X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fmisc_spam;h=93f0ce349c37c1b8b0428ceb8e4f53817408bf37;hp=9fb44a41fabb93b105f18692c490574790acf1d6;hb=fd9a16cba49e84c1ce54ec2ca0812de102a78974;hpb=e34629fb3ce7e02d47c1c0be61f2d1a8729ba36f diff --git a/common/misc_spam b/common/misc_spam index 9fb44a4..93f0ce3 100644 --- a/common/misc_spam +++ b/common/misc_spam @@ -1,3 +1,5 @@ +# -*- mode: spamassassin -*- + # This seems to catch a lot of spam, but not sure about false positive (from airmax.cf) # pasc couldn't find any false positives on the lists he's on header X_MESSAGE_INFO exists:X-Message-Info @@ -121,10 +123,10 @@ full NEXTPART /\-\=\_NextPart\_000\_/ describe NEXTPART spammer mime separator score NEXTPART 2.5 -# blarson 2006-10-17 +# blarson 2006-10-17 2009-04-30 full CT_IMAGE /Content\-Type\:\s*image/i describe CT_IMAGE Picture attached -score CT_IMAGE 1 +score CT_IMAGE 1.5 # blarson 2006-12-01 (score so low since it will also hit CT_IMAGE) header CT_IMAGE_HEAD content-type =~ /image/ @@ -331,6 +333,28 @@ body GBKXWFLXF /\bgbkxwflxf\b/ describe GBKXWFLXF gbkxwflxf score GBKXWFLXF 5 +# blarson 2008-09-07 +body LUKSUS /\bluksus\b/i +score LUKSUS 4 +describe LUKSUS Luksus + +# disabled by don; was causing false positives +# probably needs to be modified to check if it really is ironport +# blarson 2008-09-22 +# header XIRONPORT X-IronPort-Anti-Spam-Filtered =~ /true/ +# describe XIRONPORT claims to be ironport filtered +# score XIRONPORT 2.5 + +# blarson 2008-10-13 +header AUTORESPON subject =~ /Auto_response/ +describe AUTORESPON Auto_response +score AUTORESPON 3 + +# blarson 2008-10-28 +header XWUM x-wum-to =~ /./ +describe XWUM X-WUM-TO +score XWUM 2 + # cord 2008-10-31 # compensate false-positives for 140.Red-80-25-20.staticIP.rima-tde.net and stuff header STATIC_RIMA_TDE received =~ /staticIP\.rima-tde\.net/ @@ -338,6 +362,69 @@ describe STATIC_RIMA_TDE static IP from rima-tde.net score STATIC_RIMA_TDE -5 # cord 2008-11-30 # compensate LDO_SUBSCRIBER bonus for Forum2Mail-Gw -header NABBLE /lists\@nabble.com/ +full NABBLE /lists\@nabble\.com/ describe NABBLE sent through nabble.com score NABBLE 5 + +# don 2009-02-04 +full HTML_NBSP /(\ ){3,}/ +describe HTML_NBSP Lots of   +score HTML_NBSP 2 + +# blarson 2009-02-19 +header ENTIST subject =~ /(?:e.?entist|o.?ctor)/i +describe ENTIST (D)entit/(D)octor +score ENTIST 2 + +header THREADTOPIC thread-topic =~ /./i +describe THREADTOPIC Has a thread topic header +score THREADTOPIC 2 + +# [2009-04-14 cord] +# replacing old aol-rules from rc.spam + +header AOL_SPAM1 from =~ /[0-9].*\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM1 possible AOL-pretending spam, matching rule 1 +score AOL_SPAM1 1 + +header AOL_SPAM2 from =~ /...........*\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM2 possible AOL-pretending spam, matching rule 2 +score AOL_SPAM2 1 + +header AOL_SPAM3 from =~ /.?.?\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM3 possible AOL-pretending spam, matching rule 3 +score AOL_SPAM3 1 + +header AOL_SPAM4 from =~ /[^a-zA-Z0-9]+.*\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM4 possible AOL-pretending spam, matching rule 4 +score AOL_SPAM4 1 + +# blarson 2009-04-15 +body WEBMAIL /\bwebmail\b/i +describe WEBMAIL webmail +score WEBMAIL 1 + +# blarson 2009-04-17 +header REFNO subject =~ /\bref no\b/i +describe REFNO Ref No +score REFNO 2 + +# blarson 2009-05-26 +header INFOCOUK to =~ /\b(?:info|winner|loan|lotto|grant|win)\@(?:info\.|winner\.|loan\.|lotto\.|hotmail\.|grant\.|win\.|yahoo\.|)(?:co\.uk|net|com|org)\b/ +describe INFOCOUK to info@co.uk +score INFOCOUK 3 + +# blarson 2009-05-27 +body EXITAT /\bexit\@(?:datalistsource|listsourcesworld)\.com\b/ +describe EXITAT exit@datalistsource.com +score EXITAT 3 + +# blarson 2009-06-05 +header TOINFO to =~ /\binfo\@/ +describe TOINFO to info@ +score TOINFO 1 + +# don 2009-07-06 +header CONSTCONTACT X-Mailer =~ /Constant Contact/i +describe CONSTCONTACT Mail comming from constant contact, which doesn't require double opt-in +score CONSTCONTACT 5