Mailing List Archive

svn commit: r1891602 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Author: jhardin
Date: Sat Jul 17 02:05:24 2021
New Revision: 1891602

URL: http://svn.apache.org/viewvc?rev=1891602&view=rev
Log:
More new-product spammer tuning

Modified:
spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1891602&r1=1891601&r2=1891602&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sat Jul 17 02:05:24 2021
@@ -3263,6 +3263,15 @@ score TAGSTAT_IMG_NOT_RCVD_TGST 2
describe TAGSTAT_IMG_NOT_RCVD_TGST Tagstat hosted image but message not from Tagstat
tflags TAGSTAT_IMG_NOT_RCVD_TGST publish

+header __HDR_RCVD_FACEBOOK X-Spam-Relays-External =~ /\srdns=\S+\.facebook\.com\s/
+uri __URI_IMG_FACEBOOK m;://([^/.]+\.)+fbcdn\.net/v/.+\.(?:jpe?g|gif|png);i
+
+meta __FACEBOOK_IMG_NOT_RCVD_FB __URI_IMG_FACEBOOK && !__HDR_RCVD_FACEBOOK
+#meta FACEBOOK_IMG_NOT_RCVD_FB __FACEBOOK_IMG_NOT_RCVD_FB
+#score FACEBOOK_IMG_NOT_RCVD_FB 1.500 # limit
+#describe FACEBOOK_IMG_NOT_RCVD_FB Facebook hosted image but message not from Facebook
+#tflags FACEBOOK_IMG_NOT_RCVD_FB publish
+

uri __URI_IMG_YTIMG m,://[^/?]+\.ytimg\.com/,i
uri __URI_IMG_JOOMCDN m,://img\.joomcdn\.net/,i
@@ -3273,25 +3282,25 @@ uri __URI_IMG_TOPHATTER m
uri __URI_IMG_GBTCDN m;://des\.gbtcdn\.com/storage/store/[0-9a-f/]{30,}\.(?:png|gif|jpe?g)$;i


-meta __HOSTED_IMG_DQ_UNSUB __URI_DQ_UNSUB && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN || __URI_IMG_LINKEDIN || __URI_IMG_TUMBLR || __URI_IMG_TAGSTAT)
+meta __HOSTED_IMG_DQ_UNSUB __URI_DQ_UNSUB && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN || __URI_IMG_LINKEDIN || __URI_IMG_TUMBLR || __URI_IMG_TAGSTAT || __URI_IMG_FACEBOOK)
meta HOSTED_IMG_DQ_UNSUB __HOSTED_IMG_DQ_UNSUB
score HOSTED_IMG_DQ_UNSUB 3.500 # limit
describe HOSTED_IMG_DQ_UNSUB Image hosted at large ecomm site, IP addr unsub link
tflags HOSTED_IMG_DQ_UNSUB publish

-meta __HOSTED_IMG_DIRECT_MX __DOS_DIRECT_TO_MX && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN || __URI_IMG_LINKEDIN || __URI_IMG_TUMBLR || __URI_IMG_TAGSTAT)
+meta __HOSTED_IMG_DIRECT_MX __DOS_DIRECT_TO_MX && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN || __URI_IMG_LINKEDIN || __URI_IMG_TUMBLR || __URI_IMG_TAGSTAT || __URI_IMG_FACEBOOK)
meta HOSTED_IMG_DIRECT_MX __HOSTED_IMG_DIRECT_MX && !__DKIM_EXISTS
score HOSTED_IMG_DIRECT_MX 3.500 # limit
describe HOSTED_IMG_DIRECT_MX Image hosted at large ecomm, CDN or hosting site, message direct-to-mx
tflags HOSTED_IMG_DIRECT_MX publish

-meta __HOSTED_IMG_FREEM ( FREEMAIL_REPLYTO || FREEMAIL_FROM ) && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_WP_REDIR || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN || __URI_IMG_LINKEDIN || __URI_IMG_TUMBLR || __URI_IMG_TAGSTAT)
+meta __HOSTED_IMG_FREEM ( FREEMAIL_REPLYTO || FREEMAIL_FROM ) && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_WP_REDIR || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN || __URI_IMG_LINKEDIN || __URI_IMG_TUMBLR || __URI_IMG_TAGSTAT || __URI_IMG_FACEBOOK)
meta HOSTED_IMG_FREEM __HOSTED_IMG_FREEM && !__THREADED
score HOSTED_IMG_FREEM 3.500 # limit
describe HOSTED_IMG_FREEM Image hosted at large ecomm, CDN or hosting site or redirected, freemail from or reply-to
tflags HOSTED_IMG_FREEM publish

-meta __HOSTED_IMG_MULTI ( __URI_IMG_EBAY + __URI_IMG_AMAZON + __URI_IMG_ALICDN + __URI_IMG_WALMART + __URI_IMG_NEWEGG + __URI_IMG_SHOPIFY + __URI_IMG_YTIMG + __URI_IMG_JOOMCDN + __URI_IMG_WISH + __URI_IMG_WP_REDIR + __URI_IMG_STATICBG + __URI_IMG_CHANNYPIC + __URI_IMG_TOPHATTER + __URI_IMG_GBTCDN + __URI_IMG_LINKEDIN + __URI_IMG_TUMBLR + __URI_IMG_TAGSTAT) > 1
+meta __HOSTED_IMG_MULTI ( __URI_IMG_EBAY + __URI_IMG_AMAZON + __URI_IMG_ALICDN + __URI_IMG_WALMART + __URI_IMG_NEWEGG + __URI_IMG_SHOPIFY + __URI_IMG_YTIMG + __URI_IMG_JOOMCDN + __URI_IMG_WISH + __URI_IMG_WP_REDIR + __URI_IMG_STATICBG + __URI_IMG_CHANNYPIC + __URI_IMG_TOPHATTER + __URI_IMG_GBTCDN + __URI_IMG_LINKEDIN + __URI_IMG_TUMBLR + __URI_IMG_TAGSTAT + __URI_IMG_FACEBOOK) > 1
meta HOSTED_IMG_MULTI __HOSTED_IMG_MULTI && !__DKIM_EXISTS
score HOSTED_IMG_MULTI 3.000 # limit
describe HOSTED_IMG_MULTI Multiple images hosted at different large ecomm, CDN or hosting sites, free image sites, or redirected
@@ -3913,13 +3922,13 @@ describe URI_LONG_REPEAT V
score URI_LONG_REPEAT 2.500 # limit
tflags URI_LONG_REPEAT publish

-body READY_TO_SHIP /(?:(?:in our (?:stock|warehouse|store)(?: today| now| right away)?[.,:]\s|our (?:\w+,? ){2,8}(?:is |now )+)Ready (?:to (?:be )?|for )+(?:ship|send|deliver)|ready (?:for shipping|to (?:ship|send)) (?:(?:in|from|by) our (?:warehouse|stock)|(?:to|for)(?: global(?:ly)?| worldwide| customers){2})|(?:(?:our|this|a|great|fine|wonderful|cool|popular) new product|we have(?: \w+){1,6} available|ready) in (?:our )?(?:warehouse|stock|store)|just arrived in our warehouse|we will (?:contact the (?:warehouse|logistics) to )?arrange (?:the )?(?:shipment|delivery)|a new (?:\w+ ){1,3}in our warehouse)/i
+body READY_TO_SHIP /(?:(?:in our (?:stock|warehouse|store|storage facility)(?: today| now| right away)?[.,:]\s|our (?:\w+,? ){2,8}(?:is |now )+)Ready (?:to (?:be )?|for )+(?:ship|send|deliver)|ready (?:for shipping|to (?:ship|send)) (?:(?:in|from|by) our (?:warehouse|stock|stor(?:e|age))|(?:to|for)(?: global(?:ly)?| worldwide| customers){2})|(?:(?:our|this|a|great|fine|wonderful|cool|popular) new product|we have(?: \w+){1,6} available|ready) in (?:our )?(?:warehouse|stock|stor(?:e|age))|just arrived in our (?:warehouse|stor(?:e|age))|we will (?:contact the (?:warehouse|logistics|store|storage(?: facility)) to )?arrange (?:the )?(?:shipment|delivery)|a new (?:\w+ ){1,3}in our (?:warehouse|storage)|this (?:new )?(?:merchandise|product|item) is (?:now )?ready (?:to ship )?(?:at|in|from) our (?:warehouse|stock|stor(?:e|age)))/i
score READY_TO_SHIP 1.250 # limit

-body WANT_TO_ORDER /you (?:(?:would )?like|want|are interested|need|wish)(?: to| in)? (?:plac(?:e|ing) an order|order(?:ing)? (?:for )?(?:this|it|now|today|our \w+)|take one (?:or two )?(?:today|now))\b/i
+body WANT_TO_ORDER /you (?:(?:would )?like|want|are interested|need|wish)(?: to| in)? (?:plac(?:e|ing) an order|order(?:ing)? (?:for )?(?:this|it|now|today|our \w+)|take (?:one (?:or two )?|this (?:item|product) )(?:today|now))\b/i
score WANT_TO_ORDER 2.750 # limit

-body YOUR_DELIVERY_ADDRESS /(?:(?:respond|reply|answer) (?:to )?(?:our|this) ?e?mail (?:[\w,]+\s){0,10}(?:with|and send(?: us)?)|we need to know|let us know|(?:send|provide|tell|inform)(?: us)?(?: of)?|confirm|indicate)(?: t?he (?:order )?quantity and)? (?:your |the )?(?:detailed |specific )?(?:(?:delivery |shipping |mailing |shipment |receiving )?address(?:\s?[,.;]|(?: and| so)? we| if you)|address (?:for|of) (?:shipping|delivery|shipment))/i
+body YOUR_DELIVERY_ADDRESS /(?:(?:respond|reply|answer) (?:to )?(?:our|this) ?e?mail (?:[\w,]+\s){0,10}(?:with|and send(?: us)?)|we need to know|let us know|(?:send|provide|tell|inform)(?: us)?(?: of)?|confirm|indicate)(?: t?he (?:order )?quantity and)? (?:your |the )?(?:detailed |specific )?(?:(?:delivery |shipping |mailing |shipment |receiving )?address(?:\s?[,.;]|(?: and| so)? we| if you)|address (?:for|of) (?:shipping|delivery|shipment))|provide us details of the address and we will contact the (?:warehouse|logistics|storage(?: facility))/i
score YOUR_DELIVERY_ADDRESS 1.250 # limit

body __NEW_PRODUCTS /\bhere are new products|\b(?:Our company|we) (?:has |have )?(?:(?:recently|just|newly) (?:introduce|release|launche)[ds](?: a) new|a new (?!cat\s|kitten\s|dog\s|puppy\s|pet\s|baby\s|child\s|boy\s|girl\s)(?:\w+\s){1,5} here)|recently,? our company launched|\bI want to recommend a new (?:\w+ )+(?:we|our)\b|latest version of our (?:stock|product)/i
@@ -3927,7 +3936,7 @@ meta NEW_PRODUCTS _
score NEW_PRODUCTS 1.250 # limit
tflags NEW_PRODUCTS publish

-body DETAILS_OF_PRODUCT /(?:Please|kindly) (?:see|refer to|check(?: out)?) the (?:details of the product|(?:detailed |complete |specific )?product (?:details|information)) (below|following|that follow|in detail)|the following (?:(?:is the )?(?:detailed )?product information|is a brief introduction to (?:\w+\s){0,5}this product)|\bhere (is|are) some basic information about this|you can (?:\w+ )?understand our product|take a look at this product|interested in learning about (?:this|our product)|grasp our (?:product|goods)|details can be checked below/i
+body DETAILS_OF_PRODUCT /(?:Please|kindly) (?:see|refer to|check(?: out)?) the (?:details of the product|(?:detailed |complete |specific )?product (?:details|information)) (below|following|that follow|in detail)|the following (?:(?:is the )?(?:detailed )?product information|is a brief introduction to (?:\w+\s){0,5}this product)|\bhere (is|are) some basic information about this|you can (?:\w+ )?understand our product|take a look at this product|interested in learning about (?:this|our product)|grasp our (?:product|goods)|details can be checked below|provide you \w+ the product[-\s]specific (?:details|information)/i
score DETAILS_OF_PRODUCT 1.250 # limit

# Don't joe-job a SA dev's wife