From c649b7020ab73485972b1e22d8520429474218c8 Mon Sep 17 00:00:00 2001 From: Don Armstrong Date: Sat, 13 Dec 2008 13:45:07 +0000 Subject: [PATCH] add blars patches git-svn-id: svn+ssh://svn.debian.org/svn/pkg-listmaster/trunk/spamassassin_config@260 0b7a5b0c-1f2c-0410-bd74-c376f8064c91 --- common/bts_scores | 13 +++++++++++++ common/bts_specific | 28 ++++++++++++++++++++++++++-- common/drug_spam | 7 ++++++- common/misc_spam | 20 ++++++++++++++++++++ common/phrase_spam | 5 +++++ common/scores | 3 ++- 6 files changed, 72 insertions(+), 4 deletions(-) diff --git a/common/bts_scores b/common/bts_scores index faaee52..6052734 100644 --- a/common/bts_scores +++ b/common/bts_scores @@ -104,6 +104,9 @@ score RCVD_IN_SORBS_SMTP 0.1 score RCVD_IN_SORBS_SOCKS 0.1 score RCVD_IN_SORBS_WEB 0.1 score RCVD_IN_SORBS_ZOMBIE 0.1 +# getting spam on this wl blarson 2008-09-24 +score RCVD_IN_DNSWL_LOW 0.2 +score RCVD_IN_DNSWL_MED 0.1 # blarson 2004-11-16 @@ -135,3 +138,13 @@ score HABEAS_ACCREDITED_COI 1 # blarson 2008-05-26 #score WHY_WAIT 1.2 + +score BAYES_40 -0.1 +score BAYES_50 1 +score BAYES_80 2.5 +score BAYES_95 3.5 + +score MIME_HTML_ONLY 3 +score MIME_HTML_MOSTLY 2 +score HTML_EMBEDS 1 +score HTML_MESSAGE 0.5 diff --git a/common/bts_specific b/common/bts_specific index bcdd145..47656f6 100644 --- a/common/bts_specific +++ b/common/bts_specific @@ -82,8 +82,13 @@ score INFOLOOP 7 # blarson 2007-11-17 header KOI8R Content-Type =~ /koi8-r/i -describe KOI8R korean content -score KOI8R 3 +describe KOI8R russian content +score KOI8R 4 + +# blarson 2007-09-07 +header SUBKOI8R subject =~ /koi8-r/i +describe SUBKOI8R russian subject +score SUBKOI8R 4 # blarson 2007-12-10 score ONEWORD 3 @@ -100,3 +105,22 @@ describe VERSION version number specified in body tflags VERSION nice score VERSION -1 +# blarson 2008-09-04 new spamassasin html rules broken +header HTMLCONT content-type =~ /text\/html/i +describe HTMLCONT html only +score HTMLCONT 3 + +# blarson 2008-09-04 +header MULTALT content-type =~ /multipart\/alternative/i +describe MULTALT multipart-alternative +score MULTALT 1 + +# blarson 2008-10-29 +header CREATETICK subject =~ /Unable to create Ticket/ +describe CREATETICK Unable to create Ticket +score CREATETICK 4 + +# blarson 2008-11-28 +body ONPHPDEV /onphp-dev-ru.lists.shadanakar.org/ +describe ONPHPDEV keeps spamming owner, spamassassin autolearns as ham? +score ONPHPDEV 3 diff --git a/common/drug_spam b/common/drug_spam index 8e69d71..523ebe9 100644 --- a/common/drug_spam +++ b/common/drug_spam @@ -385,7 +385,7 @@ describe LEGALWEED Legal WEED score LEGALWEED 4 # blarson 2008-03-21 -header PUSSY subject =~ /\b\_?(?:pussy|cum|naked|g(?:-|\s*)?spot|nipple|manhood|one(?:-|\s+)eyed\s+monster|orgasm|breast|vibrator|p[e3]n[il]s|porno|Tittie|flaccid|shagging|stripping|hottie|orgasmic|capsule|climax|lace|horny|Pink|wet|foreplay|Playboy|playmate|bares|blowing|sucking|Embrace|courtship|love|bosom|exposed|freaky|motel|credit card|pleasure|Ejaculation|herba[l1]|dosage|\d+\s+mg|escort|Penetration|orgie|pecker|crotch|Pocket Rocket|Sports Illustrated|RAMBO|bees|Corpora Cavernosa|rod|luv|see-through|College|jetsetting|Shaven|1\d and|inches|lovemaking|bedroom|Purchase|kung fu|saucy|Buy|laid|Obama|dementia|No weight|pill|Pacify|screening|regret|brad pitt|undressed|freebie|Discount|wonderdrug|Rock|diet|racy|boob|ramming|Loving|bang|coming|tablet|customer|highs|limited edition|Shock attack|topless|CS\s*3|babe|kinky|clothes|bed(?:ding)?|fame|hurt her|LOTTERY|year old|hot action|Ladies man|\d+ inche?|creamy|Click Here|wicked|Shy|touch herself|Shopping|timepiece|Shop|Dealer|watches|luxury|flaunting|dressed|brand|Popular|bling|luxuries|order processing|hobbies|wealth|lucky|draw|thi\b|flesh|Bacheelor|Doctoraate|Exquisite|bottle|money|millionaire|price|famous|branded|Affordable|bucks|Grape Seed|Antioxidant|fashion|Antiox|Free Radical|wonder power|Paris Hilton|wrist|Pamper|Red hot|Nicolas Cage|sale|blood|scientist|sin|Steve Jobs|hot girl|Lordly|dosage|Prada|shoes|pilz|che+ap|babymaker|pornstar|chixx|shed|pound|Investment|E-gold|swagger|LNH|weener|shipping|billing|oem|PhD|university|accredited|degree|hi|from me|monster\.com|discreet|hey|Maxim|Erection|Webmaster|sell|Career|xxx\w*|medicine|medication|health|buying|Rx|pharm|medicinal|Perscription|debt|Cam|Medical|foto|Narcotic|meddiscount|crazy|japanese|Chat|babe|winner|sure cure|European|agency|vocanc(?:ie|y)|CareerBuilder|pilule|CorelDRAW|shag|cumming|Employer|jobseeker|NoPrescripiton|remedy|cheaper)s?\_?\b/i +header PUSSY subject =~ /\b\_?(?:pussy|cum|naked|g(?:-|\s*)?spot|nipple|manhood|one(?:-|\s+)eyed\s+monster|orgasm|breast|vibrator|p[e3]n[il]s|porno|Tittie|flaccid|shagging|stripping|hottie|orgasmic|capsule|climax|lace|horny|Pink|wet|foreplay|Playboy|playmate|bares|blowing|sucking|Embrace|courtship|love|bosom|exposed|freaky|motel|credit card|pleasure|Ejaculation|herba[l1]|dosage|\d+\s+mg|escort|Penetration|orgie|pecker|crotch|Pocket Rocket|Sports Illustrated|RAMBO|bees|Corpora Cavernosa|rod|luv|see-through|College|jetsetting|Shaven|1\d and|inches|lovemaking|bedroom|Purchase|kung fu|saucy|Buy|laid|Obama|dementia|No weight|pill|Pacify|screening|regret|brad pitt|undressed|freebie|Discount|wonderdrug|Rock|diet|racy|boob|ramming|Loving|bang|coming|tablet|customer|highs|limited edition|Shock attack|topless|CS\s*3|babe|kinky|clothes|bed(?:ding)?|fame|hurt her|LOTTERY|year old|hot action|Ladies man|\d+ inche?|creamy|Click Here|wicked|Shy|touch herself|Shopping|timepiece|Shop|Dealer|watches|luxury|flaunting|dressed|brand|Popular|bling|luxuries|order processing|hobbies|wealth|lucky|draw|thi\b|flesh|Bacheelor|Doctoraate|Exquisite|bottle|money|millionaire|price|famous|branded|Affordable|bucks|Grape Seed|Antioxidant|fashion|Antiox|Free Radical|wonder power|Paris Hilton|wrist|Pamper|Red hot|Nicolas Cage|sale|blood|scientist|sin|Steve Jobs|hot girl|Lordly|dosage|Prada|shoes|pilz|che+ap|babymaker|pornstar|chixx|shed|pound|Investment|E-gold|swagger|LNH|weener|shipping|billing|oem|PhD|university|accredited|degree|hi|from me|monster\.com|discreet|hey|Maxim|Erection|Webmaster|sell|Career|xxx\w*|medicine|medication|health|buying|Rx|pharm|medicinal|Perscription|debt|Cam|Medical|foto|Narcotic|meddiscount|crazy|japanese|Chat|babe|winner|sure cure|European|agency|vocanc(?:ie|y)|CareerBuilder|pilule|CorelDRAW|shag|cumming|Employer|jobseeker|NoPrescripiton|remedy|cheaper|SpaB|fedex|luksus)s?\_?\b/i describe PUSSY various spammy words in subject score PUSSY 2 @@ -393,3 +393,8 @@ score PUSSY 2 header FDA subject =~ /\bFDA\b/ describe FDA FDA score FDA 3 + +# blarson 2008-09-05 +body CANADIANRX /\bCanadian(?:\s|_)+(?:Rx|med)/i +describe CANADIANRX Canadian RxMedz +score CANADIANRX 4 diff --git a/common/misc_spam b/common/misc_spam index 616878e..23d89a9 100644 --- a/common/misc_spam +++ b/common/misc_spam @@ -331,6 +331,26 @@ body GBKXWFLXF /\bgbkxwflxf\b/ describe GBKXWFLXF gbkxwflxf score GBKXWFLXF 5 +# blarson 2008-09-07 +body LUKSUS /\bluksus\b/i +score LUKSUS 4 +describe LUKSUS Luksus + +# blarson 2008-09-22 +header XIRONPORT X-IronPort-Anti-Spam-Filtered =~ /true/ +describe XIRONPORT claims to be ironport filtered +score XIRONPORT 2.5 + +# blarson 2008-10-13 +header AUTORESPON subject =~ /Auto_response/ +describe AUTORESPON Auto_response +score AUTORESPON 3 + +# blarson 2008-10-28 +header XWUM x-wum-to =~ /./ +describe XWUM X-WUM-TO +score XWUM 2 + # cord 2008-10-31 # compensate false-positives for 140.Red-80-25-20.staticIP.rima-tde.net and stuff header STATIC_RIMA_TDE received =~ /staticIP\.rima-tde\.net/ diff --git a/common/phrase_spam b/common/phrase_spam index 5f271af..dcea98f 100644 --- a/common/phrase_spam +++ b/common/phrase_spam @@ -907,3 +907,8 @@ score SCOUR 3 body YOURNAME /\d+\)\s*y+o+u+r+\s*n+a+m+e+/i describe YOURNAME 1) your name is spam score YOURNAME 3 + +# blarson 2008-12-11 +header TWITTER subject =~ /you on Twitter/ +describe TWITTER Twitter invite spam +score TWITTER 4 diff --git a/common/scores b/common/scores index f34c78c..ba12de5 100644 --- a/common/scores +++ b/common/scores @@ -55,11 +55,12 @@ score RAZOR2_CHECK 1 score RAZOR2_CF_RANGE_51_100 4 score PYZOR_CHECK 2 score BAYES_00 0 0 -2 -2 +score BAYES_05 0 0 -1.5 -1.5 # score BAYES_01 0 0 -2 -2 # score BAYES_10 0 0 -1 -1 score BAYES_20 0 0 -1 -1 # score BAYES_30 0 0 -1 -1 -score BAYES_40 0 +score BAYES_40 -0.01 # score BAYES_44 0 score BAYES_50 0 # score BAYES_56 0 -- 2.39.2