#
# 2008-2014 Victor Ustugov <victor+spamassasin@corvax.kiev.ua>
#

header		SUSPICIOUS_Message_ID_microsof	Message-ID =~ /^\s*<[A-F\d]{32}\@microsof-[\da-f]{6,10}>$/
describe	SUSPICIOUS_Message_ID_microsof	Suspicious Message-ID microsof (DSPAM autolearn)
score		SUSPICIOUS_Message_ID_microsof	4.0
tflags		SUSPICIOUS_Message_ID_microsof	mandatory_learn

########################################

header		FROM_administrator_freemail_hu		From =~ /(admlnistrator|adminlstrator|p0stmasters?)\@freemail\.hu/
describe	FROM_administrator_freemail_hu		From administrator@freemail.hu (DSPAM autolearn)
score		FROM_administrator_freemail_hu		4.0

header		ENV_FROM_administrator_freemail_hu	X-Envelope-From =~ /^\s*<(admlnistrator|adminlstrator|p0stmasters?)\@freemail\.hu>$/
describe	ENV_FROM_administrator_freemail_hu	From administrator@freemail.hu (DSPAM autolearn)
score		ENV_FROM_administrator_freemail_hu	4.0

header		RETURN_PATH_administrator_freemail_hu	Return-Path =~ /^\s*<(admlnistrator|adminlstrator|p0stmasters?)\@freemail\.hu>$/
describe	RETURN_PATH_administrator_freemail_hu	From administrator@freemail.hu (DSPAM autolearn)
score		RETURN_PATH_administrator_freemail_hu	4.0

########################################

header		Infomedia_Mailer		X-Mailer =~ /^\s*Infomedia Mailer \d+\.\d+$/
describe	Infomedia_Mailer		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Mailer		3.0
tflags		Infomedia_Mailer		mandatory_learn

header		Infomedia_Organization		Organization =~ /^\s*(Infomedia( LLC)?|ООО Инфомедиа|ТОВ .НФОМЕД.А|ТОВ Інфомедіа)$/
describe	Infomedia_Organization		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Organization		3.0
tflags		Infomedia_Organization		mandatory_learn

header		Infomedia_From			From =~ /(infomedia\@ethnoexpress\.com|notify\@center1\.com\.ua|noreply\@ethnostyling\.com|promotion\@regularnewsletter\.com|promo(tion)?\@infoletter\.com\.ua|noreply\@fastmail\.com\.ua|\S+\@geomail\.com\.ua)/
describe	Infomedia_From			Message from Infomedia (DSPAM autolearn)
score		Infomedia_From			4.0
tflags		Infomedia_From			mandatory_learn

header		Infomedia_From_realname		From =~ /("Ethno Infomedia"|Ethno Safe)/
describe	Infomedia_From_realname		Message from Infomedia (DSPAM autolearn)
score		Infomedia_From_realname		4.0
tflags		Infomedia_From_realname		mandatory_learn

header		Infomedia_Reply_To		Reply-To =~ /^\s*((seminar|promotion)\@(infomedia\.com\.ua|ethno\.ua)|info\@ethnosafe\.com|info\@ethno\.ua)$/
describe	Infomedia_Reply_To		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Reply_To		3.0
tflags		Infomedia_Reply_To		mandatory_learn

header		Infomedia_Message_Id		Message-Id =~ /^\s*<(19[789]\d|20\d\d)(0\d|1[012])([012]\d|3[01])([0-5]\d)([0-5]\d)([0-5]\d)\.[A-F\d]{11,12}\@(srv\d|apollo)\.ethnohosting\.com>$/
describe	Infomedia_Message_Id		Message from Infomedia (DSPAM autolearn)
score		Infomedia_Message_Id		3.0
tflags		Infomedia_Message_Id		mandatory_learn

header		Infomedia_Message_Id_geomail	Message-Id =~ /^\s*\d+\.[\dA-F]+\.d\+\@geomail\.com\.ua$/
describe	Infomedia_Message_Id_geomail	Message from Infomedia (DSPAM autolearn)
score		Infomedia_Message_Id_geomail	3.0
tflags		Infomedia_Message_Id_geomail	mandatory_learn

header		Infomedia_Message_Id_ethnoexpress	Message-ID =~ /^\s*<[\da-z]{32}\@my\.ethnoexpress\.com>$/
describe	Infomedia_Message_Id_ethnoexpress	Message from Infomedia (DSPAM autolearn)
score		Infomedia_Message_Id_ethnoexpress	3.0
tflags		Infomedia_Message_Id_ethnoexpress	mandatory_learn

header		Infomedia_List_Unsubscribe	List-Unsubscribe =~ /^\s*<mailto:\S+\@(infoletter\.com\.ua|regularnewsletter\.com)\?Subject=Unsubscribe>, <http:\/\/(ethnopromo\.com|infoletter\.com\.ua|regularnewsletter\.com)\/cgi-bin\/u\.cgi\?e=\S+>$/
describe	Infomedia_List_Unsubscribe	Message from Infomedia (DSPAM autolearn)
score		Infomedia_List_Unsubscribe	3.0
tflags		Infomedia_List_Unsubscribe	mandatory_learn

header		Infomedia_List_Unsubscribe2	List-Unsubscribe =~ /\s*<http:\/\/my\.ethnoexpress\.com\/unsubscribe\.php\?M=/
describe	Infomedia_List_Unsubscribe2	Message from Infomedia (DSPAM autolearn)
score		Infomedia_List_Unsubscribe2	3.0
tflags		Infomedia_List_Unsubscribe2	mandatory_learn

header		Infomedia_List_Unsubscribe_unsubscribe_com_ua	List-Unsubscribe =~ /http:\/\/www\.unsubscribe\.com\.ua\//
describe	Infomedia_List_Unsubscribe_unsubscribe_com_ua	Message from Infomedia (DSPAM autolearn)
score		Infomedia_List_Unsubscribe_unsubscribe_com_ua	3.0
tflags		Infomedia_List_Unsubscribe_unsubscribe_com_ua	mandatory_learn

header		Infomedia_List_Id		List-Id =~ /^\s*<.+\.ethnopromo\.com>$/
describe	Infomedia_List_Id		Message from Infomedia (DSPAM autolearn)
score		Infomedia_List_Id		3.0
tflags		Infomedia_List_Id		mandatory_learn

header		RECEIVED_ethnohosting_com	Received =~ /(juno|srv5|atlas|apollo|leto)\.ethnohosting\.com/
describe	RECEIVED_ethnohosting_com	Received via ethnohosting.com (DSPAM autolearn)
score		RECEIVED_ethnohosting_com	3.5
tflags		RECEIVED_ethnohosting_com	mandatory_learn

########################################

header		SUSPICIOUS_RECEIVED_HELO_Delldim5150	Received =~ /from ([\w\d\-]+\.)+[a-z]{2,3} \(HELO Delldim5150\)[\s\r\n]+\(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\) by ([\w\d\-]+\.)+[a-z]{2,3} with ESMTP;/
describe	SUSPICIOUS_RECEIVED_HELO_Delldim5150	Suspicious header Received with HELO Delldim5150 (DSPAM autolearn)
score		SUSPICIOUS_RECEIVED_HELO_Delldim5150	6.0

meta		SUSPICIOUS_RECEIVED_HELO_Delldim5150_DSPAM	SUSPICIOUS_RECEIVED_HELO_Delldim5150 && DSPAM_CHECK_00_01
describe	SUSPICIOUS_RECEIVED_HELO_Delldim5150_DSPAM	DSPAM compensation for suspicious header Received with HELO Delldim5150
score		SUSPICIOUS_RECEIVED_HELO_Delldim5150_DSPAM	3.5

header		SUSPICIOUS_MSGID_Delldim5150		Message-ID =~ /^\s*<\S+\@Delldim5150$/
describe	SUSPICIOUS_MSGID_Delldim5150		Suspicious header Message-ID with Delldim5150 (DSPAM autolearn)
score		SUSPICIOUS_MSGID_Delldim5150		6.0

meta		SUSPICIOUS_MSGID_Delldim5150_DSPAM	SUSPICIOUS_MSGID_Delldim5150 && DSPAM_CHECK_00_01
describe	SUSPICIOUS_MSGID_Delldim5150_DSPAM	DSPAM compensation for Suspicious header Message-ID with Delldim5150
score		SUSPICIOUS_MSGID_Delldim5150_DSPAM	3.5

########################################

# X-Mailer: TOL Mailer
header		CT_SUSP_BOUNDARY_TOL_Mailer	Content-Type =~ /boundary=_0_\.__\.__TOL__Mailer__Part_Boundary_$/
describe	CT_SUSP_BOUNDARY_TOL_Mailer	Suspicious non-unique boundary (DSPAM autolearn)
score		CT_SUSP_BOUNDARY_TOL_Mailer	3.0

header		SMSCENTRE_FROM			From =~ /^\s*<(sales|info)\@smscentre\.com\.ua>$/
describe	SMSCENTRE_FROM			Message from sales@smscentre.com.ua (DSPAM autolearn)
score		SMSCENTRE_FROM			4.0
tflags		SMSCENTRE_FROM			mandatory_learn

header		SMSCENTRE_X_SENDER		X-Sender =~ /^\s(sales|info)\@smscentre\.com\.ua$/
describe	SMSCENTRE_X_SENDER		Message from sales@smscentre.com.ua (DSPAM autolearn)
score		SMSCENTRE_X_SENDER		4.0
tflags		SMSCENTRE_X_SENDER		mandatory_learn

header		SMSCENTRE_RET_RCPT_TO		Return-Receipt-To =~ /^\s*<(sales|info)\@smscentre\.com\.ua>$/
describe	SMSCENTRE_RET_RCPT_TO		Message from sales@smscentre.com.ua (DSPAM autolearn)
score		SMSCENTRE_RET_RCPT_TO		2.0
tflags		SMSCENTRE_RET_RCPT_TO		mandatory_learn

header		SMSCENTRE_DISP_NOTIF_TO		Disposition-Notification-To =~ /^\s*<(sales|info)\@smscentre\.com\.ua>$/
describe	SMSCENTRE_DISP_NOTIF_TO		Message from sales@smscentre.com.ua (DSPAM autolearn)
score		SMSCENTRE_DISP_NOTIF_TO		2.0
tflags		SMSCENTRE_DISP_NOTIF_TO		mandatory_learn

########################################

header		__RealName_BListed_From_Subj	Subject =~ /^\s*((Re(\[\d+\])|Fw|Fwd):)?\s*(Building|Ceминаp|Conference services|Cтатьи для менеджepa|goodyear|Ground-2005|Hа пoльзу бизнecу|Kapпаты. Oтдыx|KoнсЦентр|Kонcaлтингoвый Цeнтр|Kонсaлтингoвый Цeнтр|Kак удеpжaть публику|LOGISTIKA|OBRIY CONSULTING COMPANY|Ofshore|Oтчeтнocть|Oтчeтнoсть|Oтчетнoсть|Oтчетноcть|Petr Petrovich|Pазвитиe бизнeса|tyre|Tyre|UkrBusinessConsulting-2000|Vega Consulting|Vengriya|БЦ Национальный|БЦ.*"?Национальный"?|бТВБМЙУФ|Буx-конcалтинг|Буx-консалтинг|Буxгaлтеp|Буxгалтep|Буxгалтер|Бух-кoнcaлтинг|Бух-кoнсалтинг|Бух-конcалтинг|Бухгaлтep|Бухгaлтеp|Бухгалтеp|Бухгалтер|БУХГАЛТЕРИИ|Библиотeкa упpавлeния перcoнaлoм на CД|Библиотекa упрaвлeния пepсoналoм на СД|Бизнeс-Центp|Бизнеc|Бизнес-Центр.*"?Национальный"?|Бизнесмeну|бюджет|Бюджетирование|бюджетирование|бюро дойче мессен|ВЭД|Все на отдых|Земля|земля под строительство|Задолжность|Застpойка|Дойче мессен|Дистрибуция|Цeнтp Paзвития Пpедпpинимaтeльcтва|Цeнтp Paзвития Пpедпpинимaтeльства|Цeнтp Paзвития Пpедпринимaтельствa|Цeнтр Pазвития Прeдпринимaтeльcтвa|Цeнтр Развития Пpедпpиниматeльcтва|Центp Pазвития Пpeдпринимательcтва|Центp Pазвития Пpедпpинимательcтва|Центр Pазвития Пpeдприниматeльствa|Центр повышeния квaлификации|Центр Рaзвития Пpедпpинимaтельcтвa|Центр Рaзвития Пpедпринимaтельствa|Центр Развития Прeдпpинимательствa|Кaникулы в Beнгpии|Кaрпaты. Отдых|Кoнcалтинговый Центр|Кoнсaлтингoвый Цeнтр|Кoнсaлтингoвый Центp|Кoнсaлтинговый Цeнтp|Кoнсалтингoвый Цeнтp|Коммерческая недвижимость|Конcaлтинговый Центp|Конференц-зал|Консaлтинговый Цeнтр|Консалтингoвый Центр|кредитной политикой|(Киев )?ДОЙЧЕ МЕССЕН|Киевское представительство|ЛЧБТФЙТЩ РЕТЕЕЪДЩ|Мeнеджмeнт|Менeджмент|Менеджмент|мПЗЙУФ|Нa пoльзу бизнесу|Нeдвижимоcть|недвижимость|Новый Гoд и Рождecтвo на Гуцульщине|Новый Год|Ноутбуки|Начальнику|Оpaтoрcкое иcкусcтво|Объединенный адвокатский офис|о защите прав потребителей|ООО|Отчетнoсть|Отчетность|Отдыx в Карпaтax|отдых|Отдых в Beнгpии|Пoexaли c нaми|Пoдъeм экономики|Пoдъем|Пoдъем экономики|Пoднимем эконoмику|Пoднимем экономику|Планування податкiв|Подъeм|Подъeм экoнoмики|Подъeм экoномики|Полиграфия|полиграфия|построение бр.нда|Прoдaжa|Презентации|Продaжа|Примiщення у Львовi|Приглашение|Практикум|Путeшecтвиe|Путешecтвиe в Beнгрию|Рaзвитие|Рaзвитие бизнесa|Реклама|Развитие бизнесa|Тeхникa речи|Тeхника речи|тБУРТПДБЦБ|Техника речи|торгово-развлекательный комплекс|Торговые Марки|Тренинг|Транспортная логистика|Туp-oпеpaтор|Туp-оператop|Турпутeвки|Таможня|УкрБизнесКонсалтинг|УкрБизнесКонсалтинг-2000|Украинские семинары|Умнoжим знaния|Умножим знaния|Умножим знания|управление персоналом|фТБОУРПТФ|хУМЕДХАЭЙНЙ|Инкотермс 2000|Инфopмациoнный pecурc|((информационное )?бюро )?дойче мессен|информационное бюро дойче мессен|Информационный реcурс|Юридическая Группа|Юрискунсульт|Юрист|эффективные переговоры|эффективная организация|ьЛУРПТФОП-ЙНРПТФОЩЕ ПРЕТБГЙЙ|Аpхив эффективного менеджмeнтa|Адвокатский офис|Актерское мастерство|Агенство рассылок|Свышe 400 стaтeй по HR-мeнеджменту|Свыше 400 стaтей по HR-мeнeджменту|Сдaть уcтный экзaмен|Сдать устный экзамeн|Семинар|семинар|Семинар в Праге|Семинар-тренинг|СОНАТА|Стaтьи для мeнeджeра)[\s\r\n]*</

meta		RealName_BListed_From_Subj	__RealName_BListed_From_Subj && __CUST_From_QP_Windows_1251
describe	RealName_BListed_From_Subj	Blacklisted real name from header From found in Subject header field (DSPAM autolearn)
score		RealName_BListed_From_Subj	0.1

meta		RealName_BListed_From_Subj_B	__RealName_BListed_From_Subj && __CUST_From_BASE64_windows_1251
describe	RealName_BListed_From_Subj_B	Blacklisted real name from From header found in Subject header field (DSPAM autolearn)
score		RealName_BListed_From_Subj_B	0.1

########################################

header		TO_SYMPATICO_CA			To =~ /^\s*\.\.\@sympatico\.ca$/
describe	TO_SYMPATICO_CA			Message to ..@sympatico.ca
score		TO_SYMPATICO_CA			4.0

header		TO_TUT_BY			To =~ /\@tut\.by/
describe	TO_TUT_BY			Message to @tut.by
score		TO_TUT_BY			1.0

########################################

header		RealName_From_infomail			From =~ /^\s*" *i *n *f *o *m *a *i *l *"/
describe	RealName_From_infomail			Message from "infomail" (DSPAM autolearn)
score		RealName_From_infomail			2.5

header		HIGH_INTERNETIONAL_BUSINESS_SCHOOL	From =~ /(Высшая Международная Школа Бизнеса в Киеве|ВЫСШАЯ МЕЖДУНАРОДНАЯ ШКОЛА БИЗНЕСА)/
describe	HIGH_INTERNETIONAL_BUSINESS_SCHOOL	From High International Business School (DSPAM autolearn)
score		HIGH_INTERNETIONAL_BUSINESS_SCHOOL	4.0
tflags		HIGH_INTERNETIONAL_BUSINESS_SCHOOL	mandatory_learn

header		FROM_ProMBB			From:raw =~ /^\s*"ProMBB" </
describe	FROM_ProMBB			Message from ProMBB (DSPAM autolearn), already_read
score		FROM_ProMBB			2.5
tflags		FROM_ProMBB			mandatory_learn

header		FROM_Seminar_ua			From:raw =~ /^\s*"Seminar-ua" </
describe	FROM_Seminar_ua			Message from Seminar-ua (DSPAM autolearn)
score		FROM_Seminar_ua			2.5
tflags		FROM_Seminar_ua			mandatory_learn

header		__FROM_Seminar_B64CP1251	From =~ /^\s*"Seminar" </
meta		FROM_Seminar_B64CP1251		__FROM_Seminar_B64CP1251 && __CUST_From_BASE64_windows_1251_quote
describe	FROM_Seminar_B64CP1251		Message from Seminar
score		FROM_Seminar_B64CP1251		2.5

header		FROM_MAIL_RECLAMA_RU		From =~ /\@mail-reclama\.ru/
describe	FROM_MAIL_RECLAMA_RU		Message with mail-reclama.ru domain in header From (DSPAM autolearn)
score		FROM_MAIL_RECLAMA_RU		3.0

header		MAIDAN_ORG_UA_FROM		From =~ /<maidan\@maidan\.org\.ua>$/
describe	MAIDAN_ORG_UA_FROM		From <maidan@maidan.org.ua> (DSPAM autolearn)
score		MAIDAN_ORG_UA_FROM		4.0
tflags		MAIDAN_ORG_UA_FROM		mandatory_learn

header		ADMIN_XPORTAL_COM_UA_FROM	From =~ /^\s*admin\@xportal\.com\.ua$/
describe	ADMIN_XPORTAL_COM_UA_FROM	From admin@xportal.com.ua (DSPAM autolearn)
score		ADMIN_XPORTAL_COM_UA_FROM	4.0
tflags		ADMIN_XPORTAL_COM_UA_FROM	mandatory_learn

header		FROM_Seminar_vega_st_com	From:raw =~ /^\s*seminar\@vega-st\.com$/
describe	FROM_Seminar_vega_st_com	Message from seminar@vega-st.com
score		FROM_Seminar_vega_st_com	2.5

header		FROM_mail_fish_net_ua		From =~ /mail\@fish\.net\.ua/
describe	FROM_mail_fish_net_ua		e-mail from mail@fish.net.ua (DSPAM autolearn)
score		FROM_mail_fish_net_ua		3.5
tflags		FROM_mail_fish_net_ua		mandatory_learn

header		FROM_YAHOO_BESSIE		From =~ /bessie\..+\@yahoo\./
describe	FROM_YAHOO_BESSIE		Header From contains bessie in mailbox and yahoo in domain
score		FROM_YAHOO_BESSIE		2.0

header		FROM_SV_Development		From =~ /^\s*SV Development <daily-news\@svdevelopment\.com>$/
describe	FROM_SV_Development		From SV Development (DSPAM autolearn)
score		FROM_SV_Development		3.0
tflags		FROM_SV_Development		mandatory_learn

header		REPLY_TO_KAM_POD_UNIVER		Reply-To =~ /<info\@kitserver-4u\.org>/
describe	REPLY_TO_KAM_POD_UNIVER		Message from Kamenets-Podolsky National University (DSPAM autolearn), already_read
score		REPLY_TO_KAM_POD_UNIVER		4.0
tflags		REPLY_TO_KAM_POD_UNIVER		mandatory_learn

header		REPLY_TO_WEDEUS			Reply-To =~ /^\s*info\@wedeus\.com$/
describe	REPLY_TO_WEDEUS			Message from Wedeus, may be thru newsletter.si (DSPAM autolearn), already_read
score		REPLY_TO_WEDEUS			4.0
tflags		REPLY_TO_WEDEUS			mandatory_learn

header		REPLY_TO_SP_SERVICE		Reply-To =~ /<reklama-v-internete\@ukr\.net>/
describe	REPLY_TO_SP_SERVICE		Message from Sp Service (DSPAM autolearn), already_read
score		REPLY_TO_SP_SERVICE		4.0
tflags		REPLY_TO_SP_SERVICE		mandatory_learn

header		REPLY_TO_CORP_TOURISM		Reply-To =~ /<Corporate-Tourism\@tiscali\.it>$/
describe	REPLY_TO_CORP_TOURISM		Message about "Corporate tourism" (DSPAM autolearn), already_read
score		REPLY_TO_CORP_TOURISM		4.0
tflags		REPLY_TO_CORP_TOURISM		mandatory_learn

header		FROM_computerra_net_ua		From =~ /<mail\@computerra\.net\.ua>/
describe	FROM_computerra_net_ua		From spam service mail@computerra.net.ua (DSPAM autolearn)
score		FROM_computerra_net_ua		5.0
tflags		FROM_computerra_net_ua		mandatory_learn

header		FROM_ONLINE_GAME		From =~ /^\s*On-Line Игра<seomld\@ymail\.com>$/
describe	FROM_ONLINE_GAME		From On-Line Game (DSPAM autolearn)
score		FROM_ONLINE_GAME		4.0
tflags		FROM_ONLINE_GAME		mandatory_learn

header		FROM_TRANSPORTLINE_RU		From =~ /^\s*info\@transportline\.ru$/
describe	FROM_TRANSPORTLINE_RU		From TRANSPORTLINE (DSPAM autolearn), already_read
score		FROM_TRANSPORTLINE_RU		4.0
tflags		FROM_TRANSPORTLINE_RU		mandatory_learn

header		FROM_MESSAGE_FRO_YOU_LTD	From =~ /^\s*"ппп чБН рЙУШНП" </
describe	FROM_MESSAGE_FRO_YOU_LTD	From "Message for You, Ltd." (DSPAM autolearn), already_read
score		FROM_MESSAGE_FRO_YOU_LTD	5.0
tflags		FROM_MESSAGE_FRO_YOU_LTD	mandatory_learn

header		FROM_MIXPRINT			From =~ /^\s*<mixpintu\@mail\.ru>$/
describe	FROM_MIXPRINT			Message from mixpintu@mail.ru (DSPAM autolearn)
score		FROM_MIXPRINT			2.0
tflags		FROM_MIXPRINT			mandatory_learn

header		FROM_SPECTOVAR			From =~ /<spectovar\d+\@/
describe	FROM_SPECTOVAR			Message from spectovar (DSPAM autolearn)
score		FROM_SPECTOVAR			3.0
tflags		FROM_SPECTOVAR			mandatory_learn

header		VSESHINI_FROM			From =~ /sales\@vseshini\.com\.ua/
describe	VSESHINI_FROM			Message from vseshini.com (DSPAM autolearn)
score		VSESHINI_FROM			3.0
tflags		VSESHINI_FROM			mandatory_learn

header		FROM_giagirls_ukr_net		From=~ /giagirls\@ukr\.net/
describe	FROM_giagirls_ukr_net		Message from giagirls@ukr.net (DSPAM autolearn), already_read
score		FROM_giagirls_ukr_net		3.0
tflags		FROM_giagirls_ukr_net		mandatory_learn

header		FROM_SITEDESIGNER		From =~ /(info\@sitedesigner\.com\.ua|elena\@wedeus\.com)>$/
describe	FROM_SITEDESIGNER		Message from SIteDesigner. (From: info@sitedesigner.com.ua) (DSPAM autolearn), already_read
score		FROM_SITEDESIGNER		5.0
tflags		FROM_SITEDESIGNER		mandatory_learn

header		REPLY_TO_SITEDESIGNER		Reply-To =~ /info\@sitedesigner\.com\.ua>$/
describe	REPLY_TO_SITEDESIGNER		Message from SIteDesigner. (Reply-To: info@sitedesigner.com.ua) (DSPAM autolearn), already_read
score		REPLY_TO_SITEDESIGNER		3.0
tflags		REPLY_TO_SITEDESIGNER		mandatory_learn


#########################################


header		FROM_WebInside			From =~ /^\s*"(WebInside|Dispatch|D\.L\.X)" </
describe	FROM_WebInside			From WebInside/Dispatch (DSPAM autolearn), already_read
score		FROM_WebInside			5.0
tflags		FROM_WebInside			mandatory_learn

meta		FROM_WebInside_DSPAM		FROM_WebInside && DSPAM_CHECK_00_01
describe	FROM_WebInside_DSPAM		DSPAM compensation for FROM_WebInside
score		FROM_WebInside_DSPAM		3.5

header		SENDER_WebInside		Sender =~ /^\s*"(WebInside|Dispatch|D\.L\.X)" </
describe	SENDER_WebInside		Sender WebInside/Dispatch (DSPAM autolearn), already_read
score		SENDER_WebInside		5.0
tflags		SENDER_WebInside		mandatory_learn

header		FROM_DISPATCH			From =~ /<(dispatchx?|dispatch\d+|webinside)\@(meta\.ua|e-mail\.ua|gmail\.com)>\s*$/
describe	FROM_DISPATCH			From WebInside/Dispatch (DSPAM autolearn), already_read
score		FROM_DISPATCH			5.0
tflags		FROM_DISPATCH			mandatory_learn

header		FROM_kiev_dlx_tut_by		From =~ /<kiev-dlx\@tut\.by>\s*$/
describe	FROM_kiev_dlx_tut_by		From WebInside/Dispatch/DLX (DSPAM autolearn), already_read
score		FROM_kiev_dlx_tut_by		5.0
tflags		FROM_kiev_dlx_tut_by		mandatory_learn

header		REPLY_TO_kiev_dlx_tut_by	From =~ /<kiev-dlx\@tut\.by>\s*$/
describe	REPLY_TO_kiev_dlx_tut_by	From WebInside/Dispatch/DLX (DSPAM autolearn), already_read
score		REPLY_TO_kiev_dlx_tut_by	5.0
tflags		REPLY_TO_kiev_dlx_tut_by	mandatory_learn


#########################################


header		FROM_REGULARNEWSLETTER		From =~ /\@regularnewsletter\.com>$/
describe	FROM_REGULARNEWSLETTER		Message from regularnewsletter.com (DSPAM autolearn)
score		FROM_REGULARNEWSLETTER		4.0
tflags		FROM_REGULARNEWSLETTER		mandatory_learn

header		FROM_OEVEL			From =~ /\@oevel\.com>$/
describe	FROM_OEVEL			Message from oevel.com (DSPAM autolearn)
score		FROM_OEVEL			4.0
tflags		FROM_OEVEL			mandatory_learn


########################################

#
# X-Mailer: WebMail_You can gain better health
# X-Mailer: WebMail_Heal for your woody!
# X-Mailer: WebMail_Your private video here
# X-Mailer: WebMail_Your reply needed
# X-Mailer: WebMail_Take her from above
# X-Mailer: WebMail_Support Obama, buying from us
# X-Mailer: WebMail_Your confirmation period has expired
#
header		X_MAILER_WEBMAIL_		X-Mailer =~ /^\s*WebMail_([A-Za-z]+(\s[A-Z]?[''a-z\d]+[,\%!]?)+[\.\?\!]?)?$/
describe	X_MAILER_WEBMAIL_		Suspicious X-Mailer (DSPAM autolearn), already_read
score		X_MAILER_WEBMAIL_		4.5
#tflags		X_MAILER_WEBMAIL_		mandatory_learn

########################################

header		FOTO75_REPLY_TO			Reply-to =~ /^\s*"www\.Foto75\.in\.UA" <foto75\@3g\.ua>$/
describe	FOTO75_REPLY_TO			Foto75 Reply-To (DSPAM autolearn), already_read
score		FOTO75_REPLY_TO			2.0

header		FOTO75_ORG			Organization =~ /^\s*www\.Foto75\.in\.UA$/
describe	FOTO75_ORG			Foto75 Organization (DSPAM autolearn), already_read
score		FOTO75_ORG			2.0

header		FOTO75_DISP_NOTIF_TO		Disposition-notification-to =~ /^\s*foto75\@3g\.ua$/
describe	FOTO75_DISP_NOTIF_TO		Foto75 Disposition-notification-to (DSPAM autolearn), already_read
score		FOTO75_DISP_NOTIF_TO		2.0

header		FOTO75_RETURN_RECEIPT_TO	Return-receipt-to =~ /^\s*foto75\@3g\.ua$/
describe	FOTO75_RETURN_RECEIPT_TO	Foto75 Return-receipt-to (DSPAM autolearn), already_read
score		FOTO75_RETURN_RECEIPT_TO	2.0

header		FOTO75_X_CONFIRM_READING_TO	X-confirm-reading-to =~ /^\s*foto75\@3g\.ua$/
describe	FOTO75_X_CONFIRM_READING_TO	Foto75 X-confirm-reading-to (DSPAM autolearn), already_read
score		FOTO75_X_CONFIRM_READING_TO	2.0

########################################

header		BAMBOO_RPATH			Return-path =~ /\@bamboo\.nichost\.ru>$/
describe	BAMBOO_RPATH			Message from BambooClub (DSPAM autolearn)
score		BAMBOO_RPATH			2.0

header		BAMBOO_X_ENVFROM		X-Envelope-From =~ /\@bamboo\.nichost\.ru>$/
describe	BAMBOO_X_ENVFROM		Message from BambooClub (DSPAM autolearn)
score		BAMBOO_X_ENVFROM		2.0

header		BAMBOO_List_Unsubscribe		List-Unsubscribe =~ /^\s*mailto:\S+\@bamboo\.nichost\.ru$/
describe	BAMBOO_List_Unsubscribe		Message from BambooClub (DSPAM autolearn)
score		BAMBOO_List_Unsubscribe		2.0

header		BAMBOO_List_ID			List-ID =~ /^\s*<\S+\.bamboo\.nichost\.ru>$/
describe	BAMBOO_List_ID			Message from BambooClub (DSPAM autolearn)
score		BAMBOO_List_ID			2.0

header		BAMBOO_Sender			Sender =~ /^\s*<\S+\@bamboo\.nichost\.ru>$/
describe	BAMBOO_Sender			Message from BambooClub (DSPAM autolearn)
score		BAMBOO_Sender			2.0

header		BAMBOO_From			From =~ /<\S+\@bamboo\.nichost\.ru>$/
describe	BAMBOO_From			Message from BambooClub (DSPAM autolearn)
score		BAMBOO_From			2.0

########################################

# рЕЮБФШ ЫЙТПЛПЖПТНБФОБС, ЮЕТЕЪ mail5.freehost.com.ua
header		FROM_info_crb_in_ua		From =~ /<info\@crb\.in\.ua>$/
describe	FROM_info_crb_in_ua		Message from info@crb.in.ua
score		FROM_info_crb_in_ua		2.5

header		ORG_info_crb_in_ua		Organization =~ /^\s*info\@crb\.in\.ua$/
describe	ORG_info_crb_in_ua		Message from info@crb.in.ua
score		ORG_info_crb_in_ua		2.5

########################################

header		SCRIPT_PATH_SPAM_SERVICE	ScriptPath =~ /^\s*(gino-arte\.net\/nodele\.te\.php)/
describe	SCRIPT_PATH_SPAM_SERVICE	Spam mailing service
score		SCRIPT_PATH_SPAM_SERVICE	2.0

########################################

header		SHIP_LETTER_ORG_UA		X-PHP-Script =~ /^\s*ship-letter\.org\.ua/
describe	SHIP_LETTER_ORG_UA		Message sent by ship-letter.org.ua (DSPAM autolearn)
score		SHIP_LETTER_ORG_UA		5.0
tflags		SHIP_LETTER_ORG_UA		mandatory_learn

header		__BRICOCOOK_COM_X_PHP_Script	X-PHP-Script =~ /^\s*bricocook\.com\/images\/view\.php for \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
meta		BRICOCOOK_COM_X_PHP_Script	__BRICOCOOK_COM_X_PHP_Script && __X_Mailer_Thunderbird
describe	BRICOCOOK_COM_X_PHP_Script	Mail from X-PHP-Script bricocook.com/images/view.php
score		BRICOCOOK_COM_X_PHP_Script	2.0
tflags		BRICOCOOK_COM_X_PHP_Script	mandatory_learn

########################################

header		ORG_X_NOMERA_NET			Organization =~ /^\s*(ANTISHTRAF\.ME|FNOMER|HIDENUM|INVIS|INVIS-XNOMER\.COM|NO-XCAMS|NoCAMS|ProNomer|STOP-POLICE|X-INVISIBLER|X-nomer|X-NOMER|X-NOMERA\.NET|X-PARTNOMER\.COM|X-Watch|XINVISIBLER|XNOMER|Xplenka|Штраф|Штрафы 2013|ГИБДД|АнтиГАИ)$/
describe	ORG_X_NOMERA_NET			Message from X-NOMERA.NET or the like, already_read
score		ORG_X_NOMERA_NET			5.0

header		ORG_X_NOMERA_NET_AFFILATE		Organization =~ /^\s*(APTEKA-ONLINE24\.BIZ|GoldiPhone|GreenSlim800|RUSS-KREDIT|RusTabs|Эпоха Клонов|Эффективный бизнес|зеленый кофе|Займы для бизнеса|Зеленый кофе с имбирем|Клон|Кредиты по паспорту|Кредитные карты.РУ|Кредит 1 млн.|Кредит наличными|Кредит без отказов|Кредит с плохой историей|Кредит.ру|ООО ОЛЛТЕСТ)$/
describe	ORG_X_NOMERA_NET_AFFILATE		Message affiliated with from X-NOMERA.NET, already_read
score		ORG_X_NOMERA_NET_AFFILATE		4.0

header		ORG_X_NOMERA_NET_AFFILATE2		Organization =~ /^\s*(Флеш|Логистик компания|Кредитный отдел|Кредит онлайн|Орган по сертификации)$/
describe	ORG_X_NOMERA_NET_AFFILATE2		Message affiliated with from X-NOMERA.NET
score		ORG_X_NOMERA_NET_AFFILATE2		4.0

header		FROM_X_NOMERA_NET			From =~ /^\s*"(ANTISHTRAF\.ME|HIDENUM|INVIS|INVIS-XNOMER\.COM|NO-XCAMS|NoCAMS|ProNomer|STOP-POLICE|X-INVISIBLER|X-NOMER|X-NOMERA\.NET|X-PARTNOMER\.COM|X-Watch|X-nomer|XINVISIBLER|XNOMER|Xplenka)" </
describe	FROM_X_NOMERA_NET			Message from X-NOMERA.NET, already_read
score		FROM_X_NOMERA_NET			5.0

header		FROM_X_NOMERA_NET_AFFILATE		From =~ /^\s*"(APTEKA-ONLINE24\.BIZ|GoldiPhone|GreenSlim800|RUSS-KREDIT|RusTabs)" </
describe	FROM_X_NOMERA_NET_AFFILATE		Message affiliated with from X-NOMERA.NET, already_read
score		FROM_X_NOMERA_NET_AFFILATE		4.0

########################################

header		EMAIL_MAILING_UTF_8		Subject =~ /^\s*E-MAIL Р РђРЎРЎР«Р›РљР/
describe	EMAIL_MAILING_UTF_8		Blacklisted Subject about e-mail mailings (DSPAM autolearn), already_read
score		EMAIL_MAILING_UTF_8		2.0

header		EMAIL_MAILING_KOI8_R		Subject =~ /^\s*E-MAIL тбуущмлй$/
describe	EMAIL_MAILING_KOI8_R		Blacklisted Subject about e-mail mailings (DSPAM autolearn), already_read
score		EMAIL_MAILING_KOI8_R		2.0

header		EMAIL_MAILING_WINDOWS_1251	Subject =~ /^\s*E-MAIL РАССЫЛКИ$/
describe	EMAIL_MAILING_WINDOWS_1251	Blacklisted Subject about e-mail mailings (DSPAM autolearn), already_read
score		EMAIL_MAILING_WINDOWS_1251	2.0


header		__CHINA_Subject			Subject =~ /^\s*CHINA: /
meta		CHINA_Subject			__CHINA_Subject && __CUST_Subject_BASE64_Windows_1251
describe	CHINA_Subject			Subject begins with "CHINA: " (DSPAM autolearn)
score		CHINA_Subject			4.0
tflags		CHINA_Subject			mandatory_learn

header		SUBJECT_EMPTY_BASE64_utf_8	Subject:raw =~ /^\s*=\?utf-8\?B\?\?=$/
describe	SUBJECT_EMPTY_BASE64_utf_8	Strange empty Subject but encoded to BASE64 UTF-8
score		SUBJECT_EMPTY_BASE64_utf_8	2.0

header		SUBJECT_UK_MedHelp		Subject =~ /^\s*(RE: )?(MedHelp|UK MedHelp|Usa MedHelp|USA MensHealth|UK MensHealth Discount|USA MedHelp) (ID)?\d+$/
describe	SUBJECT_UK_MedHelp		Message about UK MedHelp (DSPAM autolearn), already_read
score		SUBJECT_UK_MedHelp		2.0
tflags		SUBJECT_UK_MedHelp		mandatory_learn

header		SUBJECT_OFF_on_PFIZER		Subject =~ /^\s*(RE: )?(\S+\s+\d+\% OFF on (PFIZER!|Pfizer)|Pfizer \d+\% OFF)$/
describe	SUBJECT_OFF_on_PFIZER		Message about Pfizer (DSPAM autolearn), already_read
score		SUBJECT_OFF_on_PFIZER		2.0
tflags		SUBJECT_OFF_on_PFIZER		mandatory_learn

header		SUBJECT_Best_Sales_2010		Subject =~ /^\s*Best Sales 20\d\d!$/
describe	SUBJECT_Best_Sales_2010		Message from Doctor (DSPAM autolearn), already_read
score		SUBJECT_Best_Sales_2010		2.0
tflags		SUBJECT_Best_Sales_2010		mandatory_learn

header		SUBJECT_Claim_Your_Prize	Subject =~ /^\s*Claim Your Prize!!!$/
describe	SUBJECT_Claim_Your_Prize	Message "Claim Your Prize!!!" (DSPAM autolearn), already_read
score		SUBJECT_Claim_Your_Prize	4.0
tflags		SUBJECT_Claim_Your_Prize	mandatory_learn

header		SUBJECT_For_RCPT_Sale_ID	Subject =~ /^\s*For \S+ (Sale|VIP) ID \d+$/
describe	SUBJECT_For_RCPT_Sale_ID	Message For RCPT Sale ID NNNNN (DSPAM autolearn), already_read
score		SUBJECT_For_RCPT_Sale_ID	2.0
tflags		SUBJECT_For_RCPT_Sale_ID	mandatory_learn

header		SUBJECT_Striptease_desktop	Subject =~ /^\s*уФТЙРФЙЪ ОБ ТБВПЮЕН УФПМЕ$/
describe	SUBJECT_Striptease_desktop	Message about Striptease on the working desktop (DSPAM autolearn), already_read
score		SUBJECT_Striptease_desktop	2.0
tflags		SUBJECT_Striptease_desktop	mandatory_learn

header		SUBJECT_RENT_OFFICE		Subject =~ /^\s*(Снимем офис в Киеве \(центр\)|РЎРЅРёРјРµРј РѕС„РёСЃ РІ РљРёРµРІРµ \(С†РµРЅС‚СЂ\))$/
describe	SUBJECT_RENT_OFFICE		Message about rent of the office in Kiev (DSPAM autolearn), already_read
score		SUBJECT_RENT_OFFICE		2.0
tflags		SUBJECT_RENT_OFFICE		mandatory_learn

header		SUBJECT_CeBit_2010		Subject =~ /^\s*(CeBit 2010 - приглашение на выставку|CeBit 2010 - РїСЂРёРіР»Р°С€РµРЅРёРµ|CeBit 2010 - РїСЂРёРіР»Р°С€РµРЅРёРµ РЅР° РІС‹СЃС‚Р°РІРєСѓ)$/
describe	SUBJECT_CeBit_2010		Message about CeBit 2010, already_read
score		SUBJECT_CeBit_2010		2.0

meta		SUBJECT_CeBit_2010_DSPAM	SUBJECT_CeBit_2010 && DSPAM_CHECK_00_01
describe	SUBJECT_CeBit_2010_DSPAM	DSPAM compensation for SUBJECT_CeBit_2010
score		SUBJECT_CeBit_2010_DSPAM	3.5

header		SUBJECT_DO_YOU_REMEMBER_ME	Subject =~ /^\s*рПНОЙЫШ НЕОС\? ;\)\)$/
describe	SUBJECT_DO_YOU_REMEMBER_ME	Message from Lenochka, already_read
score		SUBJECT_DO_YOU_REMEMBER_ME	2.0

header		__SUBJECT_REGISTRATION		Subject =~ /^\s*(°Регистрация°|В°Р РµРіРёСЃС‚СЂР°С†РёСЏВ°)/
meta		SUBJECT_REGISTRATION		__SUBJECT_REGISTRATION && !SUBJECT_TRADEMARK_REGISTRATION
describe	SUBJECT_REGISTRATION		Message about Trademark registration, already_read
score		SUBJECT_REGISTRATION		2.0

header		SUBJECT_TRADEMARK_REGISTRATION	Subject =~ /^\s*(°Регистрация° торговых марок|В°Р РµРіРёСЃС‚СЂР°С†РёСЏВ° С‚РѕСЂРіРѕРІС‹С… РјР°СЂРѕРє)/
describe	SUBJECT_TRADEMARK_REGISTRATION	Message about Trademark registration, already_read
score		SUBJECT_TRADEMARK_REGISTRATION	4.0

header		SUBJECT_EMailMassSenderMessage	Subject =~ /\(\*\*\*\*\*EMailMassSenderMessage\*\*\*\*\*\)/
describe	SUBJECT_EMailMassSenderMessage	Header Subject contains EMailMassSenderMessage (DSPAM autolearn), already_read
score		SUBJECT_EMailMassSenderMessage	3.0

header		ORG_CONF_YULA_UA		Organization =~ /^\s*лПОЖЕТЕОГЙС "тЕЛМБНБ Ч йОФЕТОЕФЕ"$/
describe	ORG_CONF_YULA_UA		Header Organization blacklisted
score		ORG_CONF_YULA_UA		3.0

header		ORG_MAIL_SENDING		Organization =~ /^\s*рассылки$/
describe	ORG_MAIL_SENDING		Header Organization blacklisted
score		ORG_MAIL_SENDING		3.0

header		ORG_biznesskluch_com		Organization =~ /^\s*biznesskluch\.com$/
describe	ORG_biznesskluch_com		Message from biznesskluch.com (DSPAM autolearn), already_read
score		ORG_biznesskluch_com		3.0


header		X_MAILER_WWW_WEB2LIFE_DE	X-Mailer =~ /^\s*Mail sent with Web2Life-Newsletter v1\.1\.5 -- www\.Web2Life\.de$/
describe	X_MAILER_WWW_WEB2LIFE_DE	Business Guide Registration 2009/2010
score		X_MAILER_WWW_WEB2LIFE_DE	3.0

header		BUSGUIDE_REGISTRATION		Reply-To =~ /^\s*register\@wbg2day\.com$/
describe	BUSGUIDE_REGISTRATION		Business Guide Registration 2009/2010
score		BUSGUIDE_REGISTRATION		3.0

header		HEADER_TO_YET_ANOTHER_ROW	To =~ /<еще строка>/
describe	HEADER_TO_YET_ANOTHER_ROW	Very stratnge spammer's mistake
score		HEADER_TO_YET_ANOTHER_ROW	3.0

header		HEADER_TO_USER			To =~ /^\s*User$/
describe	HEADER_TO_USER			Suspicious heaer To (DSPAM autolearn)
score		HEADER_TO_USER			4.0
tflags		HEADER_TO_USER			mandatory_learn

header		FROM_Freshfile_Net		From =~ /^\s*Freshfile\.Net <no-reply\@freshfile\.net>$/
describe	FROM_Freshfile_Net		Message from Freshfile.Net
score		FROM_Freshfile_Net		2.0

header		HEADER_CT_MIME_VER		Content-Type:raw =~ /^\s*text\/html; charset=iso-8859-1 MIME-Version: 1\.0 $/
describe	HEADER_CT_MIME_VER		Stupid mistake in header Content-Type (DSPAM autolearn)
score		HEADER_CT_MIME_VER		5.0
tflags		HEADER_CT_MIME_VER		mandatory_learn

header		MYPERSONAL_FROM_MAILRU		X-Collect-Stat =~ /^\s*87686$/
describe	MYPERSONAL_FROM_MAILRU		Message from promotion@mypersonal.com.ua thru mailer@sender5.mail.ru
score		MYPERSONAL_FROM_MAILRU		2.2

header		FROM_emailservice_ukr_net	From =~ /emailservice\@ukr\.net/
describe	FROM_emailservice_ukr_net	Mesage with spam deal (DSPAM autolearn)
score		FROM_emailservice_ukr_net	3.0

header		FROM_in_fashion_com_ua		From =~ /^\s*"in-fashion\.com\.ua"/
describe	FROM_in_fashion_com_ua		Message from www.in-fashion.com.ua (DSPAM autolearn)
score		FROM_in_fashion_com_ua		3.0

header		TO_recipient_rcpthost_rcptdomain	To =~ /recipient\@rcpthost\.rcptdomain/
describe	TO_recipient_rcpthost_rcptdomain	Message to recipient@rcpthost.rcptdomain
score		TO_recipient_rcpthost_rcptdomain	3.0

header		FROM_VSESHINI			From =~ /\@vseshini\.com\.ua>$/
describe	FROM_VSESHINI			Message from @vseshini.com.ua (DSPAM autolearn)
score		FROM_VSESHINI			3.0
tflags		FROM_VSESHINI			mandatory_learn

header		FROM_viagra			From =~ /viagra/i
describe	FROM_viagra			Viagra in header From (DSPAM autolearn), already_read
score		FROM_viagra			2.0
tflags		FROM_viagra			mandatory_learn

header		__BF_FROM			From =~ /^\s*"BusinessForward" <info\@bf\.ru>$/
header		__BF_REPLY_TO			Reply-To =~ /^\s*"BusinessForward" <bforward\@bmail\.ru>$/
meta		BusinessForward			__BF_FROM && __BF_REPLY_TO
describe	BusinessForward			Message from BusinessForward (DSPAM autolearn), already_read
score		BusinessForward			3.0
tflags		BusinessForward			mandatory_learn

header		ICN_OD_UA_SUSP_HELO		Received =~ /from yandex\.ru \(unknown \[\d+\.\d+\.\d+\.\d+\]\)[\r\n\s]+by relay1\.icn\.od\.ua \(Postfix\) with SMTP id/
describe	ICN_OD_UA_SUSP_HELO		Suspicious HELO (DSPAM autolearn), already_read
score		ICN_OD_UA_SUSP_HELO		4.0
tflags		ICN_OD_UA_SUSP_HELO		mandatory_learn

meta		ICN_OD_UA_SUSP_HELO_DSPAM	ICN_OD_UA_SUSP_HELO && DSPAM_CHECK_00_01
describe	ICN_OD_UA_SUSP_HELO_DSPAM	DSPAM compensation for Suspicious HELO
score		ICN_OD_UA_SUSP_HELO_DSPAM	3.5

header		ICN_OD_UA_SUSP_HELO_YANDEX	Received =~ /from \?+-\?+ \(unknown \[\d+\.\d+\.\d+\.\d+\]\)[\r\n\s]+by relay1\.icn\.od\.ua \(Postfix\) with SMTP id/
describe	ICN_OD_UA_SUSP_HELO_YANDEX	Suspicious HELO (DSPAM autolearn), already_read
score		ICN_OD_UA_SUSP_HELO_YANDEX	4.0
tflags		ICN_OD_UA_SUSP_HELO_YANDEX	mandatory_learn

meta		ICN_OD_UA_SUSP_HELO_YANDEX_DSPAM	ICN_OD_UA_SUSP_HELO_YANDEX && DSPAM_CHECK_00_01
describe	ICN_OD_UA_SUSP_HELO_YANDEX_DSPAM	DSPAM compensation for Suspicious HELO
score		ICN_OD_UA_SUSP_HELO_YANDEX_DSPAM	3.5

header		MAIL_ARTSV_NET_SUSP_HELO	Received =~ /from (PROMEDIKAS|Server2003|SERVER) \(unknown \[\d+\.\d+\.\d+\.\d+\]\)[\r\n\s]+by mail\.artsv\.net \(Postfix\) with ESMTPA id/
describe	MAIL_ARTSV_NET_SUSP_HELO	Suspicious HELO (DSPAM autolearn), already_read
score		MAIL_ARTSV_NET_SUSP_HELO	4.0
tflags		MAIL_ARTSV_NET_SUSP_HELO	mandatory_learn

meta		MAIL_ARTSV_NET_SUSP_HELO_DSPAM	MAIL_ARTSV_NET_SUSP_HELO && DSPAM_CHECK_00_01
describe	MAIL_ARTSV_NET_SUSP_HELO_DSPAM	DSPAM compensation for Suspicious HELO
score		MAIL_ARTSV_NET_SUSP_HELO_DSPAM	3.5

header		BBVA_From			From =~ /^\s*BBVA.+(BBVA|bbva).*\.es>/
describe	BBVA_From			Message from BBVA (DSPAM autolearn), already_read
score		BBVA_From			4.0
tflags		BBVA_From			mandatory_learn

header		SUBJ_JOIN_US			Subject =~ /^\s*[a-z]+:Присоединяйся к нам!$/
describe	SUBJ_JOIN_US			Message "Join us" (DSPAM autolearn), already_read
score		SUBJ_JOIN_US			4.0
tflags		SUBJ_JOIN_US			mandatory_learn

header		SMS_MARKET			Reply-To =~ /<smsmarket\d+\@yandex\.ru>/
describe	SMS_MARKET			Message from SMS spammers (DSPAM autolearn), already_read
score		SMS_MARKET			5.0
tflags		SMS_MARKET			mandatory_learn

header		From_seminary_odessa		From =~ /(seminary\.odessa\@gmail\.com|seminary\.odessa\@meta-inform\.com)/
describe	From_seminary_odessa		Message from seminary (seminary.odessa@gmail.com or seminary.odessa@meta-inform.com) (DSPAM autolearn), already_read
score		From_seminary_odessa		4.0
tflags		From_seminary_odessa		mandatory_learn

header		From_M_Line			From =~ /^\s*"M-Line" </
describe	From_M_Line			Message M-Line (DSPAM autolearn), already_read
score		From_M_Line			4.0
tflags		From_M_Line			mandatory_learn

meta		From_M_Line_DSPAM		From_M_Line && DSPAM_CHECK_00_01
describe	From_M_Line_DSPAM		DSPAM compensation for From_M_Line
score		From_M_Line_DSPAM		3.5

header		Reply_To_M_Line			Reply-To =~ /^\s*"M-Line" </
describe	Reply_To_M_Line			Message M-Line (DSPAM autolearn), already_read
score		Reply_To_M_Line			4.0
tflags		Reply_To_M_Line			mandatory_learn

meta		Reply_To_M_Line_DSPAM		Reply_To_M_Line && DSPAM_CHECK_00_01
describe	Reply_To_M_Line_DSPAM		DSPAM compensation for Reply-To_M_Line
score		Reply_To_M_Line_DSPAM		3.5

header		FROM_GORODA2010			Reply-To =~ /<goroda2010\@e1\.ru>/
describe	FROM_GORODA2010			Message from spammers (DSPAM autolearn), already_read
score		FROM_GORODA2010			5.0
tflags		FROM_GORODA2010			mandatory_learn

header		FROM_Reklama			From =~ /^\s*"Reklama" </
describe	FROM_Reklama			Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_Reklama			3.0
tflags		FROM_Reklama			mandatory_learn

header		FROM_my_remont_1		From =~ /^\s*my-remont\@ukr\.net </
describe	FROM_my_remont_1		Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_my_remont_1		3.0
tflags		FROM_my_remont_1		mandatory_learn

header		FROM_my_remont_2		Reply-To =~ /^\s*my-remont\@ukr\.net </
describe	FROM_my_remont_2		Suspicious real name in header Reply-To (DSPAM autolearn), already_read
score		FROM_my_remont_2		3.0
tflags		FROM_my_remont_2		mandatory_learn

header		FROM_my_remont_3		Reply-To =~ /<my-remont\@ukr\.net>/
describe	FROM_my_remont_3		Blacklisted sender address in header Reply-To (DSPAM autolearn), already_read
score		FROM_my_remont_3		3.0
tflags		FROM_my_remont_3		mandatory_learn

header		FROM_balty_com_ua		Reply-To =~ /\@balty\.com\.ua>/
describe	FROM_balty_com_ua		Message from @balty.com.ua (DSPAM autolearn), already_read
score		FROM_balty_com_ua		3.0
tflags		FROM_balty_com_ua		mandatory_learn

header		FROM_Glamour_Agency		From =~ /^\s*"Glamour Agency" </
describe	FROM_Glamour_Agency		Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_Glamour_Agency		3.0
tflags		FROM_Glamour_Agency		mandatory_learn

header		__FROM_Design_Academy		From =~ /<news\@a-d\.net\.ua>/
header		__REPLY_TO_Design_Academy	Reply-To =~ /<news\@a-d\.net\.ua>/
meta		FROM_Design_Academy		__FROM_Design_Academy || __REPLY_TO_Design_Academy
describe	FROM_Design_Academy		Message from "Design Academy" news@a-d.net.ua, DMS (DSPAM autolearn), already_read
score		FROM_Design_Academy		4.0
tflags		FROM_Design_Academy		mandatory_learn

header		__FROM_Realization_Academy	From =~ /<news\@-a-v-z\.com\.ua>/
header		__REPLY_TO_Realization_Academy	Reply-To =~ /<news\@-a-v-z\.com\.ua>/
meta		FROM_Realization_Academy	__FROM_Realization_Academy || __REPLY_TO_Realization_Academy
describe	FROM_Realization_Academy	Message from "Realization Academy" news@-a-v-z.com.ua, DMS (DSPAM autolearn), already_read
score		FROM_Realization_Academy	4.0
tflags		FROM_Realization_Academy	mandatory_learn

header		FROM_uagirls_ukr_net		Reply-To =~ /<uagirls\@ukr\.net>/
describe	FROM_uagirls_ukr_net		Message from uagirls@ukr.net (DSPAM autolearn), already_read
score		FROM_uagirls_ukr_net		5.0
tflags		FROM_uagirls_ukr_net		mandatory_learn

header		FROM_viza_com			From =~ /^\s*"viza com" </
describe	FROM_viza_com			Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_viza_com			5.0
tflags		FROM_viza_com			mandatory_learn

header		FROM_vizavsem_com_ua		From =~ /http:\/\/vizavsem\.com\.ua\/ </
describe	FROM_vizavsem_com_ua		Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_vizavsem_com_ua		8.0
tflags		FROM_vizavsem_com_ua		mandatory_learn

header		FROM_UNIGPS			From =~ /^\s*"UNIGPS" </
describe	FROM_UNIGPS			Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_UNIGPS			4.0
tflags		FROM_UNIGPS			mandatory_learn

header		FROM_NEUROSALES			From =~ /^\s*"NEUROSALES" </
describe	FROM_NEUROSALES			Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_NEUROSALES			4.0
tflags		FROM_NEUROSALES			mandatory_learn

#header		FROM_MLine			From =~ /^\s*"MLine" </
header		FROM_MLine			From =~ /^\s*"MLine.*" </
describe	FROM_MLine			Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_MLine			5.0
tflags		FROM_MLine			mandatory_learn

header		FROM_StounDesign_gmail_com	From =~ /StounDesign_\@gmail\.com/
describe	FROM_StounDesign_gmail_com	Suspicious address in header From (DSPAM autolearn), already_read
score		FROM_StounDesign_gmail_com	5.0
tflags		FROM_StounDesign_gmail_com	mandatory_learn

header		__FROM_Prodawez_From		From =~ /^\s*"Prodawez" </
meta		FROM_Prodawez			__FROM_Prodawez_From && EMPTY_REALNAME_TO
describe	FROM_Prodawez			Suspicious real name in header From (DSPAM autolearn), already_read
score		FROM_Prodawez			5.0
tflags		FROM_Prodawez			mandatory_learn

header		FROM_superdeal_com_ua_i_ua	From =~ /superdeal\.com\.ua\@i\.ua/
describe	FROM_superdeal_com_ua_i_ua	Suspicious address in header From (DSPAM autolearn), already_read
score		FROM_superdeal_com_ua_i_ua	5.0
tflags		FROM_superdeal_com_ua_i_ua	mandatory_learn

header		FROM_bosco_conference		Reply-To =~ /^\s*(events\@bosco-conference\.inf|conference\.bosco\@gmail\.com)o$/
describe	FROM_bosco_conference		Message from events@bosco-conference.info or conference.bosco@gmail.com (DSPAM autolearn), already_read
score		FROM_bosco_conference		5.0
tflags		FROM_bosco_conference		mandatory_learn

header		FROM_morepodarkov		From =~ /all\@morepodarkov\.subscribe\.net\.ua/
describe	FROM_morepodarkov		Message from all@morepodarkov.subscribe.net.ua (DSPAM autolearn), already_read
score		FROM_morepodarkov		5.0
tflags		FROM_morepodarkov		mandatory_learn

header		X_Mailer_200kiev_org_ua_1gb_ua		X-Mailer =~ /^\s*http:\/\/200kiev-org-ua\.1gb\.ua$/
describe	X_Mailer_200kiev_org_ua_1gb_ua		X-Mailer 200kiev-org-ua.1gb.ua (DSPAM autolearn), already_read
score		X_Mailer_200kiev_org_ua_1gb_ua		2.0
tflags		X_Mailer_200kiev_org_ua_1gb_ua		mandatory_learn

header		From_list_200kiev_org_ua_1gb_ua		From =~ /<list\@200kiev-org-ua\.1gb\.ua>$/
describe	From_list_200kiev_org_ua_1gb_ua		From list@200kiev-org-ua.1gb.ua (DSPAM autolearn), already_read
score		From_list_200kiev_org_ua_1gb_ua		2.0
tflags		From_list_200kiev_org_ua_1gb_ua		mandatory_learn

header		Reply_To_list_200kiev_org_ua_1gb_ua	Reply-To =~ /<list\@200kiev-org-ua\.1gb\.ua>$/
describe	Reply_To_list_200kiev_org_ua_1gb_ua	From list@200kiev-org-ua.1gb.ua (DSPAM autolearn), already_read
score		Reply_To_list_200kiev_org_ua_1gb_ua	2.0
tflags		Reply_To_list_200kiev_org_ua_1gb_ua	mandatory_learn

header		Reply_To_vagonka_2011_mail_ru		Reply-To =~ /<vagonka-2011\@mail\.ru>$/
describe	Reply_To_vagonka_2011_mail_ru		From vagonka-2011@mail.ru (DSPAM autolearn), already_read
score		Reply_To_vagonka_2011_mail_ru		2.0
tflags		Reply_To_vagonka_2011_mail_ru		mandatory_learn

header		FROM_boris75_fobax_in			From =~ /boris75\@fobax\.in/
describe	FROM_boris75_fobax_in			Message from boris75@fobax.in (DSPAM autolearn), already_read
score		FROM_boris75_fobax_in			5.0
tflags		FROM_boris75_fobax_in			mandatory_learn

header		From_services_chitai24_net		From =~ /<services\@chitai24\.net>$/
describe	From_services_chitai24_net		From services@chitai24.net (DSPAM autolearn), already_read
score		From_services_chitai24_net		2.0
tflags		From_services_chitai24_net		mandatory_learn


header		__MSGID_cmgserver			Message-ID =~ /^\s*<[\dA-F]{32}\@cmgserver>$/

meta		MSGID_cmgserver				__MSGID_cmgserver && (RECEIVED_77_110_55_86_cmgserver || RECEIVED_77_110_55_86_77_110_55_86)
describe	MSGID_cmgserver				Message from cmgserver
score		MSGID_cmgserver				3.5

meta		MSGID_cmgserver_STRIPPED_RCVD		__MSGID_cmgserver && !RECEIVED_77_110_55_86_cmgserver && !RECEIVED_77_110_55_86_77_110_55_86
describe	MSGID_cmgserver_STRIPPED_RCVD		Message from cmgserver
score		MSGID_cmgserver_STRIPPED_RCVD		5.5

header		MSGID_ECONTACT_COM_UA			Message-ID =~ /\@.+\.econtact\.com\.ua>$/
describe	MSGID_ECONTACT_COM_UA			Message-ID from Email marketing system eContact.com.ua
score		MSGID_ECONTACT_COM_UA			3.0

header		INDIGOUA_REPLYTO			Reply-To =~ /<http:\/\/indigoua\.com\/>$/
describe	INDIGOUA_REPLYTO			Suspicious address in header Reply-To
score		INDIGOUA_REPLYTO			5.0

header		From_raskrutka_sayta_mail_ru		From =~ /<raskrutka\.sayta\@mail\.ru>$/
describe	From_raskrutka_sayta_mail_ru		From raskrutka.sayta@mail.ru (DSPAM autolearn), already_read
score		From_raskrutka_sayta_mail_ru		5.0
tflags		From_raskrutka_sayta_mail_ru		mandatory_learn

header		From_support_tracker_bigfile_info	From =~ /support\@tracker-bigfile\.info/
describe	From_support_tracker_bigfile_info	From support@tracker-bigfile.info (DSPAM autolearn), already_read
score		From_support_tracker_bigfile_info	5.0
tflags		From_support_tracker_bigfile_info	mandatory_learn

header		From_registrator_predpriyatiya_mail_ru	From =~ /<registrator\.predpriyatiya\@mail\.ru>/
describe	From_registrator_predpriyatiya_mail_ru	From registrator.predpriyatiya@mail.ru (DSPAM autolearn), already_read
score		From_registrator_predpriyatiya_mail_ru	5.0
tflags		From_registrator_predpriyatiya_mail_ru	mandatory_learn

header		From_xenon_y_yandex_ua			From =~ /<xenon\.y\@yandex\.ua>/
describe	From_xenon_y_yandex_ua			From xenon.y@yandex.ua (DSPAM autolearn), already_read
score		From_xenon_y_yandex_ua			5.0
tflags		From_xenon_y_yandex_ua			mandatory_learn

header		To_ukr_net				To =~ /^\s*"" <ukr\.net>$/
describe	To_ukr_net				Stupid header To (DSPAM autolearn), already_read
score		To_ukr_net				10.0
tflags		To_ukr_net				mandatory_learn

header		Reply_To_seminar_ua_tiscali_it		Reply-To =~ /<seminar-ua\@tiscali\.it>$/
describe	Reply_To_seminar_ua_tiscali_it		From seminar-ua@tiscali.it (DSPAM autolearn), already_read
score		Reply_To_seminar_ua_tiscali_it		5.0
tflags		Reply_To_seminar_ua_tiscali_it		mandatory_learn

header		From_air_mails_ukr_net			From =~ /<air\.mails\@ukr\.net>/
describe	From_air_mails_ukr_net			From air.mails@ukr.net (DSPAM autolearn), already_read
score		From_air_mails_ukr_net			5.0
tflags		From_air_mails_ukr_net			mandatory_learn

header		Reply_To_news_dmc_com_ua		Reply-To =~ /<news\@dmc\.com\.ua>$/
describe	Reply_To_news_dmc_com_ua		From news@dmc.com.ua (DSPAM autolearn), already_read
score		Reply_To_news_dmc_com_ua		5.0
tflags		Reply_To_news_dmc_com_ua		mandatory_learn

header		Received_from_69_199_15_202		Received =~ /69\.199\.15\.202/
describe	Received_from_69_199_15_202		Message generated on spam-source host 69.199.15.202, already_read
score		Received_from_69_199_15_202		5.0

header		From_flaerok_del_i_ua			From =~ /<flaerok-del\@i\.ua>/
describe	From_flaerok_del_i_ua			From flaerok-del@i.ua (DSPAM autolearn), already_read
score		From_flaerok_del_i_ua			5.0
tflags		From_flaerok_del_i_ua			mandatory_learn

header		From_mediapro_office_ukr_net		From =~ /<mediapro\.office\@ukr\.net>/
describe	From_mediapro_office_ukr_net		From mediapro.office@ukr.net (DSPAM autolearn), already_read
score		From_mediapro_office_ukr_net		5.0
tflags		From_mediapro_office_ukr_net		mandatory_learn

header		From_SpeakUP				From =~ /^\s*"SpeakUP"/
describe	From_SpeakUP				From "SpeakUP" (DSPAM autolearn), already_read
score		From_SpeakUP				5.0
tflags		From_SpeakUP				mandatory_learn

header		Reply_To_salfetki_2011_mail_ru		Reply-To =~ /<salfetki\.2011\@mail\.ru>$/
describe	Reply_To_salfetki_2011_mail_ru		From salfetki.2011@mail.ru (DSPAM autolearn), already_read
score		Reply_To_salfetki_2011_mail_ru		7.0
tflags		Reply_To_salfetki_2011_mail_ru		mandatory_learn

header		From_OXYGROUP				From =~ /<oxygroup\@ukr\.net>/
describe	From_OXYGROUP				From oxygroup@ukr.net (DSPAM autolearn), already_read
score		From_OXYGROUP				5.0
tflags		From_OXYGROUP				mandatory_learn

header		From_RD					From =~ /<news_ua\@rd\.com>/
describe	From_RD					From Reader's Digest (DSPAM autolearn), already_read
score		From_RD					5.0
tflags		From_RD					mandatory_learn

header		Reply_To_RD				Reply-To =~ /<news_ua\@rd\.com>/
describe	Reply_To_RD				From Reader's Digest (DSPAM autolearn), already_read
score		Reply_To_RD				5.0
tflags		Reply_To_RD				mandatory_learn

header		X_PHP_SCRIPTS_WP_script_new3		X-PHP-Script =~ /^\s*[^\/]+\/wp-content\/.+\/script_new3\.php/
describe	X_PHP_SCRIPTS_WP_script_new3		Messge from WordPress script_new3.php script
score		X_PHP_SCRIPTS_WP_script_new3		2.0

header		From_DLX				From =~ /^\s*"D\.L\.X" <x2010\@tut\.ua>$/
describe	From_DLX				From D.L.X (DSPAM autolearn), already_read
score		From_DLX				5.0
tflags		From_DLX				mandatory_learn

header		Sender_DLX				Sender =~ /^\s*"D\.L\.X" <x2010\@tut\.ua>$/
describe	Sender_DLX				From D.L.X (DSPAM autolearn), already_read
score		Sender_DLX				5.0
tflags		Sender_DLX				mandatory_learn

header		Org_Hoolla				Organization =~ /^\s*H?o+l+a$/
describe	Org_Hoolla				From organization Hoollla, Hollla or olla (DSPAM autolearn), already_read
score		Org_Hoolla				5.0
tflags		Org_Hoolla				mandatory_learn

header		Org_teplopanel				Organization =~ /^\s*teplopanel$/
describe	Org_teplopanel				From organization teplopanel (DSPAM autolearn), already_read
score		Org_teplopanel				5.0
tflags		Org_teplopanel				mandatory_learn

header		From_Naruzhka				From =~ /оБТХЦЛБ/
describe	From_Naruzhka				From "Naruzhka" (DSPAM autolearn), already_read
score		From_Naruzhka				5.0
tflags		From_Naruzhka				mandatory_learn

#header		From_Naruzhka_raw			From:raw =~ /=\?koi8-r\?B\?7sHS1dbLwQ==\?=/
#describe	From_Naruzhka_raw			From "Naruzhka" (DSPAM autolearn), already_read
#score		From_Naruzhka_raw			5.0
#tflags		From_Naruzhka_raw			mandatory_learn

meta		From_Naruzhka_DSPAM			(From_Naruzhka || From_Naruzhka_raw) && DSPAM_CHECK_00_01
describe	From_Naruzhka_DSPAM			From_Naruzhka DSPAM compensation
score		From_Naruzhka_DSPAM			3.5

header		From_SMS_MAIL				Subject =~ /Sms Й E-mail ТБУУЩМЛБ/
describe	From_SMS_MAIL				Subject "Sms and E-mail mailling" (DSPAM autolearn), already_read
score		From_SMS_MAIL				5.0
tflags		From_SMS_MAIL				mandatory_learn

header		From_SMS_MAIL_raw			Subject:raw =~ /^\s*=\?UTF-8\?B\?U21zINC4IEUtbWFpbCDRgNCw0YHRgdGL0LvQutCw\?=$/
describe	From_SMS_MAIL_raw			Subject "Sms and E-mail mailling" (DSPAM autolearn), already_read
score		From_SMS_MAIL_raw			5.0
tflags		From_SMS_MAIL_raw			mandatory_learn

meta		From_SMS_MAIL_DSPAM			(From_SMS_MAIL || From_SMS_MAIL_raw) && DSPAM_CHECK_00_01
describe	From_SMS_MAIL_DSPAM			Subject "Sms and E-mail mailling" DSPAM compensation
score		From_SMS_MAIL_DSPAM			3.5

header		Subject_Arenda_ofisov_raw		Subject:raw =~ /^\s*=\?UTF-8\?B\?0JDRgNC10L3QtNCwINC\+0YTQuNGB0L7QsiDQmtC40LXQsg==\?=$/
describe	Subject_Arenda_ofisov_raw		Subject "Arenda ofisov" (DSPAM autolearn), already_read
score		Subject_Arenda_ofisov_raw		7.0
tflags		Subject_Arenda_ofisov_raw		mandatory_learn

meta		Subject_Arenda_ofisov_DSPAM		Subject_Arenda_ofisov_raw && DSPAM_CHECK_00_01
describe	Subject_Arenda_ofisov_DSPAM		Subject_Arenda_ofisov DSPAM compensation
score		Subject_Arenda_ofisov_DSPAM		3.5

header		From_Bordy				From =~ /(вПТДЩ|Борды)/
describe	From_Bordy				From "Bordy" (DSPAM autolearn), already_read
score		From_Bordy				5.0
tflags		From_Bordy				mandatory_learn

meta		From_Bordy_DSPAM			From_Bordy && DSPAM_CHECK_00_01
describe	From_Bordy_DSPAM			From_Bordy DSPAM compensation
score		From_Bordy_DSPAM			3.5

header		From_Billbord				From =~ /вЙММВПТД/
describe	From_Billbord				From "Billbord" (DSPAM autolearn), already_read
score		From_Billbord				5.0
tflags		From_Billbord				mandatory_learn

meta		From_Billbord_DSPAM			From_Billbord && DSPAM_CHECK_00_01
describe	From_Billbord_DSPAM			From_Billbord DSPAM compensation
score		From_Billbord_DSPAM			3.5

header		From_Gruz				From =~ /^\s*зТХЪ *</
describe	From_Gruz				From "Gruz" (DSPAM autolearn), already_read
score		From_Gruz				5.0
tflags		From_Gruz				mandatory_learn

meta		From_Gruz_DSPAM				From_Gruz && DSPAM_CHECK_00_01
describe	From_Gruz_DSPAM				From_Gruz DSPAM compensation
score		From_Gruz_DSPAM				3.5

header		From_Gruzoviki				From =~ /^\s*зТХЪПЧЙЛЙ *</
describe	From_Gruzoviki				From "Gruzoviki" (DSPAM autolearn), already_read
score		From_Gruzoviki				5.0
tflags		From_Gruzoviki				mandatory_learn

meta		From_Gruzoviki_DSPAM			From_Gruzoviki && DSPAM_CHECK_00_01
describe	From_Gruzoviki_DSPAM			From_Gruzoviki DSPAM compensation
score		From_Gruzoviki_DSPAM			3.5

header		From_TENDEX				From =~ /"TENDEX"/
describe	From_TENDEX				From "TENDEX" (DSPAM autolearn), already_read
score		From_TENDEX				5.0
tflags		From_TENDEX				mandatory_learn

header		From_BOGUSH				From =~ /вПЗХЫФБКН/
describe	From_BOGUSH				From "bogush" (DSPAM autolearn), already_read
score		From_BOGUSH				5.0
tflags		From_BOGUSH				mandatory_learn

header		From_ADDR_BOGUSH			From =~ /<(taym.*bogush|bogush.*taym|bogush.*time|dobrye.*sovety)\@(inbox\.ru|inbox\.ru|gmail\.com)>$/
describe	From_ADDR_BOGUSH			From "bogush taym" (DSPAM autolearn), already_read
score		From_ADDR_BOGUSH			5.0
tflags		From_ADDR_BOGUSH			mandatory_learn


#
# X-Confirm-Reading-To: %_RLIST_<<<revutskaya185@mail.ru<///>troparev329@mail.ru>>>%
#
header		SUSPICIOUS_X_Confirm_Reading_To_RLIST_	X-Confirm-Reading-To =~ /^\s*\%_RLIST_<<<\S+<\/\/\/>\S+>>>\%$/
describe	SUSPICIOUS_X_Confirm_Reading_To_RLIST_	Suspicious value of header X-Confirm-Reading-To
score		SUSPICIOUS_X_Confirm_Reading_To_RLIST_	5.0
tflags		SUSPICIOUS_X_Confirm_Reading_To_RLIST_	mandatory_learn


header		ORG_Morpho_Didius			Organization =~ /^\s"Morpho Didius"$/
describe	ORG_Morpho_Didius			Message from "Morpho Didius"
score		ORG_Morpho_Didius			3.5


header		Reply_To_mailair2009_aol_com		Reply-To =~ /<mailair2009\@aol\.com>/
describe	Reply_To_mailair2009_aol_com		Message from mailair2009@aol.com (DSPAM autolearn)
score		Reply_To_mailair2009_aol_com		5.0
tflags		Reply_To_mailair2009_aol_com		mandatory_learn


header		FROM_BOGUSH_TIME			From =~ /bogush.*taym\@/
describe	FROM_BOGUSH_TIME			Message from "Bogush Time" (DSPAM autolearn), already_read
score		FROM_BOGUSH_TIME			5.0
tflags		FROM_BOGUSH_TIME			mandatory_learn


header		CITY_POLIGRAF_ORG			Organization =~ /^\s*City poligraf$/
describe	CITY_POLIGRAF_ORG			City poligraf Organization (DSPAM autolearn), already_read
score		CITY_POLIGRAF_ORG			5.0

header		DATAGRADE_INFO_ORG			Organization =~ /^\s*Datagrade Info$/
describe	DATAGRADE_INFO_ORG			Datagrade Info Organization (DSPAM autolearn), already_read
score		DATAGRADE_INFO_ORG			5.0
tflags		DATAGRADE_INFO_ORG			mandatory_learn

header		DATAGRADE_INFO_FROM			From =~ /^\s*"Datagrade Info" </
describe	DATAGRADE_INFO_FROM			Datagrade Info From (DSPAM autolearn), already_read
score		DATAGRADE_INFO_FROM			5.0
tflags		DATAGRADE_INFO_FROM			mandatory_learn

header		DATAGRADE_INFO_REPLYTO			Reply-To =~ /^\s*"Datagrade Info" </
describe	DATAGRADE_INFO_REPLYTO			Datagrade Info Reply-To (DSPAM autolearn), already_read
score		DATAGRADE_INFO_REPLYTO			5.0
tflags		DATAGRADE_INFO_REPLYTO			mandatory_learn


header		FROM_MINUS				From =~ /^\s*"-" </
describe	FROM_MINUS				Suspicious real name in header From
score		FROM_MINUS				1.0

header		ORG_MINUS				Organization =~ /^\s*-$/
describe	ORG_MINUS				Suspicious organization
score		ORG_MINUS				1.0


#
# From: "New" <news@data578.info> 
# To: "sendmail-conf-owner@mta.org.ua" <sendmail-conf-owner@mta.org.ua>
# cc: "sendmail-conf-owner@mta.org.ua" <sendmail-conf-owner@mta.org.ua>
# Reply-To: news@data578.info
#

header		__TO_CC_EQUAL_To_cc			To:case|cc:case =~ /^\s*"(\S+)" <\1>[\r\n\s]*\|\s*"\1" <\1>$/
header		__TO_CC_EQUAL_From_Reply_To		From:case|Reply-To:case =~ /^\s*"\S+" <(\S+)>[\r\n\s]*\|\s*\1$/
meta		TO_CC_EQUAL				__TO_CC_EQUAL_To_cc && __TO_CC_EQUAL_From_Reply_To
describe	TO_CC_EQUAL				Redundant header To and cc, From and Reply-To
score		TO_CC_EQUAL				0.5


header		ORG_Rybinski_Polimer			Organization =~ /Рыбинский полимер/
describe	ORG_Rybinski_Polimer			Organization "Rybinski polimer" (DSPAM autolearn), already_read
score		ORG_Rybinski_Polimer			5.0
tflags		ORG_Rybinski_Polimer			mandatory_learn


#
# X-Sender-Info: <277399591@icpu1672.kundenserver.de>
#

header		HACKED_HOST_X_Sender_Info		X-Sender-Info =~ /^\s*<\d+\@icpu1672\.kundenserver\.de>$/
describe	HACKED_HOST_X_Sender_Info		X-Sender-Info from icpu1672.kundenserver.de
score		HACKED_HOST_X_Sender_Info		3.0


header		ORG_INF0BR0K				Organization =~ /^\s*INF0BR0K$/
describe	ORG_INF0BR0K				INF0BR0K sends spam by spamware (DSPAM autolearn), already_read
score		ORG_INF0BR0K				5.0


header		__SUSP_MSGID_localhost_localdomain	Message-ID =~ /\@localhost\.localdomain>$/
header		__SUSP_MSGID_From_exclude		From =~ /<(admin\@notify\.vk\.com|yakaboo\@yakaboo\.com|support\@torg\.ua|support\@prom\.ua|no-reply\@finance1\.ru|no-reply\@zapchast\.com\.ua|.+\@qnx\.com|newsletter\@slando\.ru)>$/
meta		SUSP_MSGID_localhost_localdomain	__SUSP_MSGID_localhost_localdomain && !__SUSP_MSGID_From_exclude
describe	SUSP_MSGID_localhost_localdomain	Suspicious Message-ID domain localhost.localdomain
score		SUSP_MSGID_localhost_localdomain	3.0
#tflags		SUSP_MSGID_localhost_localdomain	mandatory_learn


header		ORG_MINUS				Organization =~ /^\s*-$/
describe	ORG_MINUS				Suspicious organization
score		ORG_MINUS				3.0


header		CAZINO					From =~ /<?(promo.*|pmanager)\@.*(cazino|winner[sz]|coin[sz]|jackpot).*\.(com|info|in)>?$/
describe	CAZINO					Promotion message from online cazino
score		CAZINO					5.0


header		ORG_KOMPLEKT_SERVIS			Organization =~ /^\s*ООО"ТСК Комплект Сервис"$/
describe	ORG_KOMPLEKT_SERVIS			Foto75 Organization (DSPAM autolearn), already_read
score		ORG_KOMPLEKT_SERVIS			5.0
tflags		ORG_KOMPLEKT_SERVIS			mandatory_learn


header		RECEIVED_HELO_mail_gmail_com		Received =~ /\bmail\.gmail\.com\b/
describe	RECEIVED_HELO_mail_gmail_com		Received via mail.gmail.com (DSPAM autolearn)
score		RECEIVED_HELO_mail_gmail_com		3.5
tflags		RECEIVED_HELO_mail_gmail_com		mandatory_learn


header		RECEIVED_HELO_marketingbaza_ru		Received =~ /\bhelo=marketingbaza\.ru\b/
describe	RECEIVED_HELO_marketingbaza_ru		Received via marketingbaza.ru (DSPAM autolearn)
score		RECEIVED_HELO_marketingbaza_ru		3.5
tflags		RECEIVED_HELO_marketingbaza_ru		mandatory_learn


header		MSGID_swift_generated			Message-ID =~ /^\s*<\S+\@swift\.generated>$/
describe	MSGID_swift_generated			Message-ID from "Free Feature-rich PHP Mailer" Swift Mailer, RFC violating
score		MSGID_swift_generated			2.0


header		ukrashenie_fasadov__REPLYTO		Reply-To =~ /<ukrashenie\.fasadov\@ukr\.net>$/
describe	ukrashenie_fasadov__REPLYTO		Reply-To ukrashenie.fasadov@ukr.net (DSPAM autolearn), already_read
score		ukrashenie_fasadov__REPLYTO		5.0
tflags		ukrashenie_fasadov__REPLYTO		mandatory_learn


header		DOG_SUPPLY_FROM				From =~ /^\s*3U Pet Suppl/
describe	DOG_SUPPLY_FROM				From "3U Pet Suppl" with subject "dog supply" (DSPAM autolearn), already_read
score		DOG_SUPPLY_FROM				7.0
tflags		DOG_SUPPLY_FROM				mandatory_learn


header		__MSGID_fastwebnet_it			Message-ID =~ /^\s*<\S+\@\d+-\d+-\d+-\d+\.ip\d+\.fastwebnet\.it>$/
meta		SENDER_ukr_net_MSGID_fastwebnet_it	(__UKR_NET_Return_Path || __UKR_NET_X_Envelope_From) && __MSGID_fastwebnet_it
describe	SENDER_ukr_net_MSGID_fastwebnet_it	There is ukr.net domain in sender address and fastwebnet.it domain in Message-ID
score		SENDER_ukr_net_MSGID_fastwebnet_it	7.0
tflags		SENDER_ukr_net_MSGID_fastwebnet_it	mandatory_learn


header		FROM_NBC				From =~ /\@(nseminar\.org\.ua|mailnbc\.com|nbcseminar\.com\.ua|newhost\.kiev\.ua)>?$/
describe	FROM_NBC				Message from NBC (DSPAM autolearn), already_read
score		FROM_NBC				6.0
tflags		FROM_NBC				mandatory_learn

header		FROM_NBC_NEWS				From =~ /^\s*"(News NBC|NBC NEWS)/
describe	FROM_NBC_NEWS				NBC NEWS
score		FROM_NBC_NEWS				5.0

header		MSGID_NBC				Message-ID =~ /^\s*<nbc-\d+\.(data-xata\.net|leaseweb\.com)>$/
describe	MSGID_NBC				Message-ID by NBC
score		MSGID_NBC				5.0


header		REPLYTO_upakovka_strapex_com_ua		Reply-To =~ /<upakovka\@strapex\.com\.ua>/
describe	REPLYTO_upakovka_strapex_com_ua		Message from upakovka@strapex.com.ua
score		REPLYTO_upakovka_strapex_com_ua		5.0


header		Krasivaya_posuda_Org			Organization =~ /^\s*РљСЂР°СЃРёРІР°СЏ РїРѕСЃСѓРґР°/
describe	Krasivaya_posuda_Org			Message from shop "Krasivaya posuda"
score		Krasivaya_posuda_Org			5.0


header		ORG_KARNAKOV				Organization =~ /^\s*Креативное агенство "Karnakov"$/
describe	ORG_KARNAKOV				Karnakov Organization (DSPAM autolearn), already_read
score		ORG_KARNAKOV				5.0
tflags		ORG_KARNAKOV				mandatory_learn


header		ORG_MINUS				Organization =~ /^\s*-$/
describe	ORG_MINUS				Suspicious organization "-", may be SMS Center Ukraine
score		ORG_MINUS				2.0

header		ORG_SMS_CENTER_UKRAINE_TOV		Organization =~ /^\s*РћРћРћ "Р­РЎ.Р­Рњ.Р­РЎ. Р¦Р•РќРўР  РЈРљР РђРРќРђ"$/
describe	ORG_SMS_CENTER_UKRAINE_TOV		Message from SMS Center Ukraine (DSPAM autolearn), already_read
score		ORG_SMS_CENTER_UKRAINE_TOV		5.0
tflags		ORG_SMS_CENTER_UKRAINE_TOV		mandatory_learn

header		ORG_SMS_CENTER_UKRAINE			Organization:raw =~ /^\s*=\?Windows-1251\?B\?q93xLt3sLt3xLiDW5e3y8CDT6vDg6O3guw==\?=$/
describe	ORG_SMS_CENTER_UKRAINE			Message from SMS Center Ukraine (DSPAM autolearn), already_read
score		ORG_SMS_CENTER_UKRAINE			5.0
tflags		ORG_SMS_CENTER_UKRAINE			mandatory_learn


header		ORG_Artsexhibition_in_Russia		Organization =~ /^\s*Artsexhibition in Russia$/
describe	ORG_Artsexhibition_in_Russia		Message from Artsexhibition in Russia
score		ORG_Artsexhibition_in_Russia		5.0

header		ORG_Art_information			Organization =~ /^\s*Art-information$/
describe	ORG_Art_information			Message from Art-information
score		ORG_Art_information			5.0


header		FROM_059_com_ua				From =~ /\@059\.com\.ua>?$/
describe	FROM_059_com_ua				Message from 059.com.ua (DSPAM autolearn), already_read
score		FROM_059_com_ua				6.0


header		helo_SOL_FTTB_150_26_163_188_sovam_net_ua	Received =~ /helo=SOL-FTTB\.150\.26\.163\.188\.sovam\.net\.ua\b/
describe	helo_SOL_FTTB_150_26_163_188_sovam_net_ua	Received with helo SOL-FTTB.150.26.163.188.sovam.net.ua via relay06.kiev.sovam.com probably (DSPAM autolearn)
score		helo_SOL_FTTB_150_26_163_188_sovam_net_ua	5.0
tflags		helo_SOL_FTTB_150_26_163_188_sovam_net_ua	mandatory_learn


header		FROM_Comfort_Web			From =~ /^\s*"?Comfort Web"? <\S+\@ukr\.net>$/
describe	FROM_Comfort_Web			Message from Comfort Web with random address with ukr.net domain, already_read
score		FROM_Comfort_Web			5.0


header		ORG_VitaL_VL				Organization =~ /^\s*VitaL VL/
describe	ORG_VitaL_VL				Message from Organization VitaL VL(tm)
score		ORG_VitaL_VL				5.0


header		ORG_BUM					Organization =~ /^\s*БУМ$/
describe	ORG_BUM					Message from Organization BUM
score		ORG_BUM					5.0

header		FROM_BUM				From =~ /^\s*"Info BUM"/
describe	FROM_BUM				Message from BUM
score		FROM_BUM				5.0

header		FROM_MASSMAILS_NET			From =~ /\@massmails\.net>$/
describe	FROM_MASSMAILS_NET			Message from massmails.net
score		FROM_MASSMAILS_NET			5.0

header		ORG_Novarealitka			Organization =~ /^\s*Novarealitka$/
describe	ORG_Novarealitka			Message from Organization Novarealitka
score		ORG_Novarealitka			5.0

header		ORG_SalesUp				Organization =~ /^\s*SalesUp$/
describe	ORG_SalesUp				Message from Organization SalesUp
score		ORG_SalesUp				5.0

header		ORG_Biznes				Organization =~ /^\s*Бизнес$/
describe	ORG_Biznes				Message from Organization Biznes
score		ORG_Biznes				2.0

header		__RECEIVED_from_smtpsender		Received =~ /\bfrom smtpsender \(/
header		__RECEIVED_HELO1_smtpsender		Received =~ /\bfrom \S+ \((account \S+ )?HELO smtpsender\)/
header		__RECEIVED_HELO2_smtpsender		Received =~ /\bfrom \[\d+.\d+.\d+.\d+\] \((port=\d+ |\[\d+.\d+.\d+.\d+:\d+\] )?helo=smtpsender\)/
header		__RECEIVED_HELO3_smtpsender		Received =~ /\bfrom \S+ \(\[\d+.\d+.\d+.\d+\] ?helo=smtpsender\)/
meta		RECEIVED_from_smtpsender		__RECEIVED_from_smtpsender || __RECEIVED_HELO1_smtpsender || __RECEIVED_HELO2_smtpsender || __RECEIVED_HELO3_smtpsender
describe	RECEIVED_from_smtpsender		Received from smtpsender
score		RECEIVED_from_smtpsender		7.0

header		RECEIVED_Unknown			Received =~ /\bUnknown\b/
describe	RECEIVED_Unknown			"Unknown" found in Received headers (may be helo)
score		RECEIVED_Unknown			1.7


header		__MESSAGE_CP1251_FROM_ZA_From		From =~ /\.za>?$/
header		__MESSAGE_CP1251_FROM_ZA_Subject	Subject:raw =~ /^\s*=\?windows-1251\?(B|Q)\?/
meta		MESSAGE_CP1251_FROM_ZA			__MESSAGE_CP1251_FROM_ZA_From && __MESSAGE_CP1251_FROM_ZA_Subject
describe	MESSAGE_CP1251_FROM_ZA			Message from South Africa with charset Windows-1251
score		MESSAGE_CP1251_FROM_ZA			1.0


# From: "Mastersales.com.ua" <vip@mastersales.com.ua>
header		FROM_MASTERSALES			From =~ /^\s*"Mastersales\.com\.ua" <vip\@mastersales\.com\.ua>$/
describe	FROM_MASTERSALES			Message from Mastersales.com.ua (may be thru pechkintrust.ru)
score		FROM_MASTERSALES			5.0


# From: ComfortWeb <matsipura.andrei@yandex.ru>
header		FROM_COMFORTWEB				From =~ /^\s*ComfortWeb </
describe	FROM_COMFORTWEB				Message from ComfortWeb (DSPAM autolearn), already_read
score		FROM_COMFORTWEB				5.0
tflags		FROM_COMFORTWEB				mandatory_learn