You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/08/25 04:16:06 UTC
svn commit: r1620253 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Mon Aug 25 02:16:06 2014
New Revision: 1620253

URL: http://svn.apache.org/r1620253
Log:
More FP avoidance, add some metas

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1620253&r1=1620252&r2=1620253&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Aug 25 02:16:06 2014
@@ -1238,7 +1238,7 @@ body        __URI_DBL_PROTO    m,\b(?:ht
 
 uri         __URI_DOS_FILE     /^[A-Z]:\\/i
 
-meta        __FORM_LOW_CONTRAST   (__FILL_THIS_FORM_SHORT2 || __FILL_THIS_FORM_SHORT2) && HTML_FONT_LOW_CONTRAST
+meta        __FORM_LOW_CONTRAST   (__FILL_THIS_FORM_SHORT2 || __FILL_THIS_FORM_SHORT2) && __HTML_FONT_LOW_CONTRAST_MINFP
 meta        FORM_LOW_CONTRAST     __FORM_LOW_CONTRAST && !__BUGGED_IMG && !__HAS_REPLY_TO && !__DKIM_EXISTS && !__DOS_HAS_LIST_UNSUB && !__MSGID_JAVAMAIL
 describe    FORM_LOW_CONTRAST     Fill in a form with hidden text
 score       FORM_LOW_CONTRAST     3.00	# Limit
@@ -1246,7 +1246,24 @@ tflags      FORM_LOW_CONTRAST     publis
 
 
 # try to FP-reduce HTML_FONT_LOW_CONTRAST
-meta        __HTML_FONT_LOW_CONTRAST_MINFP	HTML_FONT_LOW_CONTRAST && !__RCD_RDNS_MAIL && !__DOS_HAS_LIST_UNSUB && !__MAIL_LINK
+meta        __HTML_FONT_LOW_CONTRAST_MINFP	HTML_FONT_LOW_CONTRAST && !__VIA_ML && !__RP_MATCHES_RCVD && !__RCD_RDNS_MAIL && !__DKIM_EXISTS 
+
+# some no-ham combinations
+meta        GAPPY_LOW_CONTRAST    __HTML_FONT_LOW_CONTRAST_MINFP && __GAPPY_SUBJECT 
+describe    GAPPY_LOW_CONTRAST    Gappy subject + hidden text
+score       GAPPY_LOW_CONTRAST    2.500   # limit
+
+meta        URI_ONLY_LOW_CONTRAST __HTML_FONT_LOW_CONTRAST_MINFP && __BODY_URI_ONLY 
+score       URI_ONLY_LOW_CONTRAST 2.500   # limit
+
+meta        SUBJ_OBFU_LOW_CNTRST  __HTML_FONT_LOW_CONTRAST_MINFP && SUBJ_OBFU_PUNCT_FEW 
+describe    SUBJ_OBFU_LOW_CNTRST  Subject obfuscation + hidden text
+score       SUBJ_OBFU_LOW_CNTRST  2.500   # limit
+
+meta        URI_DOTDOT_LOW_CNTRST __HTML_FONT_LOW_CONTRAST_MINFP && __URI_DOM_DOTDOT
+describe    URI_DOTDOT_LOW_CNTRST Suspicious URI + hidden text
+score       URI_DOTDOT_LOW_CNTRST 2.500   # limit
+
 
 uri         __URI_DOM_DOTDOT      m,://[^/]+\.\.,
 
@@ -1269,6 +1286,9 @@ tflags      FOUND_YOU          publish
 #describe    ADMITS_CANSPAM    Admits to being spam
 
 body        __ADMITS_SPAM     /\bth(?:e[- ]+above|is)(?:\?+s|[- ]+is)[- ]+(?:intended[- ]+as[- ]+)?an?[- ]+advert[i1l]sement\b/i
+meta        ADMITS_SPAM       __ADMITS_SPAM && !__TO___LOWER 
+describe    ADMITS_SPAM       Admits this is an ad
+
 #body        __OBFU_ADVERT     /\badvert[1l]sement\b/i
 #meta        OBFU_ADVERT       __OBFU_ADVERT
 #describe    OBFU_ADVERT       Misspelled "advertisement"
@@ -1320,8 +1340,18 @@ header      __TO___LOWER       ALL =~ /t
 header      __DATE_LOWER       ALL =~ /date:\s\S{5}/
 
 header      __FH_HAS_XMSMAIL   exists:X-MSMail-Priority
-header      __FH_HAS_XPRIORITY exists:X-Priority
-meta        __FH_HAS_XPRIORITY_MINFP     __FH_HAS_XPRIORITY && !ALL_TRUSTED && !__PHPMAILER_MUA && !__BUGGED_IMG && !__HAS_ERRORS_TO && !__LCL__ENV_AND_HDR_FROM_MATCH && !__THREADED && !__VIA_ML
+
+# duplicates __XPRIO
+#header      __FH_HAS_XPRIORITY exists:X-Priority
+meta        XPRIO              __XPRIO && !ALL_TRUSTED && !__PHPMAILER_MUA && !__BUGGED_IMG && !__HAS_ERRORS_TO && !__LCL__ENV_AND_HDR_FROM_MATCH && !__THREADED && !__VIA_ML
+describe    XPRIO              Has X-Priority header
+score       XPRIO              2.500   # limit
+
+# some no-ham combinations
+
+meta        FROM_MISSP_XPRIO   __XPRIO && __FROM_MISSPACED 
+describe    FROM_MISSP_XPRIO   Misspaced FROM + X-Priority
+
 
 header      __FS_SUBJ_RE       Subject =~ /^Re: /
 header      __NUMBERS_IN_SUBJ  Subject =~ /\d{3}/
@@ -1589,7 +1619,7 @@ describe       URI_DQ_UNSUB     IP-addre
 tflags         URI_DQ_UNSUB     publish
 
 uri            __URI_GOOGLE_PROXY     m;^https?://[^.]+\.googleusercontent\.com/proxy/;i
-meta           URI_GOOGLE_PROXY       __URI_GOOGLE_PROXY && !__LONGLINE && !__ML1 && !__FSL_RELAY_GOOGLE && !__RP_MATCHES_RCVD 
+meta           URI_GOOGLE_PROXY       __URI_GOOGLE_PROXY && !__LONGLINE && !__ML1 && !__FSL_RELAY_GOOGLE && !__RP_MATCHES_RCVD && !__FROM_LOWER && !__RCD_RDNS_MAIL 
 describe       URI_GOOGLE_PROXY       Accessing a blacklisted URI via Google proxy?