# # 2007-2013 Victor Ustugov # # для проверки полей заголовков с учетом регистра названия поля нужен патч: # http://mta.org.ua/spamassassin-3.2.0/patches/3.2.0/patch-src::MultiCaseSensHeadersCheck-3.2.0.patch # ###################################################################### meta CT_8BIT_CTE_7BIT_MWM CT_8BIT_CTE_7BIT && __CUST_X_Mailer_MWM describe CT_8BIT_CTE_7BIT_MWM 8-bit header Content-Type found with 7-bit header Content-Transfer-Encoding in message from OE 6.x (DSPAM autolearn) score CT_8BIT_CTE_7BIT_MWM 2.2 meta CT_8BIT_CTE_7BIT_MWM_DSPAM_00_01 CT_8BIT_CTE_7BIT_MWM && DSPAM_CHECK_00_01 describe CT_8BIT_CTE_7BIT_MWM_DSPAM_00_01 CT_8BIT_CTE_7BIT DSPAM compensation score CT_8BIT_CTE_7BIT_MWM_DSPAM_00_01 3.5 ###################################################################### header __FORGED_MUA_MWM_CHARSET_SUBJECT Subject:raw =~ /^[\s\r\n]*(\*\*\*\*\*SPAM\*\*\*\*\*|Spam:|\[(SPAM|Spam|spam)\] |\*S\*P\*A\*M\* |\{(SPAM|Spam|spam)\??\}|\[!! SPAM\]|\[SPAM PROBABLE\]:?|\[SUSPECTED SPAM\]|Suspected Spam:|\**May be Spam\**|\**(POSSIBLE )?SPAM\**|\[Spam Probability=\d+\]|X-IMail-SPAM-Premium|X-IMail-SPAM-Connection|!! SPAM Suspect : SPAM-Statistic !!)?[\s\r\n]*(((Re|RE|re)(\[\d+\])?|Fw|Fwd):|\[Re:\d+\])?\s*=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_SUBJECT __CUST_X_Mailer_MWM && __FORGED_MUA_MWM_CHARSET_SUBJECT describe FORGED_MUA_OE_CHARSET_SUBJECT Forged MUA Microsoft Windows Mail (charset with capital in beginning of header Subject) score FORGED_MUA_OE_CHARSET_SUBJECT 1.0 header __FORGED_MUA_MWM_CHARSET_FROM From:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_FROM __CUST_X_Mailer_MWM && __FORGED_MUA_MWM_CHARSET_FROM describe FORGED_MUA_OE_CHARSET_FROM Forged MUA Microsoft Windows Mail (charset with capital in beginning of header From) score FORGED_MUA_OE_CHARSET_FROM 1.0 header __FORGED_MUA_MWM_CHARSET_REPLY_TO Reply-To:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_REPLY_TO __CUST_X_Mailer_MWM && __FORGED_MUA_MWM_CHARSET_REPLY_TO describe FORGED_MUA_OE_CHARSET_REPLY_TO Forged MUA Microsoft Windows Mail (charset with capital in beginning of header Reply-To) score FORGED_MUA_OE_CHARSET_REPLY_TO 1.0 header __FORGED_MUA_MWM_CHARSET_TO To:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_TO __CUST_X_Mailer_MWM && __FORGED_MUA_MWM_CHARSET_TO describe FORGED_MUA_OE_CHARSET_TO Forged MUA Microsoft Windows Mail (charset with capital in beginning of header To) score FORGED_MUA_OE_CHARSET_TO 1.0 header __FORGED_MUA_MWM_CHARSET_CC Cc:raw =~ /^[\s\r\n]*"?=\?(Windows|WINDOWS|Koi|KOI)/ meta FORGED_MUA_OE_CHARSET_CC __CUST_X_Mailer_MWM && __FORGED_MUA_MWM_CHARSET_CC describe FORGED_MUA_OE_CHARSET_CC Forged MUA Microsoft Windows Mail (charset with capital in beginning of header Cc) score FORGED_MUA_OE_CHARSET_CC 1.0 ###################################################################### meta FORGED_MUA_OE_FROM_WOUT_QUOTE __CUST_X_Mailer_MWM && !__CUST_FROM_EMPTY && __HEADER_FROM_WITHOUT_QUOTES && !__HEADER_FROM_ENCODED && !__MAILMAN describe FORGED_MUA_OE_FROM_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header From) score FORGED_MUA_OE_FROM_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_FROM !__CUST_FROM_EMPTY && !__FROM_QUOTA_OR_ANGLE_BRACKET && !__HEADER_FROM_WITHOUT_QUOTES && __CUST_X_Mailer_MWM describe FORGED_MUA_OE_FROM Forged MUA Microsoft Windows Mail (header From does not contains double quote and angle bracket) score FORGED_MUA_OE_FROM 2.0 meta FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE __CUST_X_Mailer_MWM && !__CUST_REPLY_TO_EMPTY && __HEADER_REPLY_TO_WITHOUT_QUOTES && !__HEADER_REPLY_TO_ENCODED && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header Reply-To) score FORGED_MUA_OE_REPLY_TO_WOUT_QUOTE 0.5 meta FORGED_MUA_OE_REPLY_TO !__CUST_REPLY_TO_EMPTY && !__REPLY_TO_QUOTA_OR_ANGLE_BRACKET && !__HEADER_REPLY_TO_WITHOUT_QUOTES && __CUST_X_Mailer_MWM && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_REPLY_TO Forged MUA Microsoft Windows Mail (header Reply-To does not contains double quote and angle bracket) score FORGED_MUA_OE_REPLY_TO 2.0 meta FORGED_MUA_OE_TO_WOUT_QUOTE __CUST_X_Mailer_MWM && !__CUST_TO_EMPTY && __HEADER_TO_WITHOUT_QUOTES && !__HEADER_TO_ENCODED && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_TO_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header To) score FORGED_MUA_OE_TO_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_TO __TO_HAS_ADDR && !__CUST_TO_EMPTY && !__TO_QUOTA_OR_ANGLE_BRACKET && !__HEADER_TO_WITHOUT_QUOTES && __CUST_X_Mailer_MWM && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_TO Forged MUA Microsoft Windows Mail (header To does not contains double quote and angle bracket) score FORGED_MUA_OE_TO 2.0 meta FORGED_MUA_OE_CC_WOUT_QUOTE __CUST_X_Mailer_MWM && !__CUST_CC_EMPTY && __HEADER_CC_WITHOUT_QUOTES && !__HEADER_CC_ENCODED && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_CC_WOUT_QUOTE Forged MUA Microsoft Windows Mail (there aren't double quotes in header Cc) score FORGED_MUA_OE_CC_WOUT_QUOTE 2.0 meta FORGED_MUA_OE_CC !__CUST_CC_EMPTY && !__CC_QUOTA_OR_ANGLE_BRACKET && !__HEADER_CC_WITHOUT_QUOTES && __CUST_X_Mailer_MWM && __CUST_List_Id_EMPTY && __CUST_List_Post_EMPTY && !__Mailing_List_Server describe FORGED_MUA_OE_CC Forged MUA Microsoft Windows Mail (header Cc does not contains double quote and angle bracket) score FORGED_MUA_OE_CC 2.0 ###################################################################### header __MWM_6_0_6000_Message_ID Message-ID:case =~ /^\s*<[A-F\d]{32}\@\S+>$/ meta FORGED_MUA_MWM_Message_ID __CUST_X_Mailer_MWM_6_0_6000_16xxx && !__MWM_6_0_6000_Message_ID && !__MAILMAN && !__UNUSABLE_MSGID describe FORGED_MUA_MWM_Message_ID Forged MUA Microsoft Windows Mail score FORGED_MUA_MWM_Message_ID 2.5 meta FORGED_MUA_MWM_MSGID_IP __CUST_X_MimeOLE_X_Mailer_MWM && __CUST_Message_ID_domain_IP describe FORGED_MUA_MWM_MSGID_IP IP address found in domain part of header Message-ID score FORGED_MUA_MWM_MSGID_IP 3.5 ###################################################################### header __FORGED_MUA_MWM_X_Mailer_CT ALL =~ /(?is)^(.*\r?\n)*X-Mailer:\s*Microsoft Windows Mail.*?\r?\nContent-Type:/ meta FORGED_MUA_MWM_X_Mailer_CT __FORGED_MUA_MWM_X_Mailer_CT && !MAILLIST_RU && __CUST_List_Id_EMPTY describe FORGED_MUA_MWM_X_Mailer_CT Forged MUA Microsoft Windows Mail (X-Mailer and Content-Type) score FORGED_MUA_MWM_X_Mailer_CT 3.5 meta FORGED_MUA_MWM_boundary __CUST_Content_Type_multipart && __CUST_X_Mailer_MWM && !__CUST_Content_Type_multipart_OE_boundary describe FORGED_MUA_MWM_boundary Forged MUA Microsoft Windows Mail score FORGED_MUA_MWM_boundary 3.5