X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=blobdiff_plain;f=common%2Fphrase_spam;h=f9349e8cd741554e325f2d26cbf5e7a0686678b8;hp=a679cf388d1819ef5279ce658bc4cef59ced360d;hb=HEAD;hpb=0765f26d3b964824c42bdc29d6d9383d371d24c5

diff --git a/common/phrase_spam b/common/phrase_spam
index a679cf3..f9349e8 100644
--- a/common/phrase_spam
+++ b/common/phrase_spam
@@ -1,3 +1,4 @@
+# -*- mode: spamassassin -*-
 # Added some rules from Rule du Jour that I've been testing for a while
 
 #Monotone (from airmax.cf)
@@ -89,6 +90,14 @@ header ONEWORD		subject =~ /^(?:Fw:|re:)?\s*\S+\s*$/i
 describe ONEWORD	one word subject
 score ONEWORD		2
 
+rawbody ONEWORDBODY	/^\s*\S+\s*$/s
+describe ONEWORDBODY 	One word body
+score ONEWORDBODY	2
+
+meta  ONEWORDALL	(ONEWORD && ONEWORDBODY)
+describe ONEWORDALL	Both subject and body contain one word
+score ONEWORDALL	4
+
 # robot101, 2003-09-22
 header CROSSWALK	X-UnityUser =~ /^Crosswalk.com, Inc/
 describe CROSSWALK	Crosswalk bible mailing list
@@ -344,7 +353,7 @@ describe ACRO8PR0	sales spam
 score ACRO8PR0	 	4	
 
 # blarson 2007-10-05
-body WBRS		/\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U|C\W?W\W?T\W?D|T\W?A\W?D\W?F|D\W?M\W?H\W?N|C\W?A\W?O\W?N|Cwtd|N\W?C\W?S\W?H|F\W?R\W?L\W?E|M\W?A\W?K\W?U|d\W?m\W?h\W?n|T\W?R\W?T\W?M|[Ee]\W?[Tt]\W?[Gg]\W?[Uu]|P\W?E\W?R\W?T|EWIN|SXB\.F|OPLO|DCNM|mpix|MPIX|UCSO)\b/
+body WBRS		/\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U|C\W?W\W?T\W?D|T\W?A\W?D\W?F|D\W?M\W?H\W?N|C\W?A\W?O\W?N|Cwtd|N\W?C\W?S\W?H|F\W?R\W?L\W?E|M\W?A\W?K\W?U|d\W?m\W?h\W?n|T\W?R\W?T\W?M|[Ee]\W?[Tt]\W?[Gg]\W?[Uu]|P\W?E\W?R\W?T|EWIN|SXB\.F|OPLO|DCNM|mpix|MPIX|UCSO|TBCO)\b/
 describe WBRS		stock spam
 score WBRS		4
 
@@ -662,7 +671,7 @@ score HOLIDAYHERE	3
 # blarson 2007-11-22
 header CAPINIT		subject =~ /^(?:Re:)?\s*(?:(?:[A-Z][a-z-\']+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket|IWC|\&|Jaeger-LeCoultre)\s+)+(?:[A-Z][a-z-]+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket)\s*$/
 describe CAPINIT	Capinit Every Word
-score CAPINIT		3
+score CAPINIT		0.5
 
 # blarson 2007-11-23
 body REMOVESPACE	/\b(?:remove|w\/o|without|delete) spaces?\b/i
@@ -844,9 +853,9 @@ describe ITCSTORE	ITC Store
 score ITCSTORE		4
 
 # blarson 2008-03-26
-header GENDER		subject =~ /\b(?:she|her|wom[ae]n|m[ae]n|girls?|males?|females?|herself|wife|ladies|lady|wives)\b/i
+header GENDER		subject =~ /\b(?:she|her|wom[ae]n|m[ae]n|girls?|males?|females?|herself|wife|ladies|lady|wives|(?:girl|boy)friends?)\b/i
 describe GENDER		gender pronoun in subject
-score GENDER		1
+score GENDER		0.5
 
 # blarson 2008-03-28
 body REBODY		/^re\:\s/
@@ -869,10 +878,14 @@ describe SUMHERE	summer is here
 score SUMHERE		3
 
 # don 2008-04-24
-header INVITATIONFROM	subject =~ /^\s*Invitation\s*from\s*\w+\s*$/i
+header INVITATIONFROM	subject =~ /^\s*(Invitation|Invitaci.n)\s*(from|curso)\s*\w+\s*$/i
 describe INVITATIONFROM	Invitation from Spammer
 score INVITATIONFROM	5
 
+header INVITESYOU	subject =~ /^[\w\s]+(invites|communicates\s+with)\s+you\s+(to|about)[\w\s]+$/i
+describe INVITESYOU	Invites or communicates me with spam
+score INVITESYOU	5
+
 # blarson 2008-04-28
 header RERE		subject =~ /^Re\:\s+Re\:\s+/i
 describe RERE		Re: Re:
@@ -899,6 +912,218 @@ describe FASHION	Fashion designers in subject
 score FASHION		2
 
 # don 2008-07-30
-header SCOUR		soubject =~ /Scour.com invite from/
+header SCOUR		subject =~ /Scour(?:.com)? invite from/
 describe SCOUR		Scour invite from some spammer
 score SCOUR		3
+
+# don 2008-09-04
+body  YOURNAME		/\d+\)\s*y+o+u+r+\s*n+a+m+e+/i
+describe YOURNAME	1) your name is spam
+score YOURNAME		3
+
+# blarson 2008-12-11
+header TWITTER		subject =~ /you on Twitter/
+describe TWITTER	Twitter invite spam
+score TWITTER		4
+
+# don 2008-12-18
+uri DOS_LIVE_SPACES_CID	/cid-.{10,20}\.spaces\.live\.com/
+describe DOS_LIVE_SPACES_CID	live spaces uri
+score DOS_LIVE_SPACES_CID	3
+
+# don 2008-12-18
+header CHRISTMAS	subject =~ /chris+tma+s (pleasure+|night)/i
+describe CHRISTMAS	Does christmas really give you pleasure?
+score CHRISTMAS		2
+
+# cord 2008-12-27 (transfered from rc.spam)
+# don 2010-07-18 (decrease score from 4 to 2.5 for false positives)
+full AWARD_WINNING	/Award win/i
+describe AWARD_WINNING	Award win(ning); we don't believe that it is
+score AWARD_WINNING	2.5
+
+# don 2009-01-10
+header LINKEDIN		from =~ /linkedin\.com/
+describe LINKEDIN	Linked in spam
+score LINKEDIN		4
+
+# don 2009-02-02
+header	LIFECHANGERS	from =~ /lifechangers/
+describe LIFECHANGERS	Life changers spam
+score LIFECHANGERS	4
+
+# don 2009-02-05
+header WINESEASON	subject =~ /Wine\s*Season\s*Promo/i
+describe WINESEASON	Wine season spam
+score WINESEASON	3
+
+# don 2009-02-05
+header JOINMEON		subject =~ /(?:friend request|join me) on/i
+describe JOINMEON	Lets not join you on anything
+score JOINMEON		2
+
+# don 2009-02-09
+header ABOUTAPARTMENT	subject =~/about\s*the\s*apartment/i
+describe ABOUTAPARTMENT	We don't care about apartments
+score ABOUTAPARTMENT	2
+
+# don 2009-02-14
+header YARISUBJECT	subject =~ /\byari\b/i
+describe YARISUBJECT	Contains YARI in the subject
+score YARISUBJECT	2
+
+# don 2009-03-03
+body HTMLCOMPATIBLE	/html\s+compatible\s+(?:e-?mail)?\s*(?:viewer|client)/i
+describe HTMLCOMPATIBLE	If you want us to use an HTML compatible viewer, we don't want your mail.
+score HTMLCOMPATIBLE	3
+
+# zobel 2009-08-31
+header AYDA10KILO	subject =~ /Ayda 10 Kilo Vermek Istermisiniz/i
+describe AYDA10KILO     We don't care about Ayda 10 Kilo Vermek
+score AYDA10KILO        4
+
+# don 2010-08-21
+body CANNOTVIEW		/cannot\s+view\s+this\s+email/i
+describe CANNOTVIEW	If we cannot view this email, it must be spam
+score CANNOTVIEW	4
+
+# don 2010-09-24
+header AAVEHICLE	subject =~ /vehicle check report/i
+describe AAVEHICLE	The AA Vehicle check report is broken
+score AAVEHICLE		4
+
+# don 2010-12-27
+header MODERNART	X-BeenThere =~ /group1\@modernartmagazine.com/i
+describe MODERNART	Broken mailing list spamers
+score MODERNART		5
+
+# formorer 2011-01-07
+header NYPOSTCARD	subject =~ /New Year postcard/i
+describe NYPOSTCARD	Enough New Year cards for 2011
+score	NYPOSTCARD 	4
+
+
+# don 2011-01-24
+header   BIZZBOOSTER	from =~ /bizzbooster/i
+describe BIZZBOOSTER	From bizzbooster
+score	 BIZZBOOSTER	5
+
+# don 2011-09-22
+header QUOTAEXP		subject =~ /mail\s+account(.+)quot[ae]\s+limit/
+describe QUOTAEXP	Exceeded quota limit
+score QUOTAEXP		4
+
+# don 2011-09-22
+body SEOBODY		/search\s+engine\s+traffic/
+describe SEOBODY	Body contains SEO terms
+score SEOBODY		1
+
+header SEOSUBJECT	subject =~ /\bseo\b/i
+describe SEOSUBJECT	Subject contains SEO terms
+score SEOSUBJECT	1
+
+meta SEOMETA		(SEOBODY && SEOSUBJECT)
+describe SEOMETA	Matches both SEOBODY and SEOSUBJECT
+score SEOMETA		3
+
+body WEBINAR		/webinar/i
+describe WEBINAR	Contains webinar
+score WEBINAR		2
+
+
+header TRIALVERSION	subject =~ /trial\s*version/i
+describe TRIALVERSION	Trial version in subject
+score TRIALVERSION	3
+
+header SHARESPAM	subject =~ /shared photos with you/i
+describe SHARESPAM 	shares photos
+score SHARESPAM		3
+
+header MYNAMEIS		subject =~ /hello(.*)my name is/i
+describe MYNAMEIS	Name spam
+score	MYNAMEIS	2.5
+
+# formorer 2012-02-28
+header VOTREANN     Subject =~ /(votre|Petites) annonce/i
+describe VOTREANN   Votre annonce
+score VOTREANN      4
+
+# formorer 2010-01-23
+header LEXCHANGE 	subject =~ /(?:for|4)\s+L[i1]nks?\s+E?xcha?nge/i
+describe LEXCHANGE	ask for link exchange
+score LEXCHANGE		4
+
+# formorer 2013-11-08
+header IMARKETING   subject =~ /integrated marketing/i
+describe IMARKETING integrated marketing
+score IMARKETING    4
+
+header LYMBOOMATH   subject =~ /Lymboo Math/i
+describe LYMBOOMATH Lymboo Math spam
+score LYMBOOMATH    4
+
+# formorer 2014-05-26
+header JOB_DE1      subject =~ /(Freie Stellen|Stellenbeschreibungen)/
+describe JOB_DE1    german job spam
+score JOB_DE1       4
+
+header TODAYSHOW    subject =~ /Today Show/i
+describe TODAYSHOW  the today show
+score TODAYSHOW     4
+
+header LEADS    subject =~ /business leads/i
+describe LEADS  business leads
+score LEADS     4
+
+header CLIENTS subject =~ /need more clients/i
+describe CLIENTS need more clients
+score CLIENTS 4
+
+body SEOCONS      /SEO Consultant/i
+score SEOCONS     3
+describe SEOCONS  SEO Consultant
+
+body SEOISSUES      /major issues with your website/i
+score SEOISSUES     2.5
+describe SEOISSUES  Major issues with your website
+
+body SEOCOM /SEO Company/i
+score SEOCOM 2.5
+describe SEOCOM SEO Company
+
+# rince 2017-03-30
+header USERSLIST_HEADER1 Subject =~ /\bUsers\bList/i
+describe USERSLIST_HEADER1 Check wether Subject contains 'Users List'
+rawbody USERSLIST_BODY1 /\<div dir=3D\"ltr\"\>\<p class=3D\"MsoNormal\" style=3D\"background-image:/
+describe USERSLIST_BODY1 First potential Spam reconnaissance: style of HTML
+rawbody USERSLIST_BODY2 /\<\/span\>\<span style=3D\"color\:rgb\(219,219,219\)\"\>If you don=E2=80=99t want/
+describe USERSLIST_BODY2 second potential Spam reconnaissance: style of HTML
+rawbody USERSLIST_BODY3 /A Quick Follow up to you that if you are interested in/i
+describe USERSLIST_BODY3 third potential Spam reconnaissance: text phrases
+rawbody USERSLIST_BODY4 /we also have other technology users like: aws, tripod seat, Jira,/i
+describe USERSLIST_BODY4 fourth potential Spam reconnaissance: text phrases
+rawbody USERSLIST_BODY5 /Please let me know your thoughts (so that I can send you cost of the list.|we will provide you the more information)/i
+describe USERSLIST_BODY5 fifth potential Spam reconnaissance: text phrases
+meta META_USERSLIST (( USERSLIST_HEADER1 + USERSLIST_BODY1 + USERSLIST_BODY2 ) || ( USERSLIST_HEADER1 + USERSLIST_BODY3 + USERSLIST_BODY4 ) || ( USERSLIST_HEADER1 + USERSLIST_BODY5 )  > 1 )
+describe META_USERSLIST Question for a Users List
+score META_USERSLIST 0.5
+
+# rince 2017-04-11
+header OWNERSLIST_HEADER1 Subject =~ /\bOwners\bList/i
+describe OWNERSLIST_HEADER1 Check wether Subject contains 'Owners List'
+rawbody OWNERSLIST_BODY1 /The list of contacts are \*opt\-in verified\*/
+describe OWNERSLIST_BODY1 First potential Spam reconnaissance: verified opt-in lists
+meta META_OWNERSLIST ( (OWNERSLIST_HEADER1 + OWNERSLIST_BODY1 ) >1 )
+describe META_OWNERSLIST Questions for an Owners List
+score META_OWNERSLIST 0.5
+
+# rince 2017-04-14
+header PRATT subject =~ /Pratt Is Now Earth Works Jacksonville/i
+score PRATT 4
+describe PRATT Pratt spam
+
+# rince 2017-04-15
+header PRATTFROM   From =~ /Pratt Brothers/
+describe PRATTFROM Pratt Brothers Spam
+score PRATTFROM  1
+