#
# 2007 Victor Ustugov <victor+spamassasin@corvax.kiev.ua>
#

#
# www.postcard.ru
#

# для проверки комбинаций полей заголовка нужен патч:
# http://mta.org.ua/spamassassin-3.2.0/patches/3.2.0/patch-src::MultiCaseSensHeadersCheck-3.2.0.patch

#
# корректные заголовки писем сервиса postcard.ru
#
# Received: from hillary.hit.ru (localhost [127.0.0.1])
#     by hillary.hit.ru (8.13.4/8.13.4) with ESMTP id l9O9oumo063108
#     for <spamtrap@corvax.falbi.kiev.ua>; Wed, 24 Oct 2007 13:50:56 +0400 (MSD)
#     (envelope-from www@hillary.hit.ru)
# Received: (from www@localhost)
#     by hillary.hit.ru (8.13.4/8.13.4/Submit) id l9O9oumO063105;
#     Wed, 24 Oct 2007 13:50:56 +0400 (MSD)
#     (envelope-from www)
# Date: Wed, 24 Oct 2007 13:50:56 +0400 (MSD)
# Message-Id: <200710240950.l9O9oumO063105@hillary.hit.ru>
# Reply-To: spam-ua@sget.kaspersky.com
# Errors-To: spam-ua@sget.kaspersky.com
# From: POSTCARD Service <www@postcard.ru>
# To: spamtrap@corvax.falbi.kiev.ua
# Subject: =?windows-1251?B?wuDsIO7y7/Dg4uvl7eAg7vLq8Pvy6uAg8SBwb3N0Y2FyZC5ydSE=?=
# Precedence: special-delivery
# Content-Type: text/plain; charset=Windows-1251
# Content-Transfer-Encoding: 8bit
#

header		__POSTCARD_RU_FROM		From =~ /<www\@postcard\.ru>$/
header		__POSTCARD_RU_MSGID		Message-Id =~ /^\s*<200\d\d\d\d\d\d\d\d\d\.[k-y][\dAB][\dA-V][\dA-N][\dA-Za-z]{4}\d{2,10}\@hillary\.hit\.ru>$/

header		POSTCARD_RU_FAKE_From		From =~ /^\s*"POSTCARD\.RU" <www\@postcard\.ru>$/
describe	POSTCARD_RU_FAKE_From		Fake postcard.ru header From
score		POSTCARD_RU_FAKE_From		1.5

meta		POSTCARD_RU_FAKE_MSGID		__POSTCARD_RU_FROM && !__POSTCARD_RU_MSGID
describe	POSTCARD_RU_FAKE_MSGID		Fake postcard.ru header Message-ID
score		POSTCARD_RU_FAKE_MSGID		2.0

header		__POSTCARD_RU_TEMPLATE_MSGID	Message-Id =~ /\%/
meta		POSTCARD_RU_TEMPLATE_MSGID	__POSTCARD_RU_FROM && __POSTCARD_RU_TEMPLATE_MSGID
describe	POSTCARD_RU_TEMPLATE_MSGID	Fake postcard.ru header Message-ID
score		POSTCARD_RU_TEMPLATE_MSGID	2.0

header		__POSTCARD_RU_SELFSENT		Reply-To|To =~ /^\s*(\S+\@\S+)[\s\r\n]*\|\s*\1\s*$/
meta		POSTCARD_RU_SELFSENT		__POSTCARD_RU_FROM && __POSTCARD_RU_SELFSENT
describe	POSTCARD_RU_SELFSENT		Selfsent postcard
score		POSTCARD_RU_SELFSENT		1.0

header		__POSTCARD_RU_SELFSENT2		Errors-To|To =~ /^\s*(\S+\@\S+)[\s\r\n]*\|\s*\1\s*$/
meta		POSTCARD_RU_SELFSENT2		__POSTCARD_RU_FROM && __POSTCARD_RU_SELFSENT2
describe	POSTCARD_RU_SELFSENT2		Selfsent postcard
score		POSTCARD_RU_SELFSENT2		1.0

meta		POSTCARD_RU_FAKE_Sender		__POSTCARD_RU_FROM && (__CUST_X_Envelope_NULL || __CUST_Return_Path_NULL || __CUST_Envelope_to_NULL)
describe	POSTCARD_RU_FAKE_Sender		Fake postcard.ru envelope sender
score		POSTCARD_RU_FAKE_Sender		2.0

meta		POSTCARD_RU_Precedence		__POSTCARD_RU_FROM && !__CUST_Precedence_special_delivery
describe	POSTCARD_RU_Precedence		Suspicious postcard.ru Precedence
score		POSTCARD_RU_Precedence		0.5

meta		POSTCARD_RU_Content_Type	__POSTCARD_RU_FROM && __CUST_Content_Type_html_Windows_1251
describe	POSTCARD_RU_Content_Type	Suspicious postcard.ru Content-Type
score		POSTCARD_RU_Content_Type	0.5

header		__POSTCARD_RU_Subject		Subject =~ /^\s\[postcard\.ru\]/
meta		POSTCARD_RU_SUSPICIOUS_Subject	__POSTCARD_RU_FROM && __POSTCARD_RU_Subject
describe	POSTCARD_RU_SUSPICIOUS_Subject	Selfsent postcard
score		POSTCARD_RU_SUSPICIOUS_Subject	0.5