You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2011/11/01 23:34:28 UTC
svn commit: r1196336 -
/spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf
Author: kmcgrail
Date: Tue Nov 1 22:34:28 2011
New Revision: 1196336
URL: http://svn.apache.org/viewvc?rev=1196336&view=rev
Log:
Dynamic Helo Rules for Testing per Bug 6522
Added:
spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf
Added: spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf?rev=1196336&view=auto
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf (added)
+++ spamassassin/trunk/rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf Tue Nov 1 22:34:28 2011
@@ -0,0 +1,43 @@
+# SpamAssassin rules file: kam sandbox
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </...@LICENSE>
+#
+###########################################################################
+
+#TESTING OF RULES FOR https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6487
+
+#rule that excludes the dotted-quad HELOs caught by RCVD_NUMERIC_HELO
+header CK_HELO_DYNAMIC_SPLIT_IP X-Spam-Relays-Untrusted =~ /^[^\]]+helo=(?!(?:\d+\.){4})\d+[^\d\s]+\d+[^\d\s]\d+[^\d\s]\d+[^\d\s]/i
+describe CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP)
+score CK_HELO_DYNAMIC_SPLIT_IP 3.0
+
+header CK_HELO_DYNAMIC_POOL X-Spam-Relays-Untrusted =~ /^[^\]]+helo=(?=\S*(?:pool|dyna|lease|dial|dip|static))\S*\d+[^\d\s]+\d+[^\]]+ auth= /i
+describe CK_HELO_DYNAMIC_POOL Relay used name indicative of a Dynamic Pool
+score CK_HELO_DYNAMIC_POOL 0.25
+
+header __HELO_MISC_IP X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^a-z\?]\S{0,30}(?:\d{1,3}[^\d]){4}[^\]]+ auth= /i
+
+meta HELO_MISC_IP (__HELO_MISC_IP && !HELO_DYNAMIC_IPADDR && !HELO_DYNAMIC_IPADDR2 && !FH_HELO_EQ_D_D_D_D && !HELO_DYNAMIC_SPLIT_IP && !HELO_DYNAMIC_HCC && !HELO_DYNAMIC_DIALIN && ((TVD_RCVD_IP4 + TVD_RCVD_IP + RCVD_NUMERIC_HELO) <2))
+describe HELO_MISC_IP Looking for more Dynamic IP Relays
+score HELO_MISC_IP 0.25
+
+#EOF