20_misc.cf

giovanni Tue, 14 Jan 2025 06:05:09 -0800

On 1/14/25 1:59 PM, fke...@apache.org wrote:

Author: fkento
Date: Tue Jan 14 12:59:50 2025
New Revision: 1923130


URL: http://svn.apache.org/viewvc?rev=1923130&view=rev
Log:
Allow uri-detail rules in sandbox

as per Mail::SpamAssassin::Plugin::URIDetail man page, it's uri_detail, not 
uri-detail.
 Giovanni

Modified:
     spamassassin/trunk/build/parse-rules-for-masses
     spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf

Modified: spamassassin/trunk/build/parse-rules-for-masses
URL: 
http://svn.apache.org/viewvc/spamassassin/trunk/build/parse-rules-for-masses?rev=1923130&r1=1923129&r2=1923130&view=diff
==============================================================================
--- spamassassin/trunk/build/parse-rules-for-masses (original)
+++ spamassassin/trunk/build/parse-rules-for-masses Tue Jan 14 12:59:50 2025
@@ -101,7 +101,7 @@ sub readrules {
            $lang = $1;
          }

- if (/^(header|rawbody|body|full|uri|askdns|meta|mimeheader|reuse)\s+(\S+)\s+(.*)$/) {

+        if 
(/^(header|rawbody|body|full|uri|uri-detail|askdns|meta|mimeheader|reuse)\s+(\S+)\s+(.*)$/)
 {
            my $type = $1;
            my $name = $2;
            my $val = $3;

Modified: spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf
URL: 
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf?rev=1923130&r1=1923129&r2=1923130&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf Tue Jan 14 12:59:50 
2025
@@ -1,11 +1,31 @@
-
-# uri-detail    MXG_EMAIL_FRAG  raw =~ 
/^http.*\#[a-zA-Z0-9](?:[a-zA-Z0-9\+\_\=\.\-]*[a-zA-Z0-9])?@(?:[a-z0-9_](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/i
 domain !~ /^typeform\.com$/
-# score         MXG_EMAIL_FRAG  0.1
-# describe      MXG_EMAIL_FRAG  URI with email in fragment
-
-# uri-detail    MXG_BING_REDIR_SUSP  raw =~ 
/^https?:\/\/(www\.)?bing\.com(:443)?\/ck\//i text =~ 
/\b(cache|documents?|messages?|now|password|preview|refill|refuel|review|update|verify|view)\b/i
-# score         MXG_BING_REDIR_SUSP  0.1
-# describe      MXG_BING_REDIR_SUSP  Suspicious Bing redirect
+ifplugin Mail::SpamAssassin::Plugin::URIDetail
+    uri-detail    MXG_EMAIL_FRAG  raw =~ 
/^http.*\#[a-zA-Z0-9](?:[a-zA-Z0-9\_\.\-]*[a-zA-Z0-9])?@(?:[a-z0-9_](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/i
+    score         MXG_EMAIL_FRAG  0.1
+    describe      MXG_EMAIL_FRAG  URI with email in fragment
+
+    uri-detail    MXG_BING_REDIR_SUSP  raw =~ 
/^https?:\/\/(www\.)?bing\.com(:443)?\/ck\//i text =~ 
/\b(cache|documents?|messages?|now|password|preview|refill|refuel|review|update|verify|view)\b/i
+    score         MXG_BING_REDIR_SUSP  0.1
+    describe      MXG_BING_REDIR_SUSP  Suspicious Bing redirect
+
+    uri-detail    __MXG_UNSUB_LINK01  text =~ /unsubscribe|opt[\s-]out/i
+    uri           __MXG_UNSUB_LINK02  /\b(?:unsub|opt(?:ing)?.?out)\b/i
+    rawbody       __MXG_UNSUB_LINK03  /click here<\/a> to unsubscribe/i
+    meta          __MXG_UNSUB_LINK  __MXG_UNSUB_LINK01 || __MXG_UNSUB_LINK02 
|| __MXG_UNSUB_LINK03
+    describe      __MXG_UNSUB_LINK  Contains an unsubscribe link
+
+    header        __MXG_LOWER_HDR  ALL:raw =~ /^(from|to|subject):\s/m
+    score         __MXG_LOWER_HDR  0.1
+    describe      __MXG_LOWER_HDR  lower case header
+
+    meta          MXG_LOWER_HDR_SPAM  (FREEMAIL_FROM || (__FROM_RUNON && 
__MXG_UNSUB_LINK)) && __MXG_LOWER_HDR
+    score         MXG_LOWER_HDR_SPAM  0.1
+    describe      MXG_LOWER_HDR_SPAM  Lower case header spam
+endif
+
+uri           __MXG_GOOGLE_FOREIGN_REDIR01  
/https?:\/\/(www\.)?google\.(com?\.)?\w\w(?<!ca|uk|za)(?<!%{MXG_FROM_TLD})\/(url|amp)/i
+meta          MXG_GOOGLE_FOREIGN_REDIR  __MXG_GOOGLE_FOREIGN_REDIR01 && 
!__MXG_NOT_ENGLISH
+score         MXG_GOOGLE_FOREIGN_REDIR  5.000
+describe      MXG_GOOGLE_FOREIGN_REDIR  Foreign Google redirect

header __MXG_SPOOFED_DOCUSIGN01 From:name =~ /docusign/i

  header        __MXG_SPOOFED_DOCUSIGN02  Received =~ /\bdocusign\.(com|net)\s/i
@@ -40,17 +60,3 @@ body         __MXG_PHONE_OBFU01  /\b[1I]
  meta          __MXG_PHONE_OBFU  __MXG_PHONE_OBFU01 && !__MXG_HAS_PHONE
  score         __MXG_PHONE_OBFU  0.1
  describe      __MXG_PHONE_OBFU  Attempt to obfuscate a phone number
-
-# meta          MXG_LOWER_HDR_SPAM  (FREEMAIL_FROM || (__FROM_RUNON && 
__MXG_UNSUB_LINK)) && __MXG_LOWER_HDR
-# score         MXG_LOWER_HDR_SPAM  0.1
-# describe      MXG_LOWER_HDR_SPAM  Lower case header spam
-
-# uri-detail    __MXG_UNSUB_LINK01  text =~ /unsubscribe|opt[\s-]out/i
-# uri           __MXG_UNSUB_LINK02  /\b(?:unsub|opt(?:ing)?.?out)\b/i
-# rawbody       __MXG_UNSUB_LINK03  /click here<\/a> to unsubscribe/i
-# meta          __MXG_UNSUB_LINK  __MXG_UNSUB_LINK01 || __MXG_UNSUB_LINK02 || 
__MXG_UNSUB_LINK03
-# describe      __MXG_UNSUB_LINK  Contains an unsubscribe link
-
-header        __MXG_LOWER_HDR  ALL:raw =~ /^(from|to|subject):\s/m
-score         __MXG_LOWER_HDR  0.1
-describe      __MXG_LOWER_HDR  lower case header

OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: svn commit: r1923130 - in /spamassassin/trunk: build/parse-rules-for-masses rulesrc/sandbox/fkento/20_misc.cf

Reply via email to