spamassassin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jhar...@apache.org
Subject svn commit: r1728922 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Date Sun, 07 Feb 2016 07:08:41 GMT
Author: jhardin
Date: Sun Feb  7 07:08:41 2016
New Revision: 1728922

URL: http://svn.apache.org/viewvc?rev=1728922&view=rev
Log:
more rule tweaking, overlap reduction

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1728922&r1=1728921&r2=1728922&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sun Feb  7 07:08:41 2016
@@ -738,7 +738,7 @@ describe        IMAGESHACK_URI
 #describe        DYNDNS_URIS             Has multiple dyndns.org URIs
 
 uri             __BITLY_URI             /\/\/bit\.ly\//i
-meta            BITLY_URI               __BITLY_URI && !__HDR_CASE_REVERSED &&
!__HAS_SENDER && !__HAS_CAMPAIGNID && !__DOS_HAS_LIST_UNSUB && !__HAS_ERRORS_TO
&& !__MAIL_LINK && !__MSGID_JAVAMAIL && !__ENV_AND_HDR_FROM_MATCH
&& !__THREADED && !__USING_VERP1 && !__IMG_VIA_BITLY 
+meta            BITLY_URI               __BITLY_URI && !__HDR_CASE_REVERSED &&
!__HAS_SENDER && !__HAS_CAMPAIGNID && !__DOS_HAS_LIST_UNSUB && !__HAS_ERRORS_TO
&& !__MAIL_LINK && !__MSGID_JAVAMAIL && !__ENV_AND_HDR_FROM_MATCH
&& !__THREADED && !__USING_VERP1 && !__IMG_VIA_BITLY && !__URL_SHORTENER

 describe        BITLY_URI               URI contains bit.ly
 score           BITLY_URI               3.000	# limit
 tflags          BITLY_URI               publish
@@ -746,7 +746,7 @@ tflags          BITLY_URI
 # HTML image sourced via URL shortening service:
 # <IMG border=0 hspace=0 alt="" src="http://bit.ly/1OiuN0y" width=26 height=25>
 rawbody         __IMG_VIA_BITLY         m;<img\s[^>]+\ssrc\s*=\s*"?https?://(?:www\.)?bit\.ly/;i
-meta            IMG_VIA_BITLY           __IMG_VIA_BITLY
+meta            IMG_VIA_BITLY           __IMG_VIA_BITLY && !SHORTENED_URL_SRC 
 describe        IMG_VIA_BITLY           HTML image via URL shortener - URIBL avoidance?
 score           IMG_VIA_BITLY           2.500	# limit
 
@@ -2145,10 +2145,16 @@ endif
 header     __HDR_CASE_REVERSED         ALL =~ /^(?!DomainKey)[^-:\s]*[a-z][A-Z]/m
 tflags     __HDR_CASE_REVERSED         multiple maxhits=4
 meta       __HDR_CASE_REV_MANY         (__HDR_CASE_REVERSED > 3)
+
 meta       HDR_CASE_REV_MANY           __HDR_CASE_REV_MANY
 describe   HDR_CASE_REV_MANY           Multiple malformed (possibly random gibberish) message
headers
 score      HDR_CASE_REV_MANY           2.000	# limit
 
+meta       HDR_CASE_REV_ENC            __HDR_CASE_REVERSED && (__FROM_ENCODED_B64
|| __TVD_SPACE_ENCODED )
+describe   HDR_CASE_REV_ENC            Malformed (possibly random gibberish) message header
+ suspicious encoding
+score      HDR_CASE_REV_ENC            2.000	# limit
+
+
 
 header     __HAS_CAMPAIGN              exists:X-Campaign 
 header     __HAS_CAMPAIGNID            exists:X-Campaignid
@@ -2163,8 +2169,12 @@ header     __FROM_WORDY                F
 #header     __FROM_WORDY_3              From:addr =~ /(?:(?:[A-Z][A-Za-z]+|or|&)\.){2,}[A-Z][A-Za-z]+\@/
 
 meta       __FROM_WORDY_SONLY          __FROM_WORDY && (__KHOP_NO_FULL_NAME || __CTYPE_HTML
|| __TO_EQ_FROM_DOM_2 || __HTML_IMG_ONLY || FREEMAIL_FORGED_REPLYTO )
-meta       FROM_WORDY                  __FROM_WORDY_SONLY && !__LCL__ENV_AND_HDR_FROM_MATCH
&& !__HAS_TNEF && !__USING_VERP1 
+meta       FROM_WORDY                  (__FROM_WORDY_SONLY && !__HTML_LENGTH_0000_1024)
&& !__LCL__ENV_AND_HDR_FROM_MATCH && !__HAS_TNEF && !__USING_VERP1

 describe   FROM_WORDY                  From address looks like a sentence
 tflags     FROM_WORDY                  publish
 
+meta       FROM_WORDY_SHORT            (__FROM_WORDY_SONLY && __HTML_LENGTH_0000_1024)
&& !__LCL__ENV_AND_HDR_FROM_MATCH && !__HAS_TNEF && !__USING_VERP1

+describe   FROM_WORDY_SHORT            From address looks like a sentence + short message
+tflags     FROM_WORDY_SHORT            publish
+
 



Mime
View raw message