X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fphrase_spam;h=f9349e8cd741554e325f2d26cbf5e7a0686678b8;hp=1d8391b6e66d9c1fd1d4401a4168f4a0d7172f22;hb=HEAD;hpb=36cbf824a8ef7c5523e5e1aafc20b957b50db6d1

diff --git a/common/phrase_spam b/common/phrase_spam
index 1d8391b..f9349e8 100644
--- a/common/phrase_spam
+++ b/common/phrase_spam
@@ -1,3 +1,4 @@
+# -*- mode: spamassassin -*-
 # Added some rules from Rule du Jour that I've been testing for a while
 
 #Monotone (from airmax.cf)
@@ -89,6 +90,14 @@ header ONEWORD		subject =~ /^(?:Fw:|re:)?\s*\S+\s*$/i
 describe ONEWORD	one word subject
 score ONEWORD		2
 
+rawbody ONEWORDBODY	/^\s*\S+\s*$/s
+describe ONEWORDBODY 	One word body
+score ONEWORDBODY	2
+
+meta  ONEWORDALL	(ONEWORD && ONEWORDBODY)
+describe ONEWORDALL	Both subject and body contain one word
+score ONEWORDALL	4
+
 # robot101, 2003-09-22
 header CROSSWALK	X-UnityUser =~ /^Crosswalk.com, Inc/
 describe CROSSWALK	Crosswalk bible mailing list
@@ -662,7 +671,7 @@ score HOLIDAYHERE	3
 # blarson 2007-11-22
 header CAPINIT		subject =~ /^(?:Re:)?\s*(?:(?:[A-Z][a-z-\']+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket|IWC|\&|Jaeger-LeCoultre)\s+)+(?:[A-Z][a-z-]+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket)\s*$/
 describe CAPINIT	Capinit Every Word
-score CAPINIT		3
+score CAPINIT		0.5
 
 # blarson 2007-11-23
 body REMOVESPACE	/\b(?:remove|w\/o|without|delete) spaces?\b/i
@@ -846,7 +855,7 @@ score ITCSTORE		4
 # blarson 2008-03-26
 header GENDER		subject =~ /\b(?:she|her|wom[ae]n|m[ae]n|girls?|males?|females?|herself|wife|ladies|lady|wives|(?:girl|boy)friends?)\b/i
 describe GENDER		gender pronoun in subject
-score GENDER		1
+score GENDER		0.5
 
 # blarson 2008-03-28
 body REBODY		/^re\:\s/
@@ -869,10 +878,14 @@ describe SUMHERE	summer is here
 score SUMHERE		3
 
 # don 2008-04-24
-header INVITATIONFROM	subject =~ /^\s*Invitation\s*from\s*\w+\s*$/i
+header INVITATIONFROM	subject =~ /^\s*(Invitation|Invitaci.n)\s*(from|curso)\s*\w+\s*$/i
 describe INVITATIONFROM	Invitation from Spammer
 score INVITATIONFROM	5
 
+header INVITESYOU	subject =~ /^[\w\s]+(invites|communicates\s+with)\s+you\s+(to|about)[\w\s]+$/i
+describe INVITESYOU	Invites or communicates me with spam
+score INVITESYOU	5
+
 # blarson 2008-04-28
 header RERE		subject =~ /^Re\:\s+Re\:\s+/i
 describe RERE		Re: Re:
@@ -924,9 +937,10 @@ describe CHRISTMAS	Does christmas really give you pleasure?
 score CHRISTMAS		2
 
 # cord 2008-12-27 (transfered from rc.spam)
+# don 2010-07-18 (decrease score from 4 to 2.5 for false positives)
 full AWARD_WINNING	/Award win/i
-describe AWARD_WINNING	We don't believe it.
-score AWARD_WINNING	4
+describe AWARD_WINNING	Award win(ning); we don't believe that it is
+score AWARD_WINNING	2.5
 
 # don 2009-01-10
 header LINKEDIN		from =~ /linkedin\.com/
@@ -937,3 +951,179 @@ score LINKEDIN		4
 header	LIFECHANGERS	from =~ /lifechangers/
 describe LIFECHANGERS	Life changers spam
 score LIFECHANGERS	4
+
+# don 2009-02-05
+header WINESEASON	subject =~ /Wine\s*Season\s*Promo/i
+describe WINESEASON	Wine season spam
+score WINESEASON	3
+
+# don 2009-02-05
+header JOINMEON		subject =~ /(?:friend request|join me) on/i
+describe JOINMEON	Lets not join you on anything
+score JOINMEON		2
+
+# don 2009-02-09
+header ABOUTAPARTMENT	subject =~/about\s*the\s*apartment/i
+describe ABOUTAPARTMENT	We don't care about apartments
+score ABOUTAPARTMENT	2
+
+# don 2009-02-14
+header YARISUBJECT	subject =~ /\byari\b/i
+describe YARISUBJECT	Contains YARI in the subject
+score YARISUBJECT	2
+
+# don 2009-03-03
+body HTMLCOMPATIBLE	/html\s+compatible\s+(?:e-?mail)?\s*(?:viewer|client)/i
+describe HTMLCOMPATIBLE	If you want us to use an HTML compatible viewer, we don't want your mail.
+score HTMLCOMPATIBLE	3
+
+# zobel 2009-08-31
+header AYDA10KILO	subject =~ /Ayda 10 Kilo Vermek Istermisiniz/i
+describe AYDA10KILO     We don't care about Ayda 10 Kilo Vermek
+score AYDA10KILO        4
+
+# don 2010-08-21
+body CANNOTVIEW		/cannot\s+view\s+this\s+email/i
+describe CANNOTVIEW	If we cannot view this email, it must be spam
+score CANNOTVIEW	4
+
+# don 2010-09-24
+header AAVEHICLE	subject =~ /vehicle check report/i
+describe AAVEHICLE	The AA Vehicle check report is broken
+score AAVEHICLE		4
+
+# don 2010-12-27
+header MODERNART	X-BeenThere =~ /group1\@modernartmagazine.com/i
+describe MODERNART	Broken mailing list spamers
+score MODERNART		5
+
+# formorer 2011-01-07
+header NYPOSTCARD	subject =~ /New Year postcard/i
+describe NYPOSTCARD	Enough New Year cards for 2011
+score	NYPOSTCARD 	4
+
+
+# don 2011-01-24
+header   BIZZBOOSTER	from =~ /bizzbooster/i
+describe BIZZBOOSTER	From bizzbooster
+score	 BIZZBOOSTER	5
+
+# don 2011-09-22
+header QUOTAEXP		subject =~ /mail\s+account(.+)quot[ae]\s+limit/
+describe QUOTAEXP	Exceeded quota limit
+score QUOTAEXP		4
+
+# don 2011-09-22
+body SEOBODY		/search\s+engine\s+traffic/
+describe SEOBODY	Body contains SEO terms
+score SEOBODY		1
+
+header SEOSUBJECT	subject =~ /\bseo\b/i
+describe SEOSUBJECT	Subject contains SEO terms
+score SEOSUBJECT	1
+
+meta SEOMETA		(SEOBODY && SEOSUBJECT)
+describe SEOMETA	Matches both SEOBODY and SEOSUBJECT
+score SEOMETA		3
+
+body WEBINAR		/webinar/i
+describe WEBINAR	Contains webinar
+score WEBINAR		2
+
+
+header TRIALVERSION	subject =~ /trial\s*version/i
+describe TRIALVERSION	Trial version in subject
+score TRIALVERSION	3
+
+header SHARESPAM	subject =~ /shared photos with you/i
+describe SHARESPAM 	shares photos
+score SHARESPAM		3
+
+header MYNAMEIS		subject =~ /hello(.*)my name is/i
+describe MYNAMEIS	Name spam
+score	MYNAMEIS	2.5
+
+# formorer 2012-02-28
+header VOTREANN     Subject =~ /(votre|Petites) annonce/i
+describe VOTREANN   Votre annonce
+score VOTREANN      4
+
+# formorer 2010-01-23
+header LEXCHANGE 	subject =~ /(?:for|4)\s+L[i1]nks?\s+E?xcha?nge/i
+describe LEXCHANGE	ask for link exchange
+score LEXCHANGE		4
+
+# formorer 2013-11-08
+header IMARKETING   subject =~ /integrated marketing/i
+describe IMARKETING integrated marketing
+score IMARKETING    4
+
+header LYMBOOMATH   subject =~ /Lymboo Math/i
+describe LYMBOOMATH Lymboo Math spam
+score LYMBOOMATH    4
+
+# formorer 2014-05-26
+header JOB_DE1      subject =~ /(Freie Stellen|Stellenbeschreibungen)/
+describe JOB_DE1    german job spam
+score JOB_DE1       4
+
+header TODAYSHOW    subject =~ /Today Show/i
+describe TODAYSHOW  the today show
+score TODAYSHOW     4
+
+header LEADS    subject =~ /business leads/i
+describe LEADS  business leads
+score LEADS     4
+
+header CLIENTS subject =~ /need more clients/i
+describe CLIENTS need more clients
+score CLIENTS 4
+
+body SEOCONS      /SEO Consultant/i
+score SEOCONS     3
+describe SEOCONS  SEO Consultant
+
+body SEOISSUES      /major issues with your website/i
+score SEOISSUES     2.5
+describe SEOISSUES  Major issues with your website
+
+body SEOCOM /SEO Company/i
+score SEOCOM 2.5
+describe SEOCOM SEO Company
+
+# rince 2017-03-30
+header USERSLIST_HEADER1 Subject =~ /\bUsers\bList/i
+describe USERSLIST_HEADER1 Check wether Subject contains 'Users List'
+rawbody USERSLIST_BODY1 /\<div dir=3D\"ltr\"\>\<p class=3D\"MsoNormal\" style=3D\"background-image:/
+describe USERSLIST_BODY1 First potential Spam reconnaissance: style of HTML
+rawbody USERSLIST_BODY2 /\<\/span\>\<span style=3D\"color\:rgb\(219,219,219\)\"\>If you don=E2=80=99t want/
+describe USERSLIST_BODY2 second potential Spam reconnaissance: style of HTML
+rawbody USERSLIST_BODY3 /A Quick Follow up to you that if you are interested in/i
+describe USERSLIST_BODY3 third potential Spam reconnaissance: text phrases
+rawbody USERSLIST_BODY4 /we also have other technology users like: aws, tripod seat, Jira,/i
+describe USERSLIST_BODY4 fourth potential Spam reconnaissance: text phrases
+rawbody USERSLIST_BODY5 /Please let me know your thoughts (so that I can send you cost of the list.|we will provide you the more information)/i
+describe USERSLIST_BODY5 fifth potential Spam reconnaissance: text phrases
+meta META_USERSLIST (( USERSLIST_HEADER1 + USERSLIST_BODY1 + USERSLIST_BODY2 ) || ( USERSLIST_HEADER1 + USERSLIST_BODY3 + USERSLIST_BODY4 ) || ( USERSLIST_HEADER1 + USERSLIST_BODY5 )  > 1 )
+describe META_USERSLIST Question for a Users List
+score META_USERSLIST 0.5
+
+# rince 2017-04-11
+header OWNERSLIST_HEADER1 Subject =~ /\bOwners\bList/i
+describe OWNERSLIST_HEADER1 Check wether Subject contains 'Owners List'
+rawbody OWNERSLIST_BODY1 /The list of contacts are \*opt\-in verified\*/
+describe OWNERSLIST_BODY1 First potential Spam reconnaissance: verified opt-in lists
+meta META_OWNERSLIST ( (OWNERSLIST_HEADER1 + OWNERSLIST_BODY1 ) >1 )
+describe META_OWNERSLIST Questions for an Owners List
+score META_OWNERSLIST 0.5
+
+# rince 2017-04-14
+header PRATT subject =~ /Pratt Is Now Earth Works Jacksonville/i
+score PRATT 4
+describe PRATT Pratt spam
+
+# rince 2017-04-15
+header PRATTFROM   From =~ /Pratt Brothers/
+describe PRATTFROM Pratt Brothers Spam
+score PRATTFROM  1
+