You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/08/25 04:16:06 UTC
svn commit: r1620253 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Mon Aug 25 02:16:06 2014
New Revision: 1620253
URL: http://svn.apache.org/r1620253
Log:
More FP avoidance, add some metas
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1620253&r1=1620252&r2=1620253&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Mon Aug 25 02:16:06 2014
@@ -1238,7 +1238,7 @@ body __URI_DBL_PROTO m,\b(?:ht
uri __URI_DOS_FILE /^[A-Z]:\\/i
-meta __FORM_LOW_CONTRAST (__FILL_THIS_FORM_SHORT2 || __FILL_THIS_FORM_SHORT2) && HTML_FONT_LOW_CONTRAST
+meta __FORM_LOW_CONTRAST (__FILL_THIS_FORM_SHORT2 || __FILL_THIS_FORM_SHORT2) && __HTML_FONT_LOW_CONTRAST_MINFP
meta FORM_LOW_CONTRAST __FORM_LOW_CONTRAST && !__BUGGED_IMG && !__HAS_REPLY_TO && !__DKIM_EXISTS && !__DOS_HAS_LIST_UNSUB && !__MSGID_JAVAMAIL
describe FORM_LOW_CONTRAST Fill in a form with hidden text
score FORM_LOW_CONTRAST 3.00 # Limit
@@ -1246,7 +1246,24 @@ tflags FORM_LOW_CONTRAST publis
# try to FP-reduce HTML_FONT_LOW_CONTRAST
-meta __HTML_FONT_LOW_CONTRAST_MINFP HTML_FONT_LOW_CONTRAST && !__RCD_RDNS_MAIL && !__DOS_HAS_LIST_UNSUB && !__MAIL_LINK
+meta __HTML_FONT_LOW_CONTRAST_MINFP HTML_FONT_LOW_CONTRAST && !__VIA_ML && !__RP_MATCHES_RCVD && !__RCD_RDNS_MAIL && !__DKIM_EXISTS
+
+# some no-ham combinations
+meta GAPPY_LOW_CONTRAST __HTML_FONT_LOW_CONTRAST_MINFP && __GAPPY_SUBJECT
+describe GAPPY_LOW_CONTRAST Gappy subject + hidden text
+score GAPPY_LOW_CONTRAST 2.500 # limit
+
+meta URI_ONLY_LOW_CONTRAST __HTML_FONT_LOW_CONTRAST_MINFP && __BODY_URI_ONLY
+score URI_ONLY_LOW_CONTRAST 2.500 # limit
+
+meta SUBJ_OBFU_LOW_CNTRST __HTML_FONT_LOW_CONTRAST_MINFP && SUBJ_OBFU_PUNCT_FEW
+describe SUBJ_OBFU_LOW_CNTRST Subject obfuscation + hidden text
+score SUBJ_OBFU_LOW_CNTRST 2.500 # limit
+
+meta URI_DOTDOT_LOW_CNTRST __HTML_FONT_LOW_CONTRAST_MINFP && __URI_DOM_DOTDOT
+describe URI_DOTDOT_LOW_CNTRST Suspicious URI + hidden text
+score URI_DOTDOT_LOW_CNTRST 2.500 # limit
+
uri __URI_DOM_DOTDOT m,://[^/]+\.\.,
@@ -1269,6 +1286,9 @@ tflags FOUND_YOU publish
#describe ADMITS_CANSPAM Admits to being spam
body __ADMITS_SPAM /\bth(?:e[- ]+above|is)(?:\?+s|[- ]+is)[- ]+(?:intended[- ]+as[- ]+)?an?[- ]+advert[i1l]sement\b/i
+meta ADMITS_SPAM __ADMITS_SPAM && !__TO___LOWER
+describe ADMITS_SPAM Admits this is an ad
+
#body __OBFU_ADVERT /\badvert[1l]sement\b/i
#meta OBFU_ADVERT __OBFU_ADVERT
#describe OBFU_ADVERT Misspelled "advertisement"
@@ -1320,8 +1340,18 @@ header __TO___LOWER ALL =~ /t
header __DATE_LOWER ALL =~ /date:\s\S{5}/
header __FH_HAS_XMSMAIL exists:X-MSMail-Priority
-header __FH_HAS_XPRIORITY exists:X-Priority
-meta __FH_HAS_XPRIORITY_MINFP __FH_HAS_XPRIORITY && !ALL_TRUSTED && !__PHPMAILER_MUA && !__BUGGED_IMG && !__HAS_ERRORS_TO && !__LCL__ENV_AND_HDR_FROM_MATCH && !__THREADED && !__VIA_ML
+
+# duplicates __XPRIO
+#header __FH_HAS_XPRIORITY exists:X-Priority
+meta XPRIO __XPRIO && !ALL_TRUSTED && !__PHPMAILER_MUA && !__BUGGED_IMG && !__HAS_ERRORS_TO && !__LCL__ENV_AND_HDR_FROM_MATCH && !__THREADED && !__VIA_ML
+describe XPRIO Has X-Priority header
+score XPRIO 2.500 # limit
+
+# some no-ham combinations
+
+meta FROM_MISSP_XPRIO __XPRIO && __FROM_MISSPACED
+describe FROM_MISSP_XPRIO Misspaced FROM + X-Priority
+
header __FS_SUBJ_RE Subject =~ /^Re: /
header __NUMBERS_IN_SUBJ Subject =~ /\d{3}/
@@ -1589,7 +1619,7 @@ describe URI_DQ_UNSUB IP-addre
tflags URI_DQ_UNSUB publish
uri __URI_GOOGLE_PROXY m;^https?://[^.]+\.googleusercontent\.com/proxy/;i
-meta URI_GOOGLE_PROXY __URI_GOOGLE_PROXY && !__LONGLINE && !__ML1 && !__FSL_RELAY_GOOGLE && !__RP_MATCHES_RCVD
+meta URI_GOOGLE_PROXY __URI_GOOGLE_PROXY && !__LONGLINE && !__ML1 && !__FSL_RELAY_GOOGLE && !__RP_MATCHES_RCVD && !__FROM_LOWER && !__RCD_RDNS_MAIL
describe URI_GOOGLE_PROXY Accessing a blacklisted URI via Google proxy?