You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2008/05/20 11:56:57 UTC
svn commit: r658182 - /spamassassin/rules/branches/3.2/20_ratware.cf
Author: jm
Date: Tue May 20 02:56:56 2008
New Revision: 658182
URL: http://svn.apache.org/viewvc?rev=658182&view=rev
Log:
bug 5913: revert r658011, syncing up to the same rules file as in 3.2.0 branch is not a good idea
Modified:
spamassassin/rules/branches/3.2/20_ratware.cf
Modified: spamassassin/rules/branches/3.2/20_ratware.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/branches/3.2/20_ratware.cf?rev=658182&r1=658181&r2=658182&view=diff
==============================================================================
--- spamassassin/rules/branches/3.2/20_ratware.cf (original)
+++ spamassassin/rules/branches/3.2/20_ratware.cf Tue May 20 02:56:56 2008
@@ -45,22 +45,6 @@
#
# NOTE: these rules should specify version numbers!
-# first define situations where servers rewrite message id so we can't use message id to detect forgeries
-
-header __HOTMAIL_BAYDAV_MSGID MESSAGEID =~ /^<BAY\d+-DAV\d+[A-Z0-9]{25}\@phx\.gbl>$/m
-
-header __IPLANET_MESSAGING_SERVER Received =~ /iPlanet Messaging Server/
-
-header __LYRIS_EZLM_REMAILER List-Unsubscribe =~ /<mailto:(?:leave-\S+|\S+-unsubscribe)\@\S+>$/
-
-header __SYMPATICO_MSGID MESSAGEID =~ /^<BAYC\d+-PASMTP\d+[A-Z0-9]{25}\@CEZ\.ICE>$/m
-
-header __WACKY_SENDMAIL_VERSION Received =~ /\/CWT\/DCE\)/
-
-meta __UNUSABLE_MSGID (__LYRIS_EZLM_REMAILER || __GATED_THROUGH_RCVD_REMOVER || __WACKY_SENDMAIL_VERSION || __IPLANET_MESSAGING_SERVER || __HOTMAIL_BAYDAV_MSGID || __SYMPATICO_MSGID)
-
-## now on to the forgery rules
-
# AOL
header __AOL_MUA X-Mailer =~ /\bAOL\b/
@@ -77,20 +61,17 @@
header __OE_MUA X-Mailer =~ /\bOutlook Express [456]\./
header __OE_MSGID_1 MESSAGEID =~ /^<[A-Za-z0-9-]{7}[A-Za-z0-9]{20}\@hotmail\.com>$/m
header __OE_MSGID_2 MESSAGEID =~ /^<(?:[0-9a-f]{8}|[0-9a-f]{12})\$[0-9a-f]{8}\$[0-9a-f]{8}\@\S+>$/m
-meta __FORGED_OE (__OE_MUA && !__OE_MSGID_1 && !__OE_MSGID_2 && !__UNUSABLE_MSGID)
+header __OE_MSGID_3 MESSAGEID =~ /^<BAY\d+-DAV\d+[A-Z0-9]{25}\@phx\.gbl>$/m
+header __OE_MSGID_4 MESSAGEID =~ /^<BAYC\d+-PASMTP\d+[A-Z0-9]{25}\@CEZ\.ICE>$/m
+meta __FORGED_OE (__OE_MUA && !__OE_MSGID_1 && !__OE_MSGID_2 && !__OE_MSGID_3 && !__OE_MSGID_4 && !__UNUSABLE_MSGID)
# Outlook versions that usually use "dollar signs"
header __OUTLOOK_DOLLARS_MUA X-Mailer =~ /^Microsoft Outlook(?: 8| CWS, Build 9|, Build 10)\./
header __OUTLOOK_DOLLARS_OTHER MESSAGEID =~ /^<\!\~\!/m
meta __FORGED_OUTLOOK_DOLLARS (__OUTLOOK_DOLLARS_MUA && !__OE_MSGID_2 && !__OUTLOOK_DOLLARS_OTHER && !__VISTA_MSGID && !__IMS_MSGID && !__UNUSABLE_MSGID)
-# use new meta rules to implement FORGED_MUA_OUTLOOK rule from 2.60
-# bug 5496: avoid some FPs
-header __FMO_EXCL_O3416 X-Mailer =~ /^Microsoft Outlook, Build 10.0.3416$/
-header __FMO_EXCL_OE3790 X-Mailer =~ /^Microsoft Outlook Express 6.00.3790.3959$/
-# bug 5910: __VISTA_MSGID also now used by Outlook Express from XP SP3
-#
-meta FORGED_MUA_OUTLOOK ((__FORGED_OE || __FORGED_OUTLOOK_DOLLARS) && !__FMO_EXCL_O3416 && !__FMO_EXCL_OE3790 && !__VISTA_MSGID)
+# use new meta rules to implement FORGED_MUA_OUTLOOK rule from 2.60
+meta FORGED_MUA_OUTLOOK (__FORGED_OE || __FORGED_OUTLOOK_DOLLARS)
describe FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
# Outlook IMO (Internet Mail Only)
@@ -289,7 +270,10 @@
ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-header __GATED_THROUGH_RCVD_REMOVER eval:gated_through_received_hdr_remover()
+# Dec 17 2002 jm: this means "message ID is either too old or has been
+# rewritten by a gateway". Made into an eval test since meta tests cannot
+# (yet) chain from other meta tests.
+header __UNUSABLE_MSGID eval:check_messageid_not_usable()
header __RATWARE_NAME_ID eval:check_ratware_name_id()
meta RATWARE_NAME_ID __RATWARE_0_TZ_DATE && __RATWARE_NAME_ID