# relays.osirusoft.com is gone --joy, 2003-08-27 score RCVD_IN_OSIRUSOFT_COM 0 # Rules against generally dubious things that aren't supposed to be # valid mails to the BTS # joy, 2003-04-08 # bug in old spamassassins score HTML_WEB_BUGS 4 # cjwatson, 2002/04/03 # joy, 2003-04-12, 2003-04-19 # cjwatson upgraded to 2.53, 2003/04/23 # several of the following were suggested by Santiago Vila # adding 3 points to defaults as of 2.53 score MICROSOFT_EXECUTABLE 3.100 score MIME_HTML_ONLY 3.100 score PENIS_ENLARGE 5.342 5.174 5.342 5.469 score PENIS_ENLARGE2 5.290 5.799 3.909 5.126 score HTML_MESSAGE 1.667 1.600 1.666 1.5 # adding 2 points to defaults as of 2.53 score THE_BEST_RATE 6.300 6.141 5.954 6.284 # cjwatson: this produces too many false positives #score SUSPICIOUS_RECIPS 4.052 3.953 3.972 5.407 score URGENT_BIZ 3.397 3.153 3.799 3.696 score BASE64_ENC_TEXT 4.685 3.735 3.857 3.738 score FROM_HAS_MIXED_NUMS2 3.101 3.699 3.101 4.178 score HTTP_EXCESSIVE_ESCAPES 3.101 3.500 3.259 4.060 score TO_MALFORMED 3.146 3.085 3.697 3.803 score MIME_HTML_NO_CHARSET 2.742 2.738 2.141 2 score BAD_CREDIT 2.787 2.716 2.535 2.491 score MISSING_MIMEOLE 2.500 2.500 2.437 2.100 score GREAT_OFFER 2 score CLICK_BELOW_CAPS 2.500 2.500 2.100 2.500 score CLICK_BELOW 2.227 2.100 2.100 2 # adding 1 point to defaults as of 2.53 score X_PRIORITY_HIGH 2.919 2.989 1.815 2.873 score MANY_EXCLAMATIONS 2.097 1.782 2.216 2.094 score NORMAL_HTTP_TO_IP 1.942 1.531 1.524 1.926 score X_MSMAIL_PRIORITY_HIGH 1.404 1 1 1.021 score FROM_HAS_MIXED_NUMS 1 1 1.339 1 # HTML_COMMENT_UNIQUE_ID gone in 2.53? score HTML_FONT_BIG 1.294 1.136 1.262 1.293 score HTML_FONT_COLOR_RED 1.100 score HTML_FONT_COLOR_BLUE 1.100 score HTML_FONT_COLOR_GRAY 1.100 score HTML_FONT_COLOR_UNSAFE 1.100 score SUB_FREE_OFFER 1.339 1.488 1.224 1.383 score OFFER 1.100 # FREE_MONEY gone in 2.53? score DIET 1 1 1.042 1 score UPPERCASE_75_100 1 score UPPERCASE_50_75 1.840 1 1.334 1.478 score UPPERCASE_25_50 2.555 2.132 1.860 1.584 score HTML_FONT_COLOR_NOHASH 1 score REMOVE_PAGE 1.318 1.100 1.365 1.303 score MAILTO_WITH_SUBJ 1.409 1.115 1 1.573 score HTML_TABLE_THICK_BORDER 2.101 2.101 2.101 1.500 score MIME_BOUND_NEXTPART 1.427 1.361 1.376 1.307 score DEAR_SOMETHING 3.596 3.596 2.806 2.803 score HTML_IMAGE_ONLY_06 2.228 2.072 2.433 1.610 score SUBJ_REMOVE 2.101 1.500 2.263 1.500 score EARN_MONEY 1.967 2.228 1.960 1.744 # /you (?:do not|no longer) wish to receive/i score EXCUSE_14 1.046 1.100 1 1.016 score HTML_TITLE_UNTITLED 1.386 1.423 1.501 1.0 score FOR_FREE 1.625 1.545 1.592 1.455 score REMOVE_SUBJ 2.639 1.813 2.193 1.440 score DEAR_FREIND 2.5 # these get +1 just on the merit of being fsckin' HTML in email score HTML_10_20 0.996 1.030 1.303 1.036 score HTML_20_30 1.287 1.104 1.293 1.571 score HTML_30_40 1.708 1.834 1.344 1.658 score HTML_40_50 2.058 1.747 1.814 1.428 score HTML_50_60 1.551 1.212 1.532 1.100 score HTML_60_70 1.518 1.121 1.100 1.100 score HTML_70_80 1.682 1.379 1.310 1.254 score HTML_80_90 1.406 1.483 1.163 1.166 score HTML_90_100 1.500 1 1 1 # and these get 1 point for being pr0n score PORN_16 3.896 3.896 3.166 3.799 score PORN_4 3.371 3.599 2.457 3.135 score PORN_6 2.560 3.613 3.900 2.764 score PORN_15 3.900 3.900 2.666 3.900 score AMATEUR_PORN 2.110 3.748 2.654 1.142 # adding 0.5 points to defaults as of 2.53 score FROM_ENDS_IN_NUMS 1.111 1.219 1.080 1.175 score NO_REAL_NAME 1.6 # many spams have In-Reply-To as well, # the 2.44 default of -0.847 is too much # the 2.53 default of -3.300 -3.301 -0.600 -3.201 is even worse score IN_REP_TO 0 # same as In-Reply-To, References gets abused as well # the 2.53 default is -6.600 -6.600 -6.500 -6.500 score REFERENCES -0.600 -0.600 -0.500 -0.500 # normal mails which have debbugs-derived Subject fields have space, # the 2.44 default of 2.639 is too much # the 2.53 default is 2.425 2.026 1.101 2.329 score SUBJ_HAS_SPACES 1.5 # spams sometimes have attributions too, # the 2.53 default of -6.600 -6.500 -6.500 -6.500 is too much score EMAIL_ATTRIBUTION -2.600 -2.500 -2.500 -2.500 # mass spams often seem to come from Exchange # the 2.53 default of -5.801 -5.701 -5.701 -5.701 is just bonkers score MSGID_GOOD_EXCHANGE 0.5 # stupidly too negative by default in 2.53, normalizing most to -1. score USER_AGENT_MOZILLA_UA -1 score USER_AGENT_APPLEMAIL -1 score USER_AGENT_ENTOURAGE -1 score USER_AGENT_GNUS_XM -1 score USER_AGENT_IMP -1 score USER_AGENT_MACOE -1 score USER_AGENT_MOZILLA_XM -1 score USER_AGENT_PINE -2 score USER_AGENT_VM -1 score USER_AGENT_FORTE -1 score USER_AGENT_GNUS_UA -2 score USER_AGENT_KMAIL -1 score USER_AGENT_MOZILLA_UA -1 score USER_AGENT_MSN -1 score USER_AGENT_MUTT -2 score USER_AGENT_TONLINE -1 score USER_AGENT_XIMIAN -1 # pointless score X_MAILING_LIST 0 # trust Razor2 more, --joy 2003-07-20 # blarson 2006-10-29 rescore again score RAZOR2_CHECK 1.5 score RAZOR2_CF_RANGE_01_10 0.5 score RAZOR2_CF_RANGE_11_20 1 score RAZOR2_CF_RANGE_21_30 1.5 score RAZOR2_CF_RANGE_31_40 2 score RAZOR2_CF_RANGE_41_50 2.5 score RAZOR2_CF_RANGE_51_60 3 score RAZOR2_CF_RANGE_61_70 3.5 score RAZOR2_CF_RANGE_71_80 4 score RAZOR2_CF_RANGE_81_90 4.5 score RAZOR2_CF_RANGE_91_100 5 # blarson 2006-02-09 score RAZOR2_CF_RANGE_51_100 3 # causes too many false positives since default 4.3 > required 4.0 # blarson, 2004-04-11 score SORTED_RECIPS 1 score SUSPICIOUS_RECIPS 0.5 # blarson 2005-11-01 score USERPASS 1 # blarson 2006-10-26 score MISSING_OUTLOOK_NAME 1 # blarson 2006-11-13 drop score, many non-spams hit score FORGED_YAHOO_RCVD 1 # blarson 2006-12-12 score ORDER_NOW 2 # blarson 2004-03-20 # Disable most DNSBLs -- overhead to high # blarson 2005-01-28 try reducing timeout while adding spamcop back # blarson 2005-10-29 adding some back now we are multi-threaded score RCVD_IN_BL_SPAMCOP_NET 1 score RCVD_IN_BSP_OTHER 0 score RCVD_IN_BSP_TRUSTED 0 score RCVD_IN_DSBL 2 score RCVD_IN_DYNABLOCK 0 score RCVD_IN_NJABL 0 score RCVD_IN_NJABL_CGI 0 score RCVD_IN_NJABL_DIALUP 0 score RCVD_IN_NJABL_MULTI 0 score RCVD_IN_NJABL_PROXY 0 score RCVD_IN_NJABL_RELAY 0 score RCVD_IN_NJABL_SPAM 0 # OPM is below score RCVD_IN_OPM 0 score RCVD_IN_OPM_HTTP 0 score RCVD_IN_OPM_HTTP_POST 0 score RCVD_IN_OPM_ROUTER 0 score RCVD_IN_OPM_SOCKS 0 score RCVD_IN_OPM_WINGATE 0 score RCVD_IN_RFCI 0.5 # SBL done below score RCVD_IN_SBL 0 # blarson 2006-01-06 SORBS up to 1 score RCVD_IN_SORBS 1 score RCVD_IN_SORBS_BLOCK 0.1 score RCVD_IN_SORBS_HTTP 0.1 score RCVD_IN_SORBS_MISC 0.1 score RCVD_IN_SORBS_SMTP 0.1 score RCVD_IN_SORBS_SOCKS 0.1 score RCVD_IN_SORBS_WEB 0.1 score RCVD_IN_SORBS_ZOMBIE 0.1 # blarson 2004-11-16 # other network checks -- also disable # blarson 2005-10-29 enable again score DNS_FROM_RFCI_DSN 0.5 score MSGID_FROM_MTA_BACKUP 0.1 score NO_DNS_FOR_FROM 1 score ROUND_THE_WORLD 0 # blarson 2004-10-22 # spammers use habeas score HABEAS_SWE 0.5 # blarson, 2004-04-14 score BIZ_TLD 2.5 # blarson 2004-04-25 score REMOVE_PAGE 2.5 # blarson 2004-11-08 # claiming to be amazon... score USER_IN_DEF_WHITELIST 0.5 # blarson 2004-11-08 score BANG_GUARENTEE 2