You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2013/02/08 02:57:17 UTC
svn commit: r1443822 -
/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Fri Feb 8 01:57:04 2013
New Revision: 1443822
URL: http://svn.apache.org/r1443822
Log:
Add TBIRD_SPOOF
Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1443822&r1=1443821&r2=1443822&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Fri Feb 8 01:57:04 2013
@@ -251,6 +251,10 @@ header __TB_MIME_BDRY_NO_Z Con
meta TBIRD_SUSP_MIME_BDRY __MUA_TBIRD && __TB_MIME_BDRY_NO_Z
describe TBIRD_SUSP_MIME_BDRY Unlikely Thunderbird MIME boundary
+meta TBIRD_SPOOF __MUA_TBIRD && !__HAS_IN_REPLY_TO && !__HAS_X_REF && !__THREADED && !__VIA_ML && !__NOT_SPOOFED && !__HAS_SENDER && !__HAS_ERRORS_TO && !__HAS_X_BEEN_THERE && !__RP_MATCHES_RCVD && !ALL_TRUSTED && !__TO_EQ_FROM_DOM
+describe TBIRD_SPOOF Claims Thunderbird mail client but looks suspicious
+score TBIRD_SPOOF 3.00 # limit
+
# seen in a few HTML fraud spams
rawbody RUNON_SHY /(?:\­){3}/i
describe RUNON_SHY Repeating soft hyphens