Author: jm
Date: Sat Feb 7 20:56:16 2004
New Revision: 6583
Modified:
incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm
incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
Log:
redo T_HELO_DYNAMIC rules using last-untrusted semantics
Modified: incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm
==============================================================================
--- incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm (original)
+++ incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm Sat Feb 7 20:56:16 2004
@@ -317,6 +317,9 @@
# be helpful; save some cumbersome typing
$self->{num_relays_trusted} = scalar (@{$self->{relays_trusted}});
$self->{num_relays_untrusted} = scalar (@{$self->{relays_untrusted}});
+
+ dbg ("metadata: X-Spam-Relays-Trusted: ".$self->{relays_trusted_str});
+ dbg ("metadata: X-Spam-Relays-Untrusted: ".$self->{relays_untrusted_str});
}
sub lookup_all_ips {
Modified: incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf (original)
+++ incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf Sat Feb 7 20:56:16 2004
@@ -428,34 +428,39 @@
# Interesting new feature; spamware HELO'ing, from a dialup IP addr,
# using that IP's rDNS entry. We can catch this easily.
+#
+# Note the '^[^\]]+ ' stanza: this ensures that we only match spamware
+# connecting to a trusted relay; if a mail came from a dynamic addr but
+# was relayed through their smarthost, that's fine.
# dhcp024-210-034-053.columbus.rr.com [24.210.34.53]
# c-66-176-16-108.se.client2.attbi.com [66.176.16.108]
# c-67-168-174-61.client.comcast.net [67.168.174.61]
-header T_HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ / helo=[^\.]+\d+\D\d+\D\d+\D\d+\D[^\.]*\.\S+\.\S+/i
+# (require an alpha first, as legit HELO'ing-as-IP-address is hit otherwise)
+header T_HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z]\S*\d+\D\d+\D\d+\D\d+\D[^\.]*\.\S+\.\S+/i
# dhcp024-210-034-053.columbus.rr.com [24.210.34.53]
-header T_HELO_DYNAMIC_RR X-Spam-Relays-Untrusted =~ / helo=\S*(?:docsis|cable|dsl|adsl|dhcp|cpe)\S*\d+\D+\d+/i
+header T_HELO_DYNAMIC_RR X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*(?:docsis|cable|dsl|adsl|dhcp|cpe)\S*\d+\D+\d+/i
# fia83-8.dsl.hccnet.nl [62.251.8.83]
# fia160-115-100.dsl.hccnet.nl [80.100.115.160]
-header T_HELO_DYNAMIC_HCC X-Spam-Relays-Untrusted =~ / helo=\S*\d+\D+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i
+header T_HELO_DYNAMIC_HCC X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*\d+\D+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i
# f88114.upc-f.chello.nl [80.56.88.114]
-header T_HELO_DYNAMIC_CHELLO X-Spam-Relays-Untrusted =~ / helo=\S+upc-f\.chello\.nl/i
+header T_HELO_DYNAMIC_CHELLO X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+upc-f\.chello\.nl/i
# h0002a5d76857.ne.client2.attbi.com [65.96.12.59]
-header T_HELO_DYNAMIC_ATTBI X-Spam-Relays-Untrusted =~ / helo=\S+\d+\S+\.client2\.attbi\.com/i
+header T_HELO_DYNAMIC_ATTBI X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+\d+\S+\.client2\.attbi\.com/i
# pcp04024417pcs.toresd01.pa.comcast.net [68.86.206.126]
# bgp542174bgs.ewndsr01.nj.comcast.net[68.38.144.91]
-header T_HELO_DYNAMIC_COMCAST X-Spam-Relays-Untrusted =~ / helo=(?:pcp|bgp)\S+(?:pcs|bgs)\.comcast\.net/i
+header T_HELO_DYNAMIC_COMCAST X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=(?:pcp|bgp)\S+(?:pcs|bgs)\.comcast\.net/i
# CPE0004e2372711-CM000a73666706.cpe.net.cable.rogers.com
# CPE00e0184f0eba-CM014490118324.cpe.net.cable.rogers.com [24.43.109.140]
-header T_HELO_DYNAMIC_ROGERS X-Spam-Relays-Untrusted =~ / helo=CPE\d+\S+\.rogers\.com/i
+header T_HELO_DYNAMIC_ROGERS X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=CPE\d+\S+\.rogers\.com/i
# ca-morpark-cuda1-zone7-b-159.vnnyca.adelphia.net[67.23.129.159]
# tn-greenvillecuda1cable7a-36.atlaga.adelphia.net [68.171.113.36]
# ky-richmond2a-123.rhmdky.adelphia.net [68.71.36.123]
# ny-lackawannacadent4-chtwga3a-b-117.buf.adelphia.net [68.71.205.117]
# fl-edel-u2-c3c-233.pbc.adelphia.net [68.64.89.233]
-header T_HELO_DYNAMIC_ADELPHIA X-Spam-Relays-Untrusted =~ / helo=[a-z]{2}-\S+-\d{1,3}\.[a-z]{3,8}\.adelphia\.net/i
+header T_HELO_DYNAMIC_ADELPHIA X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z]{2}-\S+-\d{1,3}\.[a-z]{3,8}\.adelphia\.net/i
# pD9E4F89F.dip.t-dialin.net [217.228.248.159]
-header T_HELO_DYNAMIC_DIALIN X-Spam-Relays-Untrusted =~ / helo=[a-z][A-F0-9]+\.dip\./
+header T_HELO_DYNAMIC_DIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z][A-F0-9]+\.dip\./
# TODO:
# port-212-202-77-203.reverse.qsc.de [212.202.77.203]
Date: Sat Feb 7 20:56:16 2004
New Revision: 6583
Modified:
incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm
incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
Log:
redo T_HELO_DYNAMIC rules using last-untrusted semantics
Modified: incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm
==============================================================================
--- incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm (original)
+++ incubator/spamassassin/trunk/lib/Mail/SpamAssassin/Received.pm Sat Feb 7 20:56:16 2004
@@ -317,6 +317,9 @@
# be helpful; save some cumbersome typing
$self->{num_relays_trusted} = scalar (@{$self->{relays_trusted}});
$self->{num_relays_untrusted} = scalar (@{$self->{relays_untrusted}});
+
+ dbg ("metadata: X-Spam-Relays-Trusted: ".$self->{relays_trusted_str});
+ dbg ("metadata: X-Spam-Relays-Untrusted: ".$self->{relays_untrusted_str});
}
sub lookup_all_ips {
Modified: incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf (original)
+++ incubator/spamassassin/trunk/rules/70_cvs_rules_under_test.cf Sat Feb 7 20:56:16 2004
@@ -428,34 +428,39 @@
# Interesting new feature; spamware HELO'ing, from a dialup IP addr,
# using that IP's rDNS entry. We can catch this easily.
+#
+# Note the '^[^\]]+ ' stanza: this ensures that we only match spamware
+# connecting to a trusted relay; if a mail came from a dynamic addr but
+# was relayed through their smarthost, that's fine.
# dhcp024-210-034-053.columbus.rr.com [24.210.34.53]
# c-66-176-16-108.se.client2.attbi.com [66.176.16.108]
# c-67-168-174-61.client.comcast.net [67.168.174.61]
-header T_HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ / helo=[^\.]+\d+\D\d+\D\d+\D\d+\D[^\.]*\.\S+\.\S+/i
+# (require an alpha first, as legit HELO'ing-as-IP-address is hit otherwise)
+header T_HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z]\S*\d+\D\d+\D\d+\D\d+\D[^\.]*\.\S+\.\S+/i
# dhcp024-210-034-053.columbus.rr.com [24.210.34.53]
-header T_HELO_DYNAMIC_RR X-Spam-Relays-Untrusted =~ / helo=\S*(?:docsis|cable|dsl|adsl|dhcp|cpe)\S*\d+\D+\d+/i
+header T_HELO_DYNAMIC_RR X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*(?:docsis|cable|dsl|adsl|dhcp|cpe)\S*\d+\D+\d+/i
# fia83-8.dsl.hccnet.nl [62.251.8.83]
# fia160-115-100.dsl.hccnet.nl [80.100.115.160]
-header T_HELO_DYNAMIC_HCC X-Spam-Relays-Untrusted =~ / helo=\S*\d+\D+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i
+header T_HELO_DYNAMIC_HCC X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*\d+\D+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i
# f88114.upc-f.chello.nl [80.56.88.114]
-header T_HELO_DYNAMIC_CHELLO X-Spam-Relays-Untrusted =~ / helo=\S+upc-f\.chello\.nl/i
+header T_HELO_DYNAMIC_CHELLO X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+upc-f\.chello\.nl/i
# h0002a5d76857.ne.client2.attbi.com [65.96.12.59]
-header T_HELO_DYNAMIC_ATTBI X-Spam-Relays-Untrusted =~ / helo=\S+\d+\S+\.client2\.attbi\.com/i
+header T_HELO_DYNAMIC_ATTBI X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+\d+\S+\.client2\.attbi\.com/i
# pcp04024417pcs.toresd01.pa.comcast.net [68.86.206.126]
# bgp542174bgs.ewndsr01.nj.comcast.net[68.38.144.91]
-header T_HELO_DYNAMIC_COMCAST X-Spam-Relays-Untrusted =~ / helo=(?:pcp|bgp)\S+(?:pcs|bgs)\.comcast\.net/i
+header T_HELO_DYNAMIC_COMCAST X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=(?:pcp|bgp)\S+(?:pcs|bgs)\.comcast\.net/i
# CPE0004e2372711-CM000a73666706.cpe.net.cable.rogers.com
# CPE00e0184f0eba-CM014490118324.cpe.net.cable.rogers.com [24.43.109.140]
-header T_HELO_DYNAMIC_ROGERS X-Spam-Relays-Untrusted =~ / helo=CPE\d+\S+\.rogers\.com/i
+header T_HELO_DYNAMIC_ROGERS X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=CPE\d+\S+\.rogers\.com/i
# ca-morpark-cuda1-zone7-b-159.vnnyca.adelphia.net[67.23.129.159]
# tn-greenvillecuda1cable7a-36.atlaga.adelphia.net [68.171.113.36]
# ky-richmond2a-123.rhmdky.adelphia.net [68.71.36.123]
# ny-lackawannacadent4-chtwga3a-b-117.buf.adelphia.net [68.71.205.117]
# fl-edel-u2-c3c-233.pbc.adelphia.net [68.64.89.233]
-header T_HELO_DYNAMIC_ADELPHIA X-Spam-Relays-Untrusted =~ / helo=[a-z]{2}-\S+-\d{1,3}\.[a-z]{3,8}\.adelphia\.net/i
+header T_HELO_DYNAMIC_ADELPHIA X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z]{2}-\S+-\d{1,3}\.[a-z]{3,8}\.adelphia\.net/i
# pD9E4F89F.dip.t-dialin.net [217.228.248.159]
-header T_HELO_DYNAMIC_DIALIN X-Spam-Relays-Untrusted =~ / helo=[a-z][A-F0-9]+\.dip\./
+header T_HELO_DYNAMIC_DIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[a-z][A-F0-9]+\.dip\./
# TODO:
# port-212-202-77-203.reverse.qsc.de [212.202.77.203]