Author: jm
Date: Mon Nov 14 15:48:59 2005
New Revision: 344269
URL: http://svn.apache.org/viewcvs?rev=344269&view=rev
Log:
add another half-assed-C/R outfit
Modified:
spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
Modified: spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf?rev=344269&r1=344268&r2=344269&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf Mon Nov 14 15:48:59 2005
@@ -1,15 +1,16 @@
# A virus-bounce ruleset, suitable for use by anyone receiving a lot of joe-job
# or virus-blowback bounce messages.
#
-# if you use this, set up procmail or your mail app to spot the "BOUNCE_",
-# "CRBOUNCE_" or "VBOUNCE_" string in the X-Spam-Status line, and move messages
-# that match that to a 'vbounce' folder.
+# If you use this, set up procmail or your mail app to spot the
+# "BOUNCE_MESSAGE", "CRBOUNCE_MESSAGE" or "VBOUNCE_MESSAGE" rule hits in the
+# X-Spam-Status line, and move messages that match that to a 'vbounce' folder.
#
# This is substantially based on
# http://www.timj.co.uk/linux/bogus-virus-warnings.cf ; the main difference is
-# that I prefer to keep bounces and spam separate, so this ruleset uses the
-# rule-name-prefix trick instead of giving the rules high scores. There's
-# a couple of rules that were FPing, too, so I fixed or removed them.
+# that I prefer to keep bounces and spam separate, so this ruleset uses a
+# single rule for each type of message, instead of having multiple individual
+# rules with high scores. There's a couple of rules that were FPing, too, so I
+# fixed or removed them.
#
# NOTE: this is in development; it *will* currently discard all your bounces.
# haven't figured out a way to fix this nicely yet. be warned. (TODO)
@@ -78,11 +79,15 @@
header __CRBOUNCE_VANQ From =~ /<confirm-\S+\@spamguard\.vanquish\.com>/
header __CRBOUNCE_QURB Subject =~ /\[Qurb .\d+\]$/
+uri __CRBOUNCE_0SPAM1 /^http:\/\/www\.0spam\.com\/verify/
+uri __CRBOUNCE_0SPAM2 From:addr =~ /^verify@0spam.com$/
+meta __CRBOUNCE_0SPAM (__CRBOUNCE_0SPAM1 && __CRBOUNCE_0SPAM2)
+
header __AUTO_GEN_XBT exists:X-Boxtrapper
header __AUTO_GEN_BBTL exists:X-Bluebottle-Request
meta __CRBOUNCE_HEADER (__AUTO_GEN_XBT || __AUTO_GEN_BBTL)
-meta CRBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__CRBOUNCE_UOL || __CRBOUNCE_VERIF || __CRBOUNCE_RP || __CRBOUNCE_VANQ || __CRBOUNCE_HEADER || __CRBOUNCE_QURB))
+meta CRBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__CRBOUNCE_UOL || __CRBOUNCE_VERIF || __CRBOUNCE_RP || __CRBOUNCE_VANQ || __CRBOUNCE_HEADER || __CRBOUNCE_QURB || __CRBOUNCE_0SPAM))
describe CRBOUNCE_MESSAGE Challenge-response bounce message
score CRBOUNCE_MESSAGE 0.1
@@ -127,6 +132,7 @@
header __VBOUNCE_LUTHER From =~ /\blutherh\@stratcom.com\b/
header __VBOUNCE_AMAVISD Subject =~ /^VIRUS IN YOUR MAIL /i
body __VBOUNCE_AMAVISD2 /\bV I R U S\b/
+header __VBOUNCE_GSHIELD Subject =~ /^McAfee GroupShield Alert/
# off: got an FP in a simple forward
# rawbody __VBOUNCE_SUBJ_IN_MAIL /^\s*Subject:\s*(Re: )*((my|your) )?(application|details)/i
@@ -178,7 +184,7 @@
body __VBOUNCE_ATT_QUAR /\bThe attachment was quarantined\b/
body __VBOUNCE_SECURIQ /\bGROUP securiQ.Wall\b/
-meta VBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__VBOUNCE_WARNING || __VBOUNCE_MSGLABS || __VBOUNCE_EXIM || __VBOUNCE_GUIN || __VBOUNCE_CISCO || __VBOUNCE_SMTP || __VBOUNCE_AOL || __VBOUNCE_DUTCH || __VBOUNCE_MAILMARSHAL || __VBOUNCE_MAILMARSHAL2 || __VBOUNCE_NAVFAIL || __VBOUNCE_REJECTED || __VBOUNCE_NAV || __VBOUNCE_MELDING || __VBOUNCE_VALERT || __VBOUNCE_REJ_FILT || __VBOUNCE_YOUSENT || __VBOUNCE_MAILSWEEP || __VBOUNCE_SCREENSAVER || __VBOUNCE_DISALLOWED || __VBOUNCE_FROMPT || __VBOUNCE_WARNING || __VBOUNCE_DETECTED || __VBOUNCE_AUTOMATIC || __VBOUNCE_INTERSCAN || __VBOUNCE_VIOLATION || __VBOUNCE_ALERT || __VBOUNCE_NAV2 || __VBOUNCE_NAV3 || __VBOUNCE_INTERSCAN2 || __VBOUNCE_INTERSCAN3 || __VBOUNCE_ANTIGEN || __VBOUNCE_LUTHER || __VBOUNCE_AMAVISD || __VBOUNCE_AMAVISD2 || __VBOUNCE_SCANMAIL || __VBOUNCE_DOMINO1 || __VBOUNCE_DOMINO2 || __VBOUNCE_RAV || __VBOUNCE_ATTACHMENT0 || __VBOUNCE_AVREPORT0 || __VBOUNCE_SENDER || __VBOUNCE_MAILSWEEP2 || __VBOUNCE_MAILSWEEP3 || __VB
OUNCE_CLICKBANK || __VBOUNCE_FORBIDDEN || __VBOUNCE_MMS || __VBOUNCE_QUOTED_EXE || __VBOUNCE_MAJORDOMO_HELP || __VBOUNCE_AV_RESULTS || __VBOUNCE_EMVD || __VBOUNCE_UNDELIV || __VBOUNCE_BANNED_MAT || __VBOUNCE_NAV_DETECT || __VBOUNCE_DEL_WARN || __VBOUNCE_MIME_INFO || __VBOUNCE_EMAIL_REJ || __VBOUNCE_CONT_VIOL || __VBOUNCE_SYM_AVF || __VBOUNCE_SYM_EMP || __VBOUNCE_ATT_QUAR || __VBOUNCE_SECURIQ || __VBOUNCE_VIR_FOUND || __VBOUNCE_EMANAGER))
+meta VBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__VBOUNCE_WARNING || __VBOUNCE_MSGLABS || __VBOUNCE_EXIM || __VBOUNCE_GUIN || __VBOUNCE_CISCO || __VBOUNCE_SMTP || __VBOUNCE_AOL || __VBOUNCE_DUTCH || __VBOUNCE_MAILMARSHAL || __VBOUNCE_MAILMARSHAL2 || __VBOUNCE_NAVFAIL || __VBOUNCE_REJECTED || __VBOUNCE_NAV || __VBOUNCE_MELDING || __VBOUNCE_VALERT || __VBOUNCE_REJ_FILT || __VBOUNCE_YOUSENT || __VBOUNCE_MAILSWEEP || __VBOUNCE_SCREENSAVER || __VBOUNCE_DISALLOWED || __VBOUNCE_FROMPT || __VBOUNCE_WARNING || __VBOUNCE_DETECTED || __VBOUNCE_AUTOMATIC || __VBOUNCE_INTERSCAN || __VBOUNCE_VIOLATION || __VBOUNCE_ALERT || __VBOUNCE_NAV2 || __VBOUNCE_NAV3 || __VBOUNCE_INTERSCAN2 || __VBOUNCE_INTERSCAN3 || __VBOUNCE_ANTIGEN || __VBOUNCE_LUTHER || __VBOUNCE_AMAVISD || __VBOUNCE_AMAVISD2 || __VBOUNCE_SCANMAIL || __VBOUNCE_DOMINO1 || __VBOUNCE_DOMINO2 || __VBOUNCE_RAV || __VBOUNCE_GSHIELD || __VBOUNCE_ATTACHMENT0 || __VBOUNCE_AVREPORT0 || __VBOUNCE_SENDER || __VBOUNCE_MAILSWEEP2 || __VBOUN
CE_MAILSWEEP3 || __VBOUNCE_CLICKBANK || __VBOUNCE_FORBIDDEN || __VBOUNCE_MMS || __VBOUNCE_QUOTED_EXE || __VBOUNCE_MAJORDOMO_HELP || __VBOUNCE_AV_RESULTS || __VBOUNCE_EMVD || __VBOUNCE_UNDELIV || __VBOUNCE_BANNED_MAT || __VBOUNCE_NAV_DETECT || __VBOUNCE_DEL_WARN || __VBOUNCE_MIME_INFO || __VBOUNCE_EMAIL_REJ || __VBOUNCE_CONT_VIOL || __VBOUNCE_SYM_AVF || __VBOUNCE_SYM_EMP || __VBOUNCE_ATT_QUAR || __VBOUNCE_SECURIQ || __VBOUNCE_VIR_FOUND || __VBOUNCE_EMANAGER))
describe VBOUNCE_MESSAGE Virus bounce message
score VBOUNCE_MESSAGE 0.1
Date: Mon Nov 14 15:48:59 2005
New Revision: 344269
URL: http://svn.apache.org/viewcvs?rev=344269&view=rev
Log:
add another half-assed-C/R outfit
Modified:
spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
Modified: spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf
URL: http://svn.apache.org/viewcvs/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf?rev=344269&r1=344268&r2=344269&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf (original)
+++ spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf Mon Nov 14 15:48:59 2005
@@ -1,15 +1,16 @@
# A virus-bounce ruleset, suitable for use by anyone receiving a lot of joe-job
# or virus-blowback bounce messages.
#
-# if you use this, set up procmail or your mail app to spot the "BOUNCE_",
-# "CRBOUNCE_" or "VBOUNCE_" string in the X-Spam-Status line, and move messages
-# that match that to a 'vbounce' folder.
+# If you use this, set up procmail or your mail app to spot the
+# "BOUNCE_MESSAGE", "CRBOUNCE_MESSAGE" or "VBOUNCE_MESSAGE" rule hits in the
+# X-Spam-Status line, and move messages that match that to a 'vbounce' folder.
#
# This is substantially based on
# http://www.timj.co.uk/linux/bogus-virus-warnings.cf ; the main difference is
-# that I prefer to keep bounces and spam separate, so this ruleset uses the
-# rule-name-prefix trick instead of giving the rules high scores. There's
-# a couple of rules that were FPing, too, so I fixed or removed them.
+# that I prefer to keep bounces and spam separate, so this ruleset uses a
+# single rule for each type of message, instead of having multiple individual
+# rules with high scores. There's a couple of rules that were FPing, too, so I
+# fixed or removed them.
#
# NOTE: this is in development; it *will* currently discard all your bounces.
# haven't figured out a way to fix this nicely yet. be warned. (TODO)
@@ -78,11 +79,15 @@
header __CRBOUNCE_VANQ From =~ /<confirm-\S+\@spamguard\.vanquish\.com>/
header __CRBOUNCE_QURB Subject =~ /\[Qurb .\d+\]$/
+uri __CRBOUNCE_0SPAM1 /^http:\/\/www\.0spam\.com\/verify/
+uri __CRBOUNCE_0SPAM2 From:addr =~ /^verify@0spam.com$/
+meta __CRBOUNCE_0SPAM (__CRBOUNCE_0SPAM1 && __CRBOUNCE_0SPAM2)
+
header __AUTO_GEN_XBT exists:X-Boxtrapper
header __AUTO_GEN_BBTL exists:X-Bluebottle-Request
meta __CRBOUNCE_HEADER (__AUTO_GEN_XBT || __AUTO_GEN_BBTL)
-meta CRBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__CRBOUNCE_UOL || __CRBOUNCE_VERIF || __CRBOUNCE_RP || __CRBOUNCE_VANQ || __CRBOUNCE_HEADER || __CRBOUNCE_QURB))
+meta CRBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__CRBOUNCE_UOL || __CRBOUNCE_VERIF || __CRBOUNCE_RP || __CRBOUNCE_VANQ || __CRBOUNCE_HEADER || __CRBOUNCE_QURB || __CRBOUNCE_0SPAM))
describe CRBOUNCE_MESSAGE Challenge-response bounce message
score CRBOUNCE_MESSAGE 0.1
@@ -127,6 +132,7 @@
header __VBOUNCE_LUTHER From =~ /\blutherh\@stratcom.com\b/
header __VBOUNCE_AMAVISD Subject =~ /^VIRUS IN YOUR MAIL /i
body __VBOUNCE_AMAVISD2 /\bV I R U S\b/
+header __VBOUNCE_GSHIELD Subject =~ /^McAfee GroupShield Alert/
# off: got an FP in a simple forward
# rawbody __VBOUNCE_SUBJ_IN_MAIL /^\s*Subject:\s*(Re: )*((my|your) )?(application|details)/i
@@ -178,7 +184,7 @@
body __VBOUNCE_ATT_QUAR /\bThe attachment was quarantined\b/
body __VBOUNCE_SECURIQ /\bGROUP securiQ.Wall\b/
-meta VBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__VBOUNCE_WARNING || __VBOUNCE_MSGLABS || __VBOUNCE_EXIM || __VBOUNCE_GUIN || __VBOUNCE_CISCO || __VBOUNCE_SMTP || __VBOUNCE_AOL || __VBOUNCE_DUTCH || __VBOUNCE_MAILMARSHAL || __VBOUNCE_MAILMARSHAL2 || __VBOUNCE_NAVFAIL || __VBOUNCE_REJECTED || __VBOUNCE_NAV || __VBOUNCE_MELDING || __VBOUNCE_VALERT || __VBOUNCE_REJ_FILT || __VBOUNCE_YOUSENT || __VBOUNCE_MAILSWEEP || __VBOUNCE_SCREENSAVER || __VBOUNCE_DISALLOWED || __VBOUNCE_FROMPT || __VBOUNCE_WARNING || __VBOUNCE_DETECTED || __VBOUNCE_AUTOMATIC || __VBOUNCE_INTERSCAN || __VBOUNCE_VIOLATION || __VBOUNCE_ALERT || __VBOUNCE_NAV2 || __VBOUNCE_NAV3 || __VBOUNCE_INTERSCAN2 || __VBOUNCE_INTERSCAN3 || __VBOUNCE_ANTIGEN || __VBOUNCE_LUTHER || __VBOUNCE_AMAVISD || __VBOUNCE_AMAVISD2 || __VBOUNCE_SCANMAIL || __VBOUNCE_DOMINO1 || __VBOUNCE_DOMINO2 || __VBOUNCE_RAV || __VBOUNCE_ATTACHMENT0 || __VBOUNCE_AVREPORT0 || __VBOUNCE_SENDER || __VBOUNCE_MAILSWEEP2 || __VBOUNCE_MAILSWEEP3 || __VB
OUNCE_CLICKBANK || __VBOUNCE_FORBIDDEN || __VBOUNCE_MMS || __VBOUNCE_QUOTED_EXE || __VBOUNCE_MAJORDOMO_HELP || __VBOUNCE_AV_RESULTS || __VBOUNCE_EMVD || __VBOUNCE_UNDELIV || __VBOUNCE_BANNED_MAT || __VBOUNCE_NAV_DETECT || __VBOUNCE_DEL_WARN || __VBOUNCE_MIME_INFO || __VBOUNCE_EMAIL_REJ || __VBOUNCE_CONT_VIOL || __VBOUNCE_SYM_AVF || __VBOUNCE_SYM_EMP || __VBOUNCE_ATT_QUAR || __VBOUNCE_SECURIQ || __VBOUNCE_VIR_FOUND || __VBOUNCE_EMANAGER))
+meta VBOUNCE_MESSAGE (!MY_SERVERS_FOUND && (__VBOUNCE_WARNING || __VBOUNCE_MSGLABS || __VBOUNCE_EXIM || __VBOUNCE_GUIN || __VBOUNCE_CISCO || __VBOUNCE_SMTP || __VBOUNCE_AOL || __VBOUNCE_DUTCH || __VBOUNCE_MAILMARSHAL || __VBOUNCE_MAILMARSHAL2 || __VBOUNCE_NAVFAIL || __VBOUNCE_REJECTED || __VBOUNCE_NAV || __VBOUNCE_MELDING || __VBOUNCE_VALERT || __VBOUNCE_REJ_FILT || __VBOUNCE_YOUSENT || __VBOUNCE_MAILSWEEP || __VBOUNCE_SCREENSAVER || __VBOUNCE_DISALLOWED || __VBOUNCE_FROMPT || __VBOUNCE_WARNING || __VBOUNCE_DETECTED || __VBOUNCE_AUTOMATIC || __VBOUNCE_INTERSCAN || __VBOUNCE_VIOLATION || __VBOUNCE_ALERT || __VBOUNCE_NAV2 || __VBOUNCE_NAV3 || __VBOUNCE_INTERSCAN2 || __VBOUNCE_INTERSCAN3 || __VBOUNCE_ANTIGEN || __VBOUNCE_LUTHER || __VBOUNCE_AMAVISD || __VBOUNCE_AMAVISD2 || __VBOUNCE_SCANMAIL || __VBOUNCE_DOMINO1 || __VBOUNCE_DOMINO2 || __VBOUNCE_RAV || __VBOUNCE_GSHIELD || __VBOUNCE_ATTACHMENT0 || __VBOUNCE_AVREPORT0 || __VBOUNCE_SENDER || __VBOUNCE_MAILSWEEP2 || __VBOUN
CE_MAILSWEEP3 || __VBOUNCE_CLICKBANK || __VBOUNCE_FORBIDDEN || __VBOUNCE_MMS || __VBOUNCE_QUOTED_EXE || __VBOUNCE_MAJORDOMO_HELP || __VBOUNCE_AV_RESULTS || __VBOUNCE_EMVD || __VBOUNCE_UNDELIV || __VBOUNCE_BANNED_MAT || __VBOUNCE_NAV_DETECT || __VBOUNCE_DEL_WARN || __VBOUNCE_MIME_INFO || __VBOUNCE_EMAIL_REJ || __VBOUNCE_CONT_VIOL || __VBOUNCE_SYM_AVF || __VBOUNCE_SYM_EMP || __VBOUNCE_ATT_QUAR || __VBOUNCE_SECURIQ || __VBOUNCE_VIR_FOUND || __VBOUNCE_EMANAGER))
describe VBOUNCE_MESSAGE Virus bounce message
score VBOUNCE_MESSAGE 0.1