From 7922bb3b7803b8458c3c290d50fd96ae4c04a61c Mon Sep 17 00:00:00 2001 From: Don Armstrong Date: Fri, 6 Feb 2009 01:52:01 +0000 Subject: [PATCH] add a slew of rules to handle automatic response backscatter in partial resultion of the debian-edu@l.d.o problem git-svn-id: svn+ssh://svn.debian.org/svn/pkg-listmaster/trunk/spamassassin_config@274 0b7a5b0c-1f2c-0410-bd74-c376f8064c91 --- common/auto_response_spam | 79 +++++++++++++++++++++++++++++++++++++++ common/common_spam | 4 ++ common/misc_spam | 4 -- common/money_spam | 1 + 4 files changed, 84 insertions(+), 4 deletions(-) create mode 100644 common/auto_response_spam diff --git a/common/auto_response_spam b/common/auto_response_spam new file mode 100644 index 0000000..f999fca --- /dev/null +++ b/common/auto_response_spam @@ -0,0 +1,79 @@ +# -*- mode: spamassassin -*- + +## This file contains rules which match various automatic responders +## which give us backscatter. The scores here are best guesses; and +## may need to be overridden for recipients which actually want these +## bounces. + +# don 2009-02-05 +body QMAILBOUNCE /This\s*is\s*the\s*qmail-send\s*program/i +describe QMAILBOUNCE Stupid qmail bounces; we don't want them +score QMAILBOUNCE 2 + +# don 2009-02-05 (the following are all for various stupid auto-repsonse things) +header RECEIVEDMAIL subject =~ /received\s*your\s*mail/i +describe RECEIVEDMAIL It's great that you've received our mail; we don't care +score RECEIVEDMAIL 4 + +header YOURMESSAGE subject =~ /your message/i +describe YOURMESSAGE It's great that our message did something; we don't care +score YOURMESSAGE 2.5 + +body NOTPROCBOUNCE /was not processed by our system/i +describe NOTPROCBOUNCE Bounce by system that was not processed +score NOTPROCBOUNCE 2 + +body ACCOUNTNOTEXIST /account\s+\S+\s+(does\s*not|doesn't)\s*exist/ +describe ACCOUNTNOTEXIST It's not our problem if an account doesn't eixst +score ACCOUNTNOTEXIST 2 + +body CR_SYSTEM1 /sent by a human and not a computer/i +describe CR_SYSTEM1 Looks like a challenge/response system +score CR_SYSTEM1 2 + +body CR_SYSTEM2 /do not reply/i +describe CR_SYSTEM2 Body contains do not reply; likely a CR system +score CR_SYSTEM2 1.5 + +body CR_SYSTEM3 /confirm this request/i +describe CR_SYSTEM3 Body contains confirm this request; likely a CR system +score CR_SYSTEM3 1.5 + +header CR_SYSTEM4 subject =~ /challenge.*response/i +describe CR_SYSTEM4 Subject contains challenge/response +score CR_SYSTEM4 3 + +body CR_SYSTEM5 /confirmation of list posting/i +describe CR_SYSTEM5 Body asks us to confirm a list posting +score CR_SYSTEM5 3 + +header CR_SYSTEM6 subject =~ /^confirm\:/i +describe CR_SYSTEM6 Subject asks us to confirm something; we don't want to +score CR_SYSTEM6 2 + +body SUPPORTMAIL1 /assigned a ticket/ +describe SUPPORTMAIL1 Message from an automated support/response system +score SUPPORTMAIL1 2 + +header SUPPORTMAIL2 subject =~ /^\[*(?:update\s*to\s*)?ticket/ +describe SUPPORTMAIL2 Message with ticket leading it; probably a support mail +score SUPPORTMAIL2 1.5 + +body SUPPORTMAIL3 /the email address \S+ is not registered/i +describe SUPORTMAIL3 We don't care if an e-mail address is not registered +score SUPPORTMAIL3 1.5 + +body SUPPORTMAIL4 /(reached an unmonitored e-mail address|no response will be given)/i +describe SUPPORTMAIL4 Yeay for dumb auto-response bots that don't want a response +score SUPPORTMAIL4 1.5 + +header SUPPORTMAIL5 from =~ /\bsupport\@/i +describe SUPPORTMAIL5 Message from an address that looks like support@ +score SUPPORTMAIL5 1.5 + + +header FROMAUTOREPLY from =~ /(autoreply|no-?reply)/i +describe FROMAUTOREPLY Message from an autoreplier or something who doesn't seem to want a reply +score FROMAUTOREPLY 4 + + diff --git a/common/common_spam b/common/common_spam index 4d77331..f5151cf 100644 --- a/common/common_spam +++ b/common/common_spam @@ -1,3 +1,4 @@ +# -*- mode: spamassassin -*- # this file includes rules that are common which have been split out # into separate files in this directory. @@ -15,6 +16,9 @@ include url_spam include virus_spam +# this is the set of automatic response spam scores +include auto_response_spam + meta DIGEST_MULTIPLE RAZOR2_CHECK + PYZOR_CHECK > 1 describe DIGEST_MULTIPLE Message hits more than one network digest check tflags DIGEST_MULTIPLE net diff --git a/common/misc_spam b/common/misc_spam index eca1f01..1165f15 100644 --- a/common/misc_spam +++ b/common/misc_spam @@ -367,7 +367,3 @@ full HTML_NBSP /(\ ){3,}/ describe HTML_NBSP Lots of   score HTML_NBSP 2 -# don 2009-02-05 -body QMAILBOUNCE /This\s*is\s*the\s*qmail-send\s*program/i -describe QMAILBOUNCE Stupid qmail bounces; we don't want them -score QMAILBOUNCE 2 diff --git a/common/money_spam b/common/money_spam index c969949..a09ec05 100644 --- a/common/money_spam +++ b/common/money_spam @@ -1,3 +1,4 @@ +# -*- mode: spamassassin -*- # Spam dealing with selling stuff, stocks, etc. is matched by these # rules -- 2.39.2