You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2014/02/07 08:58:18 UTC
svn commit: r1565568 -
/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Author: khopesh
Date: Fri Feb 7 07:58:18 2014
New Revision: 1565568
URL: http://svn.apache.org/r1565568
Log:
auto-generated rules
Modified:
spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1565568&r1=1565567&r2=1565568&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Fri Feb 7 07:58:18 2014
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf v 20140262
+## khop-sc-neighbors.cf v 20140272
## Khopesh's syndication of SpamCop's top offenders and top offending networks.
##
## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@ meta __KHOP_SC_EXCLUSIONS __VIA_ML || __
# http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
# Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:[25]|117|46)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:[25]|188|46)(?:\.[012]?\d{1,2}){3}\b) /
# and gets cleaned up a bit
meta KHOP_SC_CIDR8 __KHOP_SC_CIDR8 && !__KHOP_SC_EXCLUSIONS
describe KHOP_SC_CIDR8 Relay CIDR /8 is among worst in SpamCop
@@ -101,7 +101,7 @@ score KHOP_SC_TOP_CIDR16 0.6 0.2 0.7 0
# http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:7(?:7\.223\.15[67]|3\.212\.205)|9(?:2\.208\.18|9\.204\.4)5|84\.(?:22\.197|82\.179)|20\.84\.13)|6(?:1\.163\.101|0\.29\.104)|221\.23(?:2\.247|8\.21)|91\.214\.131|81\.92\.126)\.[012]?\d{1,2}\b)/
+header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:7(?:7\.223\.15[67]|3\.212\.205)|84\.(?:22\.197|82\.179)|99\.204\.45)|(?:221\.238\.2|31\.192\.11)1|6(?:1\.163\.101|0\.29\.104)|9(?:1\.214\.131|3\.115\.85)|79\.124\.58)\.[012]?\d{1,2}\b)/
describe KHOP_SC_CIDR24 Relay CIDR /24 is among worst in SpamCop
tflags KHOP_SC_CIDR24 nopublish
score KHOP_SC_CIDR24 0.6 0 0.6 0
@@ -122,7 +122,7 @@ score KHOP_SC_CIDR24 0.6 0 0.6 0
# 0.4428/0 1.000 20130705@376k resume scores -> .6 0 .6 0
-header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:0(?:3\.2(?:5\.14[56]|46\.195)|1\.50\.12)|8(?:1\.66\.15[67]|3\.182\.39|4\.22\.53)|1(?:8\.244\.239|6\.112\.66)|2(?:0\.143\.5|5\.93\.77)|73\.208\.(?:186|215)|98\.143\.150)|9(?:1\.218\.(?:11|24)5|4\.20\.224)|74\.91\.31)\.[012]?\d{1,2}\b)/
+header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:8(?:1\.66\.15[67]|3\.182\.39|4\.22\.53)|2(?:5\.(?:60\.156|93\.77)|0\.143\.5)|7(?:3\.208\.(?:186|215)|7\.223\.143)|9(?:0\.234\.105|8\.143\.150)|1(?:8\.244\.239|6\.112\.66)|03\.2(?:5\.14[56]|46\.195))|9(?:1\.218\.(?:11|24)5|4\.20\.224)|74\.91\.31)\.[012]?\d{1,2}\b)/
describe KHOP_SC_TOP_CIDR24 Relay CIDR /24 leads SpamCop in worst /24s
tflags KHOP_SC_TOP_CIDR24 nopublish
score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0.5
@@ -142,7 +142,7 @@ score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0
# http://www.spamcop.net/w3m?action=hoshame
-header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:8(?:4\.(?:22\.(?:1(?:97\.216|52\.8)|53\.(?:190?|201))|82\.1(?:7(?:1\.234|9\.117|2\.62)|23\.85)|1(?:07\.159\.15|54\.91\.24)4)|5\.2(?:5\.1(?:49\.236|50\.212)|4\.232\.(?:193|206))|7\.162\.253\.250|3\.106\.150\.78|2\.172\.22\.57)|1(?:2\.(?:216\.(?:20\.50|76\.74|8\.158)|17(?:3\.175\.13|1\.126\.9)3)|6\.(?:255\.241\.111|112\.66\.102)|8\.(?:244\.239\.2|97\.186\.94)|5\.248\.188\.149|0\.45\.144\.163|9\.201\.16\.211|3\.199\.80\.47|4\.247\.23\.66)|9(?:8\.(?:143\.1(?:50\.2(?:4[0789]|5[012]|39)|28\.144)|246\.46\.27)|(?:3\.109\.69\.14|4\.105\.9\.8)5|2\.208\.185\.(?:178|211)|0\.107\.140\.76|9\.204\.45\.181)|2(?:5\.(?:(?:141\.142\.22|88\.123\.24)4|93\.77\.125)|1\.1(?:3(?:4\.238\.129|7\.91\.42)|59\.11\.164)|4\.(?:54\.230\.123|160\.35\.2)|3\.200\.28\.77)|73\.2(?:08\.(?:186\.8[3456]|215\.164)|12\.205\.158)|01\.9\.206\.207|\.209\.242\.218)|2(?:1(?:1\.(?:2(?:3(?:3\.(?:64\.110|71\.76)|2\.138\.171)|18\.27\.11[02])|1(?:69\.224\.17|72\.246\.78))|2\.(?:146
\.101\.154|220\.9\.235)|9\.(?:238\.181\.120|147\.172\.2)|3\.135\.113\.197|6\.107\.159\.92|7\.13\.154\.155|8\.38\.29\.68)|2(?:1\.2(?:3(?:2\.247\.27|8\.21\.251)|14\.2(?:08\.226|14\.187))|2\.(?:106\.216\.100|200\.182\.65|99\.202\.239)|0\.(?:164\.162\.22|67\.90\.31))|0(?:2\.(?:1(?:94\.119\.69|79\.0\.88)|234\.40\.41)|3\.230\.112\.4[45]|5\.164\.26\.36)|3\.238\.207\.130)|9(?:1\.218\.(?:115\.(?:1(?:8[012345678]|3[3456]|[67]\d|09|10)|54)|24(?:5\.(?:[456789]|1[013456789]|2\d?|30?)|4\.4))|3\.(?:115\.85\.22[6789]|90\.102\.194)|4\.(?:232\.184\.67|77\.199\.148))|6(?:1\.(?:1(?:06\.235\.18[09]|63\.101\.42)|3(?:8\.186\.117|5\.92\.92)|43\.97\.132|98\.77\.169)|0\.(?:190\.92\.234|29\.104\.197))|8(?:(?:3\.150\.92\.2|5\.185\.112\.)8|1\.(?:92\.126\.40|80\.52\.1)|9\.218\.255\.194|4\.203\.244\.50)|3(?:7\.(?:157\.196\.54|48\.66\.20)|1\.192\.111\.(?:6[89]|7[01])|8\.89\.160\.133)|7(?:(?:7\.106\.232\.1|8\.29\.4\.)78|4\.91\.31\.2(?:29|30)|6\.72\.246\.166)|5(?:8\.151\.171\.114|0\.193\.157\.62|9\.15\.76\.97)|41\.(
?:137\.24\.4|63\.166\.3))\b)/
+header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:8(?:4\.(?:22\.(?:1(?:97\.216|52\.8)|53\.(?:190?|201))|82\.1(?:7(?:1\.234|9\.117|2\.62)|23\.85)|154\.91\.244)|5\.(?:24\.232\.(?:193|206)|8\.107\.51)|3\.(?:106\.150\.78|98\.235\.12)|7\.162\.253\.250|2\.172\.22\.57)|9(?:8\.(?:143\.1(?:50\.2(?:4[0789]|5[012]|39)|28\.1(?:39|44))|246\.46\.(?:27|54))|(?:2\.208\.185\.17|7\.253\.6\.6)8|(?:3\.109\.69\.14|4\.105\.9\.8)5|0\.107\.140\.76|9\.204\.45\.181)|1(?:2\.(?:216\.(?:20\.50|76\.74|8\.158)|1(?:68\.218\.86|71\.126\.93))|6\.(?:255\.241\.111|112\.66\.102)|8\.(?:244\.239\.2|97\.186\.94)|9\.201\.16\.211|3\.199\.80\.47)|2(?:5\.(?:(?:141\.142\.22|88\.123\.24)4|93\.77\.125)|1\.1(?:3(?:4\.238\.129|7\.91\.42)|59\.11\.164)|3\.200\.28\.77|4\.160\.35\.2)|73\.2(?:08\.(?:186\.8[3456]|215\.164)|12\.205\.158)|01\.9\.206\.207|\.209\.242\.218)|2(?:1(?:1\.(?:2(?:3(?:3\.(?:64\.110|71\.76)|2\.183\.58)|18\.27\.11[02])|1(?:69\.224\.17|15\.71\.18))|9\.(?:238\.181\.120|147\.172\.2)|2\.146\.101\.154|3\.135\.113\.19
7|6\.107\.159\.92|7\.13\.154\.155|8\.38\.29\.68)|2(?:1\.2(?:3(?:2\.247\.27|8\.21\.251)|14\.2(?:08\.226|14\.187))|2\.(?:106\.216\.100|200\.182\.65|99\.202\.239)|0\.(?:164\.162\.22|67\.90\.31))|0(?:2\.(?:1(?:94\.119\.69|79\.0\.88)|234\.40\.41)|3\.230\.112\.4[45]|5\.164\.26\.36)|3\.238\.207\.130|4\.48\.219\.49)|9(?:1\.218\.(?:24(?:5\.(?:[456789]|1[013456789]|2\d?|30?)|4\.4)|115\.1(?:8[01245678]|3[3456]|[67]\d))|3\.115\.85\.2(?:3[0123456]|2[6789])|4\.(?:232\.184\.67|77\.199\.148))|6(?:1\.(?:1(?:06\.235\.189|63\.101\.42)|43\.97\.132|98\.77\.169)|0\.(?:190\.92\.234|29\.104\.197))|3(?:1\.1(?:92\.111\.(?:7[0123456]|6[89])|86\.87\.231)|7\.(?:157\.196\.54|48\.66\.20))|8(?:(?:3\.150\.92\.2|5\.185\.112\.)8|1\.(?:92\.126\.40|80\.52\.1)|4\.203\.244\.50)|5(?:8\.151\.(?:171\.114|38\.107)|0\.193\.157\.62|9\.15\.76\.97)|7(?:(?:7\.106\.232\.1|8\.29\.4\.)78|4\.91\.31\.2(?:29|30))|41\.(?:137\.24\.4|63\.166\.3))\b)/
describe KHOP_SC_TOP200 Relay listed in SpamCop top 200 spammer IPs
tflags KHOP_SC_TOP200 nopublish
score KHOP_SC_TOP200 4 0 4 0 # unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score KHOP_SPAMHAUS_DROP_LE 2 0 2 0 #
# PSBL-neighbors: any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
# as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:9(?:0\.234\.10[56]|2\.95\.63)|81\.66\.15[67]|77\.36\.22)|209\.245\.91)\.[012]?\d{1,2}\b)/
+header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:8(?:1\.66\.15[67]|6\.251\.142|9\.126\.130)|9(?:0\.234\.10[56]|2\.95\.63)|77\.36\.22)|209\.245\.91)\.[012]?\d{1,2}\b)/
describe KHOP_PSBL_CIDR24 Relay's IP/24 CIDR contains many PSBL hits
tflags KHOP_PSBL_CIDR24 nopublish
score KHOP_PSBL_CIDR24 2 0.6 2 0.6