# # 2003-2006 Victor Ustugov # # Redefine some scores # #header RCVD_IN_DSBL eval:check_rbl_txt('dsbl-notfirsthop', 'list.dsbl.org.', '(?i:dsbl)') #describe RCVD_IN_DSBL Received via a relay in list.dsbl.org #score RCVD_IN_DSBL 0.0 2.574 0.0 4.295 score RCVD_IN_DSBL 0.0 1.930 0.0 3.221 ifplugin Mail::SpamAssassin::Plugin::Pyzor #full PYZOR_CHECK eval:check_pyzor() #describe PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) #score PYZOR_CHECK 0 2.834 0 3.700 score PYZOR_CHECK 0.0 endif #meta MISSING_MIMEOLE (__HAS_MSMAIL_PRI && !__HAS_MIMEOLE && !__HAS_SQUIRRELMAIL_IN_MAILER) #describe MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE #score MISSING_MIMEOLE 0.068 0 0 0.012 score MISSING_MIMEOLE 1.0 1.0 1.0 1.0 #header SUBJ_HAS_UNIQ_ID eval:check_for_unique_subject_id() #describe SUBJ_HAS_UNIQ_ID Subject contains a unique ID #score SUBJ_HAS_UNIQ_ID 0.895 0 1.387 0.190 score SUBJ_HAS_UNIQ_ID 1.0 #meta SUBJECT_EXCESS_QP __SUBJECT_ENCODED_QP && !__SUBJECT_NEEDS_MIME #describe SUBJECT_EXCESS_QP Subject: quoted-printable encoded unnecessarily #score SUBJECT_EXCESS_QP 0 score SUBJECT_EXCESS_QP 1.5 #meta SUBJECT_EXCESS_BASE64 __SUBJECT_ENCODED_B64 && !__SUBJECT_NEEDS_MIME #describe SUBJECT_EXCESS_BASE64 Subject: base64 encoded encoded unnecessarily #score SUBJECT_EXCESS_BASE64 0.782 0 1.689 0.449 score SUBJECT_EXCESS_BASE64 1.7 #meta FROM_EXCESS_QP __FROM_ENCODED_QP && !__FROM_NEEDS_MIME #describe FROM_EXCESS_QP From: quoted-printable encoded unnecessarily #score FROM_EXCESS_QP 0 score FROM_EXCESS_QP 1.0 #meta FROM_EXCESS_BASE64 __FROM_ENCODED_B64 && !__FROM_NEEDS_MIME #describe FROM_EXCESS_BASE64 From: base64 encoded unnecessarily #score FROM_EXCESS_BASE64 0.647 1.052 1.190 1.309 score FROM_EXCESS_BASE64 1.2 #header SUBJECT_ENCODED_TWICE Subject:raw =~ /=\?\S+\?[BQ]\?.*=\?\S+\?[BQ]\?/i #describe SUBJECT_ENCODED_TWICE Subject: MIME encoded twice #score SUBJECT_ENCODED_TWICE 0.888 1.543 1.293 1.723 score SUBJECT_ENCODED_TWICE 0.01 #meta MSGID_FROM_MTA_HEADER (__MSGID_BEFORE_RECEIVED && !__MSGID_BEFORE_OKAY) #describe MSGID_FROM_MTA_HEADER Message-Id was added by a relay #score MSGID_FROM_MTA_HEADER 0 0 0.274 0 score MSGID_FROM_MTA_HEADER 1.0 #header __TOCC_EXISTS exists:ToCc #meta TO_CC_NONE !__TOCC_EXISTS #describe TO_CC_NONE No To: or Cc: header #score TO_CC_NONE 0.139 0.134 0.123 0.131 score TO_CC_NONE 1.0 ##header RCVD_IN_BSP_TRUSTED eval:check_rbl_txt('bsp-firsttrusted', 'sa-trusted.bondedsender.org.', '(?i:bonded)') #describe RCVD_IN_BSP_TRUSTED Sender is in Bonded Sender Program (trusted relay) #tflags RCVD_IN_BSP_TRUSTED net nice ##reuse RCVD_IN_BSP_TRUSTED #header RCVD_IN_BSP_OTHER eval:check_rbl_txt('bsp-untrusted', 'sa-other.bondedsender.org.', '(?i:bonded)') #describe RCVD_IN_BSP_OTHER Sender is in Bonded Sender Program (other relay) #tflags RCVD_IN_BSP_OTHER net nice ##reuse RCVD_IN_BSP_OTHER ## Bonded Sender: http://www.bondedsender.com/ #score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 #score RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 score RCVD_IN_BSP_TRUSTED 0 -1.3 0 -1.3 #header X_LIBRARY exists:X-Library #describe X_LIBRARY Message has X-Library header #score X_LIBRARY 1.920 1.920 2.220 2.400 score X_LIBRARY 1.0 1.0 1.0 1.0 #body HTML_FONT_BIG eval:html_test('big_font') #describe HTML_FONT_BIG HTML tag for a big font size #score HTML_FONT_BIG 0 0.256 0 0 score HTML_FONT_BIG 0.01 0.256 0.01 0.01 #body HTML_FONT_INVISIBLE eval:html_test('font_invisible') #describe HTML_FONT_INVISIBLE HTML font color is same as background #score HTML_FONT_INVISIBLE 0 score HTML_FONT_INVISIBLE 0.01 ## HTML shouting range ## should really be converted into a numeric function test #body HTML_SHOUTING3 eval:html_range('max_shouting','2','3') #body HTML_SHOUTING4 eval:html_range('max_shouting','3','4') #body HTML_SHOUTING5 eval:html_range('max_shouting','4','5') #body HTML_SHOUTING6 eval:html_range('max_shouting','5','6') #body HTML_SHOUTING7 eval:html_range('max_shouting','6','7') #describe HTML_SHOUTING3 HTML has very strong "shouting" markup #describe HTML_SHOUTING4 HTML has very strong "shouting" markup #describe HTML_SHOUTING5 HTML has very strong "shouting" markup #describe HTML_SHOUTING6 HTML has very strong "shouting" markup #describe HTML_SHOUTING7 HTML has very strong "shouting" markup #score HTML_SHOUTING3 0 0 0.198 0 #score HTML_SHOUTING4 0 0 0.215 0 #score HTML_SHOUTING5 0.827 0.169 1.133 0 #score HTML_SHOUTING6 0 #score HTML_SHOUTING7 0 0.121 0 0.118 score HTML_SHOUTING3 0.01 0.01 0.198 0.01 score HTML_SHOUTING4 0.01 0.01 0.215 0.01 score HTML_SHOUTING5 0.827 0.169 1.133 0.01 score HTML_SHOUTING6 0.01 score HTML_SHOUTING7 0.01 0.121 0.01 0.118 ## multipart/alternative has very good accuracy, other multipart types are ## similar to MIME_HTML_ONLY so they don't need a separate rule #header __CTYPE_MULTIPART_ALT Content-Type =~ /multipart\/alternative/i #meta MIME_HTML_ONLY_MULTI (__CTYPE_MULTIPART_ALT && MIME_HTML_ONLY) #describe MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts #score MIME_HTML_ONLY_MULTI 0 score MIME_HTML_ONLY_MULTI 0.01 #header __CD exists:Content-Disposition #header __CT exists:Content-Type #header __CTE exists:Content-Transfer-Encoding #header __MIME_VERSION exists:MIME-Version #header __CT_TEXT_PLAIN Content-Type =~ /^text\/plain\b/i #meta MIME_HEADER_CTYPE_ONLY (!__CD && !__CTE && __CT && !__MIME_VERSION && !__CT_TEXT_PLAIN) #describe MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers #score MIME_HEADER_CTYPE_ONLY 0 0 0.182 0 score MIME_HEADER_CTYPE_ONLY 0.01 0.01 0.182 0.01 ## note: the first alternation is anchored for speed #header TO_MALFORMED To !~ /(?:^|[^\S"])(?:(?:\"[^\"]+\"|\S+)\@\S+\.\S+|^\s*.+:\s*;|^\s*\"[^\"]+\":\s*;|^\s*\([^\)]*\)\s*$|<\S+(?:\!\S+){1,}>|^\s*$)/ [if-unset: unset@unset.unset] #describe TO_MALFORMED To: has a malformed address #score TO_MALFORMED 0 score TO_MALFORMED 0.01