You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/07/05 13:11:14 UTC
svn commit: r553455 - in /spamassassin/rules/trunk/sandbox:
emailed/99_alex_dev.cf felicity/70_dnswl.cf felicity/70_iadb.cf
jm/20_basic.cf jm/20_dob.cf jm/20_xmailer.cf jm/70_tt_drugs.cf
Author: jm
Date: Thu Jul 5 04:11:13 2007
New Revision: 553455
URL: http://svn.apache.org/viewvc?view=rev&rev=553455
Log:
bug 5545: revert r553259, r553226, r553206, r553204, r553200, back to previous 'tflags publish' behaviour in all sandbox rules
Modified:
spamassassin/rules/trunk/sandbox/emailed/99_alex_dev.cf
spamassassin/rules/trunk/sandbox/felicity/70_dnswl.cf
spamassassin/rules/trunk/sandbox/felicity/70_iadb.cf
spamassassin/rules/trunk/sandbox/jm/20_basic.cf
spamassassin/rules/trunk/sandbox/jm/20_dob.cf
spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf
spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf
Modified: spamassassin/rules/trunk/sandbox/emailed/99_alex_dev.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/emailed/99_alex_dev.cf?view=diff&rev=553455&r1=553454&r2=553455
==============================================================================
--- spamassassin/rules/trunk/sandbox/emailed/99_alex_dev.cf (original)
+++ spamassassin/rules/trunk/sandbox/emailed/99_alex_dev.cf Thu Jul 5 04:11:13 2007
@@ -1,53 +1,52 @@
header AXB_RCVD_ZOONAT Received =~ /\bwith SMTP id [A-Za-z]{14}\.[0-9]{13}\;/
describe AXB_RCVD_ZOONAT Moscato Fingerprint
-tflags AXB_RCVD_ZOONAT publish
-#score AXB_RCVD_ZOONAT 1.0
+##score AXB_RCVD_ZOONAT 1.0
#counts AXB_XRCVD_ZOONAT 569s/0h of 38722 corpus (34129s/4593h AxB2) 06/02/07
header AXB_RCVD_ZOOBSEND Received =~ /\(\ssendmail\b/
describe AXB_RCVD_ZOOBSEND Barolo Fingerprint
-tflags AXB_RCVD_ZOOBSEND publish
-#score AXB_RCVD_ZOOBSEND 1.0
+##score AXB_RCVD_ZOOBSEND 1.0
#counts AXB_RCVD_ZOOBSEND 322s/0h of 14842 corpus (10251s/4591h AxB2) 05/02/07
header AXB_XTIDX_CHAIN Thread-Index =~ /(?:\*|\<\>|\)|\()/
describe AXB_XTIDX_CHAIN Montepulciano Fingerprint
-tflags AXB_XTIDX_CHAIN publish
-#score AXB_XTIDX_CHAIN 1.0
+##score AXB_XTIDX_CHAIN 1.0
header AXB_XM_SENDMAIL_NOT Received =~ /\([123456790]{1,2}\.[0-9]{1,2}\.[0-9]{1}\/[0-9]{1,2}\.[0-9]{2}\.[0-9]{1}\)/
describe AXB_XM_SENDMAIL_NOT Nebbiolo fingerprint
-tflags AXB_XM_SENDMAIL_NOT publish
-#score AXB_XM_SENDMAIL_NOT 1.0
+##score AXB_XM_SENDMAIL_NOT 1.0
#counts AXB_XM_SENDMAIL_NOT 10467s/0h of 41392 corpus (36780s/4612h AxB2) 02/17/07
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader AXB_MIME_IMG830 Content-ID =~ /^<[0-9a-f]{30}\@/
describe AXB_MIME_IMG830 Valpolicella Fingerprint
-tflags AXB_MIME_IMG830 publish
-#score AXB_MIME_IMG830 1.0
+##score AXB_MIME_IMG830 1.0
#counts AXB_MIME_IMG830 527s/0h of 27479 corpus (22876s/4603h AxB2) 02/15/07
#counts AXB_MIME_IMG830 3s/0h of 9878 corpus (4619s/5259h AxB) 02/15/07
endif
header AXB_XMID_1510 Message-Id =~ /<[0-9A-F]{15}\.[0-9A-F]{10}\@/
describe AXB_XMID_1510 Brunello Fingerprint
-tflags AXB_XMID_1510 publish
-#score AXB_XMID_1510 1.0
+##score AXB_XMID_1510 1.0
#counts AXB_XMID_1510 10s/0h of 98258 corpus (93666s/4592h AxB2) 11/28/06
header AXB_XMID_1212 Message-Id =~ /^<[0-9]{12}\.[0-9]{12}\@/
describe AXB_XMID_1212 Barbera Fingerprint
-tflags AXB_XMID_1212 publish
-#score AXB_XMID_1212 1.0
+##score AXB_XMID_1212 1.0
# counts AXB_XMID_1212 63s/0h of 98258 corpus (93666s/4592h AxB2) 11/28/06
header AXB_XMID_OEGOESNULL Message-ID =~ /^<[0-9-a-f]{12}\$[0-9-a-f]{8}\$[0]{8}\@/
describe AXB_XMID_OEGOESNULL Amarone Fingerprint
-tflags AXB_XMID_OEGOESNULL publish
-#score AXB_XMID_OEGOESNULL 1.0
-#counts AXB_XMID_OEGOESNULL 14476s/0h of 98258 corpus (93666s/4592h AxB2) 11/28/06
\ No newline at end of file
+##score AXB_XMID_OEGOESNULL 1.0
+#counts AXB_XMID_OEGOESNULL 14476s/0h of 98258 corpus (93666s/4592h AxB2) 11/28/06
+
+
+
+
+
+
+
Modified: spamassassin/rules/trunk/sandbox/felicity/70_dnswl.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/70_dnswl.cf?view=diff&rev=553455&r1=553454&r2=553455
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_dnswl.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_dnswl.cf Thu Jul 5 04:11:13 2007
@@ -31,19 +31,19 @@
# 0.163 0.0000 0.9574 0.000 0.00 -4.00 T_RCVD_IN_DNSWL_MED
header __RCVD_IN_DNSWL eval:check_rbl('dnswl-firsttrusted', 'list.dnswl.org.')
-tflags __RCVD_IN_DNSWL net nice publish
+tflags __RCVD_IN_DNSWL nice net
header RCVD_IN_DNSWL_LOW eval:check_rbl_sub('dnswl-firsttrusted', '127.0.\d+.1')
describe RCVD_IN_DNSWL_LOW Sender listed at http://www.dnswl.org/, low trust
-tflags RCVD_IN_DNSWL_LOW net nice publish
+tflags RCVD_IN_DNSWL_LOW nice net
header RCVD_IN_DNSWL_MED eval:check_rbl_sub('dnswl-firsttrusted', '127.0.\d+.2')
describe RCVD_IN_DNSWL_MED Sender listed at http://www.dnswl.org/, medium trust
-tflags RCVD_IN_DNSWL_MED net nice publish
+tflags RCVD_IN_DNSWL_MED nice net
header RCVD_IN_DNSWL_HI eval:check_rbl_sub('dnswl-firsttrusted', '127.0.\d+.3')
describe RCVD_IN_DNSWL_HI Sender listed at http://www.dnswl.org/, high trust
-tflags RCVD_IN_DNSWL_HI net nice publish
+tflags RCVD_IN_DNSWL_HI nice net
## score RCVD_IN_DNSWL_LOW -1
## score RCVD_IN_DNSWL_MED -4
Modified: spamassassin/rules/trunk/sandbox/felicity/70_iadb.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/felicity/70_iadb.cf?view=diff&rev=553455&r1=553454&r2=553455
==============================================================================
--- spamassassin/rules/trunk/sandbox/felicity/70_iadb.cf (original)
+++ spamassassin/rules/trunk/sandbox/felicity/70_iadb.cf Thu Jul 5 04:11:13 2007
@@ -65,134 +65,134 @@
## these commented sections are already included in 20_dnsbl_tests.cf
#
#header __RCVD_IN_IADB eval:check_rbl('iadb-firsttrusted', 'iadb.isipp.com.')
-#tflags __RCVD_IN_IADB net nice publish
+#tflags __RCVD_IN_IADB net nice
#
#header RCVD_IN_IADB_VOUCHED eval:check_rbl_sub('iadb-firsttrusted', '^127.0.1.255$')
#describe RCVD_IN_IADB_VOUCHED ISIPP IADB lists as vouched-for sender
-#tflags RCVD_IN_IADB_VOUCHED net nice publish
+#tflags RCVD_IN_IADB_VOUCHED net nice
header RCVD_IN_IADB_LISTED eval:check_rbl_sub('iadb-firsttrusted', '^127.0.0.[12]$')
describe RCVD_IN_IADB_LISTED Participates in the IADB system
-tflags RCVD_IN_IADB_LISTED net nice publish
+tflags RCVD_IN_IADB_LISTED net nice
###########################################################################
header RCVD_IN_IADB_EDDB eval:check_rbl_sub('iadb-firsttrusted', '^127.0.2.1$')
describe RCVD_IN_IADB_EDDB IADB: Participates in Email Deliverability Database
-tflags RCVD_IN_IADB_EDDB net nice publish
+tflags RCVD_IN_IADB_EDDB net nice
header RCVD_IN_IADB_EPIA eval:check_rbl_sub('iadb-firsttrusted', '^127.0.2.2$')
describe RCVD_IN_IADB_EPIA IADB: Member of Email Processing Industry Alliance
-tflags RCVD_IN_IADB_EPIA net nice publish
+tflags RCVD_IN_IADB_EPIA net nice
header RCVD_IN_IADB_SPF eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.1$')
describe RCVD_IN_IADB_SPF IADB: Sender publishes SPF record
-tflags RCVD_IN_IADB_SPF net nice publish
+tflags RCVD_IN_IADB_SPF net nice
header RCVD_IN_IADB_SENDERID eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.2$')
describe RCVD_IN_IADB_SENDERID IADB: Sender publishes Sender ID record
-tflags RCVD_IN_IADB_SENDERID net nice publish
+tflags RCVD_IN_IADB_SENDERID net nice
header RCVD_IN_IADB_DK eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.3$')
describe RCVD_IN_IADB_DK IADB: Sender publishes Domain Keys record
-tflags RCVD_IN_IADB_DK net nice publish
+tflags RCVD_IN_IADB_DK net nice
header RCVD_IN_IADB_RDNS eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.4$')
describe RCVD_IN_IADB_RDNS IADB: Sender has reverse DNS record
-tflags RCVD_IN_IADB_RDNS net nice publish
+tflags RCVD_IN_IADB_RDNS net nice
# we already check for this
#header RCVD_IN_IADB_HABEAS eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.101$')
#describe RCVD_IN_IADB_HABEAS IADB: Sender participates in Habeas program
-#tflags RCVD_IN_IADB_HABEAS net nice publish
+#tflags RCVD_IN_IADB_HABEAS net nice
# we already check for this
#header RCVD_IN_IADB_BONDEDSENDER eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.102$')
#describe RCVD_IN_AIDB_BONDEDSENDER IADB: Sender participates in Bonded Sender program
-#tflags RCVD_IN_IADB_BONDEDSENDER net nice publish
+#tflags RCVD_IN_IADB_BONDEDSENDER net nice
header RCVD_IN_IADB_GOODMAIL eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.103$')
describe RCVD_IN_IADB_GOODMAIL IADB: Sender has been certified by GoodMail
-tflags RCVD_IN_IADB_GOODMAIL net nice publish
+tflags RCVD_IN_IADB_GOODMAIL net nice
###########################################################################
header RCVD_IN_IADB_NOCONTROL eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.0$')
describe RCVD_IN_IADB_NOCONTROL IADB: Has absolutely no mailing controls in place
-tflags RCVD_IN_IADB_NOCONTROL net nice publish
+tflags RCVD_IN_IADB_NOCONTROL net nice
header RCVD_IN_IADB_OPTOUTONLY eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.1$')
describe RCVD_IN_IADB_OPTOUTONLY IADB: Scrapes addresses, pure opt-out only
-tflags RCVD_IN_IADB_OPTOUTONLY net nice publish
+tflags RCVD_IN_IADB_OPTOUTONLY net nice
header RCVD_IN_IADB_UNVERIFIED_1 eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.2$')
describe RCVD_IN_IADB_UNVERIFIED_1 IADB: Accepts unverified sign-ups
-tflags RCVD_IN_IADB_UNVERIFIED_1 net nice publish
+tflags RCVD_IN_IADB_UNVERIFIED_1 net nice
header RCVD_IN_IADB_UNVERIFIED_2 eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.3$')
describe RCVD_IN_IADB_UNVERIFIED_2 IADB: Accepts unverified sign-ups, gives chance to opt out
-tflags RCVD_IN_IADB_UNVERIFIED_2 net nice publish
+tflags RCVD_IN_IADB_UNVERIFIED_2 net nice
header RCVD_IN_IADB_LOOSE eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.4$')
describe RCVD_IN_IADB_LOOSE IADB: Adds relationship addrs w/out opt-in
-tflags RCVD_IN_IADB_LOOSE net nice publish
+tflags RCVD_IN_IADB_LOOSE net nice
header RCVD_IN_IADB_OPTIN_LT50 eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.5$')
describe RCVD_IN_IADB_OPTIN_LT50 IADB: Opt-in used less than 50% of the time
-tflags RCVD_IN_IADB_OPTIN_LT50 net nice publish
+tflags RCVD_IN_IADB_OPTIN_LT50 net nice
header RCVD_IN_IADB_OPTIN_GT50 eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.6$')
describe RCVD_IN_IADB_OPTIN_GT50 IADB: Opt-in used more than 50% of the time
-tflags RCVD_IN_IADB_OPTIN_GT50 net nice publish
+tflags RCVD_IN_IADB_OPTIN_GT50 net nice
header RCVD_IN_IADB_OPTIN eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.7$')
describe RCVD_IN_IADB_OPTIN IADB: All mailing list mail is opt-in
-tflags RCVD_IN_IADB_OPTIN net nice publish
+tflags RCVD_IN_IADB_OPTIN net nice
header RCVD_IN_IADB_DOPTIN_LT50 eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.8$')
describe RCVD_IN_IADB_DOPTIN_LT50 IADB: Confirmed opt-in used less than 50% of the time
-tflags RCVD_IN_IADB_DOPTIN_LT50 net nice publish
+tflags RCVD_IN_IADB_DOPTIN_LT50 net nice
header RCVD_IN_IADB_DOPTIN_GT50 eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.9$')
describe RCVD_IN_IADB_DOPTIN_GT50 IADB: Confirmed opt-in used more than 50% of the time
-tflags RCVD_IN_IADB_DOPTIN_GT50 net nice publish
+tflags RCVD_IN_IADB_DOPTIN_GT50 net nice
header RCVD_IN_IADB_DOPTIN eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.10$')
describe RCVD_IN_IADB_DOPTIN IADB: All mailing list mail is confirmed opt-in
-tflags RCVD_IN_IADB_DOPTIN net nice publish
+tflags RCVD_IN_IADB_DOPTIN net nice
header RCVD_IN_IADB_ML_DOPTIN eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.100$')
describe RCVD_IN_IADB_ML_DOPTIN IADB: Mailing list email only, confirmed opt-in
-tflags RCVD_IN_IADB_ML_DOPTIN net nice publish
+tflags RCVD_IN_IADB_ML_DOPTIN net nice
header RCVD_IN_IADB_OOO eval:check_rbl_sub('iadb-firsttrusted', '^127.3.100.200$')
describe RCVD_IN_IADB_OOO IADB: One-to-one/transactional email only
-tflags RCVD_IN_IADB_OOO net nice publish
+tflags RCVD_IN_IADB_OOO net nice
###########################################################################
header RCVD_IN_IADB_MI_CPEAR eval:check_rbl_sub('iadb-firsttrusted', '^127.101.1.10$')
describe RCVD_IN_IADB_MI_CPEAR IADB: Complies with Michigan's CPEAR law
-tflags RCVD_IN_IADB_MI_CPEAR net nice publish
+tflags RCVD_IN_IADB_MI_CPEAR net nice
header RCVD_IN_IADB_UT_CPEAR eval:check_rbl_sub('iadb-firsttrusted', '^127.101.2.10$')
describe RCVD_IN_IADB_UT_CPEAR IADB: Complies with Utah's CPEAR law
-tflags RCVD_IN_IADB_UT_CPEAR net nice publish
+tflags RCVD_IN_IADB_UT_CPEAR net nice
header RCVD_IN_IADB_MI_CPR_30 eval:check_rbl_sub('iadb-firsttrusted', '^127.101.101.10$')
describe RCVD_IN_IADB_MI_CPR_30 IADB: Checked lists against Michigan's CPR within 30 days
-tflags RCVD_IN_IADB_MI_CPR_30 net nice publish
+tflags RCVD_IN_IADB_MI_CPR_30 net nice
header RCVD_IN_IADB_UT_CPR_30 eval:check_rbl_sub('iadb-firsttrusted', '^127.101.102.10$')
describe RCVD_IN_IADB_UT_CPR_30 IADB: Checked lists against Utah's CPR within 30 days
-tflags RCVD_IN_IADB_UT_CPR_30 net nice publish
+tflags RCVD_IN_IADB_UT_CPR_30 net nice
header RCVD_IN_IADB_MI_CPR_MAT eval:check_rbl_sub('iadb-firsttrusted', '^127.101.201.10$')
describe RCVD_IN_IADB_MI_CPR_MAT IADB: Sends no material under Michigan's CPR
-tflags RCVD_IN_IADB_MI_CPR_MAT net nice publish
+tflags RCVD_IN_IADB_MI_CPR_MAT net nice
header RCVD_IN_IADB_UT_CPR_MAT eval:check_rbl_sub('iadb-firsttrusted', '^127.101.202.10$')
describe RCVD_IN_IADB_UT_CPR_MAT IADB: Sends no material under Utah's CPR
-tflags RCVD_IN_IADB_UT_CPR_MAT net nice publish
+tflags RCVD_IN_IADB_UT_CPR_MAT net nice
endif
Modified: spamassassin/rules/trunk/sandbox/jm/20_basic.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_basic.cf?view=diff&rev=553455&r1=553454&r2=553455
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_basic.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_basic.cf Thu Jul 5 04:11:13 2007
@@ -4,36 +4,29 @@
# compiler will take care of the hard work of copying them around for me, while
# they're still working well.
-tflags MID_DEGREES publish
header MID_DEGREES Message-ID =~ /^<\d{14}\.[A-F0-9]{10}\@[A-Z0-9]+>$/
## score MID_DEGREES 3
-tflags URI_L_PHP publish
uri URI_L_PHP /\/l\.php\?\d/
# from Clifton
# Been seeing broken message IDs for a long time, e.g. Message-Id<KKdj[20
# usually/always? associated with an empty message. Suspect broken spamware.
header TT_MSGID_TRUNC Message-Id =~ /^\s*<?[^<>\s]+\[\d+$/
-tflags TT_MSGID_TRUNC publish
describe TT_MSGID_TRUNC Scora: Message-Id ends after left-bracket + digits
# testing for Dave Funk (mail of 11/16); compare with AXB_FAKETZ, GMD_FAKETZ.
# pretty good; less FPs than AXB_FAKETZ, however, same FP level but less 0.01%
# less hits than GMD_FAKETZ, so that's still better
-tflags L_SPAM_TOOL_13 publish
header L_SPAM_TOOL_13 Date =~ /\s[+-]\d(?![2358]45)\d[124-9]\d$/
## score L_SPAM_TOOL_13 3.0
# broken spamware sending spam with headers in the body
-tflags BROKEN_RATWARE_BOM publish
body BROKEN_RATWARE_BOM /^\xEF\xBB\xBFMessage-ID:/
# persistent spamhaus, getting past a lot of bad stuff
-tflags RCVD_LSO_SND publish
header RCVD_LSO_SND X-Spam-Relays-Untrusted =~ /rdns=\S+\.lso-snd\.com /
-tflags JM_RCVD_QMAILV1 publish
header JM_RCVD_QMAILV1 Received =~ /by \S+ \(Qmailv1\) with ESMTP/
# ---------------------------------------------------------------------------
@@ -63,19 +56,16 @@
mimeheader __PART_STOCK_CD_F Content-Disposition =~ /filename/
meta PART_CID_STOCK (__ANY_IMAGE_ATTACH&&__PART_STOCK_CID&&!__PART_STOCK_CL&&!__PART_STOCK_CD_F)
-tflags PART_CID_STOCK publish
describe PART_CID_STOCK Has a spammy image attachment (by Content-ID)
## score PART_CID_STOCK 2.0
# more specific, 0 ham hits
mimeheader __PART_CID_STOCK_LESS Content-ID =~ /^<00[a-f0-9]{10}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[A-Za-z]+>$/
meta PART_CID_STOCK_LESS (__ANY_IMAGE_ATTACH&&__PART_CID_STOCK_LESS)
-tflags PART_CID_STOCK_LESS publish
describe PART_CID_STOCK_LESS Has a spammy image attachment (by Content-ID, more specific)
## score PART_CID_STOCK_LESS 2.0
mimeheader CTYPE_1SPACE_GIF Content-Type:raw =~ /image\/gif;\n name=\".+?\"\s*$/s
-tflags CTYPE_1SPACE_GIF publish
describe CTYPE_1SPACE_GIF Stock spam image part 'Content-Type' found
## score CTYPE_1SPACE_GIF 1.0
@@ -83,53 +73,44 @@
# catches "by jmason.org with esmtp (;4OZ*/H/)>7. 4.2-+*)" gibberish
header RCVD_FORGED_WROTE Received =~ / by \S+ with esmtp \([^a-z ]{6,} [^a-z ]{3,}\) id/
-tflags RCVD_FORGED_WROTE publish
describe RCVD_FORGED_WROTE Forged 'Received' header found ('wrote:' spam)
## score RCVD_FORGED_WROTE 2.8
header __MIMEOLE_1106 X-MimeOLE =~ /^Produced By Microsoft MimeOLE V6.00.2800.1106$/
header __MAILER_OL_5510 X-Mailer =~ /^Microsoft Office Outlook, Build 11.0.5510$/
meta DRUGS_STOCK_MIMEOLE (__MIMEOLE_1106 && __MAILER_OL_5510)
-tflags DRUGS_STOCK_MIMEOLE publish
describe DRUGS_STOCK_MIMEOLE Stock-spam forged headers found (5510)
## score DRUGS_STOCK_MIMEOLE 2.0
# Suresh: 'Finding "mail.com", "post.com" etc in a received header is ALWAYS bogus'
header RCVD_MAIL_COM Received =~ /[\s\(\[](?:post|mail)\.com[\s\)\]]/is
-tflags RCVD_MAIL_COM publish
describe RCVD_MAIL_COM Forged Received header (contains post.com or mail.com)
## score RCVD_MAIL_COM 3.0
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader CTYPE_8SPACE_GIF Content-Type:raw =~ /^image\/gif;\n {8}name=\".+?\"$/s
-tflags CTYPE_8SPACE_GIF publish
describe CTYPE_8SPACE_GIF Stock spam image part 'Content-Type' found (8 spc)
## score CTYPE_8SPACE_GIF 2.0
endif
header OUTLOOK_3416 X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.3416$/
-tflags OUTLOOK_3416 publish
describe OUTLOOK_3416 Claims to be sent by an unusual build of Outlook (3416)
## score OUTLOOK_3416 2.0
# this seems to appear with a faked 'Microsoft Office Outlook' X-Mailer
-tflags MID_14DIGITS_HEX publish
header MID_14DIGITS_HEX Message-ID =~ /^<[0-9]{14}\.[A-F0-9]{10}\@[0-9A-Z]+$/
## score MID_14DIGITS_HEX 2.8
header __HELO_NO_DOMAIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^\.]+ /
meta STOCK_IMG_HDR_FROM (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&TVD_FW_GRAPHIC_ID1&&__HTML_IMG_ONLY)
-tflags STOCK_IMG_HDR_FROM publish
describe STOCK_IMG_HDR_FROM Stock spam image part, with distinctive From line
meta STOCK_IMG_HTML (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__PART_STOCK_CID&&__HTML_IMG_ONLY)
-tflags STOCK_IMG_HTML publish
describe STOCK_IMG_HTML Stock spam image part, with distinctive HTML
header __XM_MS_IN_GENERAL X-Mailer =~ /\bMSCRM\b|Microsoft (?:CDO|Outlook|Office Outlook)\b/
meta STOCK_IMG_OUTLOOK (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__XM_MS_IN_GENERAL&&__HTML_LENGTH_1536_2048)
-tflags STOCK_IMG_OUTLOOK publish
describe STOCK_IMG_OUTLOOK Stock spam image part, with Outlook-like features
# Spammy X-Mailer version strings; no longer seen in ham, due to MS'
@@ -144,78 +125,61 @@
header __XM_OL_10_0_4115 X-Mailer =~ /^Microsoft Outlook, Build 10.0.4115$/
header __XM_OL_4_72_2106_4 X-Mailer =~ /^Microsoft Outlook Express 4.72.2106.4$/
meta SPAMMY_XMAILER (__XM_OL_29196700||__XM_OL_48071700||__XM_OL_28001441||__XM_OL_29196600||__XM_OL_49631700||__XM_OL_48072300||__XM_OL_28004682||__XM_OL_10_0_4115||__XM_OL_4_72_2106_4)
-tflags SPAMMY_XMAILER publish
describe SPAMMY_XMAILER X-Mailer string is common in spam and not in ham
meta SHORT_HELO_AND_INLINE_IMAGE (__HELO_NO_DOMAIN && __ANY_IMAGE_ATTACH)
-tflags SHORT_HELO_AND_INLINE_IMAGE publish
describe SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
# backported to here
# ---------------------------------------------------------------------------
meta DYN_RDNS_AND_INLINE_IMAGE (RDNS_DYNAMIC && __ANY_IMAGE_ATTACH)
-tflags DYN_RDNS_AND_INLINE_IMAGE publish
describe DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic rDNS
meta DYN_RDNS_SHORT_HELO_HTML (__HELO_NO_DOMAIN && RDNS_DYNAMIC && HTML_MESSAGE)
-tflags DYN_RDNS_SHORT_HELO_HTML publish
describe DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
meta DYN_RDNS_SHORT_HELO_IMAGE (__HELO_NO_DOMAIN && RDNS_DYNAMIC && __ANY_IMAGE_ATTACH)
-tflags DYN_RDNS_SHORT_HELO_IMAGE publish
describe DYN_RDNS_SHORT_HELO_IMAGE Short HELO string, dynamic rDNS, inline image
header __HDR_ORDER_FTSDMCXXXX ALL =~ /\nFrom: .{1,80}?\nTo: .{1,80}?\nSubject: .{1,200}?\nDate: .{1,40}?\nMIME-Version: .{1,40}?\nContent-Type: .{1,120}?\nX-Priority: .{1,40}?\nX-MSMail-Priority: .{1,40}?\nX-Mailer: .{1,80}?\nX-MimeOLE:/s
header __MID_START_001C Message-ID =~ /^<000001c/
meta HDR_ORDER_FTSDMCXX_BAT (__HDR_ORDER_FTSDMCXXXX && __BAT_BOUNDARY)
-tflags HDR_ORDER_FTSDMCXX_BAT publish
describe HDR_ORDER_FTSDMCXX_BAT Header order similar to spam (FTSDMCXX/boundary variant)
meta HDR_ORDER_FTSDMCXX_001C (__HDR_ORDER_FTSDMCXXXX && __MID_START_001C)
-tflags HDR_ORDER_FTSDMCXX_001C publish
describe HDR_ORDER_FTSDMCXX_001C Header order similar to spam (FTSDMCXX/MID variant)
# "Tora" spam
header __MAILER_OL_6626 X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.6626$/
header __MOLE_2962 X-MimeOLE =~ /^Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962$/
header __NAKED_TO To =~ /^[^\s<>]+\@[^\s<>]+$/
-tflags JM_TORA_XM publish
meta JM_TORA_XM (__MAILER_OL_6626 && __MOLE_2962 && __NAKED_TO)
# HELO as localhost. we should really be rejecting this at MTA, but hey.
# it seems most of us let these slip through our MTA configs; 3% of spam, no FPs
-tflags HELO_LOCALHOST publish
header HELO_LOCALHOST X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost /i
-tflags DIV_CENTER_A_HREF publish
full DIV_CENTER_A_HREF /<DIV align=3Dcenter><A href=3D=\n/
-tflags HELO_OEM publish
header HELO_OEM X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=(?:pc|oem\S*) /i
-tflags YOUR_CRD_RATING publish
body YOUR_CRD_RATING /Your cr[d\.]* (?:scor|rat)ing doesn.t matter/
body __DEAR_HOMEOWNER /\bDear Home Owner\b/
body __APPROVAL_MGR /\bApproval Manager\b/
body __YOUR_MONTHLY /\byour monthly payments by\b/
-tflags DEAR_HOMEOWNER publish
meta DEAR_HOMEOWNER (__DEAR_HOMEOWNER+__APPROVAL_MGR+__YOUR_MONTHLY == 3)
-tflags HELO_FRIEND publish
header HELO_FRIEND X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=friend /i
-tflags MIME_BOUND_EQ_REL publish
header MIME_BOUND_EQ_REL Content-Type =~ /boundary="=====================_\d+==\.REL"/s
body __DBLCLAIM /avoid double claiming/
body __CASHPRZ /cash prize of/
-tflags LOTTERY_1 publish
meta LOTTERY_1 (__DBLCLAIM && __CASHPRZ)
# blast from the past! seen in the recent "PUBLICIDAD POR EMAIL" spam
-tflags X_LIBRARY publish
header X_LIBRARY X-Library =~ /^Indy/
# ---------------------------------------------------------------------------
@@ -230,38 +194,27 @@
endif
meta STOCK_IMG_CTYPE (__ANY_IMAGE_ATTACH&&__ENV_AND_HDR_FROM_MATCH&&__CTYPE_ONETAB_GIF&&__HTML_IMG_ONLY)
-tflags STOCK_IMG_CTYPE publish
describe STOCK_IMG_CTYPE Stock spam image part, with distinctive Content-Type header
# this is a trick from Spambouncer -- thx Catherine!
uri __HAS_ANY_URI /./
body __HAS_ANY_EMAIL /\w@\S+\.\w/
-tflags SB_GIF_AND_NO_URIS publish
meta SB_GIF_AND_NO_URIS (__GIF_ATTACH&&!__HAS_ANY_URI&&!__HAS_ANY_EMAIL)
# note: no dots allowed in hostname
-tflags MID_START_001C_2 publish
header MID_START_001C_2 Message-ID =~ /^<000001c[a-f0-9]{5}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[A-Za-z0-9_]{2,16}$/
-tflags MID_START_001C_3 publish
header MID_START_001C_3 Message-ID =~ /^<000001c[a-f0-9]{5}\$[a-f0-9]{8}\$[a-f0-9]{8}\@[a-z]{4,8}$/
-tflags MID_START_001C_LOCALHOST publish
header MID_START_001C_LOCALHOST Message-ID =~ /^<000001c[a-f0-9]{5}\$[a-f0-9]{8}\$[a-f0-9]{8}\@localhost$/
-tflags CTYPE_001C_A publish
header CTYPE_001C_A Content-Type =~ /multipart.{0,200}boundary=\"----=_NextPart_000_0001_01C[0-9A-F]{5}\.[0-9A-F]{7}0\"/
-tflags CTYPE_001C_B publish
header CTYPE_001C_B Content-Type =~ /multipart.{0,200}boundary=\"----=_NextPart_000_0000_01C[0-9A-F]{5}\.[0-9A-F]{7}0\"/
header __MSOE_MID_WRONG_CASE ALL =~ /\nMessage-Id: /
header __XM_OUTLOOK_EXPRESS X-Mailer =~ /^Microsoft Outlook Express \d/
-tflags MSOE_MID_WRONG_CASE publish
meta MSOE_MID_WRONG_CASE (__XM_OUTLOOK_EXPRESS && __MSOE_MID_WRONG_CASE && !__MIMEOLE_1106)
-tflags STOX_REPLY_TYPE publish
header STOX_REPLY_TYPE Content-Type =~ /text\/plain; .* reply-type=original/
-tflags CURR_PRICE publish
body CURR_PRICE /\bCurrent Price:/
-tflags STOX_AND_PRICE publish
meta STOX_AND_PRICE CURR_PRICE && STOX_REPLY_TYPE
# bug 5224: basic OE multipart/related check. see what the overlaps
@@ -271,15 +224,11 @@
tflags OE_MULTIPART_RELATED nopublish
# more trials of bad HELO strings
-tflags HELO_LH_LD publish
header HELO_LH_LD X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost\.localdomain /i
-tflags HELO_LH_HOME publish
header HELO_LH_HOME X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+\.(?:home|lan) /i
-tflags HELO_ADMIN publish
header HELO_ADMIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=admin\S* /i
# aim at the 'Dear Home Owner' spam
-tflags RCVD_FROM_EXTRA_SPC publish
header RCVD_FROM_EXTRA_SPC Received =~ /^from [a-zA-Z]/
# requested experiment: PBL hitrates on URIs
@@ -296,27 +245,22 @@
uri __URI_C_VAL /^https?:[\/\\]*[0-9a-z\#\.-]{5,99}($|\/|\#|\?|\;\|:)/i
uri __URI_C_HTTP /^http/i
meta URI_C_DOM_ODD __URI_C_HTTP && !__URI_C_VAL
-tflags URI_C_DOM_ODD publish
describe URI_C_DOM_ODD fscked domain name
body __DRUG_RA_PRICE1 /\S{3,}ra \D{0,4}3\D{0,4}35\b/
body __DRUG_RA_PRICE2 / remove \"/i
-tflags DRUG_RA_PRICE publish
meta DRUG_RA_PRICE (__DRUG_RA_PRICE1 && __DRUG_RA_PRICE2)
# interesting template, thanks Jeff
-tflags TEMPLATE_203_RCVD publish
header TEMPLATE_203_RCVD Received =~ /from 192.168.0.\d+ \(203-219-/
+
# bug 4892: compare against FUZZY_XPILL
-tflags FUZZY_XPILL_BUG4892 publish
body FUZZY_XPILL_BUG4892 /<inter W3><post P2>(?!xanax)\b<X><A><N><A><X>/i
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-tflags OEBOUND publish
mimeheader OEBOUND Content-Type =~ /boundary=.----=_1OEBOUND;./
endif
-tflags STOX_RCVD_N_NN_N publish
header STOX_RCVD_N_NN_N Received =~ / by \d+\.\d+\.\d+\.\d+ \(\d\.\d\d\.\d\/\d\.\d\d\.\d\) with SMTP id [\dA-Za-z]+\;/
Modified: spamassassin/rules/trunk/sandbox/jm/20_dob.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_dob.cf?view=diff&rev=553455&r1=553454&r2=553455
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_dob.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_dob.cf Thu Jul 5 04:11:13 2007
@@ -4,11 +4,11 @@
header __RCVD_IN_DOB eval:check_rbl('dob', 'dob.sibl.support-intelligence.net.', '255')
describe __RCVD_IN_DOB Received via relay in new domain (Day Old Bread)
-tflags __RCVD_IN_DOB net publish
+tflags __RCVD_IN_DOB net
header RCVD_IN_DOB eval:check_rbl_sub('dob', '127.0.0.2')
describe RCVD_IN_DOB Received via relay in new domain (Day Old Bread)
-tflags RCVD_IN_DOB net publish
+tflags RCVD_IN_DOB net
header DNS_FROM_DOB eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
describe DNS_FROM_DOB Sender from new domain (Day Old Bread)
Modified: spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf?view=diff&rev=553455&r1=553454&r2=553455
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_xmailer.cf Thu Jul 5 04:11:13 2007
@@ -3,236 +3,189 @@
header __XM_OL_8E893 X-Mailer =~ /Microsoft\ Outlook\,\ Build\ 10\.0\.2616/
header __MO_OL_8E893 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V10\.0\.2616/
-tflags XMAILER_MIMEOLE_OL_8E893 publish
meta XMAILER_MIMEOLE_OL_8E893 (__XM_OL_8E893 && __MO_OL_8E893)
header __XM_OL_A50F8 X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.50\.4922\.1500/
header __MO_OL_A50F8 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4922\.1500/
-tflags XMAILER_MIMEOLE_OL_A50F8 publish
meta XMAILER_MIMEOLE_OL_A50F8 (__XM_OL_A50F8 && __MO_OL_A50F8)
header __XM_OL_32D97 X-Mailer =~ /Microsoft\ Outlook\ IMO\,\ Build\ 9\.0\.2416\ \(9\.0\.2910\.0\)/
header __MO_OL_32D97 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V9\.0\.2416/
-tflags XMAILER_MIMEOLE_OL_32D97 publish
meta XMAILER_MIMEOLE_OL_32D97 (__XM_OL_32D97 && __MO_OL_32D97)
header __XM_OL_B9B11 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2462\.0000/
header __MO_OL_B9B11 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2462\.0000/
-tflags XMAILER_MIMEOLE_OL_B9B11 publish
meta XMAILER_MIMEOLE_OL_B9B11 (__XM_OL_B9B11 && __MO_OL_B9B11)
header __XM_OL_4B815 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.71\.2730\.2/
header __MO_OL_4B815 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.71\.2730\.2/
-tflags XMAILER_MIMEOLE_OL_4B815 publish
meta XMAILER_MIMEOLE_OL_4B815 (__XM_OL_4B815 && __MO_OL_4B815)
header __XM_OL_3D61D X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.71\.2244\.8/
header __MO_OL_3D61D X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.71\.2244\.8/
-tflags XMAILER_MIMEOLE_OL_3D61D publish
meta XMAILER_MIMEOLE_OL_3D61D (__XM_OL_3D61D && __MO_OL_3D61D)
header __XM_OL_20C99 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.72\.3338\.1/
header __MO_OL_20C99 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.72\.3338\.1/
-tflags XMAILER_MIMEOLE_OL_20C99 publish
meta XMAILER_MIMEOLE_OL_20C99 (__XM_OL_20C99 && __MO_OL_20C99)
header __XM_OL_CAC8F X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.71\.1712\.3/
header __MO_OL_CAC8F X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.71\.1712\.3/
-tflags XMAILER_MIMEOLE_OL_CAC8F publish
meta XMAILER_MIMEOLE_OL_CAC8F (__XM_OL_CAC8F && __MO_OL_CAC8F)
header __XM_OL_09BB4 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.72\.3155\.0/
header __MO_OL_09BB4 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.72\.3155\.0/
-tflags XMAILER_MIMEOLE_OL_09BB4 publish
meta XMAILER_MIMEOLE_OL_09BB4 (__XM_OL_09BB4 && __MO_OL_09BB4)
header __XM_OL_83BF7 X-Mailer =~ /Microsoft\ Outlook\ Express\ 4\.72\.3110\.3/
header __MO_OL_83BF7 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V4\.72\.3110\.3/
-tflags XMAILER_MIMEOLE_OL_83BF7 publish
meta XMAILER_MIMEOLE_OL_83BF7 (__XM_OL_83BF7 && __MO_OL_83BF7)
header __XM_OL_7533E X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.50\.4963\.1700/
header __MO_OL_7533E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4963\.1700/
-tflags XMAILER_MIMEOLE_OL_7533E publish
meta XMAILER_MIMEOLE_OL_7533E (__XM_OL_7533E && __MO_OL_7533E)
header __XM_OL_91287 X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.50\.4807\.2300/
header __MO_OL_91287 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.2300/
-tflags XMAILER_MIMEOLE_OL_91287 publish
meta XMAILER_MIMEOLE_OL_91287 (__XM_OL_91287 && __MO_OL_91287)
header __XM_OL_1ECD5 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1081/
header __MO_OL_1ECD5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1081/
-tflags XMAILER_MIMEOLE_OL_1ECD5 publish
meta XMAILER_MIMEOLE_OL_1ECD5 (__XM_OL_1ECD5 && __MO_OL_1ECD5)
header __XM_OL_FF5C8 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_FF5C8 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2741\.2600/
-tflags XMAILER_MIMEOLE_OL_FF5C8 publish
meta XMAILER_MIMEOLE_OL_FF5C8 (__XM_OL_FF5C8 && __MO_OL_FF5C8)
header __XM_OL_4BF4C X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_4BF4C X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4522\.1200/
-tflags XMAILER_MIMEOLE_OL_4BF4C publish
meta XMAILER_MIMEOLE_OL_4BF4C (__XM_OL_4BF4C && __MO_OL_4BF4C)
header __XM_OL_25340 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_25340 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4963\.1700/
-tflags XMAILER_MIMEOLE_OL_25340 publish
meta XMAILER_MIMEOLE_OL_25340 (__XM_OL_25340 && __MO_OL_25340)
header __XM_OL_4EEDB X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_4EEDB X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4963\.1700/
-tflags XMAILER_MIMEOLE_OL_4EEDB publish
meta XMAILER_MIMEOLE_OL_4EEDB (__XM_OL_4EEDB && __MO_OL_4EEDB)
header __XM_OL_9B90B X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_9B90B X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.1700/
-tflags XMAILER_MIMEOLE_OL_9B90B publish
meta XMAILER_MIMEOLE_OL_9B90B (__XM_OL_9B90B && __MO_OL_9B90B)
header __XM_OL_C65FA X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_C65FA X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.1700/
-tflags XMAILER_MIMEOLE_OL_C65FA publish
meta XMAILER_MIMEOLE_OL_C65FA (__XM_OL_C65FA && __MO_OL_C65FA)
header __XM_OL_B30D1 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_B30D1 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.2300/
-tflags XMAILER_MIMEOLE_OL_B30D1 publish
meta XMAILER_MIMEOLE_OL_B30D1 (__XM_OL_B30D1 && __MO_OL_B30D1)
header __XM_OL_58CB5 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_58CB5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/
-tflags XMAILER_MIMEOLE_OL_58CB5 publish
meta XMAILER_MIMEOLE_OL_58CB5 (__XM_OL_58CB5 && __MO_OL_58CB5)
header __XM_OL_5B79A X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_5B79A X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.3790\.1830/
-tflags XMAILER_MIMEOLE_OL_5B79A publish
meta XMAILER_MIMEOLE_OL_5B79A (__XM_OL_5B79A && __MO_OL_5B79A)
header __XM_OL_3857F X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_3857F X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1409/
-tflags XMAILER_MIMEOLE_OL_3857F publish
meta XMAILER_MIMEOLE_OL_3857F (__XM_OL_3857F && __MO_OL_3857F)
header __XM_OL_F475E X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_F475E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2741\.2600/
-tflags XMAILER_MIMEOLE_OL_F475E publish
meta XMAILER_MIMEOLE_OL_F475E (__XM_OL_F475E && __MO_OL_F475E)
header __XM_OL_F6D01 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_F6D01 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4522\.1200/
-tflags XMAILER_MIMEOLE_OL_F6D01 publish
meta XMAILER_MIMEOLE_OL_F6D01 (__XM_OL_F6D01 && __MO_OL_F6D01)
header __XM_OL_6554A X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_6554A X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2905/
-tflags XMAILER_MIMEOLE_OL_6554A publish
meta XMAILER_MIMEOLE_OL_6554A (__XM_OL_6554A && __MO_OL_6554A)
header __XM_OL_07794 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_07794 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1437/
-tflags XMAILER_MIMEOLE_OL_07794 publish
meta XMAILER_MIMEOLE_OL_07794 (__XM_OL_07794 && __MO_OL_07794)
header __XM_OL_015D5 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_015D5 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2905/
-tflags XMAILER_MIMEOLE_OL_015D5 publish
meta XMAILER_MIMEOLE_OL_015D5 (__XM_OL_015D5 && __MO_OL_015D5)
header __XM_OL_B4B40 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_B4B40 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4133\.2400/
-tflags XMAILER_MIMEOLE_OL_B4B40 publish
meta XMAILER_MIMEOLE_OL_B4B40 (__XM_OL_B4B40 && __MO_OL_B4B40)
header __XM_OL_812FF X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_812FF X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4927\.1200/
-tflags XMAILER_MIMEOLE_OL_812FF publish
meta XMAILER_MIMEOLE_OL_812FF (__XM_OL_812FF && __MO_OL_812FF)
header __XM_OL_ADFF7 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_ADFF7 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1158/
-tflags XMAILER_MIMEOLE_OL_ADFF7 publish
meta XMAILER_MIMEOLE_OL_ADFF7 (__XM_OL_ADFF7 && __MO_OL_ADFF7)
header __XM_OL_4F240 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_4F240 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1158/
-tflags XMAILER_MIMEOLE_OL_4F240 publish
meta XMAILER_MIMEOLE_OL_4F240 (__XM_OL_4F240 && __MO_OL_4F240)
header __XM_OL_BC7E6 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_BC7E6 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4927\.1200/
-tflags XMAILER_MIMEOLE_OL_BC7E6 publish
meta XMAILER_MIMEOLE_OL_BC7E6 (__XM_OL_BC7E6 && __MO_OL_BC7E6)
header __XM_OL_F3B05 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.5510/
header __MO_OL_F3B05 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1437/
-tflags XMAILER_MIMEOLE_OL_F3B05 publish
meta XMAILER_MIMEOLE_OL_F3B05 (__XM_OL_F3B05 && __MO_OL_F3B05)
header __XM_OL_CF0C0 X-Mailer =~ /Microsoft\ Office\ Outlook\,\ Build\ 11\.0\.6353/
header __MO_OL_CF0C0 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.50\.4807\.2300/
-tflags XMAILER_MIMEOLE_OL_CF0C0 publish
meta XMAILER_MIMEOLE_OL_CF0C0 (__XM_OL_CF0C0 && __MO_OL_CF0C0)
header __XM_OL_D03AB X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2900\.2180/
header __MO_OL_D03AB X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2869/
-tflags XMAILER_MIMEOLE_OL_D03AB publish
meta XMAILER_MIMEOLE_OL_D03AB (__XM_OL_D03AB && __MO_OL_D03AB)
header __XM_OL_3AC1D X-Mailer =~ /Microsoft\ Outlook\ Express\ 5\.00\.2919\.6700/
header __MO_OL_3AC1D X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V5\.00\.2919\.6700/
-tflags XMAILER_MIMEOLE_OL_3AC1D publish
meta XMAILER_MIMEOLE_OL_3AC1D (__XM_OL_3AC1D && __MO_OL_3AC1D)
header __XM_OL_A842E X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1158/
header __MO_OL_A842E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1441/
-tflags XMAILER_MIMEOLE_OL_A842E publish
meta XMAILER_MIMEOLE_OL_A842E (__XM_OL_A842E && __MO_OL_A842E)
header __XM_OL_72641 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1441/
header __MO_OL_72641 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1441/
-tflags XMAILER_MIMEOLE_OL_72641 publish
meta XMAILER_MIMEOLE_OL_72641 (__XM_OL_72641 && __MO_OL_72641)
header __XM_OL_8627E X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1437/
header __MO_OL_8627E X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1437/
-tflags XMAILER_MIMEOLE_OL_8627E publish
meta XMAILER_MIMEOLE_OL_8627E (__XM_OL_8627E && __MO_OL_8627E)
header __XM_OL_C7C33 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1478/
header __MO_OL_C7C33 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962/
-tflags XMAILER_MIMEOLE_OL_C7C33 publish
meta XMAILER_MIMEOLE_OL_C7C33 (__XM_OL_C7C33 && __MO_OL_C7C33)
header __XM_OL_22B61 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1158/
header __MO_OL_22B61 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1158/
-tflags XMAILER_MIMEOLE_OL_22B61 publish
meta XMAILER_MIMEOLE_OL_22B61 (__XM_OL_22B61 && __MO_OL_22B61)
header __XM_OL_C9068 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1478/
header __MO_OL_C9068 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1807/
-tflags XMAILER_MIMEOLE_OL_C9068 publish
meta XMAILER_MIMEOLE_OL_C9068 (__XM_OL_C9068 && __MO_OL_C9068)
header __XM_OL_EF20B X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1478/
header __MO_OL_EF20B X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2180/
-tflags XMAILER_MIMEOLE_OL_EF20B publish
meta XMAILER_MIMEOLE_OL_EF20B (__XM_OL_EF20B && __MO_OL_EF20B)
header __XM_OL_465CD X-Mailer =~ /Microsoft\ Outlook\,\ Build\ 10\.0\.3416/
header __MO_OL_465CD X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1506/
-tflags XMAILER_MIMEOLE_OL_465CD publish
meta XMAILER_MIMEOLE_OL_465CD (__XM_OL_465CD && __MO_OL_465CD)
header __XM_OL_5E7ED X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2900\.2180/
header __MO_OL_5E7ED X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962/
-tflags XMAILER_MIMEOLE_OL_5E7ED publish
meta XMAILER_MIMEOLE_OL_5E7ED (__XM_OL_5E7ED && __MO_OL_5E7ED)
header __XM_OL_EF222 X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2900\.2873/
header __MO_OL_EF222 X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2873/
-tflags XMAILER_MIMEOLE_OL_EF222 publish
meta XMAILER_MIMEOLE_OL_EF222 (__XM_OL_EF222 && __MO_OL_EF222)
Modified: spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf?view=diff&rev=553455&r1=553454&r2=553455
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/70_tt_drugs.cf Thu Jul 5 04:11:13 2007
@@ -12,19 +12,16 @@
header __TT_OBSCURED_VIAGRA Subject =~ /(v|V|\\\/)(i|I|1|\xef|\|)(a|A|\(a\)|4|@)(g|G)(r|R)(a|A|\(a\)|4|@)/
header __TT_BROKEN_VIAGRA Subject =~ /V[:^."%()*\[\\]?I[:^."%()*\[\\]?A[:^."%()*\[\\]?G[:^."%()*\[\\]?R[:^."%()*\[\\]?A/i
meta TT_OBSCURED_VIAGRA ( __TT_BROKEN_VIAGRA || __TT_OBSCURED_VIAGRA ) && ! __TT_VIAGRA
-tflags TT_OBSCURED_VIAGRA publish
describe TT_OBSCURED_VIAGRA Scora: obscured "VIAGRA" in subject
header __TT_XANAX Subject =~ /XANAX/i
header __TT_OBSCURED_XANAX Subject =~ /(x|X|><)(a|A|\(a\)|4|@)(n|N)(a|A|\(a\)|4|@)(x|X|><)/
header __TT_BROKEN_XANAX Subject =~ /X[:^."%()*\[\\]?A[:^."%()*\[\\]?N[:^."%()*\[\\]?A[:^."%()*\[\\]?X/i
meta TT_OBSCURED_XANAX ( __TT_BROKEN_XANAX || __TT_OBSCURED_XANAX ) && ! __TT_XANAX
-tflags TT_OBSCURED_XANAX publish
describe TT_OBSCURED_XANAX Scora: obscured "XANAX" in subject
header __TT_VALIUM Subject =~ /VALIUM/i
header __TT_OBSCURED_VALIUM Subject =~ /(v|V|\\\/)(a|A|\(a\)|4|@)(l|L|\|)(i|I|1|\xef|\|)(u|U|\(u\))(m|M)/
header __TT_BROKEN_VALIUM Subject =~ /V[:^."%()*\[\\]?A[:^."%()*\[\\]?L[:^."%()*\[\\]?I[:^."%()*\[\\]?U[:^."%()*\[\\]?M/i
meta TT_OBSCURED_VALIUM ( __TT_BROKEN_VALIUM || __TT_OBSCURED_VALIUM ) && ! __TT_VALIUM
-tflags TT_OBSCURED_VALIUM publish
describe TT_OBSCURED_VALIUM Scora: obscured "VALIUM" in subject