Mailing List Archive

svn commit: rev 6840 - incubator/spamassassin/trunk/rules
Author: quinlan
Date: Mon Feb 23 20:49:52 2004
New Revision: 6840

Modified:
incubator/spamassassin/trunk/rules/20_head_tests.cf
incubator/spamassassin/trunk/rules/20_html_tests.cf
incubator/spamassassin/trunk/rules/20_phrases.cf
incubator/spamassassin/trunk/rules/20_uri_tests.cf
incubator/spamassassin/trunk/rules/50_scores.cf
incubator/spamassassin/trunk/rules/70_testing.cf
Log:
promote, delete, promote, delete


Modified: incubator/spamassassin/trunk/rules/20_head_tests.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_head_tests.cf (original)
+++ incubator/spamassassin/trunk/rules/20_head_tests.cf Mon Feb 23 20:49:52 2004
@@ -300,6 +300,10 @@
header FAKED_IP_IN_RCVD Received =~ /from [-0-9a-z\._]+_\[\d+\.\d+\.\d+\.\d+\] /i
describe FAKED_IP_IN_RCVD Received: contains a name with a faked IP-address

+# no legit mailer claims that their mailserver has no name
+header RCVD_BY_IP Received =~ /from \S+ \[\S+\] by [0-9\.]+ with ESMTP id/
+describe RCVD_BY_IP Received by mail server with no name
+
header SMTPD_IN_RCVD Received =~ /\(SMTPD32-\d+\..+\)/
describe SMTPD_IN_RCVD Received via SMTPD32 server (SMTPD32-n.n)


Modified: incubator/spamassassin/trunk/rules/20_html_tests.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_html_tests.cf (original)
+++ incubator/spamassassin/trunk/rules/20_html_tests.cf Mon Feb 23 20:49:52 2004
@@ -331,7 +331,10 @@
body HTML_TITLE_EMPTY eval:html_title('!~ /\S/s')
describe HTML_TITLE_EMPTY HTML title contains no text

-body HTML_TITLE_UNTITLED eval:html_title('=~ /untitled/i')
+body HTML_TITLE_EXTRA eval:html_test('title_extra')
+describe HTML_TITLE_EXTRA HTML has more than one title
+
+body HTML_TITLE_UNTITLED eval:html_title('=~ /untitled|new page \d+/i')
describe HTML_TITLE_UNTITLED HTML title contains "Untitled"

###########################################################################

Modified: incubator/spamassassin/trunk/rules/20_phrases.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_phrases.cf (original)
+++ incubator/spamassassin/trunk/rules/20_phrases.cf Mon Feb 23 20:49:52 2004
@@ -1004,4 +1004,5 @@
body SEE_FOR_YOURSELF /See (?:for|it|it for) yourself\b/i
describe SEE_FOR_YOURSELF See for yourself

-
+body DEEP_DISC_MEDS /\bdeep discount med(?:s|ications)\b/i
+describe DEEP_DISC_MEDS Deep discount medications

Modified: incubator/spamassassin/trunk/rules/20_uri_tests.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/20_uri_tests.cf (original)
+++ incubator/spamassassin/trunk/rules/20_uri_tests.cf Mon Feb 23 20:49:52 2004
@@ -133,8 +133,14 @@
uri HTTP_ENTITIES_HOST m{https?://[^\s\">/]*\&\#[\da-f]+}i
describe HTTP_ENTITIES_HOST URI obscured with character entities

-uri YAHOO_REDIR /^https?\:\/\/rd\.yahoo\.com\/(?:[0-9]{4,}|partner\b|dir\b)/i
-describe YAHOO_REDIR Has Yahoo Redirect URI
+uri YAHOO_RD_REDIR m{^https?\://rd\.yahoo\.com/(?:[0-9]{4,}|partner\b|dir\b)}i
+describe YAHOO_RD_REDIR Has Yahoo Redirect URI
+
+uri YAHOO_SRD_REDIR m{^https?://.*\bsrd\.yahoo\.com/}i
+describe YAHOO_SRD_REDIR Has Yahoo Redirect URI
+
+uri YAHOO_DRS_REDIR m{^https?://drs\.yahoo\.com/}i
+describe YAHOO_DRS_REDIR Has Yahoo Redirect URI

uri MORTGAGE_LINKS /(?:^https?\:\/\/|^mailto\:).{0,20}(?:low|about)mortgage/i
describe MORTGAGE_LINKS Message has link to mortgage URI

Modified: incubator/spamassassin/trunk/rules/50_scores.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/50_scores.cf (original)
+++ incubator/spamassassin/trunk/rules/50_scores.cf Mon Feb 23 20:49:52 2004
@@ -617,7 +617,7 @@
score X_PRECEDENCE_REF 2.900 2.800 2.800 2.700
score X_PRI_MISMATCH_HI 2.900 2.800 2.800 2.700
score X_X_PRESENT 2.900 2.800 2.800 2.700
-score YAHOO_REDIR 4.300 2.621 4.100 4.100
+score YAHOO_RD_REDIR 4.300 2.621 4.100 4.100
score YOU_CAN_SEARCH 2.900 2.800 2.800 2.700
score ONCE_IN_LIFETIME 0.001
score HTML_SHOUTING4 0.001 0.309 0.001 0.001

Modified: incubator/spamassassin/trunk/rules/70_testing.cf
==============================================================================
--- incubator/spamassassin/trunk/rules/70_testing.cf (original)
+++ incubator/spamassassin/trunk/rules/70_testing.cf Mon Feb 23 20:49:52 2004
@@ -157,17 +157,8 @@
body T_ENTITY_OTHER2_B /\&\#(?:33|39|40|46|47)\;/
meta T_ENTITY_OTHER2_M (T_ENTITY_OTHER2_R || T_ENTITY_OTHER2_B)

-########################################################################
-# HTML title rules
-
-# this won't work well until we parse HTML documents separately
-body T_HTML_TITLE_EXTRA eval:html_test('title_extra')
-
-# possible replacement rules
-body T_HTML_TITLE_UNTITLED_2 eval:html_title('=~ /new page \d+/i')
-body T_HTML_TITLE_UNTITLED_3 eval:html_title('=~ /untitled|new page \d+/i')
-
-# according to the postmaster at qualcomm, no mail is sent from eudora.com, but it's heavily joe-jobbed ...
+# according to the postmaster at qualcomm, no mail is sent from
+eudora.com, but it's heavily joe-jobbed ...
header T_FROM_EUDORA From:addr =~ /\@eudora\.com/i

# similar concept for Delphi.com. Was an ISP, now a car company!
@@ -178,27 +169,7 @@

body T_RANDO_MIZE /\$RAN[DOMI]*\s+[DOMI]*ZE/

-# more open Yahoo! redirectors
-uri T_YAHOO_SRD_REDIR_1 m{^http://srd\.yahoo\.com/}i
-uri T_YAHOO_SRD_REDIR_2 m{^http://srd\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_SRD_REDIR_3 m{^http://(\S+\.)*srd\.yahoo\.com/}i
-uri T_YAHOO_SRD_REDIR_4 m{^http://(\S+\.)*srd\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_SRD_REDIR_5 m{^http://.*\bsrd\.yahoo\.com/}i
-uri T_YAHOO_SRD_REDIR_6 m{^http://.*\bsrd\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_DRS_REDIR_1 m{^http://drs\.yahoo\.com/}i
-uri T_YAHOO_DRS_REDIR_2 m{^http://drs\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_DRS_REDIR_3 m{^http://(\S+\.)*drs\.yahoo\.com/}i
-uri T_YAHOO_DRS_REDIR_4 m{^http://(\S+\.)*drs\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_DRS_REDIR_5 m{^http://.*\bdrs\.yahoo\.com/}i
-uri T_YAHOO_DRS_REDIR_6 m{^http://.*\bdrs\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_RD_REDIR_1 m{^http://rd\.yahoo\.com/}i
-uri T_YAHOO_RD_REDIR_2 m{^http://rd\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_RD_REDIR_3 m{^http://(\S+\.)*rd\.yahoo\.com/}i
-uri T_YAHOO_RD_REDIR_4 m{^http://(\S+\.)*rd\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-uri T_YAHOO_RD_REDIR_5 m{^http://.*\brd\.yahoo\.com/}i
-uri T_YAHOO_RD_REDIR_6 m{^http://.*\brd\.yahoo\.com/.*(?:[^:/?\#]+)://}i
-
-# good Yahoo! forgery rule, but is it going to be stable?
+# great Yahoo! forgery rule, but is it going to be stable?
header __YAHOO_MSGID Message-ID =~ /\@yahoo\.com>/i
header __YAHOO_BEGINNING Message-ID =~ /<\S+(?:\.\S+|\.\S+\.\S+\.\S+)\@/
meta T_FORGED_YAHOO_MSGID (__YAHOO_MSGID && !__YAHOO_BEGINNING)
@@ -495,21 +466,11 @@
header T_SUBJ_SOMA Subject =~ /s.{0,2}o.{0,2}m.{0,2}a/i
header T_SUBJ_PHENTER Subject =~ /p.{0,2}h.{0,6}t.{0,2}e.{0,2}r.{0,2}m/i

-# No legit mailer claims that their mailserver has no name.
-# However, one build of the T_MSGID_EVIL_SPAM_1 ratware does.
-header T_RCVD_BY_IP Received =~ /from \S+ \[\S+\] by [0-9\.]+ with ESMTP id/
-
-# this ratware forges dates in 2002! Also a T_MSGID_EVIL_SPAM_1
-# variant
-header T_RCVD_ESMTP_IN_TIMEWARP Received =~ /with ESMTP id <\d+-\d+>; \S\S\S, *\d+ \S\S\S 2002 \d\d:\d\d:\d\d [-+]/
-
# partial messages; currently-theoretical attack
header T_FRAGMENTED_MESSAGE Content-Type =~ /message\/partial/i

# affiliateid, aff_id, aff_sub_id etc.
uri T_URI_AFFILIATE /aff\w+id=/i
-
-body T_DEEP_DISC_MEDS /\bdeep discount med(?:s|ications)\b/i

# Al Iverson reports: "forged, now no longer in use"
header T_REGSOFT Received =~ /hd\.regsoft\.net/i