You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by qu...@apache.org on 2004/05/22 07:17:41 UTC
svn commit: rev 20206 - incubator/spamassassin/trunk/rules
Author: quinlan
Date: Fri May 21 22:17:41 2004
New Revision: 20206
Modified:
incubator/spamassassin/trunk/rules/70_testing.cf
Log:
try using -firsttrusted for most DNSBL tests
Modified: incubator/spamassassin/trunk/rules/70_testing.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/70_testing.cf (original)
+++ incubator/spamassassin/trunk/rules/70_testing.cf Fri May 21 22:17:41 2004
@@ -250,7 +250,103 @@
header T_SUBJECT_SEXUAL_2 Subject =~ /[s5][e3\xE8-\xEB]x[u\xB5\xF9-\xFC][a4\xE0-\xE6@][l!|1](?:[l!|1]y)?.{0,2}[e3\xE8-\xEB]xp[l!|1][i1!|l\xEC-\xEF]c[i1!|l\xEC-\xEF]t/i
header T_SUBJECT_SEXUAL_3 Subject =~ /[s5].?[e3\xE8-\xEB].?x.?[u\xB5\xF9-\xFC].?[a4\xE0-\xE6@].?[l!|1].?(?:[l!|1].?y.?)?.{0,2}[e3\xE8-\xEB].?x.?p.?[l!|1].?[i1!|l\xEC-\xEF].?c.?[i1!|l\xEC-\xEF].?t/i
-# try final IP address only - suggestion from Spamhaus
-header T_RCVD_IN_XBL eval:check_rbl('sblxbl-firsttrusted', 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
-describe T_RCVD_IN_XBL Received from a relay in Spamhaus XBL
+########################################################################
+# Spamhaus suggested only testing final external IP with XBL, but try
+# technique on most blacklists since it helps so much with XBL
+# (just prefixed set name with 'x' and added T_ to start of test name)
+
+header __T_RCVD_IN_NJABL eval:check_rbl('xnjabl-firsttrusted', 'dnsbl.njabl.org.')
+describe __T_RCVD_IN_NJABL Received via a relay in dnsbl.njabl.org
+tflags __T_RCVD_IN_NJABL net
+
+header T_RCVD_IN_NJABL_RELAY eval:check_rbl_sub('xnjabl-firsttrusted', '127.0.0.2')
+describe T_RCVD_IN_NJABL_RELAY NJABL: sender is confirmed open relay
+tflags T_RCVD_IN_NJABL_RELAY net
+
+header T_RCVD_IN_NJABL_DIALUP eval:check_rbl('xnjabl-firsttrusted', 'dnsbl.njabl.org.', '127.0.0.3')
+describe T_RCVD_IN_NJABL_DIALUP NJABL: dialup sender did non-local SMTP
+tflags T_RCVD_IN_NJABL_DIALUP net
+
+header T_RCVD_IN_NJABL_SPAM eval:check_rbl_sub('xnjabl-firsttrusted', '127.0.0.4')
+describe T_RCVD_IN_NJABL_SPAM NJABL: sender is confirmed spam source
+tflags T_RCVD_IN_NJABL_SPAM net
+
+header T_RCVD_IN_NJABL_MULTI eval:check_rbl_sub('xnjabl-firsttrusted', '127.0.0.5')
+describe T_RCVD_IN_NJABL_MULTI NJABL: sent through multi-stage open relay
+tflags T_RCVD_IN_NJABL_MULTI net
+
+header T_RCVD_IN_NJABL_CGI eval:check_rbl_sub('xnjabl-firsttrusted', '127.0.0.8')
+describe T_RCVD_IN_NJABL_CGI NJABL: sender is an open formmail
+tflags T_RCVD_IN_NJABL_CGI net
+
+header T_RCVD_IN_NJABL_PROXY eval:check_rbl_sub('xnjabl-firsttrusted', '127.0.0.9')
+describe T_RCVD_IN_NJABL_PROXY NJABL: sender is an open proxy
+tflags T_RCVD_IN_NJABL_PROXY net
+
+header __T_RCVD_IN_SORBS eval:check_rbl('xsorbs-firsttrusted', 'dnsbl.sorbs.net.')
+describe __T_RCVD_IN_SORBS SORBS: sender is listed in SORBS
+tflags __T_RCVD_IN_SORBS net
+
+header T_RCVD_IN_SORBS_HTTP eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.2')
+describe T_RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server
+tflags T_RCVD_IN_SORBS_HTTP net
+
+header T_RCVD_IN_SORBS_MISC eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.3')
+describe T_RCVD_IN_SORBS_MISC SORBS: sender is open proxy server
+tflags T_RCVD_IN_SORBS_MISC net
+
+header T_RCVD_IN_SORBS_SMTP eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.4')
+describe T_RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay
+tflags T_RCVD_IN_SORBS_SMTP net
+
+header T_RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.5')
+describe T_RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
+tflags T_RCVD_IN_SORBS_SOCKS net
+
+#header T_RCVD_IN_SORBS_SPAM eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.6')
+#describe T_RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
+#tflags T_RCVD_IN_SORBS_SPAM net
+
+header T_RCVD_IN_SORBS_WEB eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.7')
+describe T_RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server
+tflags T_RCVD_IN_SORBS_WEB net
+
+header T_RCVD_IN_SORBS_BLOCK eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.8')
+describe T_RCVD_IN_SORBS_BLOCK SORBS: sender demands to never be tested
+tflags T_RCVD_IN_SORBS_BLOCK net
+
+header T_RCVD_IN_SORBS_ZOMBIE eval:check_rbl_sub('xsorbs-firsttrusted', '127.0.0.9')
+describe T_RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network
+tflags T_RCVD_IN_SORBS_ZOMBIE net
+
+header T_RCVD_IN_SORBS_DUL eval:check_rbl('xsorbs-firsttrusted', 'dnsbl.sorbs.net.', '127.0.0.10')
+describe T_RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
+tflags T_RCVD_IN_SORBS_DUL net
+
+header __T_RCVD_IN_SBL_XBL eval:check_rbl('xsblxbl-firsttrusted', 'sbl-xbl.spamhaus.org.')
+describe __T_RCVD_IN_SBL_XBL Received via a relay in Spamhaus SBL+XBL
+tflags __T_RCVD_IN_SBL_XBL net
+
+header T_RCVD_IN_SBL eval:check_rbl_sub('xsblxbl-firsttrusted', '127.0.0.2')
+describe T_RCVD_IN_SBL Received via a relay in Spamhaus SBL
+tflags T_RCVD_IN_SBL net
+
+header T_RCVD_IN_XBL eval:check_rbl_sub('xsblxbl-firsttrusted', '127.0.0.[456]')
+describe T_RCVD_IN_XBL Received via a relay in Spamhaus XBL
tflags T_RCVD_IN_XBL net
+
+header T_RCVD_IN_DSBL eval:check_rbl_txt('xdsbl-firsttrusted', 'list.dsbl.org.')
+describe T_RCVD_IN_DSBL Received via a relay in list.dsbl.org
+tflags T_RCVD_IN_DSBL net
+
+header T_RCVD_IN_RFCI eval:check_rbl_txt('xrfci-firsttrusted', 'ipwhois.rfc-ignorant.org.')
+describe T_RCVD_IN_RFCI Sent via a relay in ipwhois.rfc-ignorant.org
+tflags T_RCVD_IN_RFCI net
+
+header T_RCVD_IN_BL_SPAMCOP_NET eval:check_rbl_txt('xspamcop-firsttrusted', 'bl.spamcop.net.')
+describe T_RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net
+tflags T_RCVD_IN_BL_SPAMCOP_NET net
+
+header T_RCVD_IN_RSL eval:check_rbl_txt('xrsl-firsttrusted', 'relays.visi.com.')
+describe T_RCVD_IN_RSL Received via a relay in RSL
+tflags T_RCVD_IN_RSL net