Mailing List Archive

svn commit: rev 6524 - incubator/spamassassin/trunk/rules
Author: quinlan
Date: Thu Feb 5 15:10:44 2004
New Revision: 6524

Modified:
incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf
incubator/spamassassin/trunk/rules/30_text_de.cf
incubator/spamassassin/trunk/rules/30_text_fr.cf
incubator/spamassassin/trunk/rules/50_scores.cf
incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
Log:
DNSBL changes
- rename RCVD_IN_DYNABLOCK to RCVD_IN_SORBS_DUL
- change multi-RBLs into prerequisite tests for better stability
- promote RCVD_IN_XBL, switch to new version of SBL+XBL rule
- fix T_RCVD_IN_SORBS_NOMAIL and T_RCVD_IN_SORBS_BADCONF to query
the SORBS RHSBL


Modified: incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf (original)
+++ incubator/spamassassin/trunk/rules/20_dnsbl_tests.cf Thu Feb 5 15:10:44 2004
@@ -6,13 +6,13 @@
#
# <@LICENSE>
# Copyright 2004 Apache Software Foundation
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -38,9 +38,9 @@
# NJABL
# URL: http://www.dnsbl.njabl.org/

-header RCVD_IN_NJABL eval:check_rbl('njabl', 'dnsbl.njabl.org.')
-describe RCVD_IN_NJABL Received via a relay in dnsbl.njabl.org
-tflags RCVD_IN_NJABL net
+header __RCVD_IN_NJABL eval:check_rbl('njabl', 'dnsbl.njabl.org.')
+describe __RCVD_IN_NJABL Received via a relay in dnsbl.njabl.org
+tflags __RCVD_IN_NJABL net

header RCVD_IN_NJABL_RELAY eval:check_rbl_sub('njabl', '127.0.0.2')
describe RCVD_IN_NJABL_RELAY NJABL: sender is confirmed open relay
@@ -73,9 +73,9 @@
# pay-to-use: no
# delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request

-header RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
-describe RCVD_IN_SORBS SORBS: sender is listed in SORBS
-tflags RCVD_IN_SORBS net
+header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
+describe __RCVD_IN_SORBS SORBS: sender is listed in SORBS
+tflags __RCVD_IN_SORBS net

header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2')
describe RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server
@@ -93,9 +93,9 @@
describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
tflags RCVD_IN_SORBS_SOCKS net

-header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
-describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
-tflags RCVD_IN_SORBS_SPAM net
+#header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
+#describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
+#tflags RCVD_IN_SORBS_SPAM net

header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7')
describe RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server
@@ -109,11 +109,10 @@
describe RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network
tflags RCVD_IN_SORBS_ZOMBIE net

-# Dynablock used to be at easynet.nl; closed down there, but reopened
-# by SORBS.
-header RCVD_IN_DYNABLOCK eval:check_rbl('sorbs-notfirsthop', 'dnsbl.sorbs.net.', '127.0.0.10')
-describe RCVD_IN_DYNABLOCK Sent directly from dynamic IP address
-tflags RCVD_IN_DYNABLOCK net
+# Dynablock used to be at easynet.nl; closed down there, but reopened by SORBS
+header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-notfirsthop', 'dnsbl.sorbs.net.', '127.0.0.10')
+describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
+tflags RCVD_IN_SORBS_DUL net

# ---------------------------------------------------------------------------
# OPM (recommended, supports TXT queries, but A queries needed for sub-tests)
@@ -122,9 +121,9 @@
# pay-to-use: no
# delist: automatic expiry, no fee, retested on request (free)

-header RCVD_IN_OPM eval:check_rbl('opm', 'opm.blitzed.org.')
-describe RCVD_IN_OPM Received via a relay in opm.blitzed.org
-tflags RCVD_IN_OPM net
+header __RCVD_IN_OPM eval:check_rbl('opm', 'opm.blitzed.org.')
+describe __RCVD_IN_OPM Received via a relay in opm.blitzed.org
+tflags __RCVD_IN_OPM net

header RCVD_IN_OPM_WINGATE eval:check_rbl_sub('opm', '1')
describe RCVD_IN_OPM_WINGATE OPM: sender is open WinGate proxy
@@ -147,12 +146,25 @@
tflags RCVD_IN_OPM_HTTP_POST net

# ---------------------------------------------------------------------------
-# Now, single zone BLs follow:
+# Spamhaus XBL+SBL
+
+header __RCVD_IN_SBL_XBL eval:check_rbl_txt('sblxbl', 'sbl-xbl.spamhaus.org.')
+describe __RCVD_IN_SBL_XBL Received via a relay in Spamhaus SBL+XBL
+tflags __RCVD_IN_SBL_XBL net

# SBL is the Spamhaus Block List: http://www.spamhaus.org/sbl/
-header RCVD_IN_SBL eval:check_rbl_txt('sbl', 'sbl.spamhaus.org.')
-describe RCVD_IN_SBL Received via a relay in Spamhaus Block List
+header RCVD_IN_SBL eval:check_rbl_sub('sblxbl', '(?i)/sbl')
+describe RCVD_IN_SBL Received via a relay in Spamhaus SBL
tflags RCVD_IN_SBL net
+
+# XBL is the Exploits Block List: http://www.spamhaus.org/xbl/
+# contains data from the CBL, probably supercedes that.
+header RCVD_IN_XBL eval:check_rbl_sub('sblxbl', '(?i)/xbl')
+describe RCVD_IN_XBL Received via a relay in Spamhaus XBL
+tflags RCVD_IN_XBL net
+
+# ---------------------------------------------------------------------------
+# Now, single zone BLs follow:

# DSBL catches open relays, badly-installed CGI scripts and open SOCKS and
# HTTP proxies. list.dsbl.org lists servers tested by "trusted" users,

Modified: incubator/spamassassin/trunk/rules/30_text_de.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/30_text_de.cf (original)
+++ incubator/spamassassin/trunk/rules/30_text_de.cf Thu Feb 5 15:10:44 2004
@@ -135,7 +135,7 @@
lang de describe HABEAS_VIOLATOR Sender verletzt das Warenzeichen der Firma Habeas
lang de describe RCVD_IN_BSP_TRUSTED Senderechner in Liste von http://www.bondedsender.org/
lang de describe RCVD_IN_BSP_OTHER Senderechner in Liste von http://www.bondedsender.org/
-lang de describe RCVD_IN_DYNABLOCK Senderechner nur temporär mit Internet verbunden
+lang de describe RCVD_IN_SORBS_DUL Senderechner nur temporär mit Internet verbunden
lang de describe RCVD_IN_BL_SPAMCOP_NET Transportiert via Rechner in Liste von www.spamcop.net
lang de describe RCVD_IN_MAPS_RBL Transportiert via Rechner in Liste von http://www.mail-abuse.org/rbl/
lang de describe RCVD_IN_MAPS_DUL Transportiert via Rechner in Liste von http://www.mail-abuse.org/dul/

Modified: incubator/spamassassin/trunk/rules/30_text_fr.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/30_text_fr.cf (original)
+++ incubator/spamassassin/trunk/rules/30_text_fr.cf Thu Feb 5 15:10:44 2004
@@ -722,7 +722,7 @@
lang fr describe RCVD_IN_BSP_OTHER Relais participant au Bonded Sender Program (autre relais)
lang fr describe RCVD_IN_BSP_TRUSTED Relais participant au Bonded Sender Program (relais connu)
lang fr describe RCVD_IN_DSBL Relais listé dans list.dsbl.org, voir http://dsbl.org
-lang fr describe RCVD_IN_DYNABLOCK Envoyé directement depuis une adresse IP dynamique
+lang fr describe RCVD_IN_SORBS_DUL Envoyé directement depuis une adresse IP dynamique
lang fr describe RCVD_IN_MAPS_DUL Relais listé dans DUL, http://www.mail-abuse.org/dul/
lang fr describe RCVD_IN_MAPS_NML Relais listé dans NML, http://www.mail-abuse.org/nml/
lang fr describe RCVD_IN_MAPS_RBL Relais listé dans RBL, http://www.mail-abuse.org/rbl/

Modified: incubator/spamassassin/trunk/rules/50_scores.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/50_scores.cf (original)
+++ incubator/spamassassin/trunk/rules/50_scores.cf Thu Feb 5 15:10:44 2004
@@ -927,33 +927,32 @@
score RCVD_IN_BL_SPAMCOP_NET 0 2.25 0 1.50
score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1
score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3
+score RCVD_IN_CBL 0 1.10 0 1.10
score RCVD_IN_DSBL 0 1.101 0 0.706
-score RCVD_IN_DYNABLOCK 0 2.546 0 2.599
-score RCVD_IN_NJABL 0 0.100 0 0.100
-score RCVD_IN_NJABL_CGI 0 0.001 0 0.001
-score RCVD_IN_NJABL_DIALUP 0 0.525 0 3.536
-score RCVD_IN_NJABL_MULTI 0 0.001 0 0.001
-score RCVD_IN_NJABL_PROXY 0 1.101 0 0.500
-score RCVD_IN_NJABL_RELAY 0 1.314 0 0.001
-score RCVD_IN_NJABL_SPAM 0 0.639 0 1.206
-score RCVD_IN_OPM 0 4.300 0 1.001
-score RCVD_IN_OPM_HTTP 0 4.300 0 1.001
-score RCVD_IN_OPM_HTTP_POST 0 4.300 0 1.001
-score RCVD_IN_OPM_ROUTER 0 2.800 0 0.001
-score RCVD_IN_OPM_SOCKS 0 4.300 0 1.257
-score RCVD_IN_OPM_WINGATE 0 4.300 0 2.700
+score RCVD_IN_NJABL_CGI 0 0.1 0.1
+score RCVD_IN_NJABL_DIALUP 0 0.625 0 3.636
+score RCVD_IN_NJABL_MULTI 0 0.101 0 0.101
+score RCVD_IN_NJABL_PROXY 0 1.201 0 0.6
+score RCVD_IN_NJABL_RELAY 0 1.414 0 0.101
+score RCVD_IN_NJABL_SPAM 0 0.739 0 1.306
+score RCVD_IN_OPM_HTTP 0 8.6 0 2.002
+score RCVD_IN_OPM_HTTP_POST 0 8.6 0 2.002
+score RCVD_IN_OPM_ROUTER 0 7.1 0 1.001
+score RCVD_IN_OPM_SOCKS 0 8.6 0 2.258
+score RCVD_IN_OPM_WINGATE 0 8.6 0 3.701
score RCVD_IN_RFCI 0 0.100 0 0.100
-score RCVD_IN_SBL 0 1.271 0 1.113
-score RCVD_IN_CBL 0 1.10 0 1.10
score RCVD_IN_RSL 0 0.53 0 0.53
-score RCVD_IN_SORBS 0 0.100 0 0.100
+score RCVD_IN_SBL 0 1.271 0 1.113
score RCVD_IN_SORBS_BLOCK 0 0.001 0 0.001
-score RCVD_IN_SORBS_HTTP 0 1.101 0 1.101
-score RCVD_IN_SORBS_MISC 0 1.101 0 1.204
-score RCVD_IN_SORBS_SMTP 0 1.101 0 0.687
-score RCVD_IN_SORBS_SOCKS 0 1.522 0 2.700
-score RCVD_IN_SORBS_WEB 0 2.800 0 0.001
-score RCVD_IN_SORBS_ZOMBIE 0 2.596 0 2.599
+score RCVD_IN_SORBS_DUL 0 2.546 0 2.599
+score RCVD_IN_SORBS_HTTP 0 1.201 0 1.201
+score RCVD_IN_SORBS_MISC 0 1.201 0 1.304
+score RCVD_IN_SORBS_SMTP 0 1.201 0 0.787
+score RCVD_IN_SORBS_SOCKS 0 1.622 0 2.8
+#score RCVD_IN_SORBS_SPAM 0 0.001 0 0.001
+score RCVD_IN_SORBS_WEB 0 2.9 0 0.1
+score RCVD_IN_SORBS_ZOMBIE 0 2.696 0 2.699
+score RCVD_IN_XBL 0 1.0 0 1.0

# unscored by default -- commercial/donation services. If you pay for
# these, give them a score so they will be checked.

Modified: incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf (original)
+++ incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf Thu Feb 5 15:10:44 2004
@@ -74,15 +74,16 @@

header T_DATE_DOUBLE_DASH Date =~ /:\d\d --\d\d\d\d$/

-header T_RCVD_IN_SORBS_BADCONF eval:check_rbl_sub('sorbs', '127.0.0.11')
-describe T_RCVD_IN_SORBS_BADCONF SORBS: sender uses invalid DNS A or MX records
+header __RCVD_IN_SORBS_RHSBL eval:check_rbl_from_host('sorbsrhs', 'rhsbl.sorbs.net.')
+tflags __RCVD_IN_SORBS_RHSBL net
+
+header T_RCVD_IN_SORBS_BADCONF eval:check_rbl_sub('sorbsrhs', '127.0.0.11')
+describe T_RCVD_IN_SORBS_BADCONF SORBS: sender uses invalid DNS A or MX records
tflags T_RCVD_IN_SORBS_BADCONF net
-score T_RCVD_IN_SORBS_BADCONF 0.1

-header T_RCVD_IN_SORBS_NOMAIL eval:check_rbl_sub('sorbs', '127.0.0.12')
+header T_RCVD_IN_SORBS_NOMAIL eval:check_rbl_sub('sorbsrhs', '127.0.0.12')
describe T_RCVD_IN_SORBS_NOMAIL SORBS: sender is not expected to send mail
tflags T_RCVD_IN_SORBS_NOMAIL net
-score T_RCVD_IN_SORBS_NOMAIL 0.1

# SPF support. "pass" is nice, "fail" is bad, "softfail" is bad, but
# not as bad as "fail".
@@ -295,22 +296,6 @@
rawbody T_BAYESBUSTER_LINE_12 /^([a-z]{3,} ){12,}<[Bb][Rr]>$/
rawbody T_BAYESBUSTER_LINE_15 /^([a-z]{3,} ){15,}<[Bb][Rr]>$/
rawbody T_BAYESBUSTER_LINE_15I /^([a-z]{3,} ){15,}<br>$/i
-
-# XBL+SBL
-header __RCVD_IN_SBL_XBL eval:check_rbl_txt('sblxbl', 'sbl-xbl.spamhaus.org.')
-describe __RCVD_IN_SBL_XBL Received via a relay in Spamhaus SBL+XBL
-tflags __RCVD_IN_SBL_XBL net
-
-# SBL replacement
-header T_RCVD_IN_SBL eval:check_rbl_sub('sblxbl', '(?i)/sbl')
-describe T_RCVD_IN_SBL Received via a relay in Spamhaus SBL
-tflags T_RCVD_IN_SBL net
-
-# XBL is the Exploits Block List: http://www.spamhaus.org/xbl/
-# contains data from the CBL, probably supercedes that.
-header T_RCVD_IN_XBL eval:check_rbl_sub('sblxbl', '(?i)/xbl')
-describe T_RCVD_IN_XBL Received via a relay in Spamhaus XBL
-tflags T_RCVD_IN_XBL net

# reported by Kurtis Rader, bug 2890
uri T_MSN_REDIR /^http:\/\/shopping\.msn\.com\/trackurl\.aspx\?/i