1 # This configuration file alters scores of different tests
3 # use newer score and rules, but don't override our own scores
4 # which is why the scores are divided with a hundred, duh --joy, 2004-05-27
5 score CHARSET_FARAWAY 0.03
6 # score CHARSET_FARAWAY_HEADERS 0.02
7 score CHARSET_FARAWAY_HEADER 0.02
8 score HTML_CHARSET_FARAWAY 0.005
9 score MIME_CHARSET_FARAWAY 0.02
10 # score UNDESIRED_LANGUAGE_BODY 0.03
11 score UNWANTED_LANGUAGE_BODY 0.03
12 #score BODY_8BITS 1.500
13 # give it another shot with a low score.
14 score USER_IN_WHITELIST -1
15 score LDOSUBSCRIBER -6
16 #score FROM_AND_TO_SAME 4.097 3.826 4.197 3.464
17 # score MASS_EMAIL 2.0 2.0 2.0 2.482
18 # score BASE64_ENC_TEXT 4.354 3.643 3.544 3.768
19 # score EXCUSE_10 2.069 2.0 2.0 2.0
20 score MIME_HTML_ONLY 4
21 # score CLICK_BELOW 2.489 2.101 2.100 2
22 # score CLICK_BELOW_CAPS 2.639 2.500 2.100 2.500
23 score NORMAL_HTTP_TO_IP 2.3
24 # score HTML_LINK_CLICK_HERE 2.100
25 # score HTML_JAVASCRIPT 2 2 2 2.230
26 score MAILTO_TO_REMOVE 1.274 1.299 1.092 1.273
27 score MISSING_MIMEOLE 1.501 1.501 1.241 1.100
28 score HTTP_EXCESSIVE_ESCAPES 2.101 2.566 2.208 2.918
29 # score MICROSOFT_EXECUTABLE 1.1
30 #score MIME_SUSPECT_NAME 1.1
31 score HTML_MESSAGE 1.112 1.101 1.100 1.0
32 # score HTML_WIN_OPEN 1.500 1.501 1.501 1.578
33 # score JAVASCRIPT_URI 1.0 1.017 1.0 1.0
34 score MAILTO_TO_SPAM_ADDR 1.606 1.377 1.795 1.676
35 # score HTML_FONT_COLOR_UNSAFE 1
36 # score HTML_FONT_COLOR_RED 1
37 # score HTML_FONT_COLOR_BLUE 1
38 # score HTML_FONT_COLOR_GREEN 1
39 # score HTML_FONT_COLOR_GRAY 1
41 # score MAILTO_WITH_SUBJ_REMOVE 2.101 1.500 2.100 1.500
42 # score REMOVE_FROM_LIST 1
43 # score REMOVE_IN_QUOTES 1.001 1.197 1.001 1.301
44 score REMOVE_PAGE 1.313 1.265 1.675 1.401
45 # score EARN_MONEY 1.950 2.018 1.379 1.949
46 # score EARN_PER_WEEK 1
47 score DNS_FROM_RFC_DSN 4
48 score DNS_FROM_RFC_BOGUSMX 2.5
49 score DNS_FROM_RFC_POST 2.44
50 # score RCVD_IN_DYNABLOCK 0
51 score RCVD_IN_NJABL_DUL 0
52 score FORGED_MUA_OUTLOOK 3.717 3.476 3.850 2.173
54 # score RAZOR2_CF_RANGE_11_50 4
55 score RAZOR2_CF_RANGE_51_100 4
57 score BAYES_00 0 0 -2 -2
58 score BAYES_05 0 0 -1.5 -1.5
59 # score BAYES_01 0 0 -2 -2
60 # score BAYES_10 0 0 -1 -1
61 score BAYES_20 0 0 -1 -1
62 # score BAYES_30 0 0 -1 -1
67 score BAYES_60 0 0 1 1
68 # score BAYES_70 0 0 1 1
69 score BAYES_80 0 0 1 1
70 # score BAYES_90 0 0 2 2
71 score BAYES_95 0 0 2 2
72 # score BAYES_99 0 0 3 3
75 # sometimes kills off valid excite etc users, and doesn't detect much spam
76 # so -1 point from 2.55 default --joy, 2003-07-19
77 score RCVD_FAKE_HELO_DOTCOM 0.791 1.606 1.264 2.434
78 # score RCVD_FAKE_HELO_DOTCOM_2 1.335 1.404 0.221 1.799
80 # Upped some rules which only seem to happen in spam. Suggestion from Santiago
83 # score HTML_FONT_BIG 3.0
84 # score HTML_IMAGE_ONLY 3.0
85 # score MIME_MISSING_BOUNDARY 3.0
86 score MIME_HTML_MOSTLY 3.0
87 # score DATE_IN_FUTURE 3.0
88 score INVALID_DATE_TZ_ABSURD 3.0
89 score MSGID_FROM_MTA_HEADER 3.0
91 # This only seems to happen in spam as well
92 score HTML_FONT_FACE_BAD 3.0
94 score RCVD_FAKE_HELO_DOTCOM 0.791 1.606 1.264 2.434
95 # score RCVD_FAKE_HELO_DOTCOM_2 1.335 1.404 0.221 1.799
96 # score HTML_FONT_BIG 3.0
97 # score HTML_IMAGE_ONLY 3.0
98 # score MIME_MISSING_BOUNDARY 3.0
99 score MIME_HTML_MOSTLY 3.0
100 # score DATE_IN_FUTURE 3.0
102 # This rule is wrong; it matches messages which have multi-line
104 # score SUBJECT_ENCODED_TWICE 0
106 score FH_HOST_ALMOST_IP 2.0
107 score SUSPICIOUS_RECIPS 0.5