You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/01/02 21:14:29 UTC

svn commit: r491924 - /spamassassin/rules/trunk/sandbox/jm/20_basic.cf

Author: jm
Date: Tue Jan  2 12:14:29 2007
New Revision: 491924

URL: http://svn.apache.org/viewvc?view=rev&rev=491924
Log:
rules; remove TRIAL_COMMUNIGATE from lack of hits, and the ARIAL_3 one from dangerous FPs; add a few new stupid-HELO-tricks rules

Modified:
    spamassassin/rules/trunk/sandbox/jm/20_basic.cf

Modified: spamassassin/rules/trunk/sandbox/jm/20_basic.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_basic.cf?view=diff&rev=491924&r1=491923&r2=491924
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_basic.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_basic.cf Tue Jan  2 12:14:29 2007
@@ -157,6 +157,12 @@
 header __NAKED_TO   To =~ /^[^\s<>]+\@[^\s<>]+$/
 meta JM_TORA_XM     (__MAILER_OL_6626 && __MOLE_2962 && __NAKED_TO)
 
+# HELO as localhost.  we should really be rejecting this at MTA, but hey.
+# it seems most of us let these slip through our MTA configs; 3% of spam, no FPs
+header HELO_LOCALHOST   X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost /i
+
+full DIV_CENTER_A_HREF  /<DIV align=3Dcenter><A href=3D=\n/
+
 # ---------------------------------------------------------------------------
 # Testing bit
 
@@ -202,13 +208,12 @@
 header __MULTIPART_RELATED Content-Type =~ /multipart\/related/
 meta OE_MULTIPART_RELATED (__OE_MUA && __MULTIPART_RELATED)
 
-# a blast from the past
-full TRIAL_COMMUNIGATE  /\*This message was transferred with a trial version of CommuniGate\(tm\) Pro\*/s
-
-# some handy obvious template droppings or obfuscation attempts
-full DIV_FONT_ARIAL_3   /\n<DIV><FONT face=3DArial size=3D3>/
-full DIV_CENTER_A_HREF  /<DIV align=3Dcenter><A href=3D=\n/
-
-# wow, I should really be rejecting this at MTA, but hey
-header HELO_LOCALHOST   X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost /i
+# more trials of bad HELO strings
+header HELO_LH_LD   X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost\.localdomain /i
+header HELO_LH_HOME X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+\.(?:home|lan) /i
+header HELO_FRIEND  X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=friend /i
+header HELO_PC  X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=pc /i
+header HELO_NODOT  X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^.]+ /i
+header HELO_ADMIN  X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=admin\S* /i
+header HELO_OEM  X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=oem\S* /i