1 # relays.osirusoft.com is gone --joy, 2003-08-27
2 score RCVD_IN_OSIRUSOFT_COM 0
5 # Rules against generally dubious things that aren't supposed to be
6 # valid mails to the BTS
9 # bug in old spamassassins
12 # cjwatson, 2002/04/03
13 # joy, 2003-04-12, 2003-04-19
14 # cjwatson upgraded to 2.53, 2003/04/23
15 # several of the following were suggested by Santiago Vila
17 # adding 3 points to defaults as of 2.53
18 score MICROSOFT_EXECUTABLE 3.100
19 score MIME_HTML_ONLY 3.100
20 score PENIS_ENLARGE 5.342 5.174 5.342 5.469
21 score PENIS_ENLARGE2 5.290 5.799 3.909 5.126
22 score HTML_MESSAGE 1.667 1.600 1.666 1.5
24 # adding 2 points to defaults as of 2.53
25 score THE_BEST_RATE 6.300 6.141 5.954 6.284
26 # cjwatson: this produces too many false positives
27 #score SUSPICIOUS_RECIPS 4.052 3.953 3.972 5.407
28 score URGENT_BIZ 3.397 3.153 3.799 3.696
29 score BASE64_ENC_TEXT 4.685 3.735 3.857 3.738
30 score FROM_HAS_MIXED_NUMS2 3.101 3.699 3.101 4.178
31 score HTTP_EXCESSIVE_ESCAPES 3.101 3.500 3.259 4.060
32 score TO_MALFORMED 3.146 3.085 3.697 3.803
33 score MIME_HTML_NO_CHARSET 2.742 2.738 2.141 2
34 score BAD_CREDIT 2.787 2.716 2.535 2.491
35 score MISSING_MIMEOLE 2.500 2.500 2.437 2.100
37 score CLICK_BELOW_CAPS 2.500 2.500 2.100 2.500
38 score CLICK_BELOW 2.227 2.100 2.100 2
40 # adding 1 point to defaults as of 2.53
41 score X_PRIORITY_HIGH 2.919 2.989 1.815 2.873
42 score MANY_EXCLAMATIONS 2.097 1.782 2.216 2.094
43 score NORMAL_HTTP_TO_IP 1.942 1.531 1.524 1.926
44 score X_MSMAIL_PRIORITY_HIGH 1.404 1 1 1.021
45 score FROM_HAS_MIXED_NUMS 1 1 1.339 1
46 # HTML_COMMENT_UNIQUE_ID gone in 2.53?
47 score HTML_FONT_BIG 1.294 1.136 1.262 1.293
48 score HTML_FONT_COLOR_RED 1.100
49 score HTML_FONT_COLOR_BLUE 1.100
50 score HTML_FONT_COLOR_GRAY 1.100
51 score HTML_FONT_COLOR_UNSAFE 1.100
52 score SUB_FREE_OFFER 1.339 1.488 1.224 1.383
54 # FREE_MONEY gone in 2.53?
55 score DIET 1 1 1.042 1
56 score UPPERCASE_75_100 1
57 score UPPERCASE_50_75 1.840 1 1.334 1.478
58 score UPPERCASE_25_50 2.555 2.132 1.860 1.584
59 score HTML_FONT_COLOR_NOHASH 1
60 score REMOVE_PAGE 1.318 1.100 1.365 1.303
61 score MAILTO_WITH_SUBJ 1.409 1.115 1 1.573
62 score HTML_TABLE_THICK_BORDER 2.101 2.101 2.101 1.500
63 score MIME_BOUND_NEXTPART 1.427 1.361 1.376 1.307
64 score DEAR_SOMETHING 3.596 3.596 2.806 2.803
65 score HTML_IMAGE_ONLY_06 2.228 2.072 2.433 1.610
66 score SUBJ_REMOVE 2.101 1.500 2.263 1.500
67 score EARN_MONEY 1.967 2.228 1.960 1.744
68 # /you (?:do not|no longer) wish to receive/i
69 score EXCUSE_14 1.046 1.100 1 1.016
70 score HTML_TITLE_UNTITLED 1.386 1.423 1.501 1.0
71 score FOR_FREE 1.625 1.545 1.592 1.455
72 score REMOVE_SUBJ 2.639 1.813 2.193 1.440
74 # these get +1 just on the merit of being fsckin' HTML in email
75 score HTML_10_20 0.996 1.030 1.303 1.036
76 score HTML_20_30 1.287 1.104 1.293 1.571
77 score HTML_30_40 1.708 1.834 1.344 1.658
78 score HTML_40_50 2.058 1.747 1.814 1.428
79 score HTML_50_60 1.551 1.212 1.532 1.100
80 score HTML_60_70 1.518 1.121 1.100 1.100
81 score HTML_70_80 1.682 1.379 1.310 1.254
82 score HTML_80_90 1.406 1.483 1.163 1.166
83 score HTML_90_100 1.500 1 1 1
85 # and these get 1 point for being pr0n
86 score PORN_16 3.896 3.896 3.166 3.799
87 score PORN_4 3.371 3.599 2.457 3.135
88 score PORN_6 2.560 3.613 3.900 2.764
89 score PORN_15 3.900 3.900 2.666 3.900
90 score AMATEUR_PORN 2.110 3.748 2.654 1.142
92 # adding 0.5 points to defaults as of 2.53
93 score FROM_ENDS_IN_NUMS 1.111 1.219 1.080 1.175
94 score NO_REAL_NAME 1.6
96 # many spams have In-Reply-To as well,
97 # the 2.44 default of -0.847 is too much
98 # the 2.53 default of -3.300 -3.301 -0.600 -3.201 is even worse
101 # same as In-Reply-To, References gets abused as well
102 # the 2.53 default is -6.600 -6.600 -6.500 -6.500
103 score REFERENCES -0.600 -0.600 -0.500 -0.500
105 # normal mails which have debbugs-derived Subject fields have space,
106 # the 2.44 default of 2.639 is too much
107 # the 2.53 default is 2.425 2.026 1.101 2.329
108 score SUBJ_HAS_SPACES 1.5
110 # spams sometimes have attributions too,
111 # the 2.53 default of -6.600 -6.500 -6.500 -6.500 is too much
112 score EMAIL_ATTRIBUTION -2.600 -2.500 -2.500 -2.500
114 # mass spams often seem to come from Exchange
115 # the 2.53 default of -5.801 -5.701 -5.701 -5.701 is just bonkers
116 score MSGID_GOOD_EXCHANGE 0.5
118 # stupidly too negative by default in 2.53, normalizing most to -1.
119 score USER_AGENT_MOZILLA_UA -1
120 score USER_AGENT_APPLEMAIL -1
121 score USER_AGENT_ENTOURAGE -1
122 score USER_AGENT_GNUS_XM -1
123 score USER_AGENT_IMP -1
124 score USER_AGENT_MACOE -1
125 score USER_AGENT_MOZILLA_XM -1
126 score USER_AGENT_PINE -2
127 score USER_AGENT_VM -1
128 score USER_AGENT_FORTE -1
129 score USER_AGENT_GNUS_UA -2
130 score USER_AGENT_KMAIL -1
131 score USER_AGENT_MOZILLA_UA -1
132 score USER_AGENT_MSN -1
133 score USER_AGENT_MUTT -2
134 score USER_AGENT_TONLINE -1
135 score USER_AGENT_XIMIAN -1
138 score X_MAILING_LIST 0
140 # trust Razor2 more, --joy 2003-07-20
141 # blarson 2006-10-29 rescore again
142 score RAZOR2_CHECK 1.5
143 score RAZOR2_CF_RANGE_01_10 0.5
144 score RAZOR2_CF_RANGE_11_20 1
145 score RAZOR2_CF_RANGE_21_30 1.5
146 score RAZOR2_CF_RANGE_31_40 2
147 score RAZOR2_CF_RANGE_41_50 2.5
148 score RAZOR2_CF_RANGE_51_60 3
149 score RAZOR2_CF_RANGE_61_70 3.5
150 score RAZOR2_CF_RANGE_71_80 4
151 score RAZOR2_CF_RANGE_81_90 4.5
152 score RAZOR2_CF_RANGE_91_100 5
154 score RAZOR2_CF_RANGE_51_100 3
156 # causes too many false positives since default 4.3 > required 4.0
157 # blarson, 2004-04-11
158 score SORTED_RECIPS 1
159 score SUSPICIOUS_RECIPS 0.5
164 score MISSING_OUTLOOK_NAME 1
166 # blarson 2006-11-13 drop score, many non-spams hit
167 score FORGED_YAHOO_RCVD 1
173 # Disable most DNSBLs -- overhead to high
174 # blarson 2005-01-28 try reducing timeout while adding spamcop back
175 # blarson 2005-10-29 adding some back now we are multi-threaded
176 score RCVD_IN_BL_SPAMCOP_NET 1
177 score RCVD_IN_BSP_OTHER 0
178 score RCVD_IN_BSP_TRUSTED 0
180 score RCVD_IN_DYNABLOCK 0
181 score RCVD_IN_NJABL 0
182 score RCVD_IN_NJABL_CGI 0
183 score RCVD_IN_NJABL_DIALUP 0
184 score RCVD_IN_NJABL_MULTI 0
185 score RCVD_IN_NJABL_PROXY 0
186 score RCVD_IN_NJABL_RELAY 0
187 score RCVD_IN_NJABL_SPAM 0
190 score RCVD_IN_OPM_HTTP 0
191 score RCVD_IN_OPM_HTTP_POST 0
192 score RCVD_IN_OPM_ROUTER 0
193 score RCVD_IN_OPM_SOCKS 0
194 score RCVD_IN_OPM_WINGATE 0
195 score RCVD_IN_RFCI 0.5
198 # blarson 2006-01-06 SORBS up to 1
199 score RCVD_IN_SORBS 1
200 score RCVD_IN_SORBS_BLOCK 0.1
201 score RCVD_IN_SORBS_HTTP 0.1
202 score RCVD_IN_SORBS_MISC 0.1
203 score RCVD_IN_SORBS_SMTP 0.1
204 score RCVD_IN_SORBS_SOCKS 0.1
205 score RCVD_IN_SORBS_WEB 0.1
206 score RCVD_IN_SORBS_ZOMBIE 0.1
209 # other network checks -- also disable
210 # blarson 2005-10-29 enable again
211 score DNS_FROM_RFCI_DSN 0.5
212 score MSGID_FROM_MTA_BACKUP 0.1
213 score NO_DNS_FOR_FROM 1
214 score ROUND_THE_WORLD 0
217 # spammers use habeas
220 # blarson, 2004-04-14
224 score REMOVE_PAGE 2.5
227 # claiming to be amazon...
228 score USER_IN_DEF_WHITELIST 0.5
231 score BANG_GUARENTEE 2