You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by kh...@apache.org on 2013/10/31 07:58:00 UTC
svn commit: r1537389 -
/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Author: khopesh
Date: Thu Oct 31 06:57:59 2013
New Revision: 1537389
URL: http://svn.apache.org/r1537389
Log:
auto-generated rules
Modified:
spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1537389&r1=1537388&r2=1537389&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Thu Oct 31 06:57:59 2013
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf v 201310302
+## khop-sc-neighbors.cf v 201310312
## Khopesh's syndication of SpamCop's top offenders and top offending networks.
##
## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@ meta __KHOP_SC_EXCLUSIONS __VIA_ML || __
# http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
# Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|86)|46|95)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:(?:18|4)6|95|2)(?:\.[012]?\d{1,2}){3}\b) /
# and gets cleaned up a bit
meta KHOP_SC_CIDR8 __KHOP_SC_CIDR8 && !__KHOP_SC_EXCLUSIONS
describe KHOP_SC_CIDR8 Relay CIDR /8 is among worst in SpamCop
@@ -42,7 +42,7 @@ score KHOP_SC_CIDR8 0.1 0.02 0.2 0.1
# 1.5335/0.5063 0.752 20130629@465k net, solo=1.5947/0.5379@0.748
# 2.0256/0.7432 0.732 20130705@376k solo=2.0429/0.7595@0.729, ->.1 .02 .2 .1
-header __KHOP_SC_TOP_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:78|90)|37|2)(?:\.[012]?\d{1,2}){3}\b) /
+header __KHOP_SC_TOP_CIDR8 X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|78|90)|37)(?:\.[012]?\d{1,2}){3}\b) /
meta KHOP_SC_TOP_CIDR8 __KHOP_SC_TOP_CIDR8 && !__KHOP_SC_EXCLUSIONS
describe KHOP_SC_TOP_CIDR8 Relay CIDR /8 leads SpamCop in worst /8s
tflags KHOP_SC_TOP_CIDR8 nopublish
@@ -81,7 +81,7 @@ score KHOP_SC_CIDR16 0.4 0.1 0.4 0.1
# crap, still empty 20130629@465k net
# crap, still empty 20130705@376k net. lowering for low vol -> .4 .1 .4 .1
-header KHOP_SC_TOP_CIDR16 Received =~ /(?-xism:\b89\.121(?:\.[012]?\d{1,2}){2}\b)/
+header KHOP_SC_TOP_CIDR16 Received =~ /(?-xism:\b(?:222\.239|89\.121)(?:\.[012]?\d{1,2}){2}\b)/
describe KHOP_SC_TOP_CIDR16 Relay CIDR /16 leads SpamCop in worst /16s
tflags KHOP_SC_TOP_CIDR16 nopublish
score KHOP_SC_TOP_CIDR16 0.6 0.2 0.7 0.3
@@ -101,7 +101,7 @@ score KHOP_SC_TOP_CIDR16 0.6 0.2 0.7 0
# http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:03\.(?:243\.50|9\.157)|12\.(?:164\.62|97\.24)|73\.44\.168|84\.22\.172|99\.30\.137|21\.54\.54)|(?:92\.66\.18|62\.4\.)0|202\.52\.146|85\.204\.147)\.[012]?\d{1,2}\b)/
+header KHOP_SC_CIDR24 Received =~ /(?-xism:\b(?:1(?:9(?:8\.24\.175|9\.30\.137)|0(?:9\.169\.88|3\.9\.157)|(?:12\.97\.2|21\.54\.5)4|73\.44\.168)|2(?:1(?:6\.231\.140|1\.119\.86)|02\.52\.146)|85\.204\.147|92\.66\.180)\.[012]?\d{1,2}\b)/
describe KHOP_SC_CIDR24 Relay CIDR /24 is among worst in SpamCop
tflags KHOP_SC_CIDR24 nopublish
score KHOP_SC_CIDR24 0.6 0 0.6 0
@@ -122,7 +122,7 @@ score KHOP_SC_CIDR24 0.6 0 0.6 0
# 0.4428/0 1.000 20130705@376k resume scores -> .6 0 .6 0
-header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:9(?:0\.234\.106|8\.24\.174|9\.96\.83)|1(?:0\.52\.[02]|2\.97\.24)|4(?:2\.11\.195|1\.0\.61)|09\.169\.88|25\.60\.156)|2(?:13\.132\.241|22\.122\.227|06\.214\.72)|4(?:6\.102\.186|9\.156\.191|1\.254\.5)|6(?:8\.64\.166|4\.79\.99))\.[012]?\d{1,2}\b)/
+header KHOP_SC_TOP_CIDR24 Received =~ /(?-xism:\b(?:1(?:9(?:0\.234\.106|8\.24\.174|9\.96\.83)|0(?:3\.243\.50|9\.235\.54)|1(?:0\.52\.[02]|2\.97\.24)|25\.60\.156|41\.0\.61)|4(?:6\.102\.186|9\.156\.191|1\.254\.5)|2(?:13\.132\.241|06\.214\.72)|6(?:8\.64\.166|4\.79\.99))\.[012]?\d{1,2}\b)/
describe KHOP_SC_TOP_CIDR24 Relay CIDR /24 leads SpamCop in worst /24s
tflags KHOP_SC_TOP_CIDR24 nopublish
score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0.5
@@ -142,7 +142,7 @@ score KHOP_SC_TOP_CIDR24 1.7 0.5 1.7 0
# http://www.spamcop.net/w3m?action=hoshame
-header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:1(?:9\.(?:19(?:2\.255\.129|3\.93\.25)|42\.147\.114|203\.72\.73|37\.195\.59)|2\.(?:1(?:84\.172\.244|70\.181\.99|64\.62\.8)|216\.46\.75)|8\.(?:1(?:30\.107\.235|42\.19\.172)|97\.196\.163)|5\.(?:8(?:0\.227\.233|2\.233\.146)|210\.49\.185)|4\.(?:141\.253\.14|247\.23\.66)|6\.(?:228\.65\.228|193\.90\.26))|9(?:9\.(?:96\.83\.1(?:3[023456789]|5[01345689]|4\d)|30\.137\.1[67])|8\.2(?:4\.17(?:4\.167|5\.3)|0\.67\.9)|5\.2(?:06\.38\.48|52\.108\.6)|2\.252\.213\.128)|7(?:3\.2(?:12\.205\.158|00\.90\.196)|5\.1(?:14\.29\.238|02\.6\.90)|7\.(?:1\.223\.73|69\.8\.50)|2\.245\.44\.122|4\.76\.130\.40|6\.31\.14\.113)|0(?:1\.(?:15\.123\.255|44\.3\.50|79\.5\.19)|3\.(?:9\.157\.12[679]|243\.50\.6[34])|9\.169\.88\.1(?:4[04]|39))|8(?:4\.(?:22\.(?:1(?:72\.14[45]|97\.216)|230\.213)|82\.179\.117)|3\.106\.150\.78|8\.252\.0\.237)|2(?:1\.(?:78\.119\.193|22\.127\.17)|2\.182\.28\.245|0\.50\.86\.3)|4(?:8\.223\.59\.187|1\.0\.61\.166|\.63\.74\.204)|\.2(?:15\.206\.242|24\.163\
.99))|2(?:0(?:2\.(?:1(?:1(?:7\.120\.8[29]|8\.236\.178)|29\.216\.60|42\.203\.19)|5(?:2\.146\.38|3\.13\.187)|71\.136\.200|234\.40\.41)|0\.(?:1(?:42\.133\.21|75\.56\.190)|7(?:2\.11\.132|9\.27\.60)|51\.45\.180)|3\.(?:171\.233\.243|211\.133\.244)|1\.116\.199\.34)|1(?:1\.(?:1(?:91\.168\.16|47\.211\.1)6|230\.74\.17)|3\.1(?:(?:71\.39\.15|95\.77\.11)4|32\.241\.13)|6\.(?:189\.101\.110|231\.140\.15)|2\.109\.182\.10|8\.92\.249\.162)|2(?:1\.(?:2(?:14\.208\.226|04\.223\.38)|153\.158\.37)|2\.(?:23(?:1\.57\.104|9\.255\.70)|122\.227\.10))|4\.(?:153\.129\.102|237\.229\.37))|6(?:4\.79\.(?:99\.(?:2(?:4[012345789]|3[789]|5[01])|1(?:6[035679]|7[01234]))|107\.13)|(?:1\.135\.130\.24|7\.90\.21\.15)0|8\.64\.166\.(?:67|70)|2\.4\.0\.(?:13|9)|9\.198\.197\.156|0\.251\.31\.134|5\.60\.15\.173)|8(?:(?:7\.106\.173\.11|1\.23\.106\.7)5|5\.(?:17\.27\.11[57]|204\.147\.9)|3\.(?:18\.234\.202|3\.103\.227)|4\.22\.61\.190)|9(?:1\.(?:191\.172\.154|218\.160\.206)|3\.1(?:59\.160\.164|88\.8\.67)|2\.66\.180\.209|8\.143\.158\.34)|
4(?:6\.102\.186\.(?:[89]|2[2345679]|1[346789]|3[123])|9\.218\.(?:33\.215|45\.181)|1\.137\.24\.4)|7(?:2\.(?:166\.187\.139|35\.20\.131)|7\.106\.232\.178|6\.164\.199\.71)|37\.123\.98\.115)\b)/
+header KHOP_SC_TOP200 Received =~ /(?-xism:\b(?:1(?:1(?:9\.(?:19(?:2\.255\.129|3\.93\.25)|203\.72\.73|37\.195\.59)|8\.(?:1(?:30\.107\.235|42\.19\.172)|97\.196\.163)|2\.(?:1(?:70\.181\.99|64\.62\.8)|216\.46\.75)|5\.(?:210\.49\.185|82\.233\.146)|6\.(?:228\.65\.228|193\.90\.26)|4\.247\.23\.66)|9(?:9\.(?:96\.83\.1(?:5[012345689]|3[02356789]|4\d)|30\.137\.1[67])|8\.2(?:4\.17(?:4\.167|5\.3)|0\.67\.9)|5\.2(?:06\.38\.48|52\.108\.6))|0(?:1\.(?:15\.123\.255|44\.3\.50|79\.5\.19)|3\.(?:243\.50\.6[349]|9\.157\.12[67])|9\.(?:169\.88\.144|235\.54\.219)|8\.62\.240\.104)|7(?:3\.2(?:12\.205\.158|00\.90\.196)|5\.1(?:14\.29\.238|02\.6\.90)|7\.(?:20\.144\.7|69\.8\.50)|4\.76\.130\.40|6\.31\.14\.113)|8(?:4\.(?:22\.(?:1(?:72\.145|97\.216)|230\.213)|82\.179\.117)|3\.106\.150\.78|8\.252\.0\.237)|2(?:1\.(?:78\.119\.193|22\.127\.17)|2\.182\.28\.245|0\.50\.86\.3)|4(?:8\.223\.59\.187|1\.0\.61\.166|\.63\.74\.204)|\.2(?:15\.206\.242|24\.163\.99))|2(?:0(?:2\.(?:1(?:1(?:7\.120\.8[29]|8\.236\.178)|29\.216\.60|42\.2
03\.19)|5(?:2\.146\.38|3\.13\.187)|71\.136\.200|234\.40\.41)|0\.(?:(?:175\.56\.19|51\.45\.18)0|7(?:2\.11\.132|9\.27\.60))|3\.(?:171\.233\.243|211\.133\.244)|1\.116\.199\.34)|1(?:1\.(?:1(?:91\.168\.16|47\.211\.1)6|230\.74\.17)|3\.1(?:(?:71\.39\.15|95\.77\.11)4|32\.241\.13)|2\.109\.182\.10|6\.231\.140\.15|8\.92\.249\.162)|2(?:1\.(?:2(?:14\.2(?:08\.226|14\.187)|04\.223\.38)|153\.158\.37)|2\.(?:23(?:1\.57\.104|9\.255\.70)|122\.227\.10))|4\.(?:153\.129\.102|237\.229\.37))|6(?:4\.79\.(?:99\.(?:1(?:6[035679]|7[01234])|2(?:3[789]|5[01]|4\d))|107\.13)|(?:1\.135\.130\.24|7\.90\.21\.15)0|8\.64\.166\.(?:6[678]|70)|9\.198\.197\.156|0\.251\.31\.134|5\.60\.15\.173|2\.4\.0\.9)|8(?:5\.(?:17\.27\.11[057]|204\.147\.9)|3\.(?:18\.234\.202|3\.103\.227)|1\.(?:23\.106\.75|30\.156\.36)|7\.106\.173\.115|4\.22\.61\.190)|9(?:(?:1\.191\.172\.15|8\.143\.158\.3)4|2\.(?:66\.180\.209|45\.69\.60)|3\.1(?:59\.160\.164|88\.8\.67))|4(?:6\.102\.186\.(?:[89]|2[2345679]|3[1234679]|1[346789])|9\.218\.(?:33\.215|45\.181)|1\.
137\.24\.4)|7(?:2\.(?:166\.187\.139|35\.20\.131)|7\.106\.232\.178|6\.164\.199\.71)|37\.123\.98\.115)\b)/
describe KHOP_SC_TOP200 Relay listed in SpamCop top 200 spammer IPs
tflags KHOP_SC_TOP200 nopublish
score KHOP_SC_TOP200 4 0 4 0 # unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score KHOP_SPAMHAUS_DROP_LE 2 0 2 0 #
# PSBL-neighbors: any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
# as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.176\.(?:(?:12|8)[4567]|[46][89]?|5[01]?|7\d?)|6\.207\.(?:1[2345]|6[0123]|4[89]|5\d)|0\.(?:205\.3[2345]|52\.[0123])|5\.63\.(?:[89]|1[012345])|3\.56\.2(?:4[89]|5[01])|2\.215\.(?:6[34]|44)|9\.36\.21[23])|0(?:3\.(?:2(?:4(?:0\.(?:117|252)|2\.7)|6\.29)|5\.27)|9\.127\.8[01])|8(?:3\.9(?:3\.(?:11[45]|9[89])|5\.6[67])|1\.66\.15[67])|25\.(?:44\.24[01234567]|60\.156)|9(?:0\.234\.10[56]|7\.252\.0)|7(?:3\.44\.168|7\.36\.22)|30\.193\.1(?:46|65))|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|1(?:1\.91\.22[01]|2\.34\.12))|5(?:8\.(?:50\.(?:1(?:[2345]|0[456789]|1[016789])|7[01]|69)|19\.19[01])|9\.55\.25[235])|7(?:9\.106\.109|5\.75\.241)|41\.254\.[258]|82\.199\.156|37\.0\.120)\.[012]?\d{1,2}\b)/
+header KHOP_PSBL_CIDR24 X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.176\.(?:(?:12|8)[4567]|[46][89]?|5[01]?|7\d?)|6\.207\.(?:1[2345]|6[0123]|4[89]|5\d)|0\.(?:205\.3[2345]|52\.[0123])|5\.63\.(?:[89]|1[012345])|3\.56\.2(?:4[89]|5[01])|2\.215\.(?:6[34]|44)|9\.36\.21[23])|0(?:3\.(?:2(?:4(?:0\.(?:117|252)|2\.7)|6\.29)|5\.27)|9\.127\.8[01])|8(?:3\.9(?:3\.(?:11[45]|9[89])|5\.6[67])|1\.66\.15[67])|25\.(?:44\.24[01234567]|60\.156)|9(?:0\.234\.10[56]|7\.252\.0)|7(?:3\.44\.168|7\.36\.22)|30\.193\.1(?:46|65))|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|1(?:1\.91\.22[01]|2\.34\.12))|5(?:8\.(?:50\.(?:1(?:[2345]|0[456789]|1[016789])|7[01]|69)|19\.19[01])|9\.55\.25[235])|7(?:9\.106\.109|5\.75\.241)|41\.254\.[258]|82\.199\.156)\.[012]?\d{1,2}\b)/
describe KHOP_PSBL_CIDR24 Relay's IP/24 CIDR contains many PSBL hits
tflags KHOP_PSBL_CIDR24 nopublish
score KHOP_PSBL_CIDR24 2 0.6 2 0.6