You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2018/07/18 04:11:21 UTC
svn commit: r1836138 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Wed Jul 18 04:11:21 2018
New Revision: 1836138

URL: http://svn.apache.org/viewvc?rev=1836138&view=rev
Log:
Add some rules for testing based on porn extortion samples; push a couple of rules harder;

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1836138&r1=1836137&r2=1836138&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Wed Jul 18 04:11:21 2018
@@ -2350,9 +2350,11 @@ full       __FROM_NAME_IN_MSG         /^
 meta       FRNAME_IN_MSG_XPRIO        __FROM_NAME_IN_MSG && __XPRIO
 describe   FRNAME_IN_MSG_XPRIO        From name in message + X-Priority
 score      FRNAME_IN_MSG_XPRIO        3.500	# limit
+tflags     FRNAME_IN_MSG_XPRIO        publish
 meta       FRNAME_IN_MSG_NO_SUBJ      __FROM_NAME_IN_MSG && (__SUBJECT_EMPTY || __XPRIO_SHORT_SUBJ)
 describe   FRNAME_IN_MSG_NO_SUBJ      From name in message + short or no subject
 score      FRNAME_IN_MSG_NO_SUBJ      3.500	# limit
+tflags     FRNAME_IN_MSG_NO_SUBJ      publish
 
 
 rawbody    __HTTP_REFRESH             /<meta\s[^>]{0,200}"refresh"/ism
@@ -2374,4 +2376,27 @@ meta       __NO_FM_NAME_IP_RELAY
 #describe   NO_FM_NAME_IP_RELAY        No From name + relay using bare IP address
 #score      NO_FM_NAME_IP_RELAY        2.500	# limit
 
+header     FROM_NUMERIC_TLD            From:addr =~ /\.\d+$/
+describe   FROM_NUMERIC_TLD            From: address has numeric TLD
+score      FROM_NUMERIC_TLD            3.000	# limit
+
+header     RDNS_NUMERIC_TLD            X-Spam-Relays-External =~ /\srdns=\S+\.\d+\s/
+describe   RDNS_NUMERIC_TLD            Relay rDNS has numeric TLD
+score      RDNS_NUMERIC_TLD            2.500	# limit
+
+meta       MALF_HTML_B64               MIME_BASE64_TEXT && HTML_MIME_NO_HTML_TAG 
+describe   MALF_HTML_B64               Malformatted base64-encoded HTML content
+score      MALF_HTML_B64               3.500	# limit
+
+meta       TO_NAME_SUBJ_NO_RDNS        LOCALPART_IN_SUBJECT && __RDNS_NONE 
+describe   TO_NAME_SUBJ_NO_RDNS        Recipient username in subject + no rDNS
+score      TO_NAME_SUBJ_NO_RDNS        3.000	# limit
+
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+  # more-precise version of __OBFUSCATING_COMMENT_A
+  rawbody    __HTML_SHRT_CMNT_OBFU       /\w<!--\s*\w+\s*-->\w/
+  tflags     __HTML_SHRT_CMNT_OBFU       multiple maxhits=10
+  meta       __HTML_SHRT_CMNT_OBFU_MANY  __HTML_SHRT_CMNT_OBFU > 9 && HTML_MESSAGE
+endif
+