#
# 2008-2010 Victor Ustugov <victor+spamassasin@corvax.kiev.ua>
#

########################################

header		FROM_administrator_freemail_hu		From =~ /(admlnistrator|adminlstrator|p0stmasters?)\@freemail\.hu/
describe	FROM_administrator_freemail_hu		From administrator@freemail.hu (DSPAM autolearn)
score		FROM_administrator_freemail_hu		4.0

header		ENV_FROM_administrator_freemail_hu	X-Envelope-From =~ /^\s*<(admlnistrator|adminlstrator|p0stmasters?)\@freemail\.hu>$/
describe	ENV_FROM_administrator_freemail_hu	From administrator@freemail.hu (DSPAM autolearn)
score		ENV_FROM_administrator_freemail_hu	4.0

header		RETURN_PATH_administrator_freemail_hu	Return-Path =~ /^\s*<(admlnistrator|adminlstrator|p0stmasters?)\@freemail\.hu>$/
describe	RETURN_PATH_administrator_freemail_hu	From administrator@freemail.hu (DSPAM autolearn)
score		RETURN_PATH_administrator_freemail_hu	4.0

########################################

header		Infomedia_Mailer		X-Mailer =~ /^\s*Infomedia Mailer \d+\.\d+$/
describe	Infomedia_Mailer		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Mailer		3.0
tflags		Infomedia_Mailer		mandatory_learn

header		Infomedia_Organization		Organization =~ /^\s*(Infomedia( LLC)?|ООО Инфомедиа|ТОВ .НФОМЕД.А|ТОВ Інфомедіа)$/
describe	Infomedia_Organization		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Organization		3.0
tflags		Infomedia_Organization		mandatory_learn

header		Infomedia_From			From =~ /(notify\@center1\.com\.ua|noreply\@ethnostyling\.com|promotion\@regularnewsletter\.com|promo(tion)?\@infoletter\.com\.ua)/
describe	Infomedia_From			Message from Infomedia (DSPAM autolearn)
score		Infomedia_From			4.0
tflags		Infomedia_From			mandatory_learn

header		Infomedia_Reply_To		Reply-To =~ /^\s*(seminar|promotion)\@(infomedia\.com\.ua|ethno\.ua)$/
describe	Infomedia_Reply_To		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Reply_To		3.0
tflags		Infomedia_Reply_To		mandatory_learn

header		Infomedia_Message_Id		Message-Id =~ /^\s*<(19[789]\d|20\d\d)(0\d|1[012])([012]\d|3[01])([0-5]\d)([0-5]\d)([0-5]\d)\.[A-F\d]{11,12}\@(srv\d|apollo)\.ethnohosting\.com>$/
describe	Infomedia_Message_Id		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Message_Id		3.0
tflags		Infomedia_Message_Id		mandatory_learn

header		Infomedia_List_Unsubscribe	List-Unsubscribe =~ /^\s*<mailto:\S+\@(infoletter\.com\.ua|regularnewsletter\.com)\?Subject=Unsubscribe>, <http:\/\/(ethnopromo\.com|infoletter\.com\.ua|regularnewsletter\.com)\/cgi-bin\/u\.cgi\?e=\S+>$/
describe	Infomedia_List_Unsubscribe	Message from Infomedia (DSPAM autolearn)
score		Infomedia_List_Unsubscribe	3.0
tflags		Infomedia_List_Unsubscribe	mandatory_learn

header		RECEIVED_ethnohosting_com	Received =~ /(juno|srv5)\.ethnohosting\.com/
describe	RECEIVED_ethnohosting_com	Received via ethnohosting.com
score		RECEIVED_ethnohosting_com	3.0
tflags		RECEIVED_ethnohosting_com	mandatory_learn

########################################

header		SUSPICIOUS_RECEIVED_HELO_Delldim5150	Received =~ /from ([\w\d\-]+\.)+[a-z]{2,3} \(HELO Delldim5150\)[\s\r\n]+\(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\) by ([\w\d\-]+\.)+[a-z]{2,3} with ESMTP;/
describe	SUSPICIOUS_RECEIVED_HELO_Delldim5150	Suspicious header Received with HELO Delldim5150 (DSPAM autolearn)
score		SUSPICIOUS_RECEIVED_HELO_Delldim5150	6.0

meta		SUSPICIOUS_RECEIVED_HELO_Delldim5150_DSPAM	SUSPICIOUS_RECEIVED_HELO_Delldim5150 && DSPAM_CHECK_00_01
describe	SUSPICIOUS_RECEIVED_HELO_Delldim5150_DSPAM	DSPAM compensation for suspicious header Received with HELO Delldim5150
score		SUSPICIOUS_RECEIVED_HELO_Delldim5150_DSPAM	3.5

header		SUSPICIOUS_MSGID_Delldim5150		Message-ID =~ /^\s*<\S+\@Delldim5150$/
describe	SUSPICIOUS_MSGID_Delldim5150		Suspicious header Message-ID with Delldim5150 (DSPAM autolearn)
score		SUSPICIOUS_MSGID_Delldim5150		6.0

meta		SUSPICIOUS_MSGID_Delldim5150_DSPAM	SUSPICIOUS_MSGID_Delldim5150 && DSPAM_CHECK_00_01
describe	SUSPICIOUS_MSGID_Delldim5150_DSPAM	DSPAM compensation for Suspicious header Message-ID with Delldim5150
score		SUSPICIOUS_MSGID_Delldim5150_DSPAM	3.5

########################################

header		SUSPICIOUS_Message_ID_boria	Message-ID =~ /^\s*<[A-F\d]{32}\@boria-c6525c0ff>$/
describe	SUSPICIOUS_Message_ID_boria	Suspicious Message-ID boria-c6525c0ff (DSPAM autolearn), already read
score		SUSPICIOUS_Message_ID_boria	5.0
tflags		SUSPICIOUS_Message_ID_boria	mandatory_learn

header		SUSPICIOUS_Message_ID_vlad	Message-ID =~ /^\s*<[A-F\d]{32}\@vlad-2c92667ea5>$/
describe	SUSPICIOUS_Message_ID_vlad	Suspicious Message-ID vlad-2c92667ea5 (DSPAM autolearn), already read
score		SUSPICIOUS_Message_ID_vlad	5.0
tflags		SUSPICIOUS_Message_ID_vlad	mandatory_learn

header		SUSPICIOUS_Message_ID_hamid	Message-ID =~ /^\s*<[A-F\d]{32}\@hamid-a8613958b>$/
describe	SUSPICIOUS_Message_ID_hamid	Suspicious Message-ID hamid-a8613958b (DSPAM autolearn), already read
score		SUSPICIOUS_Message_ID_hamid	5.0
tflags		SUSPICIOUS_Message_ID_hamid	mandatory_learn

header		SUSPICIOUS_Message_ID_your	Message-ID =~ /^\s*<[A-F\d]{32}\@your-012b27d9cc>$/
describe	SUSPICIOUS_Message_ID_your	Suspicious Message-ID your-012b27d9cc (DSPAM autolearn), already read
score		SUSPICIOUS_Message_ID_your	5.0
tflags		SUSPICIOUS_Message_ID_your	mandatory_learn

header		SUSPICIOUS_Message_ID_acer	Message-ID =~ /^\s*<[A-F\d]{32}\@acer-614e8ddbaf>$/
describe	SUSPICIOUS_Message_ID_acer	Suspicious Message-ID acer-614e8ddbaf (DSPAM autolearn), already read
score		SUSPICIOUS_Message_ID_acer	5.0
tflags		SUSPICIOUS_Message_ID_acer	mandatory_learn

header		SUSPICIOUS_Message_ID_vlados	Message-ID =~ /^\s*<[A-F\d]{32}\@vlados-70d3a2e0>$/
describe	SUSPICIOUS_Message_ID_vlados	Suspicious Message-ID vlados-70d3a2e0 (DSPAM autolearn), already read
score		SUSPICIOUS_Message_ID_vlados	5.0
tflags		SUSPICIOUS_Message_ID_vlados	mandatory_learn

# aaaa-b7e7feda0d
# cct-0f6054a23a8
# comp-e0913b897f
# e-ba9e952ca3b04
# factory-a538f88
# fc-b73fa790688a
# fg-fb17a0c2bc47
# home-4c68bcf688
# home-sgf0cty15m
# ITQUANGN-D334F3
# jenouled-397aed
# lehman-a62733aa
# mainz-zxovkpzrc
# microsof-2a759e
# microsof-54770d
# microsof-9d8959
# microsof-a9a893
# microsof-ab7818
# MICROSOF-DBD9B3
# pcuser-8d9c70eb
# personal-8784e8
# q-7432c7d38a134
# suarez-559e80e2
# user-39025ed6f0
# wipronot-c965e9
# xpsp2-488223409

# pc-1pdv8tv1cpuw
# UKFAST-0JTLWF8J

header		SUSPICIOUS_Message_ID_microsof	Message-ID =~ /^\s*<[A-F\d]{32}\@microsof-[\da-f]{6,10}>$/
describe	SUSPICIOUS_Message_ID_microsof	Suspicious Message-ID microsof (DSPAM autolearn)
score		SUSPICIOUS_Message_ID_microsof	4.0
tflags		SUSPICIOUS_Message_ID_microsof	mandatory_learn

header		SUSPICIOUS_Message_ID_microsof_9413b5	Message-ID =~ /^\s*<[A-F\d]{32}\@microsof-9413b5>$/
describe	SUSPICIOUS_Message_ID_microsof_9413b5	Suspicious Message-ID microsof-9413b5 (DSPAM autolearn)
score		SUSPICIOUS_Message_ID_microsof_9413b5	1.0
tflags		SUSPICIOUS_Message_ID_microsof_9413b5	mandatory_learn

header		SUSPICIOUS_Message_ID_microsof_d29149	Message-ID =~ /^\s*<[A-F\d]{32}\@microsof-d29149>$/
describe	SUSPICIOUS_Message_ID_microsof_d29149	Suspicious Message-ID microsof-d29149 (DSPAM autolearn)
score		SUSPICIOUS_Message_ID_microsof_d29149	1.0
tflags		SUSPICIOUS_Message_ID_microsof_d29149	mandatory_learn

header		SUSPICIOUS_Message_ID_microsof_42dbe3	Message-ID =~ /^\s*<[A-F\d]{32}\@microsof-42dbe3>$/
describe	SUSPICIOUS_Message_ID_microsof_42dbe3	Suspicious Message-ID microsof-42dbe3 (DSPAM autolearn)
score		SUSPICIOUS_Message_ID_microsof_42dbe3	1.0
tflags		SUSPICIOUS_Message_ID_microsof_42dbe3	mandatory_learn

header		SUSPICIOUS_Message_ID_ESX40	Message-ID =~ /^\s*<[A-F\d]{32}\@ESX40-1827>$/
describe	SUSPICIOUS_Message_ID_ESX40	Suspicious Message-ID ESX40-1827 (DSPAM autolearn), already read
score		SUSPICIOUS_Message_ID_ESX40	5.0
tflags		SUSPICIOUS_Message_ID_ESX40	mandatory_learn

########################################

# http://www.cooleremail.com/ - CoolerEmail 2.0 - E-mail Marketing Services
header		CT_SUSP_BOUNDARY_CoolerEmail	Content-Type =~ /boundary="============_?CoolerEmail_?============"/
describe	CT_SUSP_BOUNDARY_CoolerEmail	Suspicious non-unique boundary (DSPAM autolearn)
score		CT_SUSP_BOUNDARY_CoolerEmail	2.5
tflags		CT_SUSP_BOUNDARY_CoolerEmail	mandatory_learn


# http://www.flexmail.be - E-mail Marketing Services

header		FLEXMAIL_MSGID			Message-ID =~ /\@flexmail\.be>/
describe	FLEXMAIL_MSGID			flexmail.be Message-ID
score		FLEXMAIL_MSGID			1.2

header		FLEXMAIL_SENDER			Return-path =~ /^\s*<bounce\@flexmail\.be>$/
describe	FLEXMAIL_SENDER			flexmail.be Return-Path
score		FLEXMAIL_SENDER			1.2

header		FLEXMAIL_X_ENVELOPE_FROM	X-Envelope-From =~ /^\s*<bounce\@flexmail\.be>$/
describe	FLEXMAIL_X_ENVELOPE_FROM	flexmail.be X-Envelope-From
score		FLEXMAIL_X_ENVELOPE_FROM	1.2

header		FLEXMAIL_X_MAILER		X-Mailer =~ /^\s*Flexmail/
describe	FLEXMAIL_X_MAILER		flexmail.be X-Mailer
score		FLEXMAIL_X_MAILER		1.2

header		FLEXMAIL_X_Flexmail_ID		X-Flexmail-ID =~ /./
describe	FLEXMAIL_X_Flexmail_ID		flexmail.be X-Flexmail-ID
score		FLEXMAIL_X_Flexmail_ID		1.2


header		FROM_PROMOTION_MYPERSONAL	From =~ /<promotion\@mypersonal\.com\.ua>$/
describe	FROM_PROMOTION_MYPERSONAL	promotion@mypersonal.com.ua (DSPAM autolearn)
score		FROM_PROMOTION_MYPERSONAL	5.0
tflags		FROM_PROMOTION_MYPERSONAL	mandatory_learn

header		FROM_OFFICE_MYPERSONAL		From =~ /<office\@mypersonal\.com\.ua>$/
describe	FROM_OFFICE_MYPERSONAL		office@mypersonal.com.ua (DSPAM autolearn)
score		FROM_OFFICE_MYPERSONAL		5.0
tflags		FROM_OFFICE_MYPERSONAL		mandatory_learn


# X-Mailer: TOL Mailer
header		CT_SUSP_BOUNDARY_TOL_Mailer	Content-Type =~ /boundary=_0_\.__\.__TOL__Mailer__Part_Boundary_$/
describe	CT_SUSP_BOUNDARY_TOL_Mailer	Suspicious non-unique boundary (DSPAM autolearn)
score		CT_SUSP_BOUNDARY_TOL_Mailer	3.0

########################################

header		__RealName_BListed_From_Subj	Subject =~ /^\s*((Re(\[\d+\])|Fw|Fwd):)?\s*(Building|Ceминаp|Conference services|Cтатьи для менеджepa|goodyear|Ground-2005|Hа пoльзу бизнecу|Kapпаты. Oтдыx|KoнсЦентр|Kонcaлтингoвый Цeнтр|Kонсaлтингoвый Цeнтр|Kак удеpжaть публику|LOGISTIKA|OBRIY CONSULTING COMPANY|Ofshore|Oтчeтнocть|Oтчeтнoсть|Oтчетнoсть|Oтчетноcть|Petr Petrovich|Pазвитиe бизнeса|tyre|Tyre|UkrBusinessConsulting-2000|Vega Consulting|Vengriya|БЦ Национальный|БЦ.*"?Национальный"?|бТВБМЙУФ|Буx-конcалтинг|Буx-консалтинг|Буxгaлтеp|Буxгалтep|Буxгалтер|Бух-кoнcaлтинг|Бух-кoнсалтинг|Бух-конcалтинг|Бухгaлтep|Бухгaлтеp|Бухгалтеp|Бухгалтер|БУХГАЛТЕРИИ|Библиотeкa упpавлeния перcoнaлoм на CД|Библиотекa упрaвлeния пepсoналoм на СД|Бизнeс-Центp|Бизнеc|Бизнес-Центр.*"?Национальный"?|Бизнесмeну|бюджет|Бюджетирование|бюджетирование|бюро дойче мессен|ВЭД|Все на отдых|Земля|земля под строительство|Задолжность|Застpойка|Дойче мессен|Дистрибуция|Цeнтp Paзвития Пpедпpинимaтeльcтва|Цeнтp Paзвития Пpедпpинимaтeльства|Цeнтp Paзвития Пpедпринимaтельствa|Цeнтр Pазвития Прeдпринимaтeльcтвa|Цeнтр Развития Пpедпpиниматeльcтва|Центp Pазвития Пpeдпринимательcтва|Центp Pазвития Пpедпpинимательcтва|Центр Pазвития Пpeдприниматeльствa|Центр повышeния квaлификации|Центр Рaзвития Пpедпpинимaтельcтвa|Центр Рaзвития Пpедпринимaтельствa|Центр Развития Прeдпpинимательствa|Кaникулы в Beнгpии|Кaрпaты. Отдых|Кoнcалтинговый Центр|Кoнсaлтингoвый Цeнтр|Кoнсaлтингoвый Центp|Кoнсaлтинговый Цeнтp|Кoнсалтингoвый Цeнтp|Коммерческая недвижимость|Конcaлтинговый Центp|Конференц-зал|Консaлтинговый Цeнтр|Консалтингoвый Центр|кредитной политикой|(Киев )?ДОЙЧЕ МЕССЕН|Киевское представительство|ЛЧБТФЙТЩ РЕТЕЕЪДЩ|Мeнеджмeнт|Менeджмент|Менеджмент|мПЗЙУФ|Нa пoльзу бизнесу|Нeдвижимоcть|недвижимость|Новый Гoд и Рождecтвo на Гуцульщине|Новый Год|Ноутбуки|Начальнику|Оpaтoрcкое иcкусcтво|Объединенный адвокатский офис|о защите прав потребителей|ООО|Отчетнoсть|Отчетность|Отдыx в Карпaтax|отдых|Отдых в Beнгpии|Пoexaли c нaми|Пoдъeм экономики|Пoдъем|Пoдъем экономики|Пoднимем эконoмику|Пoднимем экономику|Планування податкiв|Подъeм|Подъeм экoнoмики|Подъeм экoномики|Полиграфия|полиграфия|построение бр.нда|Прoдaжa|Презентации|Продaжа|Примiщення у Львовi|Приглашение|Практикум|Путeшecтвиe|Путешecтвиe в Beнгрию|Рaзвитие|Рaзвитие бизнесa|Реклама|Развитие бизнесa|Тeхникa речи|Тeхника речи|тБУРТПДБЦБ|Техника речи|торгово-развлекательный комплекс|Торговые Марки|Тренинг|Транспортная логистика|Туp-oпеpaтор|Туp-оператop|Турпутeвки|Таможня|УкрБизнесКонсалтинг|УкрБизнесКонсалтинг-2000|Украинские семинары|Умнoжим знaния|Умножим знaния|Умножим знания|управление персоналом|фТБОУРПТФ|хУМЕДХАЭЙНЙ|Инкотермс 2000|Инфopмациoнный pecурc|((информационное )?бюро )?дойче мессен|информационное бюро дойче мессен|Информационный реcурс|Юридическая Группа|Юрискунсульт|Юрист|эффективные переговоры|эффективная организация|ьЛУРПТФОП-ЙНРПТФОЩЕ ПРЕТБГЙЙ|Аpхив эффективного менеджмeнтa|Адвокатский офис|Актерское мастерство|Агенство рассылок|Свышe 400 стaтeй по HR-мeнеджменту|Свыше 400 стaтей по HR-мeнeджменту|Сдaть уcтный экзaмен|Сдать устный экзамeн|Семинар|семинар|Семинар в Праге|Семинар-тренинг|СОНАТА|Стaтьи для мeнeджeра)[\s\r\n]*</

meta		RealName_BListed_From_Subj	__RealName_BListed_From_Subj && __CUST_From_QP_Windows_1251
describe	RealName_BListed_From_Subj	Blacklisted real name from header From found in Subject header field (DSPAM autolearn)
score		RealName_BListed_From_Subj	0.1

meta		RealName_BListed_From_Subj_B	__RealName_BListed_From_Subj && __CUST_From_BASE64_windows_1251
describe	RealName_BListed_From_Subj_B	Blacklisted real name from From header found in Subject header field (DSPAM autolearn)
score		RealName_BListed_From_Subj_B	0.1

########################################

header		TO_SYMPATICO_CA			To =~ /^\s*\.\.\@sympatico\.ca$/
describe	TO_SYMPATICO_CA			Message to ..@sympatico.ca
score		TO_SYMPATICO_CA			4.0

header		TO_TUT_BY			To =~ /\@tut\.by/
describe	TO_TUT_BY			Message to @tut.by
score		TO_TUT_BY			1.0

########################################

header		RealName_From_infomail			From =~ /^\s*" *i *n *f *o *m *a *i *l *"/
describe	RealName_From_infomail			Message from "infomail" (DSPAM autolearn)
score		RealName_From_infomail			2.5

header		HIGH_INTERNETIONAL_BUSINESS_SCHOOL	From =~ /(Высшая Международная Школа Бизнеса в Киеве|ВЫСШАЯ МЕЖДУНАРОДНАЯ ШКОЛА БИЗНЕСА)/
describe	HIGH_INTERNETIONAL_BUSINESS_SCHOOL	From High International Business School (DSPAM autolearn)
score		HIGH_INTERNETIONAL_BUSINESS_SCHOOL	4.0
tflags		HIGH_INTERNETIONAL_BUSINESS_SCHOOL	mandatory_learn

header		FROM_ProMBB			From:raw =~ /^\s*"ProMBB" </
describe	FROM_ProMBB			Message from ProMBB (DSPAM autolearn), already read
score		FROM_ProMBB			2.5
tflags		FROM_ProMBB			mandatory_learn

header		FROM_Seminar_ua			From:raw =~ /^\s*"Seminar-ua" </
describe	FROM_Seminar_ua			Message from Seminar-ua (DSPAM autolearn)
score		FROM_Seminar_ua			2.5
tflags		FROM_Seminar_ua			mandatory_learn

header		__FROM_Seminar_B64CP1251	From =~ /^\s*"Seminar" </
meta		FROM_Seminar_B64CP1251		__FROM_Seminar_B64CP1251 && __CUST_From_BASE64_windows_1251_quote
describe	FROM_Seminar_B64CP1251		Message from Seminar
score		FROM_Seminar_B64CP1251		2.5

header		FROM_MAIL_RECLAMA_RU		From =~ /\@mail-reclama\.ru/
describe	FROM_MAIL_RECLAMA_RU		Message with mail-reclama.ru domain in header From (DSPAM autolearn)
score		FROM_MAIL_RECLAMA_RU		3.0

header		MAIDAN_ORG_UA_FROM		From =~ /<maidan\@maidan\.org\.ua>$/
describe	MAIDAN_ORG_UA_FROM		From <maidan@maidan.org.ua> (DSPAM autolearn)
score		MAIDAN_ORG_UA_FROM		4.0
tflags		MAIDAN_ORG_UA_FROM		mandatory_learn

header		ADMIN_XPORTAL_COM_UA_FROM	From =~ /^\s*admin\@xportal\.com\.ua$/
describe	ADMIN_XPORTAL_COM_UA_FROM	From admin@xportal.com.ua (DSPAM autolearn)
score		ADMIN_XPORTAL_COM_UA_FROM	4.0
tflags		ADMIN_XPORTAL_COM_UA_FROM	mandatory_learn

header		FROM_Seminar_vega_st_com	From:raw =~ /^\s*seminar\@vega-st\.com$/
describe	FROM_Seminar_vega_st_com	Message from seminar@vega-st.com
score		FROM_Seminar_vega_st_com	2.5

header		FROM_mail_fish_net_ua		From =~ /mail\@fish\.net\.ua/
describe	FROM_mail_fish_net_ua		e-mail from mail@fish.net.ua (DSPAM autolearn)
score		FROM_mail_fish_net_ua		3.5
tflags		FROM_mail_fish_net_ua		mandatory_learn

header		FROM_YAHOO_BESSIE		From =~ /bessie\..+\@yahoo\./
describe	FROM_YAHOO_BESSIE		Header From contains bessie in mailbox and yahoo in domain
score		FROM_YAHOO_BESSIE		2.0

header		FROM_SV_Development		From =~ /^\s*SV Development <daily-news\@svdevelopment\.com>$/
describe	FROM_SV_Development		From SV Development (DSPAM autolearn)
score		FROM_SV_Development		3.0
tflags		FROM_SV_Development		mandatory_learn

header		REPLY_TO_KAM_POD_UNIVER		Reply-To =~ /<info\@kitserver-4u\.org>/
describe	REPLY_TO_KAM_POD_UNIVER		Message from Kamenets-Podolsky National University (DSPAM autolearn), already read
score		REPLY_TO_KAM_POD_UNIVER		4.0
tflags		REPLY_TO_KAM_POD_UNIVER		mandatory_learn

header		FROM_computerra_net_ua		From =~ /<mail\@computerra\.net\.ua>/
describe	FROM_computerra_net_ua		From spam service mail@computerra.net.ua (DSPAM autolearn)
score		FROM_computerra_net_ua		5.0
tflags		FROM_computerra_net_ua		mandatory_learn

header		FROM_MESSAGE_FRO_YOU_LTD	From =~ /^\s*"ппп чБН рЙУШНП" </
describe	FROM_MESSAGE_FRO_YOU_LTD	From "Message for You, Ltd." (DSPAM autolearn), already read
score		FROM_MESSAGE_FRO_YOU_LTD	5.0
tflags		FROM_MESSAGE_FRO_YOU_LTD	mandatory_learn

header		FROM_WebInside			From =~ /^\s*"(WebInside|Dispatch|D\.L\.X)" </
describe	FROM_WebInside			From WebInside/Dispatch (DSPAM autolearn), already read
score		FROM_WebInside			5.0
tflags		FROM_WebInside			mandatory_learn

header		SENDER_WebInside		Sender =~ /^\s*"(WebInside|Dispatch|D\.L\.X)" </
describe	SENDER_WebInside		Sender WebInside/Dispatch (DSPAM autolearn), already read
score		SENDER_WebInside		5.0
tflags		SENDER_WebInside		mandatory_learn

header		FROM_DISPATCH			From =~ /<(dispatchx?|dispatch\d+|webinside)\@(meta\.ua|e-mail\.ua|gmail\.com)>$/
describe	FROM_DISPATCH			From WebInside/Dispatch (DSPAM autolearn), already read
score		FROM_DISPATCH			5.0
tflags		FROM_DISPATCH			mandatory_learn

header		FROM_SMSCENTRE			From =~ /^\s*<(sales|info)\@smscentre\.com\.ua>$/
describe	FROM_SMSCENTRE			Message from sales@smscentre.com.ua (DSPAM autolearn)
score		FROM_SMSCENTRE			4.0
tflags		FROM_SMSCENTRE			mandatory_learn

header		FROM_MIXPRINT			From =~ /^\s*<mixpintu\@mail\.ru>$/
describe	FROM_MIXPRINT			Message from mixpintu@mail.ru (DSPAM autolearn)
score		FROM_MIXPRINT			2.0
tflags		FROM_MIXPRINT			mandatory_learn

header		FROM_REGULARNEWSLETTER		From =~ /\@regularnewsletter\.com>$/
describe	FROM_REGULARNEWSLETTER		Message from regularnewsletter.com (DSPAM autolearn)
score		FROM_REGULARNEWSLETTER		4.0
tflags		FROM_REGULARNEWSLETTER		mandatory_learn

header		FROM_OEVEL			From =~ /\@oevel\.com>$/
describe	FROM_OEVEL			Message from oevel.com (DSPAM autolearn)
score		FROM_OEVEL			4.0
tflags		FROM_OEVEL			mandatory_learn

header		FROM_SITEDESIGNER		From =~ /info\@sitedesigner\.com\.ua>$/
describe	FROM_SITEDESIGNER		Message from info@sitedesigner.com.ua (DSPAM autolearn)
score		FROM_SITEDESIGNER		2.0
tflags		FROM_SITEDESIGNER		mandatory_learn

header		FROM_SPECTOVAR			From =~ /<spectovar\d+\@/
describe	FROM_SPECTOVAR			Message from spectovar (DSPAM autolearn)
score		FROM_SPECTOVAR			3.0
tflags		FROM_SPECTOVAR			mandatory_learn

########################################

#
# X-Mailer: WebMail_You can gain better health
# X-Mailer: WebMail_Heal for your woody!
# X-Mailer: WebMail_Your private video here
# X-Mailer: WebMail_Your reply needed
# X-Mailer: WebMail_Take her from above
# X-Mailer: WebMail_Support Obama, buying from us
# X-Mailer: WebMail_Your confirmation period has expired
#
header		X_MAILER_WEBMAIL_		X-Mailer =~ /^\s*WebMail_([A-Za-z]+(\s[A-Z]?[''a-z\d]+[,\%!]?)+[\.\?\!]?)?$/
describe	X_MAILER_WEBMAIL_		Suspicious X-Mailer (DSPAM autolearn), already read
score		X_MAILER_WEBMAIL_		4.5
#tflags		X_MAILER_WEBMAIL_		mandatory_learn

########################################

header		RECEIVED_mhXX_mobyhost_ru	Received =~ /mh\d\d\.mobyhost\.ru/
describe	RECEIVED_mhXX_mobyhost_ru	Received via mhXX.mobyhost.ru (DSPAM autolearn), already read
score		RECEIVED_mhXX_mobyhost_ru	4.0

header		RECEIVED_anvil_ukrnic_com	Received =~ /anvil\.ukrnic\.com/
describe	RECEIVED_anvil_ukrnic_com	Received via anvil.ukrnic.com (DSPAM autolearn), already read
score		RECEIVED_anvil_ukrnic_com	4.0

header		RECEIVED_server1_nwd_org_ua	Received =~ /server1\.nwd\.org\.ua/
describe	RECEIVED_server1_nwd_org_ua	Received via server1.nwd.org.ua (DSPAM autolearn), already read
score		RECEIVED_server1_nwd_org_ua	4.0

header		RECEIVED_mdp2_net		Received =~ /\.mdp2\.net/
describe	RECEIVED_mdp2_net		Received via .mdp2.net (DSPAM autolearn), already read
score		RECEIVED_mdp2_net		4.0

header		RECEIVED_albo_com_ua		Received =~ /albo\.com\.ua/
describe	RECEIVED_albo_com_ua		Received via albo.com.ua (DSPAM autolearn), already read
score		RECEIVED_albo_com_ua		3.0

header		RECEIVED_bizit_com_ua		Received =~ /bizit\.com\.ua/
describe	RECEIVED_bizit_com_ua		Received via bizit.com.ua (DSPAM autolearn), already read
score		RECEIVED_bizit_com_ua		3.0

header		RECEIVED_www_100mb_ru		Received =~ /www9\.100mb\.ru/
describe	RECEIVED_www_100mb_ru		Received via www9.100mb.ru (DSPAM autolearn), already read
score		RECEIVED_www_100mb_ru		3.0

header		RECEIVED_k9_kiev_ua		Received =~ /k9\.kiev\.ua/
describe	RECEIVED_k9_kiev_ua		Received via k9.kiev.ua (DSPAM autolearn), already read
score		RECEIVED_k9_kiev_ua		3.0

header		RECEIVED_server_p_host_biz	Received =~ /server\.p-host\.biz/
describe	RECEIVED_server_p_host_biz	Received via server.p-host.biz (DSPAM autolearn), already read
score		RECEIVED_server_p_host_biz	3.0

header		RECEIVED_defezeder_ru		Received =~ /defezeder\.ru/
describe	RECEIVED_defezeder_ru		Received via defezeder.ru (DSPAM autolearn), already read
score		RECEIVED_defezeder_ru		3.0

header		RECEIVED_e_postNN_km_ru		Received =~ /e-post\d\d\.km\.ru/
describe	RECEIVED_e_postNN_km_ru		Received via e-post03.km.ru/e-post06.km.ru (DSPAM autolearn), already read
score		RECEIVED_e_postNN_km_ru		3.0

header		RECEIVED_bitrixin_net		Received =~ /(gw|secure)\.bitrixin\.net/
describe	RECEIVED_bitrixin_net		Received via bitrixin.net (DSPAM autolearn), already read
score		RECEIVED_bitrixin_net		3.0

header		RECEIVED_89_111_164		Received =~ /89\.111\.164\./
describe	RECEIVED_89_111_164		Received via 89.111.164.0/24, already read
score		RECEIVED_89_111_164		3.0

header		RECEIVED_111_67_192		Received =~ /111\.67\.192\./
describe	RECEIVED_111_67_192		Received via 111.67.192.0/24, already read
score		RECEIVED_111_67_192		3.0

header		RECEIVED_111_67_198		Received =~ /111\.67\.198\./
describe	RECEIVED_111_67_198		Received via 111.67.198.0/24, already read
score		RECEIVED_111_67_198		3.0

header		RECEIVED_111_67_199		Received =~ /111\.67\.199\./
describe	RECEIVED_111_67_199		Received via 111.67.199.0/24, already read
score		RECEIVED_111_67_199		3.0

header		RECEIVED_119_18_200		Received =~ /119\.18\.200\./
describe	RECEIVED_119_18_200		Received via 119.18.200.0/24, already read
score		RECEIVED_119_18_200		3.0

header		RECEIVED_TELEMOST_DP_UA		Received =~ /mail\.telemost\.dp\.ua/
describe	RECEIVED_TELEMOST_DP_UA		Received via mail.telemost.dp.ua (DSPAM autolearn), already read
score		RECEIVED_TELEMOST_DP_UA		3.0

header		RECEIVED_SUSPICIOUS_HELO	Received =~ /(speedtouch\.lan|dsldevice\.lan)/
describe	RECEIVED_SUSPICIOUS_HELO	Suspicious HELO in header Received (DSPAM autolearn), already read
score		RECEIVED_SUSPICIOUS_HELO	3.0

########################################

header		SCRIPT_PATH_SPAM_SERVICE	ScriptPath =~ /^\s*(gino-arte\.net\/nodele\.te\.php)/
describe	SCRIPT_PATH_SPAM_SERVICE	Spam mailing service
score		SCRIPT_PATH_SPAM_SERVICE	2.0

########################################


header		X_PHP_SCRIPTS_SPAM_SERVICE	X-PHP-Script =~ /^\s*(mail\.zdravstvuy-derevo\.od\.ua\/send_mail\.php|gia\.com\.ua\/admin\/adm_distrib\.php|dumansal.net\/salitibecs\.php|phpfusion.nl\/images\/photoalbum\/submissions\/uyolop\.php|biz-send\.com\/para8ut04\.php|bricocook\.com\/images\/view\.php|impl\.com\.np\/salitibecs\.php|lfwinvest\.com\.br\/hos\.ing\.php|mail5\.freehost\.com\.ua\/rc\/index\.php|orange-tour\.com\.ua\/admin\/modules\/spam\/admin_spam\.php|partsportal\.com\.ua\/index\.php|siteniyaptir\.com\/salitibecs\.php|www\.forum\.smsmes\.com\/DSoOsIyEiY\.php|www\.linkmanagementonline\.info\/SYSTEMANGBULOK\/mailer\.php)/
describe	X_PHP_SCRIPTS_SPAM_SERVICE	Spam mailing service
score		X_PHP_SCRIPTS_SPAM_SERVICE	2.0

header		SHIP_LETTER_ORG_UA		X-PHP-Script =~ /^\s*ship-letter\.org\.ua/
describe	SHIP_LETTER_ORG_UA		Message sent by ship-letter.org.ua (DSPAM autolearn)
score		SHIP_LETTER_ORG_UA		5.0
tflags		SHIP_LETTER_ORG_UA		mandatory_learn

header		__BRICOCOOK_COM_X_PHP_Script	X-PHP-Script =~ /^\s*bricocook\.com\/images\/view\.php for \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
meta		BRICOCOOK_COM_X_PHP_Script	__BRICOCOOK_COM_X_PHP_Script && __X_Mailer_Thunderbird
describe	BRICOCOOK_COM_X_PHP_Script	Mail from X-PHP-Script bricocook.com/images/view.php
score		BRICOCOOK_COM_X_PHP_Script	2.0
tflags		BRICOCOOK_COM_X_PHP_Script	mandatory_learn

########################################

header		__CHINA_Subject			Subject =~ /^\s*CHINA: /
meta		CHINA_Subject			__CHINA_Subject && __CUST_Subject_BASE64_Windows_1251
describe	CHINA_Subject			Subject begins with "CHINA: " (DSPAM autolearn)
score		CHINA_Subject			4.0
tflags		CHINA_Subject			mandatory_learn

header		SUBJECT_UK_MedHelp		Subject =~ /^\s*(RE: )?(MedHelp|UK MedHelp|Usa MedHelp|USA MensHealth|UK MensHealth Discount|USA MedHelp) (ID)?\d+$/
describe	SUBJECT_UK_MedHelp		Message about UK MedHelp (DSPAM autolearn), already read
score		SUBJECT_UK_MedHelp		2.0
tflags		SUBJECT_UK_MedHelp		mandatory_learn

header		SUBJECT_OFF_on_PFIZER		Subject =~ /^\s*(RE: )?(\S+\s+\d+\% OFF on (PFIZER!|Pfizer)|Pfizer \d+\% OFF)$/
describe	SUBJECT_OFF_on_PFIZER		Message about Pfizer (DSPAM autolearn), already read
score		SUBJECT_OFF_on_PFIZER		2.0
tflags		SUBJECT_OFF_on_PFIZER		mandatory_learn

header		SUBJECT_Best_Sales_2010		Subject =~ /^\s*Best Sales 20\d\d!$/
describe	SUBJECT_Best_Sales_2010		Message from Doctor (DSPAM autolearn), already read
score		SUBJECT_Best_Sales_2010		2.0
tflags		SUBJECT_Best_Sales_2010		mandatory_learn

header		SUBJECT_Claim_Your_Prize	Subject =~ /^\s*Claim Your Prize!!!$/
describe	SUBJECT_Claim_Your_Prize	Message "Claim Your Prize!!!" (DSPAM autolearn), already read
score		SUBJECT_Claim_Your_Prize	4.0
tflags		SUBJECT_Claim_Your_Prize	mandatory_learn

header		SUBJECT_For_RCPT_Sale_ID	Subject =~ /^\s*For \S+ (Sale|VIP) ID \d+$/
describe	SUBJECT_For_RCPT_Sale_ID	Message For RCPT Sale ID NNNNN (DSPAM autolearn), already read
score		SUBJECT_For_RCPT_Sale_ID	2.0
tflags		SUBJECT_For_RCPT_Sale_ID	mandatory_learn

header		SUBJECT_Striptease_desktop	Subject =~ /^\s*уФТЙРФЙЪ ОБ ТБВПЮЕН УФПМЕ$/
describe	SUBJECT_Striptease_desktop	Message about Striptease on the working desktop (DSPAM autolearn), already read
score		SUBJECT_Striptease_desktop	2.0
tflags		SUBJECT_Striptease_desktop	mandatory_learn

header		SUBJECT_RENT_OFFICE		Subject =~ /^\s*(Снимем офис в Киеве \(центр\)|РЎРЅРёРјРµРј РѕС„РёСЃ РІ РљРёРµРІРµ \(С†РµРЅС‚СЂ\))$/
describe	SUBJECT_RENT_OFFICE		Message about rent of the office in Kiev (DSPAM autolearn), already read
score		SUBJECT_RENT_OFFICE		2.0
tflags		SUBJECT_RENT_OFFICE		mandatory_learn

header		SUBJECT_CeBit_2010		Subject =~ /^\s*(CeBit 2010 - приглашение на выставку|CeBit 2010 - РїСЂРёРіР»Р°С€РµРЅРёРµ|CeBit 2010 - РїСЂРёРіР»Р°С€РµРЅРёРµ РЅР° РІС‹СЃС‚Р°РІРєСѓ)$/
describe	SUBJECT_CeBit_2010		Message about CeBit 2010, already read
score		SUBJECT_CeBit_2010		2.0

meta		SUBJECT_CeBit_2010_DSPAM	SUBJECT_CeBit_2010 && DSPAM_CHECK_00_01
describe	SUBJECT_CeBit_2010_DSPAM	DSPAM compensation for SUBJECT_CeBit_2010
score		SUBJECT_CeBit_2010_DSPAM	3.5

header		SUBJECT_DO_YOU_REMEMBER_ME	Subject =~ /^\s*рПНОЙЫШ НЕОС\? ;\)\)$/
describe	SUBJECT_DO_YOU_REMEMBER_ME	Message from Lenochka, already read
score		SUBJECT_DO_YOU_REMEMBER_ME	2.0

header		__SUBJECT_REGISTRATION		Subject =~ /^\s*(°Регистрация°|В°Р РµРіРёСЃС‚СЂР°С†РёСЏВ°)/
meta		SUBJECT_REGISTRATION		__SUBJECT_REGISTRATION && !SUBJECT_TRADEMARK_REGISTRATION
describe	SUBJECT_REGISTRATION		Message about Trademark registration, already read
score		SUBJECT_REGISTRATION		2.0

header		SUBJECT_TRADEMARK_REGISTRATION	Subject =~ /^\s*(°Регистрация° торговых марок|В°Р РµРіРёСЃС‚СЂР°С†РёСЏВ° С‚РѕСЂРіРѕРІС‹С… РјР°СЂРѕРє)/
describe	SUBJECT_TRADEMARK_REGISTRATION	Message about Trademark registration, already read
score		SUBJECT_TRADEMARK_REGISTRATION	4.0

header		ORG_CONF_YULA_UA		Organization =~ /^\s*лПОЖЕТЕОГЙС "тЕЛМБНБ Ч йОФЕТОЕФЕ"$/
describe	ORG_CONF_YULA_UA		Header Organization blacklisted
score		ORG_CONF_YULA_UA		3.0

header		X_MAILER_WWW_WEB2LIFE_DE	X-Mailer =~ /^\s*Mail sent with Web2Life-Newsletter v1\.1\.5 -- www\.Web2Life\.de$/
describe	X_MAILER_WWW_WEB2LIFE_DE	Business Guide Registration 2009/2010
score		X_MAILER_WWW_WEB2LIFE_DE	3.0

header		BUSGUIDE_REGISTRATION		Reply-To =~ /^\s*register\@wbg2day\.com$/
describe	BUSGUIDE_REGISTRATION		Business Guide Registration 2009/2010
score		BUSGUIDE_REGISTRATION		3.0

header		HEADER_TO_YET_ANOTHER_ROW	To =~ /<еще строка>/
describe	HEADER_TO_YET_ANOTHER_ROW	Very stratnge spammer's mistake
score		HEADER_TO_YET_ANOTHER_ROW	3.0

header		HEADER_TO_USER			To =~ /^\s*User$/
describe	HEADER_TO_USER			Suspicious heaer To (DSPAM autolearn)
score		HEADER_TO_USER			4.0
tflags		HEADER_TO_USER			mandatory_learn

header		FROM_Freshfile_Net		From =~ /^\s*Freshfile\.Net <no-reply\@freshfile\.net>$/
describe	FROM_Freshfile_Net		Message from Freshfile.Net
score		FROM_Freshfile_Net		2.0

header		HEADER_CT_MIME_VER		Content-Type:raw =~ /^\s*text\/html; charset=iso-8859-1 MIME-Version: 1\.0 $/
describe	HEADER_CT_MIME_VER		Stupid mistake in header Content-Type (DSPAM autolearn)
score		HEADER_CT_MIME_VER		5.0
tflags		HEADER_CT_MIME_VER		mandatory_learn

header		MYPERSONAL_FROM_MAILRU		X-Collect-Stat =~ /^\s*87686$/
describe	MYPERSONAL_FROM_MAILRU		Message from promotion@mypersonal.com.ua thru mailer@sender5.mail.ru
score		MYPERSONAL_FROM_MAILRU		2.2