You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2013/06/19 08:57:17 UTC
svn commit: r1494475 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Author: khopesh
Date: Wed Jun 19 06:57:17 2013
New Revision: 1494475

URL: http://svn.apache.org/r1494475
Log:
auto-generated rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1494475&r1=1494474&r2=1494475&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Wed Jun 19 06:57:17 2013
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf	v 201306182
+## khop-sc-neighbors.cf	v 201306192
 ## Khopesh's syndication of SpamCop's top offenders and top offending networks.
 ## 
 ## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -20,7 +20,7 @@
 
 # http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
 # Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|86)|9[35])(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:9[35]|117|2)(?:\.[012]?\d{1,2}){3}\b) /
 # and gets cleaned up a bit
 meta	 KHOP_SC_CIDR8	__KHOP_SC_CIDR8 && !(__VIA_ML||__freemail_safe||__RCVD_IN_DNSWL||RCVD_IN_HOSTKARMA_WL)
 describe KHOP_SC_CIDR8  Relay CIDR /8 is among worst in SpamCop
@@ -39,7 +39,7 @@ score	 KHOP_SC_CIDR8	0.3 0.1 0.3 0.1
 # 12.1449/0.0139 0.999 20100410  net, solo=12.1966/0.0197@0.998, ->.2 .1 .3 .2
 # 10.3554/0.0112 0.999 20110227@510k  solo=10.3717/0.0119@0.999, ->.3 .1 .3 .1
 
-header __KHOP_SC_TOP_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:78|90)|37|2)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_TOP_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:78|86|90)|37)(?:\.[012]?\d{1,2}){3}\b) /
 meta	 KHOP_SC_TOP_CIDR8  __KHOP_SC_TOP_CIDR8 && !(__VIA_ML||__freemail_safe||__RCVD_IN_DNSWL||RCVD_IN_HOSTKARMA_WL)
 describe KHOP_SC_TOP_CIDR8  Relay CIDR /8 leads SpamCop in worst /8s
 tflags	 KHOP_SC_TOP_CIDR8  nopublish
@@ -92,7 +92,7 @@ score	 KHOP_SC_TOP_CIDR16  2.0 0.3 2.0 0
 
 
 # http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:1(?:4\.207\.113|5\.88\.119|2\.90\.90)|0(?:1\.101\.152|3\.9\.158)|80\.225\.131|92\.119\.66)|209\.(?:144\.27|223\.35)|61\.252\.138)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:0(?:1\.101\.152|3\.9\.158)|(?:15\.88\.11|84\.82\.2)9|74\.37\.167)|6(?:1\.(?:252\.138|70\.83)|4\.250\.118)|2(?:09\.144\.27|20\.94\.235)|78\.138\.101)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_CIDR24  Relay CIDR /24 is among worst in SpamCop
 tflags	 KHOP_SC_CIDR24  nopublish
 score	 KHOP_SC_CIDR24  0.1 0 0.1 0
@@ -111,7 +111,7 @@ score	 KHOP_SC_CIDR24  0.1 0 0.1 0
 # 0.4157/0.5009 0.454 20110227  something is wrong here! -> .1 0 .1 0
 
 
-header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:(?:83\.221\.1|58\.255\.)2|2(?:5\.60\.156|0\.84\.13)|10\.52\.[02])|2(?:1(?:3\.230\.128|2\.48\.64)|08\.(?:71\.172|82\.114)|20\.94\.235)|6(?:4\.250\.118|6\.199\.224|5\.60\.15)|37\.122\.208)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:2(?:5\.60\.156|0\.84\.13)|10\.52\.[02]|73\.192\.141|03\.9\.158|58\.255\.2)|2(?:0(?:8\.(?:71\.172|82\.114)|9\.223\.35)|1(?:3\.230\.128|2\.48\.64))|6(?:6\.199\.224|5\.60\.15))\.[012]?\d{1,2}\b)/
 describe KHOP_SC_TOP_CIDR24  Relay CIDR /24 leads SpamCop in worst /24s
 tflags	 KHOP_SC_TOP_CIDR24  nopublish
 score	 KHOP_SC_TOP_CIDR24  2.7 0.5 2.7 0.5
@@ -129,7 +129,7 @@ score	 KHOP_SC_TOP_CIDR24  2.7 0.5 2.7 0
 
 
 # http://www.spamcop.net/w3m?action=hoshame
-header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:21(?:6\.(?:1(?:81\.110|02\.98)|8\.158)|7\.228\.234)|1(?:86\.(?:46\.107|16\.5)|04\.189\.110))|0\.(?:45\.(?:1(?:3(?:6\.181|8\.138)|40\.89)|244\.(?:4[04]|54))|165\.125\.152)|8\.(?:1(?:14\.77\.116|71\.95\.234)|97\.196\.163)|(?:4\.207\.113\.5|9\.193\.93\.2)5|5\.(?:88\.119\.132|22\.80\.197)|3\.0\.85\.249|7\.6\.128\.27)|9(?:5\.(?:1(?:38\.195\.125|91\.184\.82)|29\.81\.30)|2\.1(?:87\.10(?:1\.125|2\.212)|63\.193\.205)|8\.(?:50\.164\.21[89]|84\.69\.217)|9\.(?:30\.137\.13[89]|255\.11\.29)|3\.1(?:94\.92\.242|64\.254\.3)|4\.106\.16\.6)|8(?:8\.(?:1(?:27\.230\.28|68\.46\.53)|252\.0\.237)|0\.2(?:11\.1(?:62\.254|79\.30)|25\.131\.176)|(?:3\.81\.152\.22|9\.39\.35\.16)8|7\.120\.127\.27|6\.6\.224\.69)|7(?:4\.(?:3(?:6\.16(?:0\.157|4\.184)|7\.148\.77)|90\.83\.42)|8\.(?:163\.105\.52|20\.148\.11)|3\.192\.144\.105|7\.37\.4\.146)|2(?:1\.(?:1(?:81\.251\.188|28\.31\.93|57\.3\.252)|22\.127\.17)|2\.165\.225\.177|3\.201\.60\.83)|0(?:3\.9\.15(?:
 7\.181|8\.147)|9\.236\.89\.141)|5(?:8\.255\.2\.6[4689]|1\.84\.131\.107)|3(?:3\.242\.115\.44|8\.91\.88\.93)|\.220\.158\.3)|2(?:0(?:8\.(?:71\.172\.(?:8[456789]|9[1234])|82\.114\.(?:5[13579]|4[4579])|113\.254\.39)|0\.(?:14(?:8\.125\.247|2\.133\.21)|7(?:2\.11\.132|9\.27\.60)|94\.77\.1)|2\.(?:1(?:58\.(?:39\.250|52\.84)|42\.203\.19)|71\.136\.200)|9\.(?:2(?:23\.35\.20[23456]|39\.114\.172)|144\.27\.22[689])|3\.(?:255\.15\.146|155\.102\.2)|6\.217\.105\.67|1\.45\.114\.3)|1(?:1\.(?:1(?:(?:91\.168\.16|47\.211\.1)6|15\.68\.32)|232\.154\.6|54\.17\.201)|0\.(?:2(?:10\.123\.47|45\.89\.69)|5(?:1\.44\.199|6\.23\.100))|3\.(?:1(?:71\.39\.154|32\.241\.7)|230\.128\.226)|7\.(?:1(?:49\.52\.12|98\.3\.238)|200\.184\.87)|9\.(?:145\.110\.118|80\.238\.185)|2\.(?:48\.64\.14|6\.152\.21)1|8\.145\.135\.137)|2(?:2\.(?:2(?:53\.182\.139|36\.16\.14)|161\.201\.132)|1\.(?:214\.208\.226|143\.50\.219)|0\.(?:94\.235\.200|178\.97\.2))|4\.127\.201\.172)|6(?:1\.(?:(?:164\.42\.1|70\.83\.)58|252\.138\.195|38\.186\.117|98\
 .131\.141)|6\.(?:199\.224\.(?:[689]|1[012345679]|20)|84\.49\.9)|4\.250\.118\.15[23]|5\.60\.15\.184|8\.115\.192\.7)|8(?:(?:1\.(?:15\.172\.14|23\.106\.7)|9\.78\.121\.3)5|3\.(?:18\.234\.202|238\.208\.55|3\.103\.227)|8\.250\.233\.164|6\.64\.171\.198|4\.22\.61\.190|7\.97\.215\.67)|9(?:1\.(?:187\.96\.104|214\.83\.2)|5\.(?:48\.24\.10|86\.4\.79)|2\.253\.123\.95|4\.189\.183\.70|3\.188\.8\.67)|7(?:2\.(?:35\.20\.131|42\.224\.25|55\.188\.73)|6\.74\.186\.237|1\.188\.63\.88|4\.9\.203\.186)|3(?:7\.(?:(?:206\.210\.13|46\.224\.25)0|122\.2(?:08\.169|11\.100))|1\.13\.211\.28)|4(?:1\.(?:137\.24\.4|41\.86\.6)|6\.182\.24\.130)|5(?:9\.1(?:5\.76\.97|0\.7\.16)|8\.232\.221\.43))\b)/
+header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:21(?:6\.(?:1(?:81\.110|02\.98)|8\.158)|7\.228\.234)|1(?:04\.189\.110|64\.62\.8|86\.16\.5))|0\.(?:45\.(?:1(?:36\.181|40\.89)|244\.(?:4[04]|54))|165\.125\.152)|8\.(?:1(?:14\.77\.116|71\.95\.234)|97\.196\.163)|5\.(?:88\.(?:119\.132|247\.131)|22\.80\.197)|9\.19(?:7\.181\.120|2\.252\.1|3\.93\.25)|4\.207\.113\.55|3\.0\.85\.249|7\.6\.128\.27)|8(?:8\.(?:1(?:27\.230\.28|68\.46\.53)|252\.0\.237)|0\.2(?:11\.1(?:62\.254|79\.30)|25\.131\.176)|(?:3\.81\.152\.22|9\.39\.35\.16)8|4\.82\.(?:29\.3[34]|120\.210)|6\.(?:237\.41\.56|6\.224\.69)|7\.120\.127\.27)|9(?:5\.(?:1(?:38\.195\.125|91\.184\.82)|29\.81\.30)|9\.(?:30\.137\.13[89]|255\.11\.29)|2\.187\.10(?:1\.125|2\.212)|8\.50\.164\.21[89]|3\.164\.254\.3|4\.106\.16\.6)|7(?:4\.3(?:7\.1(?:67\.1(?:03|11|22)|48\.77)|6\.16(?:0\.157|4\.184|7\.116))|3\.192\.14(?:4\.105|7\.114|1\.99)|8\.20(?:7\.158\.230|\.148\.11))|2(?:1\.(?:1(?:34\.238\.129|81\.251\.188|57\.3\.252)|22\.127\.17)|2\.165\.22
 5\.177|3\.201\.60\.83)|0(?:3\.9\.15(?:7\.181|8\.147)|9\.236\.89\.141)|5(?:8\.255\.2\.6[49]|1\.84\.131\.107)|38\.91\.88\.93)|2(?:0(?:8\.(?:71\.172\.(?:8[456789]|9[1234])|82\.114\.(?:4[4579]|5[179])|113\.254\.39)|0\.(?:14(?:8\.125\.247|2\.133\.21)|7(?:2\.11\.132|9\.27\.60)|94\.77\.1)|2\.(?:1(?:58\.(?:39\.250|52\.84)|42\.203\.19)|71\.136\.200)|9\.(?:2(?:23\.35\.20[23456]|39\.114\.172)|144\.27\.22[689])|3\.(?:255\.15\.146|155\.102\.2)|6\.217\.105\.67|1\.45\.114\.3)|1(?:8\.(?:1(?:45\.135\.137|64\.18\.225)|234\.108\.13)|3\.(?:1(?:71\.39\.154|32\.241\.7)|230\.128\.226)|1\.(?:(?:147\.211\.1|232\.154\.)6|33\.121\.231)|0\.(?:2(?:10\.123\.47|45\.89\.69)|56\.23\.100)|7\.(?:1(?:49\.52\.12|98\.3\.238)|200\.184\.87)|9\.(?:145\.110\.118|80\.238\.185)|2\.(?:48\.64\.14|6\.152\.21)1)|2(?:2\.(?:2(?:53\.182\.139|36\.16\.14)|161\.201\.132|99\.202\.239)|1\.(?:214\.208\.226|143\.50\.219)|0\.94\.235\.200)|4\.127\.201\.172)|6(?:1\.(?:2(?:52\.138\.195|31\.19\.112)|(?:164\.42\.1|70\.83\.)58|38\.186\.11
 7|98\.131\.141|57\.65\.125)|6\.(?:199\.224\.(?:[68]|1[02345679]|2[01])|84\.49\.9)|4\.250\.118\.15[23]|9\.61\.206\.162|5\.60\.15\.184|8\.115\.192\.7)|8(?:3\.(?:18\.234\.202|3\.103\.227)|1\.(?:15\.172\.14|23\.106\.7)5|8\.250\.233\.164|6\.64\.171\.198|4\.22\.61\.190|7\.97\.215\.67)|5(?:9\.1(?:(?:20\.213\.3|5\.76\.9)7|0\.7\.16)|\.(?:135\.51\.214|200\.9\.231)|8\.232\.221\.43|0\.97\.3\.89)|9(?:5\.(?:48\.24\.10|86\.4\.79)|2\.253\.123\.95|4\.189\.183\.70|1\.214\.83\.2|3\.188\.8\.67)|3(?:7\.(?:(?:206\.210\.13|46\.224\.25)0|122\.2(?:08\.169|11\.100))|1\.13\.211\.28)|7(?:6\.74\.186\.237|8\.138\.101\.14|2\.35\.20\.131|4\.9\.203\.186)|4(?:6\.182\.24\.130|1\.137\.24\.4))\b)/
 describe KHOP_SC_TOP200  Relay listed in SpamCop top 200 spammer IPs
 tflags	 KHOP_SC_TOP200  nopublish
 score	 KHOP_SC_TOP200  4 0 4 0	# unnecessary if DNSBLs work
@@ -163,7 +163,7 @@ score	 KHOP_SPAMHAUS_DROP_LE	2 0 2 0 	# 
 
 # PSBL-neighbors:  any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
 # as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.176\.(?:(?:12|8)[4567]|7[01245689]|4[89]|5[01]|69)|9\.3(?:9\.19[234567]|6\.21[23])|6\.207\.(?:6[0123]|4[89]|5\d)|3\.56\.2(?:4[589]|5[01]|25)|0\.(?:52\.[01238]|89\.208))|8(?:3\.(?:93\.(?:69|84)|221\.1[23])|(?:6\.123\.13|8\.165\.8)3)|0(?:3\.(?:2(?:3\.248|0\.37)|30\.73)|9\.127\.81|0\.42\.28)|2(?:1\.63\.1[6789]|5\.60\.156|0\.84\.13|3\.136\.0)|77\.47\.1(?:06|21))|2(?:7\.(?:20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|15(?:0\.16[12]|7\.252))|(?:02\.231\.24|13\.143\.5)8)|5(?:8\.50\.1(?:[2345]|1[6789])|9\.55\.25[2345]|\.135\.202)|85\.153\.2[48]|46\.234\.175|37\.59\.212)\.[012]?\d{1,2}\b)/
+header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.176\.(?:(?:12|8)[4567]|[46][89]|5[01]|7\d)|6\.207\.(?:6[0123]|1[45]|4[89]|5\d)|9\.3(?:9\.19[234567]|6\.21[23])|0\.(?:52\.[01238]|89\.208)|3\.56\.2(?:4[89]|5[01]|25)|5\.63\.(?:[89]|1[0235]))|2(?:1\.63\.(?:1[6789]|20)|5\.60\.156|0\.84\.13|3\.136\.0)|0(?:3\.(?:23\.248|30\.73)|9\.127\.81|0\.42\.28)|8(?:3\.221\.1[23]|6\.123\.133)|77\.47\.1(?:06|21))|2(?:7\.(?:20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|15(?:0\.16[12]|7\.252))|(?:02\.231\.24|13\.143\.5)8)|5(?:8\.50\.1(?:[2345]|1[6789])|9\.55\.25[2345]|\.135\.202)|85\.153\.2[48]|46\.234\.175|37\.59\.212)\.[012]?\d{1,2}\b)/
 describe KHOP_PSBL_CIDR24	Relay's IP/24 CIDR contains many PSBL hits
 tflags	 KHOP_PSBL_CIDR24	nopublish
 score	 KHOP_PSBL_CIDR24	2 0.6 2 0.6