You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by ma...@apache.org on 2009/06/02 01:39:15 UTC

svn commit: r780884 - /spamassassin/rules/trunk/sandbox/maddoc/99_doc_test.cf

Author: maddoc
Date: Mon Jun  1 23:39:15 2009
New Revision: 780884

URL: http://svn.apache.org/viewvc?rev=780884&view=rev
Log:
New Testing Rules

Modified:
    spamassassin/rules/trunk/sandbox/maddoc/99_doc_test.cf

Modified: spamassassin/rules/trunk/sandbox/maddoc/99_doc_test.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/maddoc/99_doc_test.cf?rev=780884&r1=780883&r2=780884&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/maddoc/99_doc_test.cf (original)
+++ spamassassin/rules/trunk/sandbox/maddoc/99_doc_test.cf Mon Jun  1 23:39:15 2009
@@ -1,92 +1,113 @@
-#####################
-# FSL Testing rules #
-# Updated: 20090430 # 
-#####################
-
-####################
-# Rules from Bayes #
-####################
-#
-# H*m  = Message-Id
-# H*r  = Received
-# H*u  = User-Agent
-# H*f  = References
-# H*i  = In-Reply-To
-# H*F  = From
-# H*R  = Reply-To
-# H*p  = Return-Path
-# H*rp = Return-path
-# H*x  = X-Mailer
-# H*a  = X-Authentication-Warning
-# H*o  = Organization|Organisation
-# H*c  = Content-Type
-# H*RT = X-Spam-Relays-Trusted
-# H*RU = X-Spam-Relays-Untrusted
-# H*MI = In-Reply-To|References|Message-ID
-# H*Ad = From|To|Cc
-# H*UA = X-Mailer|User-Agent
-# 
-
-# |     156002 |       153 |  99.9020 | H*UA:6.00.2600.0000                     | 
-# |     156001 |       153 |  99.9020 | H*x:6.00.2600.0000                      | 
+# Testing rules
 header __FSL_UA_1 User-Agent =~ /6\.00\.2600\.000/
 header __FSL_UA_2 X-Mailer =~ /6\.00\.2600\.000/
-meta FSL_UA_1 (__FSL_UA_1 || __FSL_UA_2)
-score FSL_UA_1 1.0
+meta FSL_UA (__FSL_UA_1 || __FSL_UA_2)
+score FSL_UA 3.0
 
-# |      26237 |         0 | 100.0000 | H*u:2.0.0.12                            | 
-header FSL_UA_2 User-Agent =~ /2\.0\.0\.12/
-score FSL_UA_2 1.0
-
-# |      26237 |         0 | 100.0000 | H*u:20080213                            | 
-header FSL_UA_3 User-Agent =~ /20080213/
-score FSL_UA_3 1.0
-
-#|      17011 |         0 | 100.0000 | H*UA:6.00.2800.1081                     | 
-#|      17011 |         0 | 100.0000 | H*x:6.00.2800.1081                      | 
-header __FSL_UA_3 User-Agent =~ /6\.00\.2800\.1081/
-header __FSL_UA_4 X-Mailer =~ /6\.00\.2800\.1081/
-meta FSL_UA_4 (__FSL_UA_3 || __FSL_UA_4)
-score FSL_UA_4 1.0
-
-# |     151401 |        15 |  99.9901 | HX-Spam-Relays-External:User
-header FSL_HELO_1 X-Spam-Relays-External =~ /\bUser\b/
-score FSL_HELO_1 1.0
-
-###################
-# Abused services #
-###################
+header FSL_UA2 User-Agent =~ /6\.00\.2800\.1081/
+score FSL_UA2 3.0
 
-uri FSL_GG_ABUSE /google\.com\/group\/\S+\/web\//
-score FSL_GG_ABUSE 1.0
+uri FSL_GG_ABUSE /\/google\.com\/group\/\S+\/web\//
+score FSL_GG_ABUSE 15.0
 
-uri FSL_YG_ABUSE /groups\.yahoo\.com\/group\/\S+\/message\/1$/
-score FSL_YG_ABUSE 1.0
+uri FSL_YG_ABUSE /\/groups\.yahoo\.com\/group\/\S+\/message\/1$/
+score FSL_YG_ABUSE 15.0
 
-uri FSL_INTERIA_ABUSE /\S+\.(?:w|eu|fm)\.interia\.pl/
-score FSL_INTERIA_ABUSE 1.0 
+uri FSL_INTERIA_ABUSE /\/\S+\.(?:w|eu|fm)\.interia\.pl/
+score FSL_INTERIA_ABUSE 15.0 
 
 uri FSL_GEO_ABUSE /\/geocities\.com\/\S+$/
-score FSL_GEO_ABUSE 1.0
+score FSL_GEO_ABUSE 3.0
 
 # http://pipes.yahoo.com/pipes/pipe.info?_id=qFf6E18w3hGt3lxD0j6skA
-uri FSL_YPIPES_ABUSE /pipes\.yahoo\.com\/pipes\/pipe\.info\?_id=\S+$/
-score FSL_YPIPES_ABUSE 1.0
+uri FSL_YPIPES_ABUSE /\/pipes\.yahoo\.com\/pipes\/pipe\.info\?_id=\S+$/
+score FSL_YPIPES_ABUSE 15.0
 
 # http://cid-e4cf8343be6940bb.spaces.live.com/
 uri FSL_LSPACES_ABUSE /cid\-\S+\.spaces\.live\.com/
-score FSL_LSPACES_ABUSE 1.0
+score FSL_LSPACES_ABUSE 15.0
 
-uri FSL_FBOOK_PHISH /http:\/\/\S+\..+\/facebook\.com/
-score FSL_FBOOK_PHISH 1.0
+uri FSL_FBOOK_PHISH /\/\S+\..+\/facebook\.com/
+score FSL_FBOOK_PHISH 15.0
 
 # http://moorevuvuz28.blogspot.com
-uri FSL_BLOGSPOT_ABUSE /http:\/\/\S+\.blogspot\.com/
-score FSL_BLOGSPOT_ABUSE 1.0
+uri FSL_BLOGSPOT_ABUSE /\/\S+\.blogspot\.com/
+score FSL_BLOGSPOT_ABUSE 5.0
 
-uri FSL_GD_ABUSE1 /\S+\.docs\.google\.com/
-score FSL_GD_ABUSE1 1.0
+uri FSL_GD1_URI /\/\S+\.docs\.google\.com/
+score FSL_GD1_URI 0.01
 
 # http://docs.google.com/Doc?id=dczfbnj9_8fvfs5wc7
-uri FSL_GD_ABUSE2 /http:\/\/docs\.google\.com\/Doc\?id=\S+/
-score FSL_GD2_ABUSE2 1.0
+uri FSL_GD2_URI /\/docs\.google\.com\/Doc\?id=\S+/
+score FSL_GD2_URI 0.01
+
+# http://sites.google.com/site/1133445/
+uri FSL_GS_ABUSE /\/sites\.google\.com\/site\//
+score FSL_GS_ABUSE 3.0
+
+# http://blogs.360.yahoo.com/woodbegusug71
+uri FSL_Y360_ABUSE /\.360\.yahoo\.com\//
+score FSL_Y360_ABUSE 3.0
+
+# https://createpdf.adobe.com/cgi-pickup.pl/
+uri FSL_CREATEPDF_ABUSE /http(?:s)?:\/\/createpdf\.adobe\.com\/cgi-pickup.pl\//
+score FSL_CREATEPDF_ABUSE 3.0
+
+# http://tinyurl.com
+uri FSL_HAS_TINYURL /tinyurl\.com\//
+score FSL_HAS_TINYURL 0.01
+
+# Multipart mail with no text parts
+header     __CTYPE_MULTIPART_MIXED Content-Type =~ /multipart\/mixed/i
+mimeheader __ANY_TEXT_ATTACH     Content-Type =~ /text\/\w+/i
+eta	FSL_MIME_NO_TEXT	(__CTYPE_MULTIPART_MIXED && !__ANY_TEXT_ATTACH)
+score	FSL_MIME_NO_TEXT	1.50
+
+# Test rule from SA list
+rawbody __TWO_WORD_LINES /^\S+\s+\S+$/
+tflags  __TWO_WORD_LINES multiple
+meta    FSL_STACKED_TEXT (__TWO_WORD_LINES > 10)
+score	FSL_STACKED_TEXT 0.001
+
+uri	__ANY_HTTP_URI	/^http(?:s)?:\/\//
+tflags	__ANY_HTTP_URI	multiple
+meta	FSL_SINGLE_URI	(__ANY_HTTP_URI == 1)
+score	FSL_SINGLE_URI	0.001
+
+header	__HAS_REPLY_TO	exists:Reply-To
+header	__FROM_FREEMAIL	From =~ /\@(?:googlemail|gmail|yahoo|hotmail|msn|aol|aim)\./
+header  __REPLY_FREEMAIL Reply-To =~ /\@(?:googlemail|gmail|yahoo|hotmail|msn|aol|aim)\./
+meta	FSL_FREEMAIL_1 (__HAS_REPLY_TO && __REPLY_FREEMAIL)
+score	FSL_FREEMAIL_1 0.001
+meta	FSL_FREEMAIL_2 (__HAS_REPLY_TO && __REPLY_FREEMAIL && __FROM_FREEMAIL)
+score	FSL_FREEMAIL_2 0.001
+
+header	FSL_HELO_BARE_IP_1	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\d+\.\d+\.\d+\.\d+ /i
+score	FSL_HELO_BARE_IP_1	0.001
+
+header  FSL_HELO_BARE_IP_2      X-Spam-Relays-Trusted =~ /^[^\]]+ helo=\d+\.\d+\.\d+\.\d+ /i
+score   FSL_HELO_BARE_IP_2      0.001
+
+header  FSL_HELO_BARE_IP_3      X-Spam-Relays-External =~ /^[^\]]+ helo=\d+\.\d+\.\d+\.\d+ /i
+score   FSL_HELO_BARE_IP_3      0.001
+
+header	FSL_HELO_NON_FQDN_1	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i
+score	FSL_HELO_NON_FQDN_1	0.001
+
+header  FSL_HELO_NON_FQDN_2     X-Spam-Relays-Trusted =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i
+score   FSL_HELO_NON_FQDN_2     0.001
+
+header  FSL_HELO_NON_FQDN_3     X-Spam-Relays-External =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i
+score   FSL_HELO_NON_FQDN_3     0.001
+
+header	FSL_FAKE_HOTMAIL_RVCD	X-Spam-Relays-External =~ /mx[1234]\.hotmail\.com/
+score	FSL_FAKE_HOTMAIL_RCVD	0.001
+
+header	FSL_FAKE_YAHOO_RCVD	X-Spam-Relays-External =~ /mx\.mail\.yahoo.com/
+score   FSL_FAKE_YAHOO_RCVD	0.001
+
+uri	FSL_SPAMWARE_STRING_1	/{\S+}/
+score	FSL_SPAMWARE_STRING_1	5.0
+
+header	FSL_RCVD_USER		Received =~ /\bUser\b/i
+score   FSL_RCVD_USER		0.001