You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2018/07/18 04:11:21 UTC
svn commit: r1836138 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Wed Jul 18 04:11:21 2018
New Revision: 1836138
URL: http://svn.apache.org/viewvc?rev=1836138&view=rev
Log:
Add some rules for testing based on porn extortion samples; push a couple of rules harder;
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1836138&r1=1836137&r2=1836138&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Wed Jul 18 04:11:21 2018
@@ -2350,9 +2350,11 @@ full __FROM_NAME_IN_MSG /^
meta FRNAME_IN_MSG_XPRIO __FROM_NAME_IN_MSG && __XPRIO
describe FRNAME_IN_MSG_XPRIO From name in message + X-Priority
score FRNAME_IN_MSG_XPRIO 3.500 # limit
+tflags FRNAME_IN_MSG_XPRIO publish
meta FRNAME_IN_MSG_NO_SUBJ __FROM_NAME_IN_MSG && (__SUBJECT_EMPTY || __XPRIO_SHORT_SUBJ)
describe FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject
score FRNAME_IN_MSG_NO_SUBJ 3.500 # limit
+tflags FRNAME_IN_MSG_NO_SUBJ publish
rawbody __HTTP_REFRESH /<meta\s[^>]{0,200}"refresh"/ism
@@ -2374,4 +2376,27 @@ meta __NO_FM_NAME_IP_RELAY
#describe NO_FM_NAME_IP_RELAY No From name + relay using bare IP address
#score NO_FM_NAME_IP_RELAY 2.500 # limit
+header FROM_NUMERIC_TLD From:addr =~ /\.\d+$/
+describe FROM_NUMERIC_TLD From: address has numeric TLD
+score FROM_NUMERIC_TLD 3.000 # limit
+
+header RDNS_NUMERIC_TLD X-Spam-Relays-External =~ /\srdns=\S+\.\d+\s/
+describe RDNS_NUMERIC_TLD Relay rDNS has numeric TLD
+score RDNS_NUMERIC_TLD 2.500 # limit
+
+meta MALF_HTML_B64 MIME_BASE64_TEXT && HTML_MIME_NO_HTML_TAG
+describe MALF_HTML_B64 Malformatted base64-encoded HTML content
+score MALF_HTML_B64 3.500 # limit
+
+meta TO_NAME_SUBJ_NO_RDNS LOCALPART_IN_SUBJECT && __RDNS_NONE
+describe TO_NAME_SUBJ_NO_RDNS Recipient username in subject + no rDNS
+score TO_NAME_SUBJ_NO_RDNS 3.000 # limit
+
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+ # more-precise version of __OBFUSCATING_COMMENT_A
+ rawbody __HTML_SHRT_CMNT_OBFU /\w<!--\s*\w+\s*-->\w/
+ tflags __HTML_SHRT_CMNT_OBFU multiple maxhits=10
+ meta __HTML_SHRT_CMNT_OBFU_MANY __HTML_SHRT_CMNT_OBFU > 9 && HTML_MESSAGE
+endif
+