You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2010/03/28 18:32:00 UTC
svn commit: r928445 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Author: khopesh
Date: Sun Mar 28 16:32:00 2010
New Revision: 928445

URL: http://svn.apache.org/viewvc?rev=928445&view=rev
Log:
added PSBL-neighbors

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=928445&r1=928444&r2=928445&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Sun Mar 28 16:32:00 2010
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf	v 2010032718
+## khop-sc-neighbors.cf	v 2010032810
 ## Khopesh's syndication of SpamCop's top offenders and top offending networks.
 ## 
 ## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@
 
 # http://spamcop.net/w3m?action=map;net=0;sort=spamcnt
 # Due to the massive block size, this rule only examines the last untrusted
-header	 KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^]]* (?:by|ip)=(?-xism:\b(?:9[24]|1?89)(?:\.[012]?\d{1,2}){3}\b) /
+header	 KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^]]* (?:by|ip)=(?-xism:\b(?:9[24]|117|89)(?:\.[012]?\d{1,2}){3}\b) /
 describe KHOP_SC_CIDR8  Relay listed in SpamCop top 8 IP/8 CIDRs
 tflags	 KHOP_SC_CIDR8  nopublish
 score	 KHOP_SC_CIDR8  0.1 0.01 0.1 0.01
@@ -39,14 +39,14 @@ score	 KHOP_SC_TOP_CIDR8  0.6 0.5 0.8 0.
 
 
 # http://www.spamcop.net/w3m?action=map;net=bmaxcnt;mask=16777215;sort=spamcnt
-header	 KHOP_SC_CIDR16  Received =~ /(?-xism:\b(?:1(?:2(?:2\.16[48]|3\.23)|13\.22)|41\.140|93\.41)(?:\.[012]?\d{1,2}){2}\b)/
+header	 KHOP_SC_CIDR16  Received =~ /(?-xism:\b(?:1(?:2(?:2\.16[48]|3\.238)|13\.22)|41\.140|59\.92)(?:\.[012]?\d{1,2}){2}\b)/
 describe KHOP_SC_CIDR16  Relay listed in SpamCop top 12 IP/16 CIDRs
 tflags	 KHOP_SC_CIDR16  nopublish
 score	 KHOP_SC_CIDR16  0.6 0.5 0.9 0.75
 # 0.7444/0.0129 spam/ham, 0.983 s/o @ 20100211
 # 0.5943/0.0139 spam/ham, 0.977 s/o @ 20100325
 
-header	 KHOP_SC_TOP_CIDR16  Received =~ /(?-xism:\b(?:1(?:23\.2(?:38|7)|8[36]\.87)|41\.141|92\.47)(?:\.[012]?\d{1,2}){2}\b)/
+header	 KHOP_SC_TOP_CIDR16  Received =~ /(?-xism:\b(?:1(?:8[36]\.8|23\.2)7|9(?:2\.47|3\.41)|41\.141)(?:\.[012]?\d{1,2}){2}\b)/
 describe KHOP_SC_TOP_CIDR16  Relay listed in SpamCop top 6 IP/16 CIDRs
 tflags	 KHOP_SC_TOP_CIDR16  nopublish
 score	 KHOP_SC_TOP_CIDR16  0.9 0.8 1.3 1.2
@@ -59,7 +59,7 @@ score	 KHOP_SC_TOP_CIDR16  0.9 0.8 1.3 1
 
 
 # http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:2(?:0(?:3\.82\.(?:81|94)|2\.152\.243|5\.209\.97)|12\.63\.221)|72\.21\.6)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:2(?:0(?:3\.82\.(?:81|94)|5\.209\.97)|12\.63\.221)|189\.112\.218|72\.21\.6)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_CIDR24  Relay listed in SpamCop top 12 IP/24 CIDRs
 tflags	 KHOP_SC_CIDR24  nopublish
 score	 KHOP_SC_CIDR24  0.9 0.8 1.3 1.2
@@ -76,7 +76,7 @@ score	 KHOP_SC_TOP_CIDR24  1.7 1.5 1.9 1
 
 
 # http://www.spamcop.net/w3m?action=hoshame
-header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:2(?:1(?:3\.(?:1(?:63\.116\.(?:1(?:1[08]|46?|38|74|82)|2(?:2[26]?|[13]0)|[48]6|78)|98\.(?:11(?:3\.1(?:44|9)|1\.207|2\.90)|25\.33))|226\.144\.65)|1\.(?:1(?:15\.202\.4[126]|91\.174\.141|71\.31\.100)|2(?:4\.209\.253|25\.30\.85))|2\.(?:1(?:56\.(?:123\.250|88\.102)|75\.53\.110)|52\.148\.109|63\.221\.10)|7\.(?:1(?:74\.229\.221|14\.11\.35|68\.64\.58)|76\.[24]\.129)|6\.(?:230\.133\.69|155\.39\.23)|0\.(?:212\.220\.106|5\.68\.20)|8\.158\.156\.103|9\.143\.156\.112)|0(?:2\.(?:4(?:3\.18(?:2\.178|1\.7)|2\.133\.58)|(?:175\.232\.25|87\.47\.13)0|93\.37\.11[34])|3\.(?:1(?:2(?:1\.88\.162|9\.231\.66)|12\.192\.26|99\.72\.228)|249\.162\.7)|0\.(?:104\.58\.227|95\.162\.200|80\.140\.61|33\.214\.2|6\.193\.89)|1\.(?:2(?:51\.76\.13|28\.3\.)2|144\.87\.36)|9\.(?:222\.0\.(?:13|29)|94\.196\.170)|(?:4\.116\.231\.14|7\.248\.51\.15)8|5\.209\.97\.(?:15[03]|201))|2(?:0\.(?:227\.1(?:4\.141|13\.9)|149\.255\.194)|2\.(?:124\.156\.231|252\.223\.2)|1\.143\.(?:109\.250|
 46\.33)))|1(?:2(?:1\.(?:1(?:\.(?:37\.14[567]|18\.244)|68\.226\.231)|241\.168\.162)|2\.(?:1(?:66\.60\.118|80\.6\.30)|252\.2(?:46\.23|34\.7)4)|3\.(?:1(?:40\.250\.254|6\.147\.68)|255\.248\.99)|4\.(?:124\.(?:52\.16|43\.3)|217\.216\.11)2|5\.2(?:12\.73\.60|2\.85\.134))|9(?:0\.(?:2(?:04\.59\.234|6\.67\.230|7\.80\.93)|86\.207\.218|145\.51\.66|96\.68\.179)|5\.(?:1(?:89\.46\.253|60\.253\.4)|24\.(?:209\.14|93\.252))|3\.10(?:8\.(?:255\.130|38\.228)|7\.184\.192)|4\.212\.158\.162|6\.12\.226\.220)|1(?:2\.(?:133\.128\.140|221\.100\.172)|8\.1(?:02\.131\.131|31\.101\.164)|5\.11(?:8\.134\.54|3\.51\.10)|1\.224\.250\.13[02345]|6\.50\.191\.198|7\.110\.24\.250)|7(?:3\.(?:45\.96\.(?:2(?:1[025678]|0[3579])|1(?:9[23578]|00)|9[89])|161\.201\.158)|4\.(?:121\.63\.141|51\.89\.104))|8(?:6\.24\.(?:1[6789]|2[0123])\.3|9\.112\.218\.234|0\.149\.96\.90)|48\.233\.150\.147|68\.187\.187\.193|51\.76\.31\.58)|8(?:0\.(?:1(?:79\.231\.205|22\.70\.11)|93\.12(?:5\.186|4\.1))|2\.1(?:14\.(?:7(?:8\.11|0\.5)4|65\.246)|40\.9
 1\.41)|9\.(?:161\.141\.147|211\.46\.210)|4\.22\.(?:56\.50|63\.74)|8\.48\.39\.138|3\.234\.89\.2)|6(?:1\.(?:7\.2(?:31\.23|41\.7)0|28\.150\.162|97\.112\.18|19\.71\.74)|4\.(?:187\.117\.71|70\.190\.10)|9\.176\.148\.173|2\.162\.24\.170|5\.112\.148\.45)|7(?:(?:2\.(?:34\.65\.11|21\.6\.2)|9\.101\.99\.15)4|7\.(?:73\.139\.2|23\.0\.19)|4\.50\.85\.(?:227|18)|0\.165\.35\.242|1\.8\.69\.7)|9(?:3\.(?:91\.196\.(?:132|99)|87\.53\.130|188\.9\.34)|9\.245\.130\.201|1\.150\.127\.93|7\.67\.160\.34)|58\.27\.196\.84)\b)/
+header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:2(?:1(?:3\.(?:1(?:63\.116\.(?:1(?:1[08]|46?|38|74|82)|2(?:2[26]?|[13]0)|46|78)|98\.11(?:3\.1(?:44|9)|1\.207|2\.90))|226\.144\.65)|1\.(?:1(?:15\.202\.4[126]|91\.174\.141|71\.31\.100)|2(?:4\.209\.253|25\.30\.85))|2\.(?:(?:1(?:56\.123\.25|75\.53\.11)|63\.221\.1)0|52\.148\.109)|7\.(?:1(?:74\.229\.221|14\.11\.35)|76\.[24]\.129)|9\.(?:143\.156\.112|95\.148\.97)|6\.(?:230\.133\.69|155\.39\.23)|0\.(?:206\.236\.18|5\.68\.20)|8\.158\.156\.103)|0(?:2\.(?:(?:1(?:75\.232\.25|64\.52\.10)|87\.47\.13)0|4(?:3\.18(?:2\.178|1\.7)|2\.133\.58)|93\.37\.11[34])|0\.(?:1(?:11\.161\.194|04\.58\.227)|95\.162\.200|80\.140\.61|33\.214\.2|6\.193\.89)|3\.(?:1(?:2(?:1\.88\.162|9\.231\.66)|12\.192\.26|66\.207\.18)|249\.162\.7)|9\.(?:222\.0\.(?:13|29)|94\.196\.170)|1\.(?:144\.87\.36|228\.3\.2)|5\.209\.97\.(?:15[03]|201)|7\.248\.51\.158)|2(?:0\.(?:227\.1(?:4\.141|13\.9)|149\.255\.194)|2\.(?:124\.156\.231|252\.223\.2)|1\.143\.(?:109\.250|46\.33)))|1(?:9(?:0\.(?
 :(?:14(?:6\.247\.8|5\.51\.6)|60\.100\.10)6|2(?:04\.59\.234|6\.67\.230|7\.80\.93)|34\.154\.204|86\.207\.218|96\.68\.179)|5\.(?:1(?:89\.46\.253|60\.253\.4)|24\.93\.252|95\.223\.26)|6\.1(?:\.209\.(?:83|98)|2\.226\.220)|3\.10(?:7\.184\.192|8\.38\.228))|2(?:1\.(?:1(?:(?:68\.226\.23|90\.176\.16)1|\.(?:37\.14[567]|18\.244))|241\.168\.162)|2\.(?:1(?:66\.60\.118|80\.6\.30)|252\.2(?:46\.23|34\.7)4)|3\.(?:1(?:40\.250\.254|6\.147\.68)|255\.248\.99)|4\.(?:217\.216\.11|124\.43\.3)2|5\.2(?:12\.73\.60|2\.85\.134))|7(?:3\.(?:45\.96\.(?:2(?:1[02578]|0[0237])|1(?:9[235678]|00)|9[89])|161\.201\.158|79\.15\.189)|4\.(?:121\.63\.141|51\.89\.104))|1(?:8\.1(?:02\.131\.131|31\.101\.164)|1\.224\.250\.13[02345]|2\.221\.100\.172|5\.118\.134\.54|6\.50\.191\.198|7\.110\.24\.250)|8(?:9\.(?:112\.218\.234|72\.230\.76)|6\.24\.(?:1[6789]|2[0123])\.3)|48\.233\.150\.147|68\.187\.187\.193|51\.76\.31\.58)|8(?:0\.(?:1(?:79\.231\.205|22\.70\.11)|93\.12(?:5\.186|4\.1))|2\.1(?:14\.(?:7(?:8\.11|0\.5)4|65\.246)|40\.91\.
 41)|9\.2(?:36\.202\.134|11\.46\.210)|4\.22\.(?:56\.50|63\.74)|8\.48\.39\.138|3\.234\.89\.2|5\.154\.5\.90)|7(?:(?:2\.(?:92\.89\.24|21\.6\.2)|9\.101\.99\.15)4|7\.(?:120\.192\.66|22\.162\.99|73\.139\.2)|1\.(?:197\.102\.19|8\.69\.7)|4\.50\.85\.(?:227|18)|0\.165\.35\.242)|9(?:3\.(?:91\.196\.(?:132|99)|87\.53\.130|188\.9\.34)|(?:8\.108\.72\.11|7\.67\.160\.3)4|9\.245\.130\.201|1\.150\.127\.93)|6(?:1\.(?:7\.2(?:31\.23|41\.7)0|28\.150\.162|19\.71\.74)|3\.255\.22\.42|4\.70\.190\.10)|41\.215\.18\.110|58\.27\.196\.84)\b)/
 describe KHOP_SC_TOP200  Relay listed in SpamCop top 200 spammer IPs
 tflags	 KHOP_SC_TOP200  nopublish
 score	 KHOP_SC_TOP200  3.4 3.2 3.7 3.5
@@ -97,3 +97,13 @@ if (! plugin(Mail::SpamAssassin::Plugin:
   score  KHOP_SC_TOP200 	 4.6	# RCVD_IN_BL_SPAMCOP_NET + RCVD_IN_XBL++
 endif
 
+# PSBL-neighbors appending, updated Sun Mar 28 14:58:35 2010 (UTC)
+header	 KHOP_PSBL_CIDR24	X-Spam-Relay-Untrusted =~ /(?-xism:\b(?:1(?:1(?:3\.(?:16(?:7\.1(?:3[01])?|8\.1(?:36|41)|2\.(?:80|97))|22\.(?:6?8|10|9))|8\.(?:6(?:8\.19[26]|9\.13[89])|71\.(?:10|68))|5\.147\.(?:2(?:3[0127]|0[123]|29)|192)|7\.24(?:1\.25[23]|2\.28))|23\.1(?:7\.(?:22[489]|165)|8\.177)|49\.254\.48|80\.234\.3)|2(?:0(?:2\.(?:70\.5[489]|152\.243)|3\.82\.(?:9[234]|8[01]))|22\.252\.157|13\.87\.76)|8(?:1\.192\.(?:199|211)|5\.26\.(?:164|241)|2\.178\.69|3\.149\.3)|5(?:8\.186\.(?:21[6789]|12)|9\.98\.152)|41\.(?:1(?:40\.251|89\.193)|254\.[12])|6(?:1\.19\.6[567]|2\.61\.164))\.[012]?\d{1,2} )/
+describe KHOP_PSBL_CIDR24	Relay's IP/24 CIDR contains many PSBL hits
+tflags	 KHOP_PSBL_CIDR24	nopublish # for khop-sc-neighbors, not SA proper
+score	 KHOP_PSBL_CIDR24	1.8 1.0 1.8 1.1
+
+if (! plugin(Mail::SpamAssassin::Plugin::DNSEval) )
+  score  KHOP_PSBL_CIDR24	(0) (1.5) (0) (1.5)
+endif
+