You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2020/11/23 18:18:21 UTC

svn commit: r1883759 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Mon Nov 23 18:18:21 2020
New Revision: 1883759

URL: http://svn.apache.org/viewvc?rev=1883759&view=rev
Log:
Rule tuning, new rules for eval

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1883759&r1=1883758&r2=1883759&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Nov 23 18:18:21 2020
@@ -3319,10 +3319,18 @@ header      __MSMAIL_PRI_HIGH          X
 header      __MSMAIL_PRI_LOW           X-MSMail-Priority =~ /^(?:low|non-urgent)$/i
 meta        __MSMAIL_PRI_ABNORMAL      __HAS_MSMAIL_PRI && !__MSMAIL_PRI_NORMAL
 
-meta        MSMAIL_PRI_ABNORMAL        __MSMAIL_PRI_ABNORMAL && !ALL_TRUSTED && !__ANY_OUTLOOK_MUA && !__HAS_THREAD_INDEX  && !__DKIM_EXISTS && !__MSOE_MID_WRONG_CASE && !__HAS_X_MAILER 
+# This is counterintuitive - exclude __MSMAIL_PRI_HIGH ?
+# It seems that 99% of the spam using X-MSMail-Priority other than "normal" is using *invalid values*
+# score "high" separately if justified
+meta        MSMAIL_PRI_ABNORMAL        __MSMAIL_PRI_ABNORMAL && !ALL_TRUSTED && !__ANY_OUTLOOK_MUA && !__HAS_THREAD_INDEX  && !__DKIM_EXISTS && !__MSOE_MID_WRONG_CASE && !__HAS_X_MAILER && !__HAS_UA && !__MSMAIL_PRI_HIGH 
 describe    MSMAIL_PRI_ABNORMAL        Email priority often abused
 score       MSMAIL_PRI_ABNORMAL        1.500	# limit
 
+meta        MSMAIL_PRI_HIGH            __MSMAIL_PRI_HIGH && !ALL_TRUSTED && !__FROM_LOWER && !__RDNS_SHORT 
+describe    MSMAIL_PRI_HIGH            Email priority often abused
+score       MSMAIL_PRI_HIGH            1.500	# limit
+
+
 
 # Phishing? 11/2020
 full        __TO_ADDR_BODY_DOC         /^To:\s+(?:"[^"\n]{0,80}"\s*)?<?([^@\s]{1,40})@([^\s>]{1,40})>?\s(?=.{1,2048}\b\1(?:@\2)?\s+(?:sharepoint|document))/ism
@@ -3332,4 +3340,10 @@ body        __BODY_HAS_ISBN            /
 
 header      __REPLYTO_NOREPLY          Reply-To =~ /\bno-?reply@/i
 
+body        __ORDER_TODAY              /\border (?:it|one|yours) (?:today|now)\b/i
+tflags      __ORDER_TODAY              multiple maxhits=4
+
+
+
+