You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2010/02/01 17:03:34 UTC

svn commit: r905319 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_experimental.cf

Author: khopesh
Date: Mon Feb  1 16:03:34 2010
New Revision: 905319

URL: http://svn.apache.org/viewvc?rev=905319&view=rev
Log:
oops, this was supposed to get checked in on Friday ... testing a rule for SARE related to recent thread at http://old.nabble.com/forum/ViewPost.jtp?post=27358856&framed=y

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_experimental.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_experimental.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_experimental.cf?rev=905319&r1=905318&r2=905319&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_experimental.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_experimental.cf Mon Feb  1 16:03:34 2010
@@ -4,7 +4,7 @@
 describe MALFORMED_FREEMAIL	Bad headers on message from free email service
 #score	 MALFORMED_FREEMAIL	0.1
 
-header	 FROM_WEBSITE	From =~ /\b(?:f|ht)tps?:\/\/[^\/\@]{3,60}\.\w\w/i
+header	 FROM_WEBSITE	From =~ m'\b(?:f|ht)tps?://[^/\@]{3,60}\.\w\w'i
 describe FROM_WEBSITE	Sender name appears to be a link
 header	 FROM_WWW	From:name =~ /\bwww\.[^\/\@]{3,60}\.\w\w/i
 describe FROM_WWW	Sender name appears to be a website
@@ -69,3 +69,24 @@
 describe LACNIC_ALL_CAPS Latino users sometimes write mail in all uppercase
 tflags	 LACNIC_ALL_CAPS nice nopublish
 
+header	 __LONG_NOBR_ADDR	From:addr =~ /[a-zA-Z0-9]{20,}\@/i
+meta LONG_FREEMAIL_ADDR  __LONG_NOBR_ADDR && FREEMAIL_FROM && !__freemail_safe
+describe LONG_FREEMAIL_ADDR	Freemail address has 20+ unbroken characters
+
+header	 __HOTMAIL_HELO	Received =~ /from ([A-Z]{3})\d[^.]+ [^\n]+ by \1\d+-[^\n ]+\.\1\d+\.hotmail\.com with Microsoft/i
+tflags	 __HOTMAIL_HELO 	nice
+# 1 & 2 are in 20_head_tests.cf ... this one doesn't use eval rules
+meta	 FORGED_HOTMAIL_RCVD3	__HOST_HOTMAIL && (!__HOTMAIL_HELO || __DOS_SINGLE_EXT_RELAY)
+
+# As cross-posted between sa-users list and sare-users list at
+# http://old.nabble.com/forum/ViewPost.jtp?post=27358692&framed=y
+# SARE_RECV_SPAM_DOMN0b examines all received headers for a dynamic host on
+# hinet, which is unfair and likely unneccessary given we can do about as well
+# with this safer version.  It also appears that people think this rule useful
+# even today, so I'm testing it here.  The rDNS dynamic tests will likely trump.
+header SARE_RECV_SPAM_DOMN0B Received =~ /\bdynamic.hinet\.(?:com|net|org|info)/
+tflags SARE_RECV_SPAM_DOMN0B	nopublish
+header SARE_RECV_SPAM_DOMN0B2	X-Spam-Relays-External =~ /^[^\]]+ rdns=[^ ]{0,25}\bdynamic.hinet\.(?:com|net|org|info)(?:\.tw)? /
+tflags SARE_RECV_SPAM_DOMN0B2	nopublish
+header SARE_RECV_SPAM_DOMN0B3	X-Spam-Relays-External =~ /^[^\]]+ rdns=[^ ]{0,25}\bdynamic.hinet\.net /
+tflags SARE_RECV_SPAM_DOMN0B3	nopublish