You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by qu...@apache.org on 2004/08/04 04:49:21 UTC
svn commit: rev 35658 - in spamassassin/branches/b2_6_0: lib/Mail/SpamAssassin rules
Author: quinlan
Date: Tue Aug 3 19:49:21 2004
New Revision: 35658
Modified:
spamassassin/branches/b2_6_0/lib/Mail/SpamAssassin/Dns.pm
spamassassin/branches/b2_6_0/rules/20_dnsbl_tests.cf
spamassassin/branches/b2_6_0/rules/20_head_tests.cf
spamassassin/branches/b2_6_0/rules/30_text_de.cf
spamassassin/branches/b2_6_0/rules/30_text_fr.cf
spamassassin/branches/b2_6_0/rules/30_text_sk.cf
spamassassin/branches/b2_6_0/rules/50_scores.cf
Log:
rules backported from 3.0.0 tree
Modified: spamassassin/branches/b2_6_0/lib/Mail/SpamAssassin/Dns.pm
==============================================================================
--- spamassassin/branches/b2_6_0/lib/Mail/SpamAssassin/Dns.pm (original)
+++ spamassassin/branches/b2_6_0/lib/Mail/SpamAssassin/Dns.pm Tue Aug 3 19:49:21 2004
@@ -19,21 +19,29 @@
@EXISTING_DOMAINS $IS_DNS_AVAILABLE $VERSION
};
-# don't lookup SpamAssassin.org -- use better-connected sites
-# instead ;)
+# use very well-connected domains (fast DNS response, many DNS servers,
+# geographical distribution is a plus, TTL of at least 3600s)
@EXISTING_DOMAINS = qw{
- kernel.org
- slashdot.org
+ adelphia.net
+ akamai.com
+ apache.org
+ cingular.com
+ colorado.edu
+ comcast.net
+ doubleclick.com
+ ebay.com
+ gmx.net
google.com
- google.de
- microsoft.com
+ intel.com
+ kernel.org
+ linux.org
+ mit.edu
+ motorola.com
+ msn.com
+ sourceforge.net
+ sun.com
+ w3.org
yahoo.com
- yahoo.de
- amazon.com
- amazon.de
- nytimes.com
- leo.org
- gwdg.de
};
# Initialize a regexp for reserved IPs, i.e. ones that could be
@@ -259,8 +267,11 @@
}
}
# regular expression
- elsif ($rdatastr =~ /\Q$subtest\E/) {
- $self->dnsbl_hit($rule, $question, $answer);
+ else {
+ my $test = qr/$subtest/;
+ if ($rdatastr =~ /$test/) {
+ $self->dnsbl_hit($rule, $question, $answer);
+ }
}
}
}
Modified: spamassassin/branches/b2_6_0/rules/20_dnsbl_tests.cf
==============================================================================
--- spamassassin/branches/b2_6_0/rules/20_dnsbl_tests.cf (original)
+++ spamassassin/branches/b2_6_0/rules/20_dnsbl_tests.cf Tue Aug 3 19:49:21 2004
@@ -30,17 +30,17 @@
# NJABL
# URL: http://www.dnsbl.njabl.org/
-header RCVD_IN_NJABL eval:check_rbl('njabl', 'dnsbl.njabl.org.')
-describe RCVD_IN_NJABL Received via a relay in dnsbl.njabl.org
-tflags RCVD_IN_NJABL net
+header __RCVD_IN_NJABL eval:check_rbl('njabl', 'combined.njabl.org.')
+describe __RCVD_IN_NJABL Received via a relay in combined.njabl.org
+tflags __RCVD_IN_NJABL net
header RCVD_IN_NJABL_RELAY eval:check_rbl_sub('njabl', '127.0.0.2')
describe RCVD_IN_NJABL_RELAY NJABL: sender is confirmed open relay
tflags RCVD_IN_NJABL_RELAY net
-header RCVD_IN_NJABL_DIALUP eval:check_rbl('njabl-notfirsthop', 'dnsbl.njabl.org.', '127.0.0.3')
-describe RCVD_IN_NJABL_DIALUP NJABL: dialup sender did non-local SMTP
-tflags RCVD_IN_NJABL_DIALUP net
+header RCVD_IN_NJABL_DUL eval:check_rbl('njabl-notfirsthop', 'combined.njabl.org.', '127.0.0.3')
+describe RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP
+tflags RCVD_IN_NJABL_DUL net
header RCVD_IN_NJABL_SPAM eval:check_rbl_sub('njabl', '127.0.0.4')
describe RCVD_IN_NJABL_SPAM NJABL: sender is confirmed spam source
@@ -65,29 +65,29 @@
# pay-to-use: no
# delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request
-header RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
-describe RCVD_IN_SORBS SORBS: sender is listed in SORBS
-tflags RCVD_IN_SORBS net
+header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
+describe __RCVD_IN_SORBS SORBS: sender is listed in SORBS
+tflags __RCVD_IN_SORBS net
header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2')
describe RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server
tflags RCVD_IN_SORBS_HTTP net
-header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.3')
-describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
-tflags RCVD_IN_SORBS_SOCKS net
-
-header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.4')
+header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.3')
describe RCVD_IN_SORBS_MISC SORBS: sender is open proxy server
tflags RCVD_IN_SORBS_MISC net
-header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.5')
+header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.4')
describe RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay
tflags RCVD_IN_SORBS_SMTP net
-header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
-describe RCVD_IN_SORBS_SPAM SORBS: spam source or spam-supporting ISP
-tflags RCVD_IN_SORBS_SPAM net
+header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.5')
+describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
+tflags RCVD_IN_SORBS_SOCKS net
+
+#header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
+#describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
+#tflags RCVD_IN_SORBS_SPAM net
header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7')
describe RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server
@@ -101,50 +101,32 @@
describe RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network
tflags RCVD_IN_SORBS_ZOMBIE net
-# Dynablock used to be at easynet.nl; closed down there, but reopened
-# by SORBS.
-header RCVD_IN_DYNABLOCK eval:check_rbl('sorbs-notfirsthop', 'dnsbl.sorbs.net.', '127.0.0.10')
-describe RCVD_IN_DYNABLOCK Sent directly from dynamic IP address
-tflags RCVD_IN_DYNABLOCK net
+header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-notfirsthop', 'dnsbl.sorbs.net.', '127.0.0.10')
+describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
+tflags RCVD_IN_SORBS_DUL net
# ---------------------------------------------------------------------------
-# OPM (recommended, supports TXT queries, but A queries needed for sub-tests)
-# transfers: axfr/ixfr for trusted sites
-# url: http://opm.blitzed.org/
-# pay-to-use: no
-# delist: automatic expiry, no fee, retested on request (free)
+# Spamhaus SBL+XBL
+#
+# Spamhaus XBL contains both the Abuseat CBL (cbl.abuseat.org) and Blitzed
+# OPM (opm.blitzed.org) lists so it's not necessary to query those as well.
+
+header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl', 'sbl-xbl.spamhaus.org.')
+describe __RCVD_IN_SBL_XBL Received via a relay in Spamhaus SBL+XBL
+tflags __RCVD_IN_SBL_XBL net
-header RCVD_IN_OPM eval:check_rbl('opm', 'opm.blitzed.org.')
-describe RCVD_IN_OPM Received via a relay in opm.blitzed.org
-tflags RCVD_IN_OPM net
-
-header RCVD_IN_OPM_WINGATE eval:check_rbl_sub('opm', '1')
-describe RCVD_IN_OPM_WINGATE OPM: sender is open WinGate proxy
-tflags RCVD_IN_OPM_WINGATE net
-
-header RCVD_IN_OPM_SOCKS eval:check_rbl_sub('opm', '2')
-describe RCVD_IN_OPM_SOCKS OPM: sender is open SOCKS proxy
-tflags RCVD_IN_OPM_SOCKS net
-
-header RCVD_IN_OPM_HTTP eval:check_rbl_sub('opm', '4')
-describe RCVD_IN_OPM_HTTP OPM: sender is open HTTP CONNECT proxy
-tflags RCVD_IN_OPM_HTTP net
-
-header RCVD_IN_OPM_ROUTER eval:check_rbl_sub('opm', '8')
-describe RCVD_IN_OPM_ROUTER OPM: sender is open router proxy
-tflags RCVD_IN_OPM_ROUTER net
-
-header RCVD_IN_OPM_HTTP_POST eval:check_rbl_sub('opm', '16')
-describe RCVD_IN_OPM_HTTP_POST OPM: sender is open HTTP POST proxy
-tflags RCVD_IN_OPM_HTTP_POST net
+# SBL is the Spamhaus Block List: http://www.spamhaus.org/sbl/
+header RCVD_IN_SBL eval:check_rbl_sub('sblxbl', '127.0.0.2')
+describe RCVD_IN_SBL Received via a relay in Spamhaus SBL
+tflags RCVD_IN_SBL net
+
+# XBL is the Exploits Block List: http://www.spamhaus.org/xbl/
+header RCVD_IN_XBL eval:check_rbl('sblxbl-notfirsthop', 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
+describe RCVD_IN_XBL Received via a relay in Spamhaus XBL
+tflags RCVD_IN_XBL net
# ---------------------------------------------------------------------------
# Now, single zone BLs follow:
-
-# SBL is the Spamhaus Block List: http://www.spamhaus.org/sbl/
-header RCVD_IN_SBL eval:check_rbl_txt('sbl', 'sbl.spamhaus.org.')
-describe RCVD_IN_SBL Received via a relay in Spamhaus Block List
-tflags RCVD_IN_SBL net
# DSBL catches open relays, badly-installed CGI scripts and open SOCKS and
# HTTP proxies. list.dsbl.org lists servers tested by "trusted" users,
Modified: spamassassin/branches/b2_6_0/rules/20_head_tests.cf
==============================================================================
--- spamassassin/branches/b2_6_0/rules/20_head_tests.cf (original)
+++ spamassassin/branches/b2_6_0/rules/20_head_tests.cf Tue Aug 3 19:49:21 2004
@@ -757,3 +757,30 @@
meta FAKED_HOTMAIL_DAV (__HAS_MSN_RCVD_DAV && __HAS_MSN_ORIG_EMAIL && !__HAS_MSN_FROM)
describe FAKED_HOTMAIL_DAV X-Originating-Email header does not match From
+###########################################################################
+
+header X_MESSAGE_INFO exists:X-Message-Info
+describe X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found
+
+header MIME_BOUND_DD_DIGITS Content-Type =~ /boundary=\"--\d+\"/
+describe MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
+
+header __DOUBLE_IP_SPAM_1 Received =~ /from \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\] by \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} with/
+header __DOUBLE_IP_SPAM_2 Received =~ /from\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s+by\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3};/
+meta RCVD_DOUBLE_IP_SPAM (__DOUBLE_IP_SPAM_1 || __DOUBLE_IP_SPAM_2)
+describe RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
+
+header MSGID_SPAM_CAPS Message-ID =~ /^\s*<?[A-Z]+\@(?!(?:mailcity|whowhere)\.com)/
+describe MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
+
+header RATWARE_RCVD_AT Received =~ / by \S+\@\S+ with Microsoft SMTPSVC/
+describe RATWARE_RCVD_AT Bulk email fingerprint (Received @) found
+
+header SUBJECT_DRUG_GAP_X Subject =~ /x.{0,2}a.{0,2}n.{0,2}a.{0,2}x/i
+describe SUBJECT_DRUG_GAP_X Subject contains a gappy version of 'xanax'
+
+header SUBJECT_DRUG_GAP_S Subject =~ /\bs.{0,1}o.{0,1}m.{0,1}a\b/i
+describe SUBJECT_DRUG_GAP_S Subject contains a gappy version of 'soma'
+
+header SUBJECT_DRUG_GAP_VA Subject =~ /v.{0,2}a.{0,2}l.{0,2}i.{0,2}u.{0,2}m/i
+describe SUBJECT_DRUG_GAP_VA Subject contains a gappy version of 'valium'
Modified: spamassassin/branches/b2_6_0/rules/30_text_de.cf
==============================================================================
--- spamassassin/branches/b2_6_0/rules/30_text_de.cf (original)
+++ spamassassin/branches/b2_6_0/rules/30_text_de.cf Tue Aug 3 19:49:21 2004
@@ -139,36 +139,12 @@
lang de describe BLANK_LINES_80_90 Nachrichtentext besteht zu 80-90% aus Leerzeilen
lang de describe BLANK_LINES_90_100 Nachrichtentext besteht zu 90-100% aus Leerzeilen
lang de describe HABEAS_SWE Benutzt Markenzeichen von Habeas (http://www.habeas.com/)
-lang de describe RCVD_IN_NJABL Transportiert via Rechner in Liste von dnsbl.njabl.org
-lang de describe RCVD_IN_NJABL_RELAY NJABL: Senderechner als "Open Relay" best�tigt
-lang de describe RCVD_IN_NJABL_DIALUP NJABL: Senderechner nur tempor�r mit Internet verbunden
-lang de describe RCVD_IN_NJABL_SPAM NJABL: Senderechner ist best�tigter Spam-Versender
-lang de describe RCVD_IN_NJABL_MULTI NJABL: mehrfach �ber "open relay"-Rechner weitergeleitet
-lang de describe RCVD_IN_NJABL_CGI NJABL: gesendet �ber ein veraltetes und ungesichertes Webformular
-lang de describe RCVD_IN_NJABL_PROXY NJABL: Senderechner als "open proxy" gemeldet
-lang de describe RCVD_IN_SORBS Transportiert via Rechner in Liste von www.dnsbl.sorbs.net
-lang de describe RCVD_IN_SORBS_HTTP SORBS: Senderechner als "open HTTP proxy" gemeldet
-lang de describe RCVD_IN_SORBS_MISC SORBS: Senderechner als "open proxy" gemeldet
-lang de describe RCVD_IN_SORBS_SMTP SORBS: Senderechner ist ein ungesicherter Mail-Server
-lang de describe RCVD_IN_SORBS_SOCKS SORBS: Senderechner als "open SOCKS proxy" gemeldet
-lang de describe RCVD_IN_SORBS_SPAM SORBS Senderechner ist bekannter Spam-Versender
-lang de describe RCVD_IN_SORBS_WEB SORBS: Senderechner ist ein ungesicherter WWW-Server
-lang de describe RCVD_IN_SORBS_BLOCK Senderechner verweigert Tests durch SORBS
-lang de describe RCVD_IN_SORBS_ZOMBIE SORBS: Senderechner in Liste "entf�hrter" Adressbl�cke
-lang de describe RCVD_IN_OPM Transportiert via Rechner in Liste von opm.blitzed.org
-lang de describe RCVD_IN_OPM_WINGATE OPM: Senderechner als "open WinGate proxy" gemeldet
-lang de describe RCVD_IN_OPM_SOCKS OPM: Senderechner als "open SOCKS proxy" gemeldet
-lang de describe RCVD_IN_OPM_HTTP OPM: Senderechner als "open HTTP CONNECT proxy" gemeldet
-lang de describe RCVD_IN_OPM_ROUTER OPM: Senderechner als "open router proxy" gemeldet
-lang de describe RCVD_IN_OPM_HTTP_POST OPM: Senderechner als "open HTTP POST proxy" gemeldet
-lang de describe RCVD_IN_SBL Transportiert via Rechner in SBL-Liste (http://www.spamhaus.org/sbl/)
lang de describe RCVD_IN_DSBL Transportiert via Rechner in Liste von list.dsbl.org
lang de describe RCVD_IN_RFCI Transportiert via Rechner in ipwhois-Liste von www.rfc-ignorant.org
lang de describe DNS_FROM_RFCI_DSN Absenderadresse in dsn-Liste von www.rfc-ignorant.org
lang de describe HABEAS_VIOLATOR Sender verletzt das Warenzeichen der Firma Habeas
lang de describe RCVD_IN_BSP_TRUSTED Senderechner in Liste von http://www.bondedsender.org/
lang de describe RCVD_IN_BSP_OTHER Senderechner in Liste von http://www.bondedsender.org/
-lang de describe RCVD_IN_DYNABLOCK Senderechner nur tempor�r mit Internet verbunden
lang de describe RCVD_IN_BL_SPAMCOP_NET Transportiert via Rechner in Liste von www.spamcop.net
lang de describe RCVD_IN_MAPS_RBL Transportiert via Rechner in Liste von http://www.mail-abuse.org/rbl/
lang de describe RCVD_IN_MAPS_DUL Transportiert via Rechner in Liste von http://www.mail-abuse.org/dul/
@@ -967,3 +943,32 @@
lang de describe BAYES_80 Spamwahrscheinlichkeit nach Bayes-Test: 80-90%
lang de describe BAYES_90 Spamwahrscheinlichkeit nach Bayes-Test: 90-99%
lang de describe BAYES_99 Spamwahrscheinlichkeit nach Bayes-Test: 99-100%
+
+lang de describe RCVD_IN_NJABL_CGI NJABL: Gesendet �ber ein veraltetes und ungesichertes Webformular
+lang de describe RCVD_IN_NJABL_DUL NJABL: Senderechner nur tempor�r mit Internet verbunden
+lang de describe RCVD_IN_NJABL_MULTI NJABL: Mehrfach �ber "open relay"-Rechner weitergeleitet
+lang de describe RCVD_IN_NJABL_PROXY NJABL: Senderechner als "open proxy" gemeldet
+lang de describe RCVD_IN_NJABL_RELAY NJABL: Senderechner als "Open Relay" best�tigt
+lang de describe RCVD_IN_NJABL_SPAM NJABL: Senderechner ist best�tigter Spam-Versender
+lang de describe RCVD_IN_SBL Transportiert via Rechner in SBL-Liste (http://www.spamhaus.org/sbl/)
+lang de describe RCVD_IN_SORBS_BLOCK SORBS: Senderechner verweigert Tests
+lang de describe RCVD_IN_SORBS_DUL SORBS: Senderechner nur tempor�r mit Internet verbunden
+lang de describe RCVD_IN_SORBS_HTTP SORBS: Senderechner als "open HTTP proxy" gemeldet
+lang de describe RCVD_IN_SORBS_MISC SORBS: Senderechner als "open proxy" gemeldet
+lang de describe RCVD_IN_SORBS_SMTP SORBS: Senderechner ist ein ungesicherter Mail-Server
+lang de describe RCVD_IN_SORBS_SOCKS SORBS: Senderechner als "open SOCKS proxy" gemeldet
+lang de describe RCVD_IN_SORBS_WEB SORBS: Senderechner ist ein ungesicherter WWW-Server
+lang de describe RCVD_IN_SORBS_ZOMBIE SORBS: Senderechner in Liste "entf�hrter" Adressbl�cke
+lang de describe RCVD_IN_XBL Transportiert via Rechner in XBL-Liste (http://www.spamhaus.org/xbl/)
+lang de describe __RCVD_IN_NJABL Transportiert via Rechner in Liste von combined.njabl.org
+lang de describe __RCVD_IN_SBL_XBL Transportiert via Rechner in SBL+XBL-Liste (http://www.spamhaus.org/)
+lang de describe __RCVD_IN_SORBS SORBS: Senderechner in Liste von dnsbl.sorbs.net
+
+lang de describe X_MESSAGE_INFO Kopfzeile "X-Message-Info"
+lang de describe MIME_BOUND_DD_DIGITS Bestimmtes Muster von Spam-Software in MIME-Begrenzung
+lang de describe RCVD_DOUBLE_IP_SPAM Kennzeichen von Spam-Software (doppelte IP-Adresse)
+lang de describe MSGID_SPAM_CAPS Kopfzeile "Message-ID" von Spam-Software erzeugt (Gro��buchstaben)
+lang de describe RATWARE_RCVD_AT "Received"-Kopfzeile mit @-Zeichen
+lang de describe SUBJECT_DRUG_GAP_X Betreff enth��lt 'xanax' mit L.��.c.k.e.n
+lang de describe SUBJECT_DRUG_GAP_S Betreff enth��lt 'soma' mit L.��.c.k.e.n
+lang de describe SUBJECT_DRUG_GAP_VA Betreff enth��lt 'valium' mit L.��.c.k.e.n
Modified: spamassassin/branches/b2_6_0/rules/30_text_fr.cf
==============================================================================
--- spamassassin/branches/b2_6_0/rules/30_text_fr.cf (original)
+++ spamassassin/branches/b2_6_0/rules/30_text_fr.cf Tue Aug 3 19:49:21 2004
@@ -760,35 +760,11 @@
lang fr describe RCVD_IN_BSP_OTHER Relais participant au Bonded Sender Program (autre relais)
lang fr describe RCVD_IN_BSP_TRUSTED Relais participant au Bonded Sender Program (relais connu)
lang fr describe RCVD_IN_DSBL Relais list� dans list.dsbl.org, voir http://dsbl.org
-lang fr describe RCVD_IN_DYNABLOCK Envoy� directement depuis une adresse IP dynamique
lang fr describe RCVD_IN_MAPS_DUL Relais list� dans DUL, http://www.mail-abuse.org/dul/
lang fr describe RCVD_IN_MAPS_NML Relais list� dans NML, http://www.mail-abuse.org/nml/
lang fr describe RCVD_IN_MAPS_RBL Relais list� dans RBL, http://www.mail-abuse.org/rbl/
lang fr describe RCVD_IN_MAPS_RSS Relais list� dans RSS, http://www.mail-abuse.org/rss/
-lang fr describe RCVD_IN_NJABL Relais list� dans http://www.njabl.org (dnsbl)
-lang fr describe RCVD_IN_NJABL_CGI NJABL: Emis par un script formmail vuln�rable
-lang fr describe RCVD_IN_NJABL_DIALUP NJABL: Envoy� depuis une adresse IP dynamique
-lang fr describe RCVD_IN_NJABL_MULTI NJABL: Envoy� par un relais ouvert multi-�tages
-lang fr describe RCVD_IN_NJABL_PROXY NJABL: Envoy� depuis un proxy ouvert
-lang fr describe RCVD_IN_NJABL_RELAY NJABL: Envoy� par un relais ouvert confirm�
-lang fr describe RCVD_IN_NJABL_SPAM NJABL: Envoy� depuis une source de spam confirm�e
-lang fr describe RCVD_IN_OPM Relais open-proxy list� dans http://www.blitzed.org/bopm/
-lang fr describe RCVD_IN_OPM_HTTP OPM: Envoy� par un proxy HTTP CONNECT ouvert
-lang fr describe RCVD_IN_OPM_HTTP_POST OPM: Envoy� par un proxy HTTP POST ouvert
-lang fr describe RCVD_IN_OPM_ROUTER OPM: Envoy� par un proxy routeur ouvert
-lang fr describe RCVD_IN_OPM_SOCKS OPM: Envoy� par un proxy SOCKS ouvert
-lang fr describe RCVD_IN_OPM_WINGATE OPM: Envoy� par un proxy WinGate ouvert
lang fr describe RCVD_IN_RFCI Relais list� dans http://www.rfc-ignorant.org (ipwhois)
-lang fr describe RCVD_IN_SBL Relais list� dans http://www.spamhaus.org/sbl/
-lang fr describe RCVD_IN_SORBS SORBS: Relais list� dans SORBS
-lang fr describe RCVD_IN_SORBS_BLOCK SORBS: Relais refusant d'�tre test� par SORBS
-lang fr describe RCVD_IN_SORBS_HTTP SORBS: Envoy� par un proxy HTTP ouvert
-lang fr describe RCVD_IN_SORBS_MISC SORBS: Envoy� par un proxy ouvert
-lang fr describe RCVD_IN_SORBS_SMTP SORBS: Envoy� par un relais SMTP ouvert
-lang fr describe RCVD_IN_SORBS_SOCKS SORBS: Envoy� par un proxy SOCKS ouvert
-lang fr describe RCVD_IN_SORBS_SPAM SORBS: Envoy� depuis une source de spam
-lang fr describe RCVD_IN_SORBS_WEB SORBS: Envoy� depuis un serveur web vuln�rable
-lang fr describe RCVD_IN_SORBS_ZOMBIE SORBS: Envoy� depuis un r�seau IP pirat�
lang fr describe RCVD_NUMERIC_HELO Received: contient un HELO num�rique
lang fr describe RCVD_6_CAPS_ESMTP_ID Received: d'outil de spam (Variante ESMTP ID 6 majuscules)
lang fr describe READ_TO_END Contient une formule incitant � lire le message jusqu'� la fin
@@ -979,3 +955,19 @@
lang fr describe YOUR_INCOME Fait r�f�rence � vos revenus (en anglais)
lang fr describe YOU_CAN_SEARCH Vous propose des renseignements sur n'importe qui
lang fr describe YOU_WON Vous avez gagn� ! Chouette ! Gagn� le droit de poubelliser ce mail !
+
+lang fr describe RCVD_IN_NJABL_CGI NJABL: Emis par un script formmail vuln�rable
+lang fr describe RCVD_IN_NJABL_DUL NJABL: Envoy� depuis une adresse IP dynamique
+lang fr describe RCVD_IN_NJABL_MULTI NJABL: Envoy� par un relais ouvert multi-�tages
+lang fr describe RCVD_IN_NJABL_PROXY NJABL: Envoy� depuis un proxy ouvert
+lang fr describe RCVD_IN_NJABL_RELAY NJABL: Envoy� par un relais ouvert confirm�
+lang fr describe RCVD_IN_NJABL_SPAM NJABL: Envoy� depuis une source de spam confirm�e
+lang fr describe RCVD_IN_SBL Relais list� dans http://www.spamhaus.org/sbl/
+lang fr describe RCVD_IN_SORBS_BLOCK SORBS: Relais refusant d'�tre test� par SORBS
+lang fr describe RCVD_IN_SORBS_DUL Envoy� directement depuis une adresse IP dynamique
+lang fr describe RCVD_IN_SORBS_HTTP SORBS: Envoy� par un proxy HTTP ouvert
+lang fr describe RCVD_IN_SORBS_MISC SORBS: Envoy� par un proxy ouvert
+lang fr describe RCVD_IN_SORBS_SMTP SORBS: Envoy� par un relais SMTP ouvert
+lang fr describe RCVD_IN_SORBS_SOCKS SORBS: Envoy� par un proxy SOCKS ouvert
+lang fr describe RCVD_IN_SORBS_WEB SORBS: Envoy� depuis un serveur web vuln�rable
+lang fr describe RCVD_IN_SORBS_ZOMBIE SORBS: Envoy� depuis un r�seau IP pirat�
Modified: spamassassin/branches/b2_6_0/rules/30_text_sk.cf
==============================================================================
--- spamassassin/branches/b2_6_0/rules/30_text_sk.cf (original)
+++ spamassassin/branches/b2_6_0/rules/30_text_sk.cf Tue Aug 3 19:49:21 2004
@@ -259,7 +259,6 @@
lang sk describe RCVD_IN_VISI Prijat� prostredn�ctvom serveru v relays.visi.com
lang sk describe RCVD_IN_SBL Prijat� prostredn�ctvom SBLed, pozri http://www.spamhaus.org/sbl/
lang sk describe RCVD_IN_ORBS Prijat� prostredn�ctvom serveru v orbs.dorkslayers.com
-lang sk describe RCVD_IN_OPM Prijat� prostredn�ctvom serveru v opm.blitzed.org
lang sk describe RCVD_IN_DSBL Prijat� prostredn�ctvom serveru v list.dsbl.org
lang sk describe RCVD_IN_MULTIHOP_DSBL Prijat� prostredn�ctvom serveru v multihop.dsbl.org
lang sk describe RCVD_IN_UNCONFIRMED_DSBL Prijat� prostredn�ctvom serveru v unconfirmed.dsbl.org
Modified: spamassassin/branches/b2_6_0/rules/50_scores.cf
==============================================================================
--- spamassassin/branches/b2_6_0/rules/50_scores.cf (original)
+++ spamassassin/branches/b2_6_0/rules/50_scores.cf Tue Aug 3 19:49:21 2004
@@ -935,30 +935,34 @@
score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1
score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3
score RCVD_IN_DSBL 0 1.101 0 0.706
-score RCVD_IN_DYNABLOCK 0 2.546 0 2.599
-score RCVD_IN_NJABL 0 0.100 0 0.100
-score RCVD_IN_NJABL_CGI 0
-score RCVD_IN_NJABL_DIALUP 0 0.525 0 3.536
-score RCVD_IN_NJABL_MULTI 0 0.001 0 0.001
-score RCVD_IN_NJABL_PROXY 0 1.101 0 0.500
-score RCVD_IN_NJABL_RELAY 0 1.314 0 0.001
-score RCVD_IN_NJABL_SPAM 0 0.639 0 1.206
-score RCVD_IN_OPM 0 4.300 0 1.001
-score RCVD_IN_OPM_HTTP 0 4.300 0 1.001
-score RCVD_IN_OPM_HTTP_POST 0 4.300 0 1.001
-score RCVD_IN_OPM_ROUTER 0 2.800 0 0
-score RCVD_IN_OPM_SOCKS 0 4.300 0 1.257
-score RCVD_IN_OPM_WINGATE 0 4.300 0 2.700
+score RCVD_IN_NJABL_CGI 0 0.1 0 0.100
+score RCVD_IN_NJABL_DUL 0 1.580 0 1.708
+score RCVD_IN_NJABL_MULTI 0 0.101 0 0.101
+score RCVD_IN_NJABL_PROXY 0 1.186 0 2.342
+score RCVD_IN_NJABL_RELAY 0 1.133 0 0.824
+score RCVD_IN_NJABL_SPAM 0 0.899 0 0.951
score RCVD_IN_RFCI 0 0.100 0 0.100
-score RCVD_IN_SBL 0 1.271 0 1.113
-score RCVD_IN_SORBS 0 0.100 0 0.100
-score RCVD_IN_SORBS_BLOCK 0
-score RCVD_IN_SORBS_HTTP 0 1.101 0 1.101
-score RCVD_IN_SORBS_MISC 0 1.101 0 0.687
-score RCVD_IN_SORBS_SMTP 0 1.522 0 2.700
-score RCVD_IN_SORBS_SOCKS 0 1.101 0 1.204
-score RCVD_IN_SORBS_WEB 0 2.800 0 0
-score RCVD_IN_SORBS_ZOMBIE 0 2.596 0 2.599
+score RCVD_IN_SBL 0 0.814 0 0.875
+score RCVD_IN_SORBS_BLOCK 0 0.001 0 0.001
+score RCVD_IN_SORBS_DUL 0 0.067 0 0.092
+score RCVD_IN_SORBS_HTTP 0 0.000 0 1.203
+score RCVD_IN_SORBS_MISC 0 0.118 0 0.004
+score RCVD_IN_SORBS_SMTP 0 1.630 0 0.382
+score RCVD_IN_SORBS_SOCKS 0 1.603 0 0.927
+score RCVD_IN_SORBS_WEB 0 0.000 0 0.353
+score RCVD_IN_SORBS_ZOMBIE 0 0.948 0 0.918
+score RCVD_IN_XBL 0 2.333 0 4.923
+
+# rules backported from 3.0.0
+
+score X_MESSAGE_INFO 3.600 4.077 7.503 2.253
+score MIME_BOUND_DD_DIGITS 3.600 4.230 8.610 2.784
+score RCVD_DOUBLE_IP_SPAM 3.520 3.906 6.781 1.863
+score MSGID_SPAM_CAPS 3.520 3.069 6.845 1.916
+score RATWARE_RCVD_AT 2.560 1.116 1.628 1.014
+score SUBJECT_DRUG_GAP_X 2.552 2.120 0.647 0.543
+score SUBJECT_DRUG_GAP_S 1.863 1.180 3.770 0.764
+score SUBJECT_DRUG_GAP_VA 1.468 1.548 0.780 0.321
# unscored by default -- commercial/donation services. If you pay for
# these, give them a score so they will be checked.