spamassassin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From khop...@apache.org
Subject svn commit: r1540452 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
Date Sun, 10 Nov 2013 07:58:18 GMT
Author: khopesh
Date: Sun Nov 10 07:58:18 2013
New Revision: 1540452

URL: http://svn.apache.org/r1540452
Log:
auto-generated rules

Modified:
    spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf

Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf?rev=1540452&r1=1540451&r2=1540452&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_sc_bug_6114.cf Sun Nov 10 07:58:18
2013
@@ -1,4 +1,4 @@
-## khop-sc-neighbors.cf	v 20131192
+## khop-sc-neighbors.cf	v 201311102
 ## Khopesh's syndication of SpamCop's top offenders and top offending networks.
 ## 
 ## Spamassassin rules written by Adam Katz <antispamATkhopiscom>
@@ -21,7 +21,7 @@ meta	__KHOP_SC_EXCLUSIONS	__VIA_ML || __
 
 # http://spamcop.net/w3m?action=map;mask=4294967295;net=0;sort=56
 # Due to the massive block size, this rule only examines the last untrusted
-header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:11[37]|46|2)(?:\.[012]?\d{1,2}){3}\b)
/
+header __KHOP_SC_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:113|46|95|2)(?:\.[012]?\d{1,2}){3}\b)
/
 # and gets cleaned up a bit
 meta	 KHOP_SC_CIDR8	__KHOP_SC_CIDR8 && !__KHOP_SC_EXCLUSIONS
 describe KHOP_SC_CIDR8  Relay CIDR /8 is among worst in SpamCop
@@ -42,7 +42,7 @@ score	 KHOP_SC_CIDR8	0.1 0.02 0.2 0.1
 #  1.5335/0.5063 0.752 20130629@465k net, solo=1.5947/0.5379@0.748
 #  2.0256/0.7432 0.732 20130705@376k  solo=2.0429/0.7595@0.729, ->.1 .02 .2 .1
 
-header __KHOP_SC_TOP_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:78|90)|37|95)(?:\.[012]?\d{1,2}){3}\b)
/
+header __KHOP_SC_TOP_CIDR8  X-Spam-Relays-Untrusted =~ /^[^\]]* (?:by|ip)=(?-xism:\b(?:1(?:17|78|90)|37)(?:\.[012]?\d{1,2}){3}\b)
/
 meta	 KHOP_SC_TOP_CIDR8  __KHOP_SC_TOP_CIDR8 && !__KHOP_SC_EXCLUSIONS
 describe KHOP_SC_TOP_CIDR8  Relay CIDR /8 leads SpamCop in worst /8s
 tflags	 KHOP_SC_TOP_CIDR8  nopublish
@@ -81,7 +81,7 @@ score	 KHOP_SC_CIDR16  0.4 0.1 0.4 0.1
 # crap, still empty   20130629@465k net
 # crap, still empty   20130705@376k net. lowering for low vol -> .4 .1 .4 .1
 
-header	 KHOP_SC_TOP_CIDR16  Received =~ /(?-xism:\b(?:121\.8|217\.)8(?:\.[012]?\d{1,2}){2}\b)/
+header	 KHOP_SC_TOP_CIDR16  Received =~ /___ FAILED TO POPULATE ___/
 describe KHOP_SC_TOP_CIDR16  Relay CIDR /16 leads SpamCop in worst /16s
 tflags	 KHOP_SC_TOP_CIDR16  nopublish
 score	 KHOP_SC_TOP_CIDR16  0.6 0.2 0.7 0.3
@@ -101,7 +101,7 @@ score	 KHOP_SC_TOP_CIDR16  0.6 0.2 0.7 0
 
 
 # http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt
-header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:7(?:3\.44\.169|5\.43\.125)|09\.169\.88|84\.22\.172)|21(?:2\.146\.101|0\.13\.80|7\.8\.255)|5(?:8\.254\.168|\.39\.217)|46\.102\.186)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_CIDR24  Received =~ /(?-xism:\b(?:1(?:7(?:3\.44\.169|5\.43\.125)|84\.22\.172|58\.255\.3)|2(?:1(?:2\.146\.101|7\.8\.255)|06\.214\.72)|5(?:8\.254\.1(?:68|72)|\.39\.217))\.[012]?\d{1,2}\b)/
 describe KHOP_SC_CIDR24  Relay CIDR /24 is among worst in SpamCop
 tflags	 KHOP_SC_CIDR24  nopublish
 score	 KHOP_SC_CIDR24  0.6 0 0.6 0
@@ -122,7 +122,7 @@ score	 KHOP_SC_CIDR24  0.6 0 0.6 0
 # 0.4428/0      1.000 20130705@376k  resume scores -> .6 0 .6 0
 
 
-header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:2(?:4\.95\.155|5\.60\.156|0\.84\.13)|9(?:8\.24\.17[45]|9\.96\.83)|1(?:2\.97\.24|0\.52\.2)|03\.243\.50|41\.0\.61)|21(?:3\.132\.241|7\.13\.154)|49\.156\.191|77\.81\.106|64\.79\.99)\.[012]?\d{1,2}\b)/
+header	 KHOP_SC_TOP_CIDR24  Received =~ /(?-xism:\b(?:1(?:2(?:4\.95\.155|5\.60\.156|0\.84\.13)|9(?:8\.24\.17[45]|9\.96\.83)|1(?:0\.52\.[02]|2\.97\.24)|03\.243\.50|41\.0\.61)|21(?:3\.132\.241|7\.13\.154)|49\.156\.191|77\.81\.106|86\.57\.185|64\.79\.99)\.[012]?\d{1,2}\b)/
 describe KHOP_SC_TOP_CIDR24  Relay CIDR /24 leads SpamCop in worst /24s
 tflags	 KHOP_SC_TOP_CIDR24  nopublish
 score	 KHOP_SC_TOP_CIDR24  1.7 0.5 1.7 0.5
@@ -142,7 +142,7 @@ score	 KHOP_SC_TOP_CIDR24  1.7 0.5 1.7 0
 
 
 # http://www.spamcop.net/w3m?action=hoshame
-header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:2(?:16\.(?:55\.162|46\.75)|20\.224\.59)|184\.172\.244)|5\.8(?:2\.2(?:46\.163|27\.28)|8\.119\.132)|9\.(?:201\.16\.211|193\.93\.25)|3\.130\.65\.161|7\.19\.185\.255|4\.247\.23\.66|6\.193\.89\.13)|9(?:9\.(?:96\.83\.1(?:5[1245679]|4[6789])|30\.13(?:6\.12[78]|7\.1[67]))|8\.24\.1(?:7(?:4\.16[37]|5\.[234]|8\.131|3\.80)|80\.91)|3\.200\.126\.14|0\.82\.89\.156|5\.29\.81\.30)|8(?:4\.(?:22\.17(?:2\.14[15]|7\.51)|82\.123\.85)|(?:2\.54\.192\.24|8\.168\.46\.5)3|0\.(?:178\.56\.138|210\.207\.75)|3\.106\.116\.109|9\.112\.88\.65)|2(?:4\.(?:95\.155\.(?:5[2389]|27|32)|160\.35\.2)|1\.(?:134\.238\.129|22\.127\.17)|5\.(?:141\.142\.224|46\.24\.62)|2\.182\.28\.245)|0(?:3\.243\.50\.(?:7[4578]|52|80)|8\.62\.240\.104|9\.169\.88\.157|1\.8\.115\.253)|4(?:\.(?:35\.201\.15|63\.74\.204)|8\.223\.59\.187|2\.4\.124\.150|1\.0\.61\.166)|7(?:3\.2(?:12\.205\.158|00\.90\.196)|5\.43\.125\.7[5678]|7\.1\.223\.73)|58\.255\.3\.19[567])|2(?:1(?:3\.(?:1(?:(?:63\.72\.16
 |71\.39\.15|95\.77\.11)4|3(?:2\.241\.13|9\.7\.95))|215\.118\.100)|1\.(?:23(?:2\.(?:183\.58|92\.23)|3\.64\.110)|1(?:19\.86\.145|47\.211\.16)|33\.121\.231)|0\.(?:2(?:45\.89\.69|17\.56\.2)|13\.80\.212|56\.23\.100)|7\.(?:8\.255\.(?:2(?:07|15|20)|189)|13\.154\.155)|2\.(?:146\.101\.154|72\.189\.149)|6\.231\.140\.15|8\.92\.249\.162)|0(?:2\.(?:1(?:(?:29\.216\.6|58\.39\.25)0|42\.203\.19)|7(?:1\.136\.200|9\.52\.53)|234\.40\.41|53\.13\.187|65\.220\.35)|3\.(?:1(?:71\.233\.243|55\.102\.2)|234\.111\.248)|1\.1(?:16\.199\.34|95\.239\.27)|0\.(?:142\.133\.21|79\.27\.60)|8\.84\.135\.147|5\.162\.227\.5)|2(?:2\.(?:1(?:12\.150\.58|22\.227\.10)|234\.3\.151)|1\.2(?:14\.2(?:08\.226|14\.187)|34\.24\.46)|0\.(?:128\.138\.245|94\.235\.200)))|6(?:4\.79\.(?:99\.(?:2(?:4[1356789]|3[79]|5[01])|1(?:6[0123789]|7[04]))|107\.13)|(?:6\.96\.205\.13|5\.60\.15\.17)3|9\.198\.197\.156|7\.90\.21\.150)|7(?:7\.(?:81\.106\.(?:2[345789]|1[1278]|6)|106\.232\.178)|6\.(?:164\.199\.71|74\.186\.237)|9\.190\.130\.50|2\.35\.20\.131|4\.9
 \.203\.186)|8(?:3\.(?:18\.234\.202|238\.208\.55|3\.103\.227)|2\.117\.194\.229|1\.23\.106\.75|4\.95\.244\.11|5\.185\.112\.6|0\.96\.62\.17)|4(?:6\.1(?:02\.186\.(?:6[012]|58)|51\.22\.240)|1\.137\.24\.4)|9(?:3\.1(?:59\.160\.164|88\.8\.67)|8\.126\.106\.19[45])|5(?:\.39\.217\.19[358]|9\.125\.134\.99)|37\.123\.98\.115)\b)/
+header	 KHOP_SC_TOP200  Received =~ /(?-xism:\b(?:1(?:1(?:2\.(?:216\.(?:55\.162|46\.75)|184\.172\.244)|9\.(?:201\.16\.211|73\.234\.242|193\.93\.25)|5\.8(?:2\.2(?:46\.163|27\.28)|8\.119\.132)|(?:0\.189\.168\.17|3\.130\.65\.16)1|6\.193\.(?:89\.13|90\.26)|7\.19\.185\.255|4\.247\.23\.66)|9(?:8\.24\.1(?:7(?:4\.16[37]|5\.[234]|8\.131|3\.80)|80\.91)|9\.(?:30\.13(?:6\.12[78]|7\.1[67])|96\.83\.15[5679])|3\.200\.126\.14|0\.82\.89\.156|5\.29\.81\.30)|8(?:4\.(?:22\.17(?:2\.14[15]|7\.51)|82\.171\.234)|(?:2\.54\.192\.24|8\.168\.46\.5)3|0\.(?:178\.56\.138|210\.207\.75)|3\.106\.116\.109|9\.112\.88\.65)|2(?:4\.(?:95\.155\.(?:5[2389]|27|32)|160\.35\.2)|1\.(?:134\.238\.129|22\.127\.17)|5\.(?:88\.123\.244|46\.24\.62)|2\.182\.28\.245)|0(?:3\.243\.50\.(?:7[4578]|52|80)|1\.(?:8\.115\.253|79\.5\.19)|8\.62\.240\.104)|4(?:\.(?:35\.201\.15|63\.74\.204)|8\.223\.59\.187|2\.4\.124\.150|1\.0\.61\.166)|7(?:5\.43\.125\.7[5678]|3\.200\.90\.196|8\.208\.75\.173)|58\.255\.3\.(?:19[56789]|20[012]))|2(?:1(?:1\.(?:1(?:1(?
 :5\.89\.141|9\.86\.145)|74\.120\.123|47\.211\.16)|23(?:2\.(?:1(?:83\.58|54\.6)|92\.23)|3\.64\.110)|33\.121\.231)|3\.(?:1(?:(?:63\.72\.16|71\.39\.15|95\.77\.11)4|3(?:2\.241\.13|9\.7\.95))|215\.118\.100)|7\.(?:8\.255\.(?:2(?:07|15|20)|189)|13\.154\.155)|0\.(?:13\.80\.212|245\.89\.69|56\.23\.100)|2\.(?:146\.101\.154|72\.189\.149)|6\.231\.140\.15|8\.92\.249\.162)|0(?:2\.(?:1(?:(?:29\.216\.6|58\.39\.25)0|42\.203\.19)|7(?:1\.136\.200|9\.52\.53)|234\.40\.41|53\.13\.187|65\.220\.35)|3\.(?:1(?:71\.233\.243|55\.102\.2)|234\.111\.248)|1\.1(?:16\.199\.34|95\.239\.27)|0\.(?:142\.133\.21|79\.27\.60)|8\.84\.135\.147|5\.162\.227\.5)|2(?:2\.(?:1(?:22\.(?:227\.10|79\.103)|12\.150\.58)|234\.3\.151)|1\.2(?:14\.2(?:08\.226|14\.187)|34\.24\.46)|0\.(?:128\.138\.245|94\.235\.200)))|7(?:7\.(?:81\.106\.(?:2[345789]|1[12789]|34|6)|9(?:5\.239\.127|3\.204\.13)|106\.232\.178)|6\.(?:164\.199\.71|74\.186\.237)|9\.190\.130\.50|2\.35\.20\.131|4\.9\.203\.186)|6(?:4\.79\.(?:99\.(?:2(?:4[16789]|3[79]|5[01])|1(?:6[01237
 89]|7[04]))|107\.13)|(?:6\.96\.205\.13|5\.60\.15\.17)3|9\.198\.197\.156|7\.90\.21\.150)|8(?:3\.(?:18\.234\.202|238\.208\.55|3\.103\.227)|2\.117\.194\.229|1\.23\.106\.75|4\.95\.244\.11|5\.185\.112\.6|0\.96\.62\.17)|9(?:3\.1(?:59\.160\.164|88\.8\.67)|8\.126\.106\.19[45])|5(?:\.39\.217\.19[358]|9\.125\.134\.99)|4(?:6\.151\.22\.240|1\.137\.24\.4)|37\.123\.98\.115)\b)/
 describe KHOP_SC_TOP200  Relay listed in SpamCop top 200 spammer IPs
 tflags	 KHOP_SC_TOP200  nopublish
 score	 KHOP_SC_TOP200  4 0 4 0	# unnecessary if DNSBLs work
@@ -178,7 +178,7 @@ score	 KHOP_SPAMHAUS_DROP_LE	2 0 2 0 	# 
 
 # PSBL-neighbors:  any /24 with 73+ (2/7, 29%) IPs in the PSBL (not SpamCop),
 # as obtained from rsync://psbl-mirror.surriel.com::psbl/psbl.txt
-header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.176\.(?:(?:12|8)[4567]|[46][89]?|5[01]?|7\d?)|6\.207\.(?:1[2345]|6[0123]|4[89]|5\d)|0\.(?:205\.3[2345]|52\.[0123])|5\.63\.(?:[89]|1[012345])|3\.56\.2(?:4[89]|5[01])|2\.215\.(?:6[34]|44)|9\.36\.21[23])|0(?:3\.(?:2(?:40\.(?:117|252)|6\.29)|5\.27)|9\.127\.8[01])|8(?:3\.9(?:3\.(?:11[45]|9[89])|5\.6[67])|1\.66\.15[67])|25\.(?:44\.24[01234567]|60\.156)|9(?:0\.234\.10[56]|7\.252\.0)|7(?:3\.44\.169|7\.36\.22)|30\.193\.1(?:46|65)|46\.0\.74)|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|1(?:1\.91\.22[01]|2\.34\.12)|03\.191\.25)|5(?:8\.(?:50\.(?:1(?:[2345]|0[456789]|1[016789])|6[89]|7[01])|19\.19[01])|9\.55\.25[235])|7(?:9\.106\.109|5\.75\.241)|41\.(?:254\.[258]|78\.193)|37\.59\.212)\.[012]?\d{1,2}\b)/
+header	 KHOP_PSBL_CIDR24	X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?-xism:\b(?:1(?:1(?:1\.176\.(?:(?:12|8)[4567]|[46][89]?|5[01]?|7\d?)|6\.207\.(?:1[2345]|6[0123]|4[89]|5\d)|0\.(?:205\.3[2345]|52\.[0123])|5\.63\.(?:[89]|1[012345])|3\.56\.2(?:4[89]|5[01])|2\.215\.(?:6[34]|44)|9\.36\.21[23])|0(?:3\.(?:2(?:40\.(?:117|252)|6\.29)|5\.27)|9\.127\.8[01])|8(?:3\.9(?:3\.(?:11[45]|9[89])|5\.6[67])|1\.66\.15[67])|25\.(?:44\.24[01234567]|60\.156)|9(?:0\.234\.10[56]|7\.252\.0)|7(?:3\.44\.169|7\.36\.22)|30\.193\.1(?:46|65)|46\.0\.7[47])|2(?:7\.20\.(?:[89]|1(?:0[0123]?|[28][89]|[39][01]|7[6789]|1)|24[01234567]|4[0123]|5[6789])|1(?:1\.91\.22[01]|2\.34\.12)|03\.191\.2[56])|5(?:8\.(?:50\.(?:1(?:[2345]|0[456789]|1[016789])|6[89]|7[01])|19\.19[01])|9\.55\.25[235])|4(?:1\.(?:254\.[258]|78\.193)|6\.174\.144)|7(?:9\.106\.109|5\.75\.241)|37\.59\.212)\.[012]?\d{1,2}\b)/
 describe KHOP_PSBL_CIDR24	Relay's IP/24 CIDR contains many PSBL hits
 tflags	 KHOP_PSBL_CIDR24	nopublish
 score	 KHOP_PSBL_CIDR24	2 0.6 2 0.6



Mime
View raw message