On 1/14/25 1:59 PM, fke...@apache.org wrote:
Author: fkento Date: Tue Jan 14 12:59:50 2025 New Revision: 1923130URL: http://svn.apache.org/viewvc?rev=1923130&view=rev Log: Allow uri-detail rules in sandbox
as per Mail::SpamAssassin::Plugin::URIDetail man page, it's uri_detail, not uri-detail. Giovanni
Modified: spamassassin/trunk/build/parse-rules-for-masses spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf Modified: spamassassin/trunk/build/parse-rules-for-masses URL: http://svn.apache.org/viewvc/spamassassin/trunk/build/parse-rules-for-masses?rev=1923130&r1=1923129&r2=1923130&view=diff ============================================================================== --- spamassassin/trunk/build/parse-rules-for-masses (original) +++ spamassassin/trunk/build/parse-rules-for-masses Tue Jan 14 12:59:50 2025 @@ -101,7 +101,7 @@ sub readrules { $lang = $1; }- if (/^(header|rawbody|body|full|uri|askdns|meta|mimeheader|reuse)\s+(\S+)\s+(.*)$/) {+ if (/^(header|rawbody|body|full|uri|uri-detail|askdns|meta|mimeheader|reuse)\s+(\S+)\s+(.*)$/) { my $type = $1; my $name = $2; my $val = $3; Modified: spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf?rev=1923130&r1=1923129&r2=1923130&view=diff ============================================================================== --- spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf (original) +++ spamassassin/trunk/rulesrc/sandbox/fkento/20_misc.cf Tue Jan 14 12:59:50 2025 @@ -1,11 +1,31 @@ - -# uri-detail MXG_EMAIL_FRAG raw =~ /^http.*\#[a-zA-Z0-9](?:[a-zA-Z0-9\+\_\=\.\-]*[a-zA-Z0-9])?@(?:[a-z0-9_](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/i domain !~ /^typeform\.com$/ -# score MXG_EMAIL_FRAG 0.1 -# describe MXG_EMAIL_FRAG URI with email in fragment - -# uri-detail MXG_BING_REDIR_SUSP raw =~ /^https?:\/\/(www\.)?bing\.com(:443)?\/ck\//i text =~ /\b(cache|documents?|messages?|now|password|preview|refill|refuel|review|update|verify|view)\b/i -# score MXG_BING_REDIR_SUSP 0.1 -# describe MXG_BING_REDIR_SUSP Suspicious Bing redirect +ifplugin Mail::SpamAssassin::Plugin::URIDetail + uri-detail MXG_EMAIL_FRAG raw =~ /^http.*\#[a-zA-Z0-9](?:[a-zA-Z0-9\_\.\-]*[a-zA-Z0-9])?@(?:[a-z0-9_](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/i + score MXG_EMAIL_FRAG 0.1 + describe MXG_EMAIL_FRAG URI with email in fragment + + uri-detail MXG_BING_REDIR_SUSP raw =~ /^https?:\/\/(www\.)?bing\.com(:443)?\/ck\//i text =~ /\b(cache|documents?|messages?|now|password|preview|refill|refuel|review|update|verify|view)\b/i + score MXG_BING_REDIR_SUSP 0.1 + describe MXG_BING_REDIR_SUSP Suspicious Bing redirect + + uri-detail __MXG_UNSUB_LINK01 text =~ /unsubscribe|opt[\s-]out/i + uri __MXG_UNSUB_LINK02 /\b(?:unsub|opt(?:ing)?.?out)\b/i + rawbody __MXG_UNSUB_LINK03 /click here<\/a> to unsubscribe/i + meta __MXG_UNSUB_LINK __MXG_UNSUB_LINK01 || __MXG_UNSUB_LINK02 || __MXG_UNSUB_LINK03 + describe __MXG_UNSUB_LINK Contains an unsubscribe link + + header __MXG_LOWER_HDR ALL:raw =~ /^(from|to|subject):\s/m + score __MXG_LOWER_HDR 0.1 + describe __MXG_LOWER_HDR lower case header + + meta MXG_LOWER_HDR_SPAM (FREEMAIL_FROM || (__FROM_RUNON && __MXG_UNSUB_LINK)) && __MXG_LOWER_HDR + score MXG_LOWER_HDR_SPAM 0.1 + describe MXG_LOWER_HDR_SPAM Lower case header spam +endif + +uri __MXG_GOOGLE_FOREIGN_REDIR01 /https?:\/\/(www\.)?google\.(com?\.)?\w\w(?<!ca|uk|za)(?<!%{MXG_FROM_TLD})\/(url|amp)/i +meta MXG_GOOGLE_FOREIGN_REDIR __MXG_GOOGLE_FOREIGN_REDIR01 && !__MXG_NOT_ENGLISH +score MXG_GOOGLE_FOREIGN_REDIR 5.000 +describe MXG_GOOGLE_FOREIGN_REDIR Foreign Google redirectheader __MXG_SPOOFED_DOCUSIGN01 From:name =~ /docusign/iheader __MXG_SPOOFED_DOCUSIGN02 Received =~ /\bdocusign\.(com|net)\s/i @@ -40,17 +60,3 @@ body __MXG_PHONE_OBFU01 /\b[1I] meta __MXG_PHONE_OBFU __MXG_PHONE_OBFU01 && !__MXG_HAS_PHONE score __MXG_PHONE_OBFU 0.1 describe __MXG_PHONE_OBFU Attempt to obfuscate a phone number - -# meta MXG_LOWER_HDR_SPAM (FREEMAIL_FROM || (__FROM_RUNON && __MXG_UNSUB_LINK)) && __MXG_LOWER_HDR -# score MXG_LOWER_HDR_SPAM 0.1 -# describe MXG_LOWER_HDR_SPAM Lower case header spam - -# uri-detail __MXG_UNSUB_LINK01 text =~ /unsubscribe|opt[\s-]out/i -# uri __MXG_UNSUB_LINK02 /\b(?:unsub|opt(?:ing)?.?out)\b/i -# rawbody __MXG_UNSUB_LINK03 /click here<\/a> to unsubscribe/i -# meta __MXG_UNSUB_LINK __MXG_UNSUB_LINK01 || __MXG_UNSUB_LINK02 || __MXG_UNSUB_LINK03 -# describe __MXG_UNSUB_LINK Contains an unsubscribe link - -header __MXG_LOWER_HDR ALL:raw =~ /^(from|to|subject):\s/m -score __MXG_LOWER_HDR 0.1 -describe __MXG_LOWER_HDR lower case header
OpenPGP_signature.asc
Description: OpenPGP digital signature