You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2014/07/04 19:01:34 UTC
svn commit: r1607893 - in /spamassassin/trunk/rulesrc/sandbox/jhardin:
20_MIME_no_text.cf 20_lotsa_money.cf 20_misc_testing.cf
20_tbird_image_spam.cf
Author: jhardin
Date: Fri Jul 4 17:01:34 2014
New Revision: 1607893
URL: http://svn.apache.org/r1607893
Log:
More FP avoidance and other tweaks
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_MIME_no_text.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_MIME_no_text.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_MIME_no_text.cf?rev=1607893&r1=1607892&r2=1607893&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_MIME_no_text.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_MIME_no_text.cf Fri Jul 4 17:01:34 2014
@@ -13,9 +13,10 @@ ifplugin Mail::SpamAssassin::Plugin::MIM
mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i
meta __MIME_NO_TEXT (__CTYPE_MULTIPART_ANY && !__ANY_TEXT_ATTACH)
- meta MIME_NO_TEXT __MIME_NO_TEXT && !__MSGID_APPLEMAIL && !__USER_AGENT_APPLEMAIL && !__HAS_IN_REPLY_TO && !__HAS_X_REF && !__HS_SUBJ_RE_FW
+ meta MIME_NO_TEXT __MIME_NO_TEXT && !ALL_TRUSTED && !__MSGID_APPLEMAIL && !__USER_AGENT_APPLEMAIL && !__HAS_IN_REPLY_TO && !__HAS_X_REF && !__HS_SUBJ_RE_FW && !__LCL__ENV_AND_HDR_FROM_MATCH
score MIME_NO_TEXT 2.00 # limit
describe MIME_NO_TEXT No (properly identified) text body parts
+ tflags MIME_NO_TEXT publish
meta MIME_PHP_NO_TEXT (MIME_NO_TEXT && __PHP_MUA)
#score MIME_PHP_NO_TEXT 2.00
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf?rev=1607893&r1=1607892&r2=1607893&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_lotsa_money.cf Fri Jul 4 17:01:34 2014
@@ -160,9 +160,10 @@ describe SHARE_50_50 Share the money
body EMRCP /\bExcess Maximum Return Capital Profit\b/i
describe EMRCP "Excess Maximum Return Capital Profit" Fidelity scam
-meta LUCRATIVE __LUCRATIVE && !ALL_TRUSTED && !__ANY_TEXT_ATTACH && !__REPLYTO_EXISTS
+meta LUCRATIVE __LUCRATIVE && !ALL_TRUSTED && !__ANY_TEXT_ATTACH && !__REPLYTO_EXISTS && !__LCL__ENV_AND_HDR_FROM_MATCH
describe LUCRATIVE Make lots of money!
score LUCRATIVE 2.00 # limit
+tflags LUCRATIVE publish
ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
replace_tag PERCENT \b(?:\d\d|ten|[a-z]+teen|(?:twen|thir|fou?r|fif)ty(?:-?[a-z]+)?)\s?(?:%|percent)
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1607893&r1=1607892&r2=1607893&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Fri Jul 4 17:01:34 2014
@@ -577,7 +577,7 @@ rawbody __STYLE_GIBBERISH_1
rawbody __STYLE_GIBBERISH_2 /\.style\w{0,20}\s{1,10}\{[^:;]{200}/im
rawbody __STYLE_GIBBERISH_3 /<style[^>]{0,30}>\s{0,30}(?:[\w:]{1,30}\s{0,10}\{[^}]{1,50}\}\s{0,80}){1,5}(?:[\w,.']{1,30}\s{1,10}){40}/im
meta __STYLE_GIBBERISH (__STYLE_GIBBERISH_1 || __STYLE_GIBBERISH_2 || __STYLE_GIBBERISH_3)
-meta STYLE_GIBBERISH __STYLE_GIBBERISH && (__BODY_XHTML || !__STYLE_TAG_IN_BODY) && !__RCD_RDNS_MX_MESSY && !__HAS_THREAD_INDEX && !__ANY_OUTLOOK_MUA && !__MIME_QP
+meta STYLE_GIBBERISH __STYLE_GIBBERISH && (__BODY_XHTML || !__STYLE_TAG_IN_BODY) && !__RCD_RDNS_MX_MESSY && !__HAS_THREAD_INDEX && !__ANY_OUTLOOK_MUA && !__MIME_QP && !__THREADED
describe STYLE_GIBBERISH Nonsense in HTML <STYLE> tag
score STYLE_GIBBERISH 4.00 # limit
tflags STYLE_GIBBERISH publish
@@ -1357,7 +1357,7 @@ meta __HEXHASH_2 __HEXHASH
meta __HEXHASH_3 __HEXHASHWORD_S2EU > 2
meta __HEXHASH_4 __HEXHASHWORD_S2EU > 3
#meta __HEXHASH_5 __HEXHASHWORD_S2EU > 4
-meta HEXHASH_WORD (__HEXHASHWORD_S2EU > 1) && !ALL_TRUSTED && !__DKIM_EXISTS && !__BUGGED_IMG && !__RP_MATCHES_RCVD && !__LCL__ENV_AND_HDR_FROM_MATCH && !__FSL_TO_COMMON_ROLE && !__LYRIS_EZLM_REMAILER
+meta HEXHASH_WORD (__HEXHASHWORD_S2EU > 1) && !ALL_TRUSTED && !__DKIM_EXISTS && !__BUGGED_IMG && !__RP_MATCHES_RCVD && !__LCL__ENV_AND_HDR_FROM_MATCH && !__FSL_TO_COMMON_ROLE && !__LYRIS_EZLM_REMAILER && !__THREADED && !__MIME_BASE64
describe HEXHASH_WORD Multiple instances of word + hexadecimal hash
score HEXHASH_WORD 3.000 # limit
tflags HEXHASH_WORD publish
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf?rev=1607893&r1=1607892&r2=1607893&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_tbird_image_spam.cf Fri Jul 4 17:01:34 2014
@@ -35,9 +35,10 @@ score TO_NO_BRKTS_HTML_IMG 0.20
describe TO_NO_BRKTS_HTML_IMG To: misformatted and HTML and one image
meta __TO_NO_BRKTS_HTML_ONLY __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && MIME_HTML_ONLY
-meta TO_NO_BRKTS_HTML_ONLY __TO_NO_BRKTS_HTML_ONLY && !__MIME_QP && !__MSGID_JAVAMAIL && !__CTYPE_CHARSET_QUOTED && !__SUBJECT_ENCODED_B64 && !__VIA_ML && !__MSGID_BEFORE_RECEIVED && !__MIME_BASE64 && !__RCD_RDNS_MAIL_MESSY && !__COMMENT_EXISTS && !LOTS_OF_MONEY && !__TAG_EXISTS_CENTER && !__UPPERCASE_URI && !__UNSUB_LINK && !__RCD_RDNS_MX_MESSY && !__DKIM_EXISTS && !__BUGGED_IMG && !__FM_TO_ALL_NUMS && !__URI_12LTRDOM && !__RDNS_NO_SUBDOM && !__HDRS_LCASE
-#score TO_NO_BRKTS_HTML_ONLY 0.20
+meta TO_NO_BRKTS_HTML_ONLY __TO_NO_BRKTS_HTML_ONLY && !RDNS_NONE && !__MIME_QP && !__MSGID_JAVAMAIL && !__CTYPE_CHARSET_QUOTED && !__SUBJECT_ENCODED_B64 && !__VIA_ML && !__MSGID_BEFORE_RECEIVED && !__MIME_BASE64 && !__RCD_RDNS_MAIL_MESSY && !__COMMENT_EXISTS && !LOTS_OF_MONEY && !__TAG_EXISTS_CENTER && !__UPPERCASE_URI && !__UNSUB_LINK && !__RCD_RDNS_MX_MESSY && !__DKIM_EXISTS && !__BUGGED_IMG && !__FM_TO_ALL_NUMS && !__URI_12LTRDOM && !__RDNS_NO_SUBDOM && !__HDRS_LCASE && !__LCL__ENV_AND_HDR_FROM_MATCH
+score TO_NO_BRKTS_HTML_ONLY 2.50 # limit
describe TO_NO_BRKTS_HTML_ONLY To: misformatted and HTML only
+tflags TO_NO_BRKTS_HTML_ONLY publish
meta __TO_NO_BRKTS_DYNIP __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && RDNS_DYNAMIC
meta TO_NO_BRKTS_DYNIP __TO_NO_BRKTS_DYNIP && !__NAME_IS_EMAIL && !__MSGID_OK_HEX && !__UNSUB_LINK && !__THREADED && !__RCD_RDNS_MX_MESSY && !__COMMENT_EXISTS && !__MUA_TBIRD && !__CD && !__ML1 && !__RP_MATCHES_RCVD && !__SUBSCRIPTION_INFO && !__HAS_THREAD_INDEX && !__IS_EXCH
@@ -50,9 +51,10 @@ describe TO_NO_BRKTS_DYNIP To: m
#describe TO_NO_BRKTS_NORDNS To: misformatted and no rDNS
meta __TO_NO_BRKTS_NORDNS_HTML __TO_NO_BRKTS_HTML_ONLY && RDNS_NONE
-meta TO_NO_BRKTS_NORDNS_HTML __TO_NO_BRKTS_NORDNS_HTML && !ALL_TRUSTED && !__MSGID_JAVAMAIL && !__MSGID_BEFORE_RECEIVED && !__VIA_ML && !__UA_MUTT && !__COMMENT_EXISTS && !__HTML_LENGTH_384 && !__MIME_BASE64 && !__UPPERCASE_URI && !__TO___LOWER && !__TAG_EXISTS_CENTER && !__LONGLINE
+meta TO_NO_BRKTS_NORDNS_HTML __TO_NO_BRKTS_NORDNS_HTML && !ALL_TRUSTED && !__MSGID_JAVAMAIL && !__MSGID_BEFORE_RECEIVED && !__VIA_ML && !__UA_MUTT && !__COMMENT_EXISTS && !__HTML_LENGTH_384 && !__MIME_BASE64 && !__UPPERCASE_URI && !__TO___LOWER && !__TAG_EXISTS_CENTER && !__LONGLINE && !__DKIM_EXISTS
score TO_NO_BRKTS_NORDNS_HTML 2.75 # limit
describe TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only
+tflags TO_NO_BRKTS_NORDNS_HTML publish
meta __TO_NO_BRKTS_MSFT __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && (__ANY_OUTLOOK_MUA || __MIMEOLE_MS)
meta TO_NO_BRKTS_MSFT __TO_NO_BRKTS_MSFT && !__VIA_ML && !__LYRIS_EZLM_REMAILER && !__THREAD_INDEX_GOOD && !__IS_EXCH && !__UNSUB_LINK && !__NOT_SPOOFED && !__DOS_HAS_LIST_UNSUB && !__NAME_EQ_EMAIL && !__SUBJECT_ENCODED_QP && !__THREADED && !__HAS_THREAD_INDEX && !__HAS_X_REF && !__HAS_IN_REPLY_TO && !__FROM_ENCODED_QP && !__RP_MATCHES_RCVD
@@ -60,9 +62,9 @@ describe TO_NO_BRKTS_MSFT To:
score TO_NO_BRKTS_MSFT 3.50 # limit
meta __TO_NO_BRKTS_PCNT __TO_NO_ARROWS_R && __FB_NUM_PERCNT
-meta TO_NO_BRKTS_PCNT __TO_NO_BRKTS_PCNT && !__SUBJECT_ENCODED_B64 && !__DOS_HAS_LIST_UNSUB && !__VIA_ML && !__ISO_2022_JP_DELIM && !__IMS_MSGID && !__THREAD_INDEX_GOOD && !__RCD_RDNS_MX_MESSY && !__UNSUB_LINK && !__LONGLINE && !URI_HEX && !__RP_MATCHES_RCVD && !__MAIL_LINK && !__BUGGED_IMG && !__MIME_QP && !__COMMENT_EXISTS && !__TAG_EXISTS_STYLE && !__LCL__ENV_AND_HDR_FROM_MATCH && !__HAS_X_MAILER && !__HTML_LINK_IMAGE && !__SENDER_BOT && !__DKIM_EXISTS && !__KHOP_NO_FULL_NAME
+meta TO_NO_BRKTS_PCNT __TO_NO_BRKTS_PCNT && !__SUBJECT_ENCODED_B64 && !__DOS_HAS_LIST_UNSUB && !__VIA_ML && !__ISO_2022_JP_DELIM && !__IMS_MSGID && !__THREAD_INDEX_GOOD && !__RCD_RDNS_MX_MESSY && !__UNSUB_LINK && !__LONGLINE && !URI_HEX && !__RP_MATCHES_RCVD && !__MAIL_LINK && !__BUGGED_IMG && !__MIME_QP && !__COMMENT_EXISTS && !__TAG_EXISTS_STYLE && !__LCL__ENV_AND_HDR_FROM_MATCH && !__HAS_X_MAILER && !__HTML_LINK_IMAGE && !__SENDER_BOT && !__DKIM_EXISTS && !__KHOP_NO_FULL_NAME && !__THREADED
describe TO_NO_BRKTS_PCNT To: misformatted + percentage
-score TO_NO_BRKTS_PCNT 3.00 # limit
+score TO_NO_BRKTS_PCNT 2.75 # limit
tflags TO_NO_BRKTS_PCNT publish
#meta __TO_NO_BRKTS_DIRECT __TO_NO_ARROWS_R && __DOS_DIRECT_TO_MX