# # 2007, 2008 Victor Ustugov # # для проверки полей заголовков с учетом регистра названия поля нужен патч: # http://mta.org.ua/spamassassin-3.2.0/patches/3.2.0/patch-src::MultiCaseSensHeadersCheck-3.2.0.patch # header __FORGED_MUA_MWM_CHARSET_SUBJECT Subject:raw =~ /^[\s\r\n]*(\*\*\*\*\*SPAM\*\*\*\*\*|Spam:|\[(SPAM|Spam|spam)\] |\*S\*P\*A\*M\* |\{(SPAM|Spam|spam)\??\}|\[!! SPAM\]|\[SPAM PROBABLE\]:?|\[SUSPECTED SPAM\]|Suspected Spam:|\**May be Spam\**|\**(POSSIBLE )?SPAM\**|\[Spam Probability=\d+\]|X-IMail-SPAM-Premium|X-IMail-SPAM-Connection|!! SPAM Suspect : SPAM-Statistic !!)?[\s\r\n]*(((Re|RE|re)(\[\d+\])?|Fw|Fwd):|\[Re:\d+\])?\s*=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_SUBJECT __CUST_X_Mailer_OE && __FORGED_MUA_MWM_CHARSET_SUBJECT describe FORGED_MUA_OE_CHARSET_SUBJECT Forged MUA Microsoft Windows Mail (charset with capital in beginning of header Subject) score FORGED_MUA_OE_CHARSET_SUBJECT 1.0 header __FORGED_MUA_MWM_CHARSET_FROM From:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_FROM __CUST_X_Mailer_OE && __FORGED_MUA_MWM_CHARSET_FROM describe FORGED_MUA_OE_CHARSET_FROM Forged MUA Microsoft Windows Mail (charset with capital in beginning of header From) score FORGED_MUA_OE_CHARSET_FROM 1.0 header __FORGED_MUA_MWM_CHARSET_REPLY_TO Reply-To:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_REPLY_TO __CUST_X_Mailer_OE && __FORGED_MUA_MWM_CHARSET_REPLY_TO describe FORGED_MUA_OE_CHARSET_REPLY_TO Forged MUA Microsoft Windows Mail (charset with capital in beginning of header Reply-To) score FORGED_MUA_OE_CHARSET_REPLY_TO 1.0 header __FORGED_MUA_MWM_CHARSET_TO To:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_TO __CUST_X_Mailer_OE && __FORGED_MUA_MWM_CHARSET_TO describe FORGED_MUA_OE_CHARSET_TO Forged MUA Microsoft Windows Mail (charset with capital in beginning of header To) score FORGED_MUA_OE_CHARSET_TO 1.0 header __FORGED_MUA_MWM_CHARSET_CC Cc:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_CC __CUST_X_Mailer_OE && __FORGED_MUA_MWM_CHARSET_CC describe FORGED_MUA_OE_CHARSET_CC Forged MUA Microsoft Windows Mail (charset with capital in beginning of header Cc) score FORGED_MUA_OE_CHARSET_CC 1.0 ###################################################################### meta FORGED_MUA_OE_FROM_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_FROM_EMPTY && __HEADER_FROM_WITHOUT_QUOTES && !__HEADER_FROM_ENCODED describe FORGED_MUA_OE_FROM_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header From) score FORGED_MUA_OE_FROM_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_FROM !__CUST_FROM_EMPTY && !__FROM_QUOTA_OR_ANGLE_BRACKET && !__HEADER_FROM_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) describe FORGED_MUA_OE_FROM Forged MUA Microsoft Windows Mail (header From does not contains double quote and angle bracket) score FORGED_MUA_OE_FROM 2.0 meta FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_REPLY_TO_EMPTY && __HEADER_REPLY_TO_WITHOUT_QUOTES && !__HEADER_REPLY_TO_ENCODED && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header Reply-To) score FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE 0.5 meta FORGED_MUA_OE_REPLY_TO !__CUST_REPLY_TO_EMPTY && !__REPLY_TO_QUOTA_OR_ANGLE_BRACKET && !__HEADER_REPLY_TO_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_REPLY_TO Forged MUA Microsoft Windows Mail (header Reply-To does not contains double quote and angle bracket) score FORGED_MUA_OE_REPLY_TO 2.0 meta FORGED_MUA_OE_TO_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_TO_EMPTY && __HEADER_TO_WITHOUT_QUOTES && !__HEADER_TO_ENCODED && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_TO_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header To) score FORGED_MUA_OE_TO_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_TO __TO_HAS_ADDR && !__CUST_TO_EMPTY && !__TO_QUOTA_OR_ANGLE_BRACKET && !__HEADER_TO_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_TO Forged MUA Microsoft Windows Mail (header To does not contains double quote and angle bracket) score FORGED_MUA_OE_TO 2.0 meta FORGED_MUA_OE_CC_WOUT_QUOTE __CUST_X_Mailer_OE && !__CUST_CC_EMPTY && __HEADER_CC_WITHOUT_QUOTES && !__HEADER_CC_ENCODED && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_CC_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header Cc) score FORGED_MUA_OE_CC_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_CC !__CUST_CC_EMPTY && !__CC_QUOTA_OR_ANGLE_BRACKET && !__HEADER_CC_WITHOUT_QUOTES && (__CUST_X_Mailer_OE_600 || __CUST_X_Mailer_OE_550) && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_CC Forged MUA Microsoft Windows Mail (header Cc does not contains double quote and angle bracket) score FORGED_MUA_OE_CC 2.0 ###################################################################### header __MWM_6_0_6000_Message_ID Message-ID:case =~ /^\s*<[A-F\d]{32}\@\S+>$/ meta FORGED_MUA_MWM_Message_ID __CUST_X_Mailer_MWM_6_0_6000_16xxx && !__MWM_6_0_6000_Message_ID describe FORGED_MUA_MWM_Message_ID Forged MUA Microsoft Windows Mail score FORGED_MUA_MWM_Message_ID 2.5 ###################################################################### header __FORGED_MUA_MWM_X_Mailer_CT ALL =~ /(?is)^(.*\r?\n)*X-Mailer:\s*Microsoft Windows Mail.*?\r?\nContent-Type:/ meta FORGED_MUA_MWM_X_Mailer_CT __FORGED_MUA_MWM_X_Mailer_CT && !MAILLIST_RU && __CUST_List_Id_EMPTY describe FORGED_MUA_MWM_X_Mailer_CT Forged MUA Microsoft Windows Mail (X-Mailer and Content-Type) score FORGED_MUA_MWM_X_Mailer_CT 3.5 meta FORGED_MUA_MWM_boundary __CUST_Content_Type_multipart && __CUST_X_Mailer_MWM && !__CUST_Content_Type_multipart_OE_boundary describe FORGED_MUA_MWM_boundary Forged MUA Microsoft Windows Mail score FORGED_MUA_MWM_boundary 3.5