You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2011/11/01 23:34:28 UTC

svn commit: r1196336 - /spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf

Author: kmcgrail
Date: Tue Nov  1 22:34:28 2011
New Revision: 1196336

URL: http://svn.apache.org/viewvc?rev=1196336&view=rev
Log:
Dynamic Helo Rules for Testing per Bug 6522

Added:
    spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf

Added: spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf?rev=1196336&view=auto
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf (added)
+++ spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf Tue Nov  1 22:34:28 2011
@@ -0,0 +1,43 @@
+# SpamAssassin rules file: kam sandbox
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at:
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </...@LICENSE>
+#
+###########################################################################
+
+#TESTING OF RULES FOR https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6487
+
+#rule that excludes the dotted-quad HELOs caught by RCVD_NUMERIC_HELO
+header 		CK_HELO_DYNAMIC_SPLIT_IP 	X-Spam-Relays-Untrusted =~ /^[^\]]+helo=(?!(?:\d+\.){4})\d+[^\d\s]+\d+[^\d\s]\d+[^\d\s]\d+[^\d\s]/i
+describe 	CK_HELO_DYNAMIC_SPLIT_IP	Relay HELO'd using suspicious hostname (Split IP)
+score		CK_HELO_DYNAMIC_SPLIT_IP	3.0
+
+header 		CK_HELO_DYNAMIC_POOL   	X-Spam-Relays-Untrusted =~ /^[^\]]+helo=(?=\S*(?:pool|dyna|lease|dial|dip|static))\S*\d+[^\d\s]+\d+[^\]]+ auth= /i
+describe	CK_HELO_DYNAMIC_POOL	Relay used name indicative of a Dynamic Pool
+score		CK_HELO_DYNAMIC_POOL	0.25
+
+header   __HELO_MISC_IP        	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^a-z\?]\S{0,30}(?:\d{1,3}[^\d]){4}[^\]]+ auth= /i
+
+meta     	HELO_MISC_IP          	(__HELO_MISC_IP && !HELO_DYNAMIC_IPADDR && !HELO_DYNAMIC_IPADDR2 && !FH_HELO_EQ_D_D_D_D && !HELO_DYNAMIC_SPLIT_IP && !HELO_DYNAMIC_HCC && !HELO_DYNAMIC_DIALIN && ((TVD_RCVD_IP4 + TVD_RCVD_IP + RCVD_NUMERIC_HELO) <2))
+describe	HELO_MISC_IP		Looking for more Dynamic IP Relays
+score		HELO_MISC_IP		0.25
+
+#EOF