You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2009/08/23 21:42:41 UTC

svn commit: r807009 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Sun Aug 23 19:42:40 2009
New Revision: 807009

URL: http://svn.apache.org/viewvc?rev=807009&view=rev
Log:
tweaks to misc rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=807009&r1=807008&r2=807009&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sun Aug 23 19:42:40 2009
@@ -21,22 +21,29 @@
   mimeheader   OBFU_TEXT_ATTACH    Content-Type =~ m,application/octet-stream;.+\.txt\b,i
 endif
 
-header         MUA_ONE_WORD       X-Mailer =~ /^[a-z]+$/i
-describe       MUA_ONE_WORD       Single word X-Mailer:
+header         MUA_ONE_WORD       X-Mailer =~ /^[A-Za-z][a-z]*$/
+describe       MUA_ONE_WORD       Single word X-Mailer: not CamelCase
 
-body           DEAR_BENEFICIARY		/^Dear\sBeneficiary\b/i
+body           DEAR_BENEFICIARY		/^\s?Dear\sBeneficiary\b/i
 describe       DEAR_BENEFICIARY		Dear Beneficiary:
 
+# from users list spamples 8/2009
 uri            URI_NUMERIC_CCTLD     m;^[a-z]+://(?:\d+\.){2,}[a-z][a-z]/;i
 describe       URI_NUMERIC_CCTLD     CCTLD URI with multiple numeric subdomains
 
-header         FROM_MISSPACED        From =~ /\S"</
+header         FROM_MISSPACED        From =~ /^\s*"[^"]*"</
 describe       FROM_MISSPACED        From: missing whitespace
 
-header         MIME_BDRY_0D0D        Content-Type =~ /boundary=\S+(?:0[1-9]){10,}/
-describe       MIME_BDRY_0D0D        Suspicious MIME boundary string
-
+# observed in spam 8/2009
 header         MUA_EQ_ORG         ALL =~ /\nX-Mailer: ([^\n]+)\n.*Organization: \1/sm
 describe       MUA_EQ_ORG         X-Mailer: same as Organization:
 
+header         ___MUA_TBIRD       User-Agent =~ /Thunderbird/
+header         __TB_MIME_BDRY_NOT_Z        Content-Type =~ /boundary=\S+-{5}(?:[1-9]){16,}/
+meta           TBIRD_SUSP_MIME_BDRY   __MUA_TBIRD && __TB_MIME_BDRY_NOT_Z
+describe       TBIRD_SUSP_MIME_BDRY   Unlikely Thunderbird MIME boundary
+
+header         UNQ_MIME_BDRY        Content-Type =~ /boundary=[^"]/i
+describe       UNQ_MIME_BDRY        Unquoted MIME boundary string
+