http://bugzilla.spamassassin.org/show_bug.cgi?id=4054
Summary: airmax.cf rules
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
URL: http://airmex.nerim.net/rule-get/airmax.cf
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules (Eval Tests)
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Daniel Quinlan <[EMAIL PROTECTED]> asked me contribution for some of my
rules. As he asked me, i'm filing a new bug report with my rules.
Original rules I wrote are :
header GMANE_INJECTED X-Injected-Via-Gmane =~ /http:\/\/gmane.org\//
describe GMANE_INJECTED Header : Injected Via Gmane
score GMANE_INJECTED -1.5
tflags GMANE_INJECTED nice
header __GMANE_LOOM User-Agent =~ /^Loom/
header __FORGED_YAHOO_RCVD eval:check_for_forged_yahoo_received_headers()
meta FORGED_YAHOO_RCVD (__FORGED_YAHOO_RCVD && ! GMANE_INJECTED && !
__GMANE_LOOM)
# Seems like spammers never learned what is a charset. But I did.
full __ISO_8859 /charset=\"?iso-8859-\d{1,2}\"?/
full __ISO_CHARSET /charset=\"?iso-\d{4}-\d{1,2}\"?/
meta BAD_ISO_CHARSET (__ISO_CHARSET && ! __ISO_8859 )
describe BAD_ISO_CHARSET Announced ISO charset might not exist.
lang fr describe BAD_ISO_CHARSET Le jeu de caract�re annonc� n'existe
probablement pas.
score BAD_ISO_CHARSET 2.5
header __HOTMAIL_FROM From =~ /hotmail\.com/
header __HOTMAIL_RCVD Received =~/hotmail\.com/
header __HOTMAIL_SMTPSVC Received =~ / with Microsoft SMTPSVC;/
header __HOTMAIL_OIP X-Originating-IP =~
/[(\d{1,3}\.){3}\d{1,3}]/
meta __HOTMAIL_LOOKLIKE __RECEIVED_DAV && __HOTMAIL_FROM &&
__HOTMAIL_RCVD &&
__HOTMAIL_SMTPSVC && __HOTMAIL_OIP
header __RECEIVED_DAV Received =~ / with DAV;/
meta RECEIVED_DAV __RECEIVED_DAV && (!
__HOTMAIL_LOOKLIKE)
score RECEIVED_DAV 2.5
Proposed rules are :
# rules from airmax.cf
# question: do FORGED_YAHOO_RCVD false positives match either of these rules?
header __GMANE_INJECTED X-Injected-Via-Gmane =~ /http:\/\/gmane.org\//
header __GMANE_LOOM User-Agent =~ /^Loom/
header __FORGED_YAHOO_RCVD eval:check_for_forged_yahoo_received_headers()
meta T_FORGED_YAHOO_RCVD2 (__FORGED_YAHOO_RCVD && !GMANE_INJECTED &&
!__GMANE_LOOM)
# another rule from airmax.cf
full __ISO_8859 /charset=\"?iso-8859-\d{1,2}\"?/
full __ISO_CHARSET /charset=\"?iso-\d{4}-\d{1,2}\"?/
meta T_BAD_ISO_CHARSET (__ISO_CHARSET && !__ISO_8859)
# variant
full __ISO_8859_I /charset=\"?iso-8859-\d{1,2}\"?/i
full __ISO_CHARSET_I /charset=\"?iso-\d{4}-\d{1,2}\"?/i
meta T_BAD_ISO_CHARSET_I (__ISO_CHARSET_I && !__ISO_8859_I)
# HOTMAIL rules from airmax.cf
header __HOTMAIL_FROM From =~ /hotmail\.com/
header __HOTMAIL_RCVD Received =~/hotmail\.com/
header __HOTMAIL_SMTPSVC Received =~ / with Microsoft SMTPSVC;/
header __HOTMAIL_OIP X-Originating-IP =~ /[(\d{1,3}\.){3}\d{1,3}]/
header __RECEIVED_DAV Received =~ / with DAV;/
meta __HOTMAIL_LOOKLIKE __RECEIVED_DAV && __HOTMAIL_FROM &&
__HOTMAIL_RCVD && __HOTMAIL_SMTPSVC && __HOTMAIL_OIP
meta T_RECEIVED_DAV __RECEIVED_DAV && !__HOTMAIL_LOOKLIKE
(To answer the question : most FORGED_YAHOO_RCVD false positives I had matched
the Gmane rule)
Daniel also found the RATWR8_MESSID rule was interesting, but unfortunately I
just improved it, half the credit belongs to someone from SARE.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
