWS_R && __DOS_DIRECT_TO_MX
-meta TO_NO_BRKTS_DIRECT __TO_NO_BRKTS_DIRECT && !__MIME_QP && !__IS_EXCH && !__THREAD_INDEX_GOOD && !__COMMENT_EXISTS && !__RCD_RDNS_MTA_MESSY && !__CTYPE_HAS_BOUNDARY && !__TVD_SPACE_RATIO && !__THREADED && !__HAVE_BOUNCE_RELAYS && !__FB_DO_NOT_REPLY && !__VBOUNCE_MAILSWEEP3 && !__DEAL && !__RCD_RDNS_MAIL_MESSY && !__UNSUB_LINK
+meta TO_NO_BRKTS_DIRECT __TO_NO_BRKTS_DIRECT && !__IS_EXCH && !__THREAD_INDEX_GOOD && !__COMMENT_EXISTS && !__RCD_RDNS_MTA_MESSY && !__TVD_SPACE_RATIO && !__THREADED && !__FB_DO_NOT_REPLY && !__VBOUNCE_MAILSWEEP3 && !__DEAL && !__RCD_RDNS_MAIL_MESSY && !__UNSUB_LINK && !__RP_MATCHES_RCVD && !__DKIM_EXISTS && !__TAG_EXISTS_CENTER
describe TO_NO_BRKTS_DIRECT To: misformatted and direct-to-MX
#tflags TO_NO_BRKTS_DIRECT publish