svn commit: rev 6583 - in incubator/spamassassin/trunk: lib/Mail/SpamAssassin rules

[jm...@apache.org]

Author: jm
Date: Sat Feb  7 20:56:16 2004
New Revision: 6583

Modified:
   incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm
   incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
Log:
redo T_HELO_DYNAMIC rules using last-untrusted semantics

Modified: incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm
==============================================================================
--- incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm	(original)
+++ incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm	Sat Feb  7 20:56:16 2004
@@ -317,6 +317,9 @@
   # be helpful; save some cumbersome typing
   $self->{num_relays_trusted} = scalar (@{$self->{relays_trusted}});
   $self->{num_relays_untrusted} = scalar (@{$self->{relays_untrusted}});
+
+  dbg ("metadata: X-Spam-Relays-Trusted: ".$self->{relays_trusted_str});
+  dbg ("metadata: X-Spam-Relays-Untrusted: ".$self->{relays_untrusted_str});
 }
 
 sub lookup_all_ips {

Modified: incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf	(original)
+++ incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf	Sat Feb  7 20:56:16 2004
@@ -428,34 +428,39 @@
 
 # Interesting new feature; spamware HELO'ing, from a dialup IP addr,
 # using that IP's rDNS entry.  We can catch this easily.
+#
+# Note the '^[^\]]+ ' stanza: this ensures that we only match spamware
+# connecting to a trusted relay; if a mail came from a dynamic addr but
+# was relayed through their smarthost, that's fine.
 
 # dhcp024-210-034-053.columbus.rr.com [24.210.34.53]
 # c-66-176-16-108.se.client2.attbi.com [66.176.16.108]
 # c-67-168-174-61.client.comcast.net [67.168.174.61]
-header T_HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ / helo=[^\.]+\d+\D\d+\D\d+\D\d+\D[^\.]*\.\S+\.\S+/i
+# (require an alpha first, as legit HELO'ing-as-IP-address is hit otherwise)
+header T_HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z]\S*\d+\D\d+\D\d+\D\d+\D[^\.]*\.\S+\.\S+/i
 # dhcp024-210-034-053.columbus.rr.com [24.210.34.53]
-header T_HELO_DYNAMIC_RR   X-Spam-Relays-Untrusted =~ / helo=\S*(?:docsis|cable|dsl|adsl|dhcp|cpe)\S*\d+\D+\d+/i
+header T_HELO_DYNAMIC_RR   X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*(?:docsis|cable|dsl|adsl|dhcp|cpe)\S*\d+\D+\d+/i
 # fia83-8.dsl.hccnet.nl [62.251.8.83]
 # fia160-115-100.dsl.hccnet.nl [80.100.115.160]
-header T_HELO_DYNAMIC_HCC   X-Spam-Relays-Untrusted =~ / helo=\S*\d+\D+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i
+header T_HELO_DYNAMIC_HCC   X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*\d+\D+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i
 # f88114.upc-f.chello.nl [80.56.88.114]
-header T_HELO_DYNAMIC_CHELLO X-Spam-Relays-Untrusted =~ / helo=\S+upc-f\.chello\.nl/i
+header T_HELO_DYNAMIC_CHELLO X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+upc-f\.chello\.nl/i
 # h0002a5d76857.ne.client2.attbi.com [65.96.12.59]
-header T_HELO_DYNAMIC_ATTBI  X-Spam-Relays-Untrusted =~ / helo=\S+\d+\S+\.client2\.attbi\.com/i
+header T_HELO_DYNAMIC_ATTBI  X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+\d+\S+\.client2\.attbi\.com/i
 # pcp04024417pcs.toresd01.pa.comcast.net [68.86.206.126]
 # bgp542174bgs.ewndsr01.nj.comcast.net[68.38.144.91]
-header T_HELO_DYNAMIC_COMCAST X-Spam-Relays-Untrusted =~ / helo=(?:pcp|bgp)\S+(?:pcs|bgs)\.comcast\.net/i
+header T_HELO_DYNAMIC_COMCAST X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=(?:pcp|bgp)\S+(?:pcs|bgs)\.comcast\.net/i
 # CPE0004e2372711-CM000a73666706.cpe.net.cable.rogers.com
 # CPE00e0184f0eba-CM014490118324.cpe.net.cable.rogers.com [24.43.109.140]
-header T_HELO_DYNAMIC_ROGERS X-Spam-Relays-Untrusted =~ / helo=CPE\d+\S+\.rogers\.com/i
+header T_HELO_DYNAMIC_ROGERS X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=CPE\d+\S+\.rogers\.com/i
 # ca-morpark-cuda1-zone7-b-159.vnnyca.adelphia.net[67.23.129.159]
 # tn-greenvillecuda1cable7a-36.atlaga.adelphia.net [68.171.113.36]
 # ky-richmond2a-123.rhmdky.adelphia.net [68.71.36.123]
 # ny-lackawannacadent4-chtwga3a-b-117.buf.adelphia.net [68.71.205.117]
 # fl-edel-u2-c3c-233.pbc.adelphia.net [68.64.89.233]
-header T_HELO_DYNAMIC_ADELPHIA X-Spam-Relays-Untrusted =~ / helo=[a-z]{2}-\S+-\d{1,3}\.[a-z]{3,8}\.adelphia\.net/i
+header T_HELO_DYNAMIC_ADELPHIA X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z]{2}-\S+-\d{1,3}\.[a-z]{3,8}\.adelphia\.net/i
 # pD9E4F89F.dip.t-dialin.net [217.228.248.159]
-header T_HELO_DYNAMIC_DIALIN X-Spam-Relays-Untrusted =~ / helo=[a-z][A-F0-9]+\.dip\./
+header T_HELO_DYNAMIC_DIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z][A-F0-9]+\.dip\./
 
 # TODO:
 # port-212-202-77-203.reverse.qsc.de [212.202.77.203]