spamassassin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r627945 - /spamassassin/rules/trunk/sandbox/dos/70_other.cf
Date Fri, 15 Feb 2008 04:47:17 GMT
Author: dos
Date: Thu Feb 14 20:47:17 2008
New Revision: 627945

URL: http://svn.apache.org/viewvc?rev=627945&view=rev
Log:
sandbox: more variations on DOS_RCVD_IP_TWICE

Modified:
    spamassassin/rules/trunk/sandbox/dos/70_other.cf

Modified: spamassassin/rules/trunk/sandbox/dos/70_other.cf
URL: http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/dos/70_other.cf?rev=627945&r1=627944&r2=627945&view=diff
==============================================================================
--- spamassassin/rules/trunk/sandbox/dos/70_other.cf (original)
+++ spamassassin/rules/trunk/sandbox/dos/70_other.cf Thu Feb 14 20:47:17 2008
@@ -238,9 +238,15 @@
 header DOS_FORGED_RCVD_QUADS    ALL-EXTERNAL =~ /(?:^|\n)Received:\s+from \[(\d{2,3}\.\d{1,3}.\d{1,3}\.\d{1,3})\]
.+\nReceived:\s+from \[\1\] by \S+; /
 describe DOS_FORGED_RCVD_QUADS  Probable forged received header
 
-# 20080213 - generic DOS_FORGED_RCVD_QUADS
-header DOS_RCVD_IP_TWICE	X-Spam-Relays-External =~ /\[ ip=(?!127)([\d.]+) [^\[]*\bhelo=\S+
[^\[]*\[ ip=\1 /
-describe DOS_RCVD_IP_TWICE	Received from the same IP twice in a row
+# 20080213 - generic DOS_FORGED_RCVD_QUADS_x
+header DOS_RCVD_IP_TWICE_A	X-Spam-Relays-External =~ /\[ ip=(?!127)([\d.]+) [^\[]*\bhelo=\S+
[^\[]*\[ ip=\1 /
+describe DOS_RCVD_IP_TWICE_A	Received from the same IP twice in a row
+
+header DOS_RCVD_IP_TWICE_B	X-Spam-Relays-External =~ /^\s*\[ ip=(?!127)([\d.]+) [^\[]*\[
ip=\1 [^\]]*\]\s*$/
+describe DOS_RCVD_IP_TWICE_B	Received from the same IP twice in a row (only one external
relay)
+
+header DOS_RCVD_IP_TWICE_C	X-Spam-Relays-External =~ /^\s*\[ ip=(?!127)([\d.]+) [^\[]*\bhelo=(?:![\d.]{7,15}!)?
[^\[]*\[ ip=\1 [^\]]*\]\s*$/
+describe DOS_RCVD_IP_TWICE_C	Received from the same IP twice in a row (only one external
relay; empty or IP helo)
 
 # 20071108 - asks you to remove the dot from the end of the domain name
 body DOS_REMOVE_DOMAIN_DOT		/e(?:mov|let)e the (?:dot|period|point) from the end/



Mime
View raw message