X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fphrase_spam;h=63401e7abc2045e4e1101c4823f0d1a74dd9b9b9;hp=e9d7137ea82bb454e988cc29f98ca61db1af816c;hb=2c50b4a0861f83e732214ec8bdab1cd40a9c8c85;hpb=8df9d2bc7511800856ae301962b222176ed42096 diff --git a/common/phrase_spam b/common/phrase_spam index e9d7137..63401e7 100644 --- a/common/phrase_spam +++ b/common/phrase_spam @@ -1,3 +1,4 @@ +# -*- mode: spamassassin -*- # Added some rules from Rule du Jour that I've been testing for a while #Monotone (from airmax.cf) @@ -39,7 +40,7 @@ score MDO_AUTORESP7 0.1 meta MDO_AUTORESP_META1 (MDO_AUTORESP1 + MDO_AUTORESP2 + MDO_AUTORESP3 + MDO_AUTORESP4 + MDO_AUTORESP5 + MDO_AUTORESP6 + MDO_AUTORESP7) > 1 score MDO_AUTORESP_META1 2.0 -body MURPHY_DIPLOMA /Diploma/ +body MURPHY_DIPLOMA /dip[l1]omas?/i describe MURPHY_DIPLOMA No Diploma score MURPHY_DIPLOMA 1 @@ -89,6 +90,14 @@ header ONEWORD subject =~ /^(?:Fw:|re:)?\s*\S+\s*$/i describe ONEWORD one word subject score ONEWORD 2 +rawbody ONEWORDBODY /^\s*\S+\s*$/s +describe ONEWORDBODY One word body +score ONEWORDBODY 2 + +meta ONEWORDALL (ONEWORD && ONEWORDBODY) +describe ONEWORDALL Both subject and body contain one word +score ONEWORDALL 4 + # robot101, 2003-09-22 header CROSSWALK X-UnityUser =~ /^Crosswalk.com, Inc/ describe CROSSWALK Crosswalk bible mailing list @@ -164,8 +173,8 @@ score TEDIOUS_WITTER 2 # cjwatson, 2004-03-12 # blarson 2004-06-09 -header UNI_DIPLOMA Subject =~ /\b(university|college)\s+(diploma|cert|degree)/i -describe UNI_DIPLOMA Got one, thanks +header UNI_DIPLOMA subject =~ /\b(?:university|college|doctora+te|bache+lor|maste+rs?)[\/\s]+(?:(dip[l1][o0]ma|cert|degree)|(?:university|college|doctora+te|bache+lor|maste+rs?))/i +describe UNI_DIPLOMA Got a diploma, thanks score UNI_DIPLOMA 4 # blarson 2004-04-27 @@ -174,7 +183,7 @@ describe UNI2 Got one, thanks score UNI2 4 # don 2007-11-03 -body UNI3 /(?:(?:masters|batchelor|m\s*b\s*a\s*|ph\.?\s*d)\s*[,.]?\s*){2,}/i +body UNI3 /(?:(?:maste+rs|batche+lor|m\s*b\s*a\s*|ph\.?\s*d|doctora+te)\s*[,.\/]?\s*){2,}/i describe UNI3 multiple types of degrees score UNI3 2 @@ -188,11 +197,6 @@ header MESSAGESUB subject =~ /^\s*\(?message\s*(subject)?\)?$/i describe MESSAGESUB really descriptive subject score MESSAGESUB 3 -# don 2007-09-20 -header SENTMESSAGE subject =~ /(sent you a( personal|) message|would like to chat)/i -describe SENTMESSAGE Sent you a message (like duh?) -score SENTMESSAGE 2 - # blarson 2006-03-16 2007-09-18 not working, replaced 2007-12-08 # body DEARDIGIT /^(?:well\s+)?(?:Dear|Hey|H[ea]y?ll?.?o|To|Attention|Hi+|Hey+a?|Bonjorno|(?:Yo\s*)+|(?:g[o0]+d\s*)?(?:d?ay|morning|evening?|afternoon|night)|what.?i?s\s+up|wa(?:s|z)+up|greetings?|Salutations|(Mail|News)\s+to|how(?:.?s|\s+is)?\s*(?:(?:it)?(?:\s+is)??\s*going|have\s+you\s+been|are you).?\s*(?:there|to\s+you)?|compliments|Regards|Adieu)\,?\s+(?:Account\s+\#?|\=?3d|)(?:bro|there|sir|Mr\.?)\s*?\d{3,}/i body DEARDIGIT /^\s*(?:Good\s*)?(?:evenin|night|day|hi|hello|greetin|Compliment|Wa[sz]+up|dear|Regard|Mornin|(?:yo\s*)+)[sg]?\s+(?:there\s+)?\d{3,}/i @@ -349,7 +353,7 @@ describe ACRO8PR0 sales spam score ACRO8PR0 4 # blarson 2007-10-05 -body WBRS /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U|C\W?W\W?T\W?D|T\W?A\W?D\W?F|D\W?M\W?H\W?N|C\W?A\W?O\W?N|Cwtd|N\W?C\W?S\W?H|F\W?R\W?L\W?E|M\W?A\W?K\W?U|d\W?m\W?h\W?n|T\W?R\W?T\W?M|[Ee]\W?[Tt]\W?[Gg]\W?[Uu]|P\W?E\W?R\W?T|EWIN|SXB\.F|OPLO)\b/ +body WBRS /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U|C\W?W\W?T\W?D|T\W?A\W?D\W?F|D\W?M\W?H\W?N|C\W?A\W?O\W?N|Cwtd|N\W?C\W?S\W?H|F\W?R\W?L\W?E|M\W?A\W?K\W?U|d\W?m\W?h\W?n|T\W?R\W?T\W?M|[Ee]\W?[Tt]\W?[Gg]\W?[Uu]|P\W?E\W?R\W?T|EWIN|SXB\.F|OPLO|DCNM|mpix|MPIX|UCSO|TBCO)\b/ describe WBRS stock spam score WBRS 4 @@ -447,10 +451,15 @@ describe BIGINTER job spam score BIGINTER 4 # blarson 2007-09-20 -header HASSENT subject =~ /\b(?:sent you a (?:personal|confidential)?\s*(?:message|note)|would like to chat)\b/i +header HASSENT subject =~ /\b(?:sent you a (?:personal|confidential)?\s*(?:message|note))\b/i describe HASSENT sent a message score HASSENT 4 +# don 2008-04-19 +header WANTTOCHAT subject =~ /\b(?:(?:would like|wants|feels?) (?:to chat|like chatting|to keep up with you))\b/i +describe WANTTOCHAT I want to chat/keep up with spam +score WANTTOCHAT 5.5 + # blarson 2007-09-20 header ORDERNUM subject =~ /\b(?:Order|Recipet)\s*.?\d{3,}/i describe ORDERNUM order number @@ -538,12 +547,7 @@ score WORKEXP 3 # blarson 2007-10-24 body NICEGIRL /\b(?:nice|young|lonley|unmarried)\s+(?:girl|woman|female)\b/i describe NICEGIRL nice girl -score NICEGIRL 2 - -# blarson 2007-10-16 -header FEALCHAT subject =~ /\bFeel Like Chatting\b/i -describe FEALCHAT Feel Like Chatting -score FEALCHAT 3 +score NICEGIRL 3 # blarson 2007-10-18 header DFF1CE subject =~ /UmU6INDSydfF1CE/i @@ -665,9 +669,9 @@ describe HOLIDAYHERE Holidays are here score HOLIDAYHERE 3 # blarson 2007-11-22 -header CAPINIT subject =~ /^(?:Re:)?\s*(?:(?:[A-Z][a-z-]+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket|IWC|\&|Jaeger-LeCoultre)\s+)+(?:[A-Z][a-z-]+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket)\s*$/ +header CAPINIT subject =~ /^(?:Re:)?\s*(?:(?:[A-Z][a-z-\']+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket|IWC|\&|Jaeger-LeCoultre)\s+)+(?:[A-Z][a-z-]+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket)\s*$/ describe CAPINIT Capinit Every Word -score CAPINIT 3 +score CAPINIT 1.5 # blarson 2007-11-23 body REMOVESPACE /\b(?:remove|w\/o|without|delete) spaces?\b/i @@ -719,6 +723,11 @@ full OEMSOFT /\b[O0]EM\s+s[o0][\W_]?ft_?(?:w_?a_?r_?e)?\b/i describe OEMSOFT OEM software score OEMSOFT 2 +# tviehmann 2008-07-20 +full XORGBUGREPORTS /\/usr\/lib\/xorg\/modules/ +describe XORGBUGREPORTS ameliorate score of xorg bug reports matching OEMSOFT +score XORGBUGREPORTS -5 + # don 2008-02-23 body MSSOFTWARE /(?:Microsoft|Windows) (?:Office Enterprise|Vista Ultimate)/i describe MSSOFTWARE Microsoft Office Enterprise/Vista Ultimate @@ -756,7 +765,7 @@ score IBERIS 4 # blarson 2008-01-18 header HIFROM subject =~ /\b(?:hello|hi)\s+from/i describe HIFROM hello from -score HIFROM 2 +score HIFROM 3 # blarson 2008-01-22 body INTCORP /\bInternational\s+corporation\b/i @@ -814,7 +823,7 @@ describe ADEGREE a degree score ADEGREE 3 # blarson 2008-03-12 -rawbody PZIP /\bfilename\=\"\w\.zip\"/ +rawbody PZIP /\bfilename\=\"\w\w?\.zip\"/ describe PZIP p.zip score PZIP 3 @@ -829,6 +838,232 @@ describe SUBBODYREP Repeated word in subject and body without spaces score SUBBODYREP 3 # don 2008-03-19 -full MYMSNNAMEIS /my\s+(?:msn|messenger|msn mesenger|aim|aol|screen)\s+name\s+is\s+\S+\@\S+/i -describe MYMSNAMEIS My screen name is foo@bar.com -score MY MSNNAMEIS 2.5 +full MYMSNNAMEIS /(?:add\s+me\s+on|my)\s+(?:msn|(?:live|msn|)\s*mess?enger|aim|aol|screen)\s+(?:name\s+)?(?:is)?\s+\S+\@\S+/i +describe MYMSNNAMEIS My screen name is foo@bar.com +score MYMSNNAMEIS 2.5 + +# blarson 2008-03-20 +body LONGWURL /^[\w\-]{11,}\s+http\:\/\/[\w\.\-]{4,}\s*$/ +describe LONGWURL longWord URL +score LONGWURL 2 + +# blarson 2008-03-20 +header ITCSTORE subject =~ /ITC Store/ +describe ITCSTORE ITC Store +score ITCSTORE 4 + +# blarson 2008-03-26 +header GENDER subject =~ /\b(?:she|her|wom[ae]n|m[ae]n|girls?|males?|females?|herself|wife|ladies|lady|wives|(?:girl|boy)friends?)\b/i +describe GENDER gender pronoun in subject +score GENDER 1 + +# blarson 2008-03-28 +body REBODY /^re\:\s/ +describe REBODY re: in body +score REBODY 2 + +# blarson 2008-04-01 +header REREHI subject =~ /^Re: Re: H(i|ello)\s*$/i +describe REREHI Re: Re: Hi +score REREHI 3 + +# blarson 2008-04-10 +header PEROFF subject =~ /\d+\%\s+off\b/i +describe PEROFF xx% off +score PEROFF 3 + +# blarson 2008-04-10 +header SUMHERE subject =~ /\b(?:summer|winter|fall|spring) is here\b/i +describe SUMHERE summer is here +score SUMHERE 3 + +# don 2008-04-24 +header INVITATIONFROM subject =~ /^\s*(Invitation|Invitaci.n)\s*(from|curso)\s*\w+\s*$/i +describe INVITATIONFROM Invitation from Spammer +score INVITATIONFROM 5 + +header INVITESYOU subject =~ /^[\w\s]+(invites|communicates\s+with)\s+you\s+(to|about)[\w\s]+$/i +describe INVITESYOU Invites or communicates me with spam +score INVITESYOU 5 + +# blarson 2008-04-28 +header RERE subject =~ /^Re\:\s+Re\:\s+/i +describe RERE Re: Re: +score RERE 1 + +# don 2008-04-30 +header CLAIMTICKETS subject =~ /claim.+ticket/i +describe CLAIMTICKETS Blah blah claim ticket +score CLAIMTICKETS 4 + +# don 2008-05-05 +header WAITINGREPLY subject =~ /waiting for your? (reply|to repsond|response)/i +describe WAITINGREPLY Waiting for your reply +score WAITINGREPLY 4 + +# don 2008-05-15 +body CONTACTUS /contact us by email:/ +score CONTACTUS 3 +describe CONTACTUS Don't contact us, we'll spam you + +# don 2008-06-18 +header FASHION subject =~ /(?:(?:armani|gucci|chanel|boss|versache|ugg|dsquared)(?:\,\s*|$)){2,}/i +describe FASHION Fashion designers in subject +score FASHION 2 + +# don 2008-07-30 +header SCOUR subject =~ /Scour(?:.com)? invite from/ +describe SCOUR Scour invite from some spammer +score SCOUR 3 + +# don 2008-09-04 +body YOURNAME /\d+\)\s*y+o+u+r+\s*n+a+m+e+/i +describe YOURNAME 1) your name is spam +score YOURNAME 3 + +# blarson 2008-12-11 +header TWITTER subject =~ /you on Twitter/ +describe TWITTER Twitter invite spam +score TWITTER 4 + +# don 2008-12-18 +uri DOS_LIVE_SPACES_CID /cid-.{10,20}\.spaces\.live\.com/ +describe DOS_LIVE_SPACES_CID live spaces uri +score DOS_LIVE_SPACES_CID 3 + +# don 2008-12-18 +header CHRISTMAS subject =~ /chris+tma+s (pleasure+|night)/i +describe CHRISTMAS Does christmas really give you pleasure? +score CHRISTMAS 2 + +# cord 2008-12-27 (transfered from rc.spam) +# don 2010-07-18 (decrease score from 4 to 2.5 for false positives) +full AWARD_WINNING /Award win/i +describe AWARD_WINNING Award win(ning); we don't believe that it is +score AWARD_WINNING 2.5 + +# don 2009-01-10 +header LINKEDIN from =~ /linkedin\.com/ +describe LINKEDIN Linked in spam +score LINKEDIN 4 + +# don 2009-02-02 +header LIFECHANGERS from =~ /lifechangers/ +describe LIFECHANGERS Life changers spam +score LIFECHANGERS 4 + +# don 2009-02-05 +header WINESEASON subject =~ /Wine\s*Season\s*Promo/i +describe WINESEASON Wine season spam +score WINESEASON 3 + +# don 2009-02-05 +header JOINMEON subject =~ /(?:friend request|join me) on/i +describe JOINMEON Lets not join you on anything +score JOINMEON 2 + +# don 2009-02-09 +header ABOUTAPARTMENT subject =~/about\s*the\s*apartment/i +describe ABOUTAPARTMENT We don't care about apartments +score ABOUTAPARTMENT 2 + +# don 2009-02-14 +header YARISUBJECT subject =~ /\byari\b/i +describe YARISUBJECT Contains YARI in the subject +score YARISUBJECT 2 + +# don 2009-03-03 +body HTMLCOMPATIBLE /html\s+compatible\s+(?:e-?mail)?\s*(?:viewer|client)/i +describe HTMLCOMPATIBLE If you want us to use an HTML compatible viewer, we don't want your mail. +score HTMLCOMPATIBLE 3 + +# zobel 2009-08-31 +header AYDA10KILO subject =~ /Ayda 10 Kilo Vermek Istermisiniz/i +describe AYDA10KILO We don't care about Ayda 10 Kilo Vermek +score AYDA10KILO 4 + +# don 2010-08-21 +body CANNOTVIEW /cannot\s+view\s+this\s+email/i +describe CANNOTVIEW If we cannot view this email, it must be spam +score CANNOTVIEW 4 + +# don 2010-09-24 +header AAVEHICLE subject =~ /vehicle check report/i +describe AAVEHICLE The AA Vehicle check report is broken +score AAVEHICLE 4 + +# don 2010-12-27 +header MODERNART X-BeenThere =~ /group1\@modernartmagazine.com/i +describe MODERNART Broken mailing list spamers +score MODERNART 5 + +# formorer 2011-01-07 +header NYPOSTCARD subject =~ /New Year postcard/i +describe NYPOSTCARD Enough New Year cards for 2011 +score NYPOSTCARD 4 + + +# don 2011-01-24 +header BIZZBOOSTER from =~ /bizzbooster/i +describe BIZZBOOSTER From bizzbooster +score BIZZBOOSTER 5 + +# don 2011-09-22 +header QUOTAEXP subject =~ /mail\s+account(.+)quot[ae]\s+limit/ +describe QUOTAEXP Exceeded quota limit +score QUOTAEXP 4 + +# don 2011-09-22 +body SEOBODY /search\s+engine\s+traffic/ +describe SEOBODY Body contains SEO terms +score SEOBODY 1 + +header SEOSUBJECT subject =~ /\bseo\b/i +describe SEOSUBJECT Subject contains SEO terms +score SEOSUBJECT 1 + +meta SEOMETA (SEOBODY && SEOSUBJECT) +describe SEOMETA Matches both SEOBODY and SEOSUBJECT +score SEOMETA 3 + +body WEBINAR /webinar/i +describe WEBINAR Contains webinar +score WEBINAR 2 + + +header TRIALVERSION subject =~ /trial\s*version/i +describe TRIALVERSION Trial version in subject +score TRIALVERSION 3 + +header SHARESPAM subject =~ /shared photos with you/i +describe SHARESPAM shares photos +score SHARESPAM 3 + +header MYNAMEIS subject =~ /hello(.*)my name is/i +describe MYNAMEIS Name spam +score MYNAMEIS 2.5 + +# formorer 2012-02-28 +header VOTREANN Subject =~ /(votre|Petites) annonce/i +describe VOTREANN Votre annonce +score VOTREANN 4 + +# formorer 2010-01-23 +header LEXCHANGE subject =~ /(?:for|4)\s+L[i1]nks?\s+E?xcha?nge/i +describe LEXCHANGE ask for link exchange +score LEXCHANGE 4 + +# formorer 2013-11-08 +header IMARKETING subject =~ /integrated marketing/i +describe IMARKETING integrated marketing +score IMARKETING 4 + +header LYMBOOMATH subject =~ /Lymboo Math/i +describe LYMBOOMATH Lymboo Math spam +score LYMBOOMATH 4 + +# formorer 2014-05-26 +header JOB_DE1 subject =~ /(Freie Stellen|Stellenbeschreibungen)/ +describe JOB_DE1 german job spam +score JOB_DE1 4 +