You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2014/02/21 08:57:45 UTC
svn commit: r1570485 -
/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Author: khopesh
Date: Fri Feb 21 07:57:45 2014
New Revision: 1570485
URL: http://svn.apache.org/r1570485
Log:
auto-generated rules
Modified:
spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1570485&r1=1570484&r2=1570485&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Fri Feb 21 07:57:45 2014
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf v 201402202
+## khop-sc-neighbors.cf v 201402212
## Khopesh's syndication of SpamCop's top offenders and top offending networks.
##
## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@ meta __KHOP_SC_EXCLUSIONS __VIA_ML || __
# http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
# Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|86)|9?5)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:(?:18|4)6|9?5)(?:\.[012]?\d{1,2}){3}\b) /
# and gets cleaned up a bit
meta KHOP_SC_CIDR8 __KHOP_SC_CIDR8 && !__KHOP_SC_EXCLUSIONS
describe KHOP_SC_CIDR8 Relay CIDR /8 is among worst in SpamCop
@@ -101,7 +101,7 @@ score KHOP_SC_TOP_CIDR16 0.6 0.2 0.7 0
# http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:(?:23\.64\.19|84\.82\.17)9|98\.143\.128|03\.25\.146)|2(?:10\.183\.179|3\.231\.48)|(?:91\.218\.24|5\.255\.6)4|68\.65\.2(?:40|52)|88\.208\.231)\.[012]?\d{1,2}\b)/
+header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:(?:23\.64\.19|84\.82\.17)9|98\.143\.128|03\.25\.146)|2(?:10\.183\.179|3\.231\.48)|5(?:0\.193\.157|8\.251\.146)|88\.208\.231|91\.218\.244|68\.65\.252)\.[012]?\d{1,2}\b)/
describe KHOP_SC_CIDR24 Relay CIDR /24 is among worst in SpamCop
tflags KHOP_SC_CIDR24 nopublish
score KHOP_SC_CIDR24 0.6 0 0.6 0
@@ -122,7 +122,7 @@ score KHOP_SC_CIDR24 0.6 0 0.6 0
# 0.4428/0 1.000 20130705@376k resume scores -> .6 0 .6 0
-header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:9(?:0\.234\.10[56]|8\.143\.150|4\.105\.9)|0(?:1\.(?:14\.89|9\.205)|3\.25\.14[56])|8(?:1\.66\.15[67]|3\.182\.39|4\.22\.53)|20\.(?:143\.5|84\.13)|41\.105\.68)|(?:212\.146\.10|31\.192\.11)1|9(?:1\.218\.24|4\.20\.22)4|50\.(?:193\.157|2\.95)|83\.149\.48)\.[012]?\d{1,2}\b)/
+header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:9(?:0\.234\.10[56]|8\.143\.150|4\.105\.9)|0(?:1\.(?:14\.89|9\.205)|3\.25\.14[56])|8(?:1\.66\.15[67]|3\.182\.39|4\.22\.53)|20\.(?:143\.5|84\.13)|41\.105\.68)|(?:212\.146\.10|31\.192\.11)1|9(?:1\.218\.24|4\.20\.22)4|67\.205\.67|83\.149\.48|50\.2\.95)\.[012]?\d{1,2}\b)/
describe KHOP_SC_TOP_CIDR24 Relay CIDR /24 leads SpamCop in worst /24s
tflags KHOP_SC_TOP_CIDR24 nopublish
score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0.5
@@ -142,7 +142,7 @@ score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0
# http://www.spamcop.net/w3m?action=hoshame
-header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:1(?:0\.(?:45\.1(?:36\.181|40\.89)|189\.168\.171)|9\.(?:110\.108\.92|42\.147\.114|73\.225\.13)|8\.1(?:29\.166\.86|42\.19\.172|89\.11\.10)|4\.112\.129\.167|2\.220\.67\.130|6\.193\.90\.26)|8(?:4\.(?:82\.1(?:7(?:1\.234|9\.117)|23\.85)|22\.(?:53\.(?:190?|201)|197\.216))|3\.(?:106\.150\.78|86\.207\.130)|2\.172\.22\.5[79]|5\.25\.150\.212|8\.20\.27\.174)|9(?:8\.143\.1(?:50\.2(?:4[789]|5[012]|39)|28\.1(?:32|44))|2\.(?:208\.185\.1(?:06|14)|119\.174\.(?:13|9))|0\.107\.140\.76|3\.111\.62\.157|4\.105\.9\.85)|2(?:1\.(?:1(?:34\.238\.129|82\.63\.196)|78\.116\.243)|2\.(?:219\.138\.227|155\.9\.59)|4\.160\.35\.2|0\.50\.86\.3)|7(?:8\.(?:175\.159\.93|248\.43\.106)|3\.212\.20(?:5\.158|9\.30))|0(?:1\.(?:9\.205\.13|14\.89\.)0|6\.245\.250\.6)|62\.2(?:43\.213\.233|20\.57\.202)|41\.105\.68\.219|59\.224\.80\.43)|2(?:1(?:1\.(?:23(?:(?:4\.117\.14|\.152\.1)9|3\.64\.110|2\.154\.6)|17(?:4\.178\.177|6\.76\.198))|0\.(?:183\.179\.3[89]|48\.156\.227)|2\.(?:146\.101\
.154|87\.28\.201)|9\.(?:140\.69\.122|92\.57\.210)|8\.234\.1(?:08\.13|7\.176)|3\.135\.113\.197)|0(?:2\.(?:1(?:18\.236\.178|30\.114\.130|97\.68\.201)|234\.40\.41|64\.73\.148)|3\.23(?:0\.112\.45|8\.64\.250|9\.45\.202))|2(?:1\.(?:214\.2(?:08\.226|14\.187)|178\.236\.19)|2\.(?:200\.182\.65|78\.247\.67))|3\.(?:231\.48\.(?:10|72)|94\.15\.143)|\.230\.25\.144)|6(?:8\.65\.2(?:5(?:2\.1(?:8[789]|90)|4\.251)|40\.25[023])|(?:4\.235\.49\.18|2\.65\.133\.4)3|7\.2(?:10\.247\.2[56]|05\.67\.7)|0\.190\.92\.234|1\.38\.186\.117)|9(?:1\.218\.244\.(?:2(?:1[012345678]|2[23468]|0[2349]|4[0189]|3[34])|1(?:9[1234567]|36))|5\.(?:211\.135\.83|85\.63\.150))|8(?:8\.(?:208\.2(?:31\.1(?:7[79]|29)|29\.1[38]9|09\.31)|198\.199\.35)|5\.185\.(?:30\.163|112\.8))|5(?:8\.64\.(?:164\.116|200\.150)|\.255\.64\.2(?:4[89]|50)|0\.193\.157\.62)|7(?:(?:4\.122\.196\.|2\.9\.97\.1)16|(?:7\.106\.232\.1|8\.29\.4\.)78)|4(?:6\.1(?:91\.237\.118|07\.24\.210)|9\.128\.43\.241|1\.137\.24\.4)|3(?:1\.192\.111\.(?:[789]\d|6[89]|100)|6\.250\.229\.3[
245]))\b)/
+header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:8(?:4\.(?:82\.1(?:7(?:1\.234|9\.117)|23\.85)|22\.(?:53\.(?:190?|201)|197\.216))|3\.(?:106\.150\.78|86\.207\.130)|5\.(?:10\.203\.123|25\.150\.212)|2\.172\.22\.57|8\.20\.27\.174)|1(?:8\.(?:1(?:29\.166\.86|42\.19\.172|89\.11\.10)|41\.157\.3)|0\.(?:189\.168\.171|45\.140\.89)|9\.(?:110\.108\.92|73\.225\.13)|2\.220\.67\.130|6\.193\.90\.26)|2(?:1\.(?:1(?:34\.238\.129|82\.63\.196)|78\.1(?:16\.243|26\.228))|2\.(?:219\.138\.227|155\.9\.59)|5\.88\.123\.244|4\.160\.35\.2|0\.50\.86\.3)|9(?:8\.143\.1(?:50\.2(?:4[789]|5[012]|39)|28\.144)|2\.2(?:08\.185\.1(?:06|14)|27\.235\.155)|0\.107\.140\.76|3\.111\.62\.157|4\.105\.9\.85)|7(?:8\.(?:175\.159\.93|248\.43\.106)|3\.212\.20(?:5\.158|9\.30))|0(?:1\.(?:9\.205\.13|14\.89\.)0|6\.245\.250\.6)|62\.2(?:43\.213\.233|20\.57\.202)|59\.224\.80\.43)|2(?:1(?:1\.(?:23(?:(?:4\.117\.14|\.152\.1)9|3\.64\.110|2\.154\.6)|17(?:4\.178\.177|6\.76\.198))|8\.(?:234\.1(?:08\.13|7\.176)|38\.29\.68)|0\.(?:183\.179\.3[89]|48
\.156\.227)|2\.(?:146\.101\.154|87\.28\.201)|9\.(?:140\.69\.122|92\.57\.210)|3\.135\.113\.197)|0(?:2\.(?:1(?:18\.236\.178|97\.68\.201)|234\.40\.41|64\.73\.148)|3\.23(?:0\.112\.45|8\.64\.250|9\.45\.202))|2(?:1\.(?:214\.2(?:08\.226|14\.187)|178\.236\.19)|2\.(?:200\.182\.65|78\.247\.67)|0\.67\.90\.31)|3\.(?:231\.48\.(?:10|72)|94\.15\.143)|7\.117\.113\.20|\.230\.25\.144)|9(?:1\.2(?:18\.244\.(?:2(?:1[012345678]|2[23468]|0[2349]|4[0189]|3[34])|1(?:9[1234567]|36))|41\.187\.204)|5\.(?:211\.135\.83|85\.63\.150)|3\.90\.102\.194)|8(?:8\.(?:208\.2(?:31\.1(?:7[79]|29)|29\.1[38]9|09\.31)|198\.199\.35)|5\.1(?:85\.(?:30\.163|112\.8)|7\.27\.(?:123|98))|7\.204\.110\.176)|6(?:8\.65\.25(?:2\.1(?:89|90)|4\.251)|7\.2(?:10\.247\.2[06]|05\.67\.7)|0\.190\.92\.234|1\.38\.186\.117|2\.65\.133\.43)|4(?:6\.1(?:0(?:2\.187\.2(?:[5678]|2[89])|7\.24\.210)|91\.237\.118)|9\.128\.43\.241|1\.137\.24\.4)|5(?:8\.(?:225\.62\.145|64\.164\.116)|\.(?:133\.177\.122|255\.64\.250)|0\.193\.157\.62)|3(?:1\.192\.111\.(?:[789]\d|6[8
9]|100)|6\.250\.229\.32)|7(?:(?:7\.106\.232\.1|8\.29\.4\.)78|2\.9\.97\.116))\b)/
describe KHOP_SC_TOP200 Relay listed in SpamCop top 200 spammer IPs
tflags KHOP_SC_TOP200 nopublish
score KHOP_SC_TOP200 4 0 4 0 # unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score KHOP_SPAMHAUS_DROP_LE 2 0 2 0 #
# PSBL-neighbors: any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
# as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:8(?:6\.(?:1(?:3\.[1234]|22\.45)|37\.203)|3\.9(?:3\.114|5\.66)|1\.66\.15[67]|9\.126\.130|8\.73\.252)|1(?:1\.176\.(?:[67]|(?:12|8)[4567]|4[89]?|5[01]?)|6\.207\.(?:6[0123]|4[89]|5\d)|9\.36\.213)|7(?:1\.80\.(?:2(?:0[0123]|4[567])|1(?:6[89]|7[01]))|7\.(?:1(?:37\.19|1\.55)|36\.17))|0(?:3\.255\.193|9\.127\.80)|2(?:3\.136\.10|5\.60\.15)6|90\.234\.10[56]|30\.193\.147)|27\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|58\.(?:5(?:0\.1(?:[2345]|0[456789]|1\d)|4\.18[4567])|19\.19[01])|41\.254\.[56]|79\.106\.109)\.[012]?\d{1,2}\b)/
+header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:8(?:6\.(?:1(?:3\.[01234567]|22\.4[4567])|37\.203)|3\.9(?:3\.11[45]|5\.6[67])|1\.66\.15[67]|9\.126\.130|8\.73\.252)|1(?:1\.176\.(?:[67]|(?:12|8)[4567]|4[89]?|5[01]?)|6\.207\.(?:6[0123]|4[89]|5\d)|9\.36\.21[23]|3\.56\.249)|7(?:1\.80\.(?:2(?:0[0123]|4[567])|1(?:6[89]|7[01]))|7\.(?:1(?:37\.19|1\.55)|36\.(?:17|22)))|0(?:3\.2(?:40\.252|55\.193)|9\.127\.80)|9(?:0\.234\.10[56]|9\.19\.92)|2(?:3\.136\.10|5\.60\.15)6|30\.193\.147)|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|(?:01\.220\.24|12\.34\.1)2|4\.244\.23)|58\.(?:5(?:0\.1(?:[2345]|0[456789]|1\d)|4\.18[4567])|19\.19[01])|41\.254\.[2568]|79\.106\.109)\.[012]?\d{1,2}\b)/
describe KHOP_PSBL_CIDR24 Relay's IP/24 CIDR contains many PSBL hits
tflags KHOP_PSBL_CIDR24 nopublish
score KHOP_PSBL_CIDR24 2 0.6 2 0.6