You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2006/11/19 22:47:18 UTC

svn commit: r476935 - /spamassassin/rules/trunk/sandbox/jm/20_basic.cf

Author: jm
Date: Sun Nov 19 13:47:18 2006
New Revision: 476935

URL: http://svn.apache.org/viewvc?view=rev&rev=476935
Log:
add a new RATWARE_RCVD_LC_ESMTP variant; JM_TORA_XM works; commentary on L_SPAM_TOOL_13

Modified:
    spamassassin/rules/trunk/sandbox/jm/20_basic.cf

Modified: spamassassin/rules/trunk/sandbox/jm/20_basic.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_basic.cf?view=diff&rev=476935&r1=476934&r2=476935
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_basic.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_basic.cf Sun Nov 19 13:47:18 2006
@@ -156,6 +156,12 @@
 meta HDR_ORDER_FTSDMCXX_001C  (__HDR_ORDER_FTSDMCXXXX && __MID_START_001C)
 describe HDR_ORDER_FTSDMCXX_001C  Header order similar to spam (FTSDMCXX/MID variant)
 
+# "Tora" spam
+header __MAILER_OL_6626 X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.6626$/
+header __MOLE_2962  X-MimeOLE =~ /^Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962$/
+header __NAKED_TO   To =~ /^[^\s<>]+\@[^\s<>]+$/
+meta JM_TORA_XM     (__MAILER_OL_6626 && __MOLE_2962 && __NAKED_TO)
+
 # ---------------------------------------------------------------------------
 # Testing bit
 
@@ -187,20 +193,15 @@
 header MID_START_001C_A8C0_2 Message-ID =~ /^<000001c[a-f0-9]{5}\$[a-f0-9]{8}\$[a-f0-9]{4}a8c0\@/
 
 header CTYPE_001C_A Content-Type =~ /multipart.{0,200}boundary=\"----=_NextPart_000_0001_01C[0-9A-F]{5}\.[0-9A-F]{7}0\"/
+header CTYPE_001C_B Content-Type =~ /multipart.{0,200}boundary=\"----=_NextPart_000_0000_01C[0-9A-F]{5}\.[0-9A-F]{7}0\"/
 
-# testing for Dave Funk (mail of 11/16)
-# compare with AXB_FAKETZ, GMD_FAKETZ
+# testing for Dave Funk (mail of 11/16); compare with AXB_FAKETZ, GMD_FAKETZ.
+# pretty good; less FPs than AXB_FAKETZ, however, same FP level but less 0.01%
+# less hits than GMD_FAKETZ, so that's still better
 header L_SPAM_TOOL_13   Date =~ /\s[+-]\d(?![2358]45)\d[124-9]\d$/
 
-# "Tora" spam
-header __MAILER_OL_6626 X-Mailer =~ /^Microsoft Outlook, Build 10\.0\.6626$/
-header __MOLE_2962  X-MimeOLE =~ /^Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2900\.2962$/
-header __NAKED_TO   To =~ /^[^\s<>]+\@[^\s<>]+$/
-meta JM_TORA_XM     (__MAILER_OL_6626 && __MOLE_2962 && __NAKED_TO)
-
 # try a couple of rules to catch --
 # /home/jm/Mail/Spam2/303: by jmason.org with esmtp (;4OZ*/H/)>7. 4.2-+*)
-# /home/jm/Mail/Spam2/152: by smtp8.reportorial.net with esmtp (reportorial 8.71 #1 (reportorial))
-header RATWARE_RCVD_LC_ESMTP3   Received =~ / by \S+ with esmtp \([a-z]+ /
 header RATWARE_RCVD_LC_ESMTP4   Received =~ / by \S+ with esmtp \([^a-z ]{6,} /
+header RATWARE_RCVD_LC_ESMTP5   Received =~ / by \S+ with esmtp \([^a-z ]{6,} [^a-z ]{3,}\) id/