X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fmisc_spam;h=fc7f274519794f11866c3854b06541e45c6b0667;hp=702ea0e8f702dcac1c3eeb12efee8a0893771f94;hb=83d6542d8bc32c6daa1b7f921a538a44c21f2383;hpb=8a22a55bc937824a7d826d15d1f284a9c7e11175 diff --git a/common/misc_spam b/common/misc_spam index 702ea0e..fc7f274 100644 --- a/common/misc_spam +++ b/common/misc_spam @@ -1,3 +1,5 @@ +# -*- mode: spamassassin -*- + # This seems to catch a lot of spam, but not sure about false positive (from airmax.cf) # pasc couldn't find any false positives on the lists he's on header X_MESSAGE_INFO exists:X-Message-Info @@ -19,6 +21,11 @@ body GUEBDE /http\:\/\/www\.gueb\.de\// describe GUEBDE www.geub.de score GUEBDE 5 +# Don 2008-06-27 +rawbody PGPSIGNATURE /-----BEGIN PGP SIGNATURE-----/ +describe PGPSIGNATURE Has a pgp signature (may not be valid, but who cares?) +score PGPSIGNATURE -5 + # TODO: The rules below seem to be very similar; possibly fix them. @@ -285,3 +292,109 @@ score XJ2ID 4 header LONGWORD subject =~ /\b[\w\d]{30,}/i describe LONGWORD long word in subject score LONGWORD 2 + +# blarson 2007-11-23 +header TESTIMONIAL subject =~ /\btestimonial/i +describe TESTIMONIAL testimonials +score TESTIMONIAL 2 + +# blarson 2007-12-13 +header ITXS subject =~ /\bit\`s\b/i +describe ITXS it`s +score ITXS 4 + +# blarson 2007-12-18 +rawbody TINYFONT /\bFONT-SIZE\:\s+[123]px\;/i +describe TINYFONT tiny font specified +score TINYFONT 3 + +# blarson 2008-04-03 +rawbody ZIPFILE /\bfilename\=.*\.zip\b/i +describe ZIPFILE zipfile attachment +score ZIPFILE 0.5 + +# blarson 2008-04-19 +header SPACESUB subject =~ /^\s\w/ +describe SPACESUB extra space before subject +score SPACESUB 0.5 + +# don 2008-05-04 +header YAHOOCALENDAR X-Yahoo-Newman-Property: =~ /calendar-invite/i +describe YAHOOCALENDAR Calendar invite from yahoo; broken captcha +score YAHOOCALENDAR 4 + +# blarson 2008-06-03 +header BOUNDARYID content-type =~ /\bboundary\=\"Boundary_\(ID_/ +describe BOUNDARYID spamware boundary +score BOUNDARYID 0.6 + +# blarson 2008-07-02 +body GBKXWFLXF /\bgbkxwflxf\b/ +describe GBKXWFLXF gbkxwflxf +score GBKXWFLXF 5 + +# blarson 2008-09-07 +body LUKSUS /\bluksus\b/i +score LUKSUS 4 +describe LUKSUS Luksus + +# disabled by don; was causing false positives +# probably needs to be modified to check if it really is ironport +# blarson 2008-09-22 +# header XIRONPORT X-IronPort-Anti-Spam-Filtered =~ /true/ +# describe XIRONPORT claims to be ironport filtered +# score XIRONPORT 2.5 + +# blarson 2008-10-13 +header AUTORESPON subject =~ /Auto_response/ +describe AUTORESPON Auto_response +score AUTORESPON 3 + +# blarson 2008-10-28 +header XWUM x-wum-to =~ /./ +describe XWUM X-WUM-TO +score XWUM 2 + +# cord 2008-10-31 +# compensate false-positives for 140.Red-80-25-20.staticIP.rima-tde.net and stuff +header STATIC_RIMA_TDE received =~ /staticIP\.rima-tde\.net/ +describe STATIC_RIMA_TDE static IP from rima-tde.net +score STATIC_RIMA_TDE -5 + +# cord 2008-11-30 # compensate LDO_SUBSCRIBER bonus for Forum2Mail-Gw +full NABBLE /lists\@nabble\.com/ +describe NABBLE sent through nabble.com +score NABBLE 5 + +# don 2009-02-04 +full HTML_NBSP /(\ ){3,}/ +describe HTML_NBSP Lots of   +score HTML_NBSP 2 + +# blarson 2009-02-19 +header ENTIST subject =~ /(?:e.?entist|o.?ctor)/i +describe ENTIST (D)entit/(D)octor +score ENTIST 2 + +header THREADTOPIC thread-topic =~ /./i +describe THREADTOPIC Has a thread topic header +score THREADTOPIC 2 + +# [2009-04-14 cord] +# replacing old aol-rules from rc.spam + +header AOL_SPAM1 from =~ /[0-9].*\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM1 possible AOL-pretending spam, matching rule 1 +score AOL_SPAM1 1 + +header AOL_SPAM2 from =~ /...........*\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM2 possible AOL-pretending spam, matching rule 2 +score AOL_SPAM2 1 + +header AOL_SPAM3 from =~ /.?.?\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM3 possible AOL-pretending spam, matching rule 3 +score AOL_SPAM3 1 + +header AOL_SPAM4 from =~ /[^a-zA-Z0-9]+.*\@([^\@]+\.)?aol\.com/i +describe AOL_SPAM4 possible AOL-pretending spam, matching rule 4 +score AOL_SPAM4 1