You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2014/02/22 08:57:20 UTC
svn commit: r1570809 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Author: khopesh
Date: Sat Feb 22 07:57:20 2014
New Revision: 1570809

URL: http://svn.apache.org/r1570809
Log:
auto-generated rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1570809&r1=1570808&r2=1570809&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Sat Feb 22 07:57:20 2014
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf	v 201402212
+## khop-sc-neighbors.cf	v 201402222
 ## Khopesh's syndication of SpamCop's top offenders and top offending networks.
 ## 
 ## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -101,7 +101,7 @@ score	 KHOP_SC_TOP_CIDR16  0.6 0.2 0.7 0
 
 
 # http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:(?:23\.64\.19|84\.82\.17)9|98\.143\.128|03\.25\.146)|2(?:10\.183\.179|3\.231\.48)|5(?:0\.193\.157|8\.251\.146)|88\.208\.231|91\.218\.244|68\.65\.252)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:84\.(?:22\.197|82\.179)|98\.143\.128|03\.25\.146)|(?:50\.193\.15|67\.210\.24)7|23\.(?:231\.48|94\.15)|46\.10(?:2\.187|7\.24))\.[012]?\d{1,2}\b)/
 describe KHOP_SC_CIDR24  Relay CIDR /24 is among worst in SpamCop
 tflags	 KHOP_SC_CIDR24  nopublish
 score	 KHOP_SC_CIDR24  0.6 0 0.6 0
@@ -122,7 +122,7 @@ score	 KHOP_SC_CIDR24  0.6 0 0.6 0
 # 0.4428/0      1.000 20130705@376k  resume scores -> .6 0 .6 0
 
 
-header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:9(?:0\.234\.10[56]|8\.143\.150|4\.105\.9)|0(?:1\.(?:14\.89|9\.205)|3\.25\.14[56])|8(?:1\.66\.15[67]|3\.182\.39|4\.22\.53)|20\.(?:143\.5|84\.13)|41\.105\.68)|(?:212\.146\.10|31\.192\.11)1|9(?:1\.218\.24|4\.20\.22)4|67\.205\.67|83\.149\.48|50\.2\.95)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:9(?:0\.234\.10[56]|8\.143\.150|4\.105\.9)|0(?:1\.(?:14\.89|9\.205)|3\.25\.14[56])|8(?:1\.66\.15[67]|3\.182\.39|4\.22\.53)|20\.(?:143\.5|84\.13)|41\.105\.68)|(?:212\.146\.10|31\.192\.11)1|9(?:1\.218\.24|4\.20\.22)4|67\.205\.67)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_TOP_CIDR24  Relay CIDR /24 leads SpamCop in worst /24s
 tflags	 KHOP_SC_TOP_CIDR24  nopublish
 score	 KHOP_SC_TOP_CIDR24  1.7 0.5 1.7 0.5
@@ -142,7 +142,7 @@ score	 KHOP_SC_TOP_CIDR24  1.7 0.5 1.7 0
 
 
 # http://www.spamcop.net/w3m?action=hoshame
-header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:8(?:4\.(?:82\.1(?:7(?:1\.234|9\.117)|23\.85)|22\.(?:53\.(?:190?|201)|197\.216))|3\.(?:106\.150\.78|86\.207\.130)|5\.(?:10\.203\.123|25\.150\.212)|2\.172\.22\.57|8\.20\.27\.174)|1(?:8\.(?:1(?:29\.166\.86|42\.19\.172|89\.11\.10)|41\.157\.3)|0\.(?:189\.168\.171|45\.140\.89)|9\.(?:110\.108\.92|73\.225\.13)|2\.220\.67\.130|6\.193\.90\.26)|2(?:1\.(?:1(?:34\.238\.129|82\.63\.196)|78\.1(?:16\.243|26\.228))|2\.(?:219\.138\.227|155\.9\.59)|5\.88\.123\.244|4\.160\.35\.2|0\.50\.86\.3)|9(?:8\.143\.1(?:50\.2(?:4[789]|5[012]|39)|28\.144)|2\.2(?:08\.185\.1(?:06|14)|27\.235\.155)|0\.107\.140\.76|3\.111\.62\.157|4\.105\.9\.85)|7(?:8\.(?:175\.159\.93|248\.43\.106)|3\.212\.20(?:5\.158|9\.30))|0(?:1\.(?:9\.205\.13|14\.89\.)0|6\.245\.250\.6)|62\.2(?:43\.213\.233|20\.57\.202)|59\.224\.80\.43)|2(?:1(?:1\.(?:23(?:(?:4\.117\.14|\.152\.1)9|3\.64\.110|2\.154\.6)|17(?:4\.178\.177|6\.76\.198))|8\.(?:234\.1(?:08\.13|7\.176)|38\.29\.68)|0\.(?:183\.179\.3[89]|48
 \.156\.227)|2\.(?:146\.101\.154|87\.28\.201)|9\.(?:140\.69\.122|92\.57\.210)|3\.135\.113\.197)|0(?:2\.(?:1(?:18\.236\.178|97\.68\.201)|234\.40\.41|64\.73\.148)|3\.23(?:0\.112\.45|8\.64\.250|9\.45\.202))|2(?:1\.(?:214\.2(?:08\.226|14\.187)|178\.236\.19)|2\.(?:200\.182\.65|78\.247\.67)|0\.67\.90\.31)|3\.(?:231\.48\.(?:10|72)|94\.15\.143)|7\.117\.113\.20|\.230\.25\.144)|9(?:1\.2(?:18\.244\.(?:2(?:1[012345678]|2[23468]|0[2349]|4[0189]|3[34])|1(?:9[1234567]|36))|41\.187\.204)|5\.(?:211\.135\.83|85\.63\.150)|3\.90\.102\.194)|8(?:8\.(?:208\.2(?:31\.1(?:7[79]|29)|29\.1[38]9|09\.31)|198\.199\.35)|5\.1(?:85\.(?:30\.163|112\.8)|7\.27\.(?:123|98))|7\.204\.110\.176)|6(?:8\.65\.25(?:2\.1(?:89|90)|4\.251)|7\.2(?:10\.247\.2[06]|05\.67\.7)|0\.190\.92\.234|1\.38\.186\.117|2\.65\.133\.43)|4(?:6\.1(?:0(?:2\.187\.2(?:[5678]|2[89])|7\.24\.210)|91\.237\.118)|9\.128\.43\.241|1\.137\.24\.4)|5(?:8\.(?:225\.62\.145|64\.164\.116)|\.(?:133\.177\.122|255\.64\.250)|0\.193\.157\.62)|3(?:1\.192\.111\.(?:[789]\d|6[8
 9]|100)|6\.250\.229\.32)|7(?:(?:7\.106\.232\.1|8\.29\.4\.)78|2\.9\.97\.116))\b)/
+header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:8(?:4\.(?:82\.1(?:7(?:1\.234|9\.117)|23\.85)|22\.(?:53\.(?:190?|201)|197\.216)|154\.143\.69)|3\.(?:106\.150\.78|86\.207\.130)|5\.(?:10\.203\.123|25\.150\.212)|2\.1(?:62\.73\.193|72\.22\.57)|8\.20\.27\.174)|2(?:1\.(?:1(?:34\.238\.129|59\.11\.164|82\.63\.196)|78\.1(?:16\.243|26\.228))|2\.(?:219\.138\.227|49\.119\.188|155\.9\.59)|4\.(?:54\.230\.123|160\.35\.2)|0\.50\.86\.3)|9(?:8\.143\.1(?:50\.2(?:4[789]|5[012]|39)|28\.144)|2\.2(?:08\.185\.1(?:06|14)|27\.235\.155)|0\.107\.140\.76|5\.112\.144\.10|4\.105\.9\.85)|1(?:9\.(?:73\.2(?:34\.242|25\.13)|110\.108\.92|201\.16\.211)|8\.(?:189\.11\.10|41\.157\.3)|2\.220\.67\.130|0\.45\.140\.89|6\.193\.90\.26)|0(?:1\.(?:9\.205\.13|14\.89\.)0|6\.245\.250\.6)|7(?:3\.212\.20(?:5\.158|9\.30)|8\.175\.159\.93)|62\.2(?:43\.213\.233|20\.57\.202)|41\.105\.68\.2(?:5[02]|48)|59\.224\.80\.43)|2(?:1(?:1\.(?:23(?:(?:4\.117\.14|\.152\.1)9|3\.(?:64\.110|71\.76)|2\.154\.6)|17(?:(?:2\.246\.7|6\.76\.19)8|4\.178\.177
 ))|8\.(?:234\.1(?:08\.13|7\.176)|38\.29\.68)|2\.(?:146\.101\.154|87\.28\.201)|9\.(?:140\.69\.122|92\.57\.210)|0\.183\.179\.3[89]|3\.135\.113\.197)|2(?:1\.(?:214\.2(?:08\.226|14\.187)|178\.236\.19)|2\.(?:200\.182\.65|78\.247\.67)|0\.67\.90\.31)|0(?:2\.(?:1(?:18\.236\.178|97\.68\.201)|234\.40\.41)|3\.23(?:0\.112\.45|8\.64\.250|9\.125\.32))|3\.(?:231\.48\.(?:10|72)|94\.15\.143)|7\.117\.113\.20|\.230\.25\.144)|8(?:8\.(?:208\.2(?:29\.1[38]9|31\.17[79]|09\.31)|198\.199\.35)|5\.1(?:85\.(?:30\.163|112\.8)|7\.27\.1(?:2[123]|00))|7\.204\.110\.176)|9(?:1\.218\.244\.(?:2(?:1[012345678]|2[234568]|0[2349]|4[0189]|3[34])|1(?:9[1234567]|36))|5\.(?:211\.135\.83|85\.63\.150))|4(?:6\.1(?:0(?:2\.187\.2(?:[5678]|2[89])|7\.24\.210)|91\.237\.118)|9\.128\.43\.241|1\.137\.24\.4)|6(?:7\.2(?:10\.247\.20|05\.67\.7)|1\.38\.186\.(?:117|210)|2\.65\.133\.43)|3(?:1\.192\.111\.(?:[789]\d|6[89]|100)|6\.250\.229\.3[25])|5(?:(?:0\.193\.157\.6|\.133\.177\.12)2|8\.225\.62\.145)|7(?:(?:7\.106\.232\.1|8\.29\.4\.)78|2\.9\.9
 7\.116))\b)/
 describe KHOP_SC_TOP200  Relay listed in SpamCop top 200 spammer IPs
 tflags	 KHOP_SC_TOP200  nopublish
 score	 KHOP_SC_TOP200  4 0 4 0	# unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score	 KHOP_SPAMHAUS_DROP_LE	2 0 2 0 	# 
 
 # PSBL-neighbors:  any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
 # as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:8(?:6\.(?:1(?:3\.[01234567]|22\.4[4567])|37\.203)|3\.9(?:3\.11[45]|5\.6[67])|1\.66\.15[67]|9\.126\.130|8\.73\.252)|1(?:1\.176\.(?:[67]|(?:12|8)[4567]|4[89]?|5[01]?)|6\.207\.(?:6[0123]|4[89]|5\d)|9\.36\.21[23]|3\.56\.249)|7(?:1\.80\.(?:2(?:0[0123]|4[567])|1(?:6[89]|7[01]))|7\.(?:1(?:37\.19|1\.55)|36\.(?:17|22)))|0(?:3\.2(?:40\.252|55\.193)|9\.127\.80)|9(?:0\.234\.10[56]|9\.19\.92)|2(?:3\.136\.10|5\.60\.15)6|30\.193\.147)|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|(?:01\.220\.24|12\.34\.1)2|4\.244\.23)|58\.(?:5(?:0\.1(?:[2345]|0[456789]|1\d)|4\.18[4567])|19\.19[01])|41\.254\.[2568]|79\.106\.109)\.[012]?\d{1,2}\b)/
+header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:8(?:6\.(?:1(?:3\.[01234567]|22\.4[4567])|37\.203)|3\.9(?:3\.11[45]|5\.6[67])|1\.66\.15[67]|8\.73\.252)|1(?:1\.176\.(?:[67]|(?:12|8)[4567]|4[89]?|5[01]?)|6\.207\.(?:6[0123]|4[89]|5\d)|9\.36\.21[23])|7(?:1\.80\.(?:2(?:0[0123]|4[67])|1(?:6[89]|7[01]))|7\.(?:36\.(?:17|22)|137\.19))|0(?:3\.2(?:40\.252|55\.193)|9\.127\.80)|9(?:0\.234\.10[56]|9\.19\.92)|2(?:3\.136\.10|5\.60\.15)6|30\.193\.147)|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|(?:01\.220\.24|12\.34\.1)2|4\.244\.23)|58\.(?:5(?:0\.1(?:[2345]|0[456789]|1\d)|4\.18[4567])|19\.19[01])|95\.83\.2(?:49|53)|41\.254\.[2568]|79\.106\.109)\.[012]?\d{1,2}\b)/
 describe KHOP_PSBL_CIDR24	Relay's IP/24 CIDR contains many PSBL hits
 tflags	 KHOP_PSBL_CIDR24	nopublish
 score	 KHOP_PSBL_CIDR24	2 0.6 2 0.6